Myth: Mac's are safe, Mac's don't get viruses or malware!

Reality: Mac's are vulnerable to malware and viruses!

There are two main reasons why Mac's are thought to be safe from malware and viruses. First, fewer of them are in the marketplace compared to Windows machines. As of early 2025, Windows holds a significant lead in the desktop and laptop market with a 73% share, while MacOS accounts for about 14%. Windows remains the dominant operating system for personal computers, whereas MacOS is popular among creative professionals, education, and those within the Apple ecosystem (iPhone, iPad, AppleTV, Mac users).

Second, Apple has done a very good job of building secure settings into their products. Apple has also done an excellent job of creating the perception their products protect privacy and security using big budget marketing programs to differentiate brand awareness in their favor.

One of the byproducts of Apple marketing their high-ticket products is many web sites have begun to use your browser's Operating System parameter, sent when you connect to any site, to charge Apple users higher fees for products and services. The assumption being, if you can afford an Apple product, you can pay a higher fee. Also, Apple's market share is steadily growing in both personal and corporate environments. I've worked in several corporations where being provided a company MacBook was a huge perk and created considerable employee loyalty.

Updated MacOS Attacks

Cybercriminals have taken notice of MacOS as an "untapped resource" and have begun to focus more of their efforts on MacOS users with:

Advanced Malware: Newer and more sophisticated malware variants, such as XCSSET and Poseidon, are being developed to exploit MacOS vulnerabilities. These malware types can steal sensitive data, including passwords and cryptocurrency wallets.

AI-Powered Attacks: Cybercriminals are using AI to create more advanced and stealthy attacks. AI tools can automate compromise of tasks like network monitoring and vulnerability patching, making it easier for attackers to scale their operations.

Malware-as-a-Service (MaaS): The rise of MaaS has made it easier for inexperienced individuals to launch MacOS-focused campaigns. These services provide tools and instructions for bypassing MacOS defenses, lowering the barrier to entry for cybercriminals.

Social Engineering: Cybercriminals are leveraging social engineering tactics to trick users into bypassing MacOS’s security measures. This includes guiding victims through the process of manually bypassing Gatekeeper, Apple’s security feature.

Remember: These malware tools attack your built-in human preference to trust what is placed in front of you while online. While malware uses technology to coerce the receiver to take an action that infiltrates and extracts information and funds, fundamentally the attack is targeted at the weakest link in the chain: the Human! Beware of your own reactions, especially when the message is designed to create urgency to click or download something immediately.

Best Practices for Securing MacOS

Use Strong Passwords:

Strong passwords are hard to guess and help protect your accounts from unauthorized access. Using a password manager ensures that you can use complex and unique passwords without needing to remember them all. If you have used the same password on more than one web site, remember to login and change that password to a newly generated complex password created by the password manager. Enable Two-Factor authentication on every web site that allows it (more info below).

Enable MacOS FileVault:

FileVault encrypts your entire Mac internal hard drive, making it difficult for anyone to access your data without the correct password. This is essential if your laptop is lost or stolen. Create a pass phrase that is easy to remember when enabling File Vault. I use a phrase from a favorite song, which is easy to remember and is at least 20 characters long. This make it very difficult for a thief to guess your password if your machine is stolen. Store the pass phrase in your password manager tool for future reference.

Keep Software Updated:

Regular updates patch known vulnerabilities in the operating system and installed applications. Keeping everything up-to-date reduces the risk of malware exploiting these vulnerabilities. Remember to have your Mac install MacOS updates automatically. This is the easiest way to stay up to date. Also, be sure to run backups after the update has completed so you can recover to an updated state, if needed.

Use Antivirus Software:

Apple uses built-in technologies like XD (execute disable), ASLR (address space layout randomization), and SIP (system integrity protection) to make it difficult for malware to do harm. This is a good start. Advanced malware can get past these technologies, so the concept of "defense in depth" should be implemented.

Defense in Depth means there are more than one defense technologies deployed to protect against malware. Antivirus software provides an additional layer of protection by detecting and removing malware that might slip through existing defenses. It helps ensure your system stays clean. I use Malwarebytes on my Mac Mini desktop and MacBook Air laptop machines as my second line of malware defense.

Enable MacOS Firewall:

The built-in firewall blocks unauthorized network connections to your system by monitoring incoming and outgoing network traffic. It acts as a barrier between your Mac and potential threats. A quick YouTube video tutorial explains MacOS firewall settings here. Having your firewall enabled is critical for laptops used at coffee shops, airports, or other public WiFi locations. More on WiFi below.

Limit Administrative Privileges:

Granting administrative privileges only to trusted users minimizes the risk of unauthorized changes to system settings and installations. Using standard user accounts for daily activities reduces the chance of accidental malware installation. This is important if more than one person uses your Mac. If so, each person should have their own standard login account. You, as the owner, will automatically have administrative privileges that allows changes to the entire system. No one else should have that privilege. One exception would be a repair shop or Apple technician, if your machine must go in for hands-on servicing.

Backup Your Data with Apple Time Machine:

Regular backups ensure that you can recover your data in case of an attack or hardware failure. Backups provide peace of mind, knowing that your important files are safe. You will need an external USB drive with capacity that is at least 2X the size of your internal hard drive to start. If you have additional external drives you want to backup, you will need to increase the size of your backup disk to include those as well. These instructions and video will get you started.

Once your backups are operating normally, another best practice is to disconnect the USB drive and reconnect periodically and after system updates. Disconnected drives ensure your data remains safe and out of reach in the event your machine is attacked by malware, also known as an Air Gap. This establishes your Recovery Point Objective (RPO), which is the point of last recoverable data.

You must determine for yourself how much data you can allow to be lost between backups (RPO) and connect the backup USB drive to match that frequency. For example, if you can only lose two days of data, then reconnect your USB drive every other day to stay up to date.

Saving your important documents to a cloud drive service, such as Google Drive, Microsoft OneDrive, Box.com or Dropbox, can reduce your frequency of connecting your backup USB drive, as those files are backup up to their cloud hosts in minutes. You also must understand that a malware infection may be included in a recent backup and, with a good backup, a tech professional will be able to assist you in restoring to an earlier uninfected backup date, if needed.

When running your backup, ensure there are no other applications or browsers running that make outgoing connections. You might consider shutting down the network entirely by disabling WiFi, Bluetooth, and unplugging any network cables attached to USB ports. This eliminates the risk of an application allowing an undesired outbound network connection that could trigger a malware event. I usually try to start the backup process with a network disconnected machine before going to bed at night and it is done the next morning when I start my day.

Be Cautious with Downloads:

Downloading software from trusted sources helps avoid malicious programs that can harm your system. When downloading files, it's essential to be cautious because of:

Malware Risk: Files can contain viruses, spyware, ransomware, or other malicious software that can harm your device and compromise your data.

Phishing: Some downloads might trick you into revealing personal information, like passwords or credit card numbers.

Copyright Infringement: Downloading copyrighted material without permission can lead to legal issues.

Data Breaches: Malicious files can be used to gain unauthorized access to your personal or financial information.

Unreliable Sources: Not all websites or links are trustworthy. Downloading from dubious sources increases the risk of getting infected files.

By keeping your antivirus software updated and ensuring you download files only from reputable websites, you can mitigate these risks. Always double-check the source before hitting the "download" button!

Be especially careful when download links are included in unsolicited email messages, also known as Phishing Emails. If you are not expecting a download link from recently purchased software, the surprise download may be malware than can cause catastrophic loss for you. By the way, never click on a download link in your email Spam of Junk folder. Your email provider has likely already analyzed and flagged the message as suspicious. Better safe than sorry.

Use Two-Factor Authentication:

Two-factor authentication adds an extra layer of security by requiring a second form of verification (e.g., a code sent to your phone) in addition to your password. This makes it harder for attackers to gain access to your accounts. This second factor can come from one of the following categories:

Something you know: This is you password or PIN.

Something you have: This might be a smartphone, hardware token, or an authenticator app that generates a time-sensitive code.

Something you are: This includes biometric factors like facial recognition (iPhone/iPad), fingerprints (Mac laptops), retinal scans, hand geometry scans, or voice recognition.

• Using two of the same factors does not satisfy Two-Factor Authentication, i.e. using two different passwords is not Two-Factor Authentication.

CNET provides a simple explanation of Two-Factor Authentication:

"Instead of entering only your password to access an account, you need to enter your password -- the first verification factor -- and then a code sent via SMS or a prompt through an authentication app -- the second factor. This means a hacker would need to steal both your password and your phone to break into your account."

Authentication is controlled by the site to which you login. They elect which type of Two-Factor authentication to implement: none, SMS, or both SMS and App as options. If none, you should ask yourself if the risk is acceptable that the company may not take seriously the protection of your account and data. You might consider an alternative company that has more secure login options but that may not always be an option.

Issues with SMS

SMS is a text message to your phone with a six to eight digit code for you to enter into their web page before login is granted. SMS is not very secure. Again CNET describes as follows:

"… receiving 2FA codes via SMS is less secure than using an authentication app. Hackers have been able to trick carriers into porting a phone number to a new device in a move called a SIM swap. It could be as easy as knowing your phone number and the last four digits of your Social Security number, data that tends to get leaked (in data breaches, ed.) from time to time from banks and corporations. Once a hacker has redirected your phone number, they no longer need your physical phone in order to gain access to your 2FA codes."

Safer Two-Factor Authentication

The more secure way is to use an Authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy. I personally use Authy because Google & Microsoft have too much of my personal data already. Grrr! You download the app to your phone, scan a QR code presented by the web site with your phone camera, the app registers the site, then generates codes every thirty seconds that can be verified by the web site. If codes match, login is allowed to the site. Very simple and safe.

Also note that when you are changing very sensitive settings in MacOS, Apple will generate a six digit authentication code, send it to your iPhone screen display, and have you enter that same code on your Mac prior to allowing setting change.

Secure Your Home Wi-Fi:

Using a strong Wi-Fi password prevents unauthorized users from accessing your home network.

Public WiFi spots are favorite locations for laptops to be snooped upon or broken into because many people ignore security advice and use their machines in an unprotected state. Be sure to enable MacOS firewall "Stealth Mode" so your laptop appears invisible on a public WiFi network.

Another setting to enable is iCloud Private Relay. iCloud Private Relay is designed to protect your privacy by ensuring that when you browse the web in Safari, no single party — not even Apple — can see both who you are and what sites you're visiting. You can find out how to set that up here.

Use a VPN (Virtual Private Network)

A VPN adds an extra layer of security by encrypting your internet connection, especially on public WiFi networks. VPN's on the internet offer several benefits:

• Enhanced Privacy: A VPN encrypts your internet traffic, making it difficult for anyone to monitor your online activities. This is especially useful for preventing your ISP (Internet Service Provider) from tracking your browsing habits.

• Security on Public Wi-Fi: Public Wi-Fi networks, like those in coffee shops or airports, are often less secure. A VPN protects your data from potential hackers on these networks by creating a secure, encrypted connection.

• Access to Restricted Content: Some websites and services are geo-restricted, meaning they are only available in certain countries. A VPN can help you bypass these restrictions by masking your IP address and making it appear as though you are browsing from a different location.

• Avoiding Censorship: In some regions, to certain websites and services is restricted by the government. A VPN can help you access these blocked sites by routing your traffic through servers in other countries.

• Improved Anonymity: While a VPN doesn't make you completely anonymous, it does add a layer of anonymity by masking your IP address and encrypting your data, making it harder for websites and advertisers to track you.

By following these best practices, you can significantly reduce the risk of cyber threats and keep your MacOS device secure.

Disclosure: I may earn a fee if you purchase some of the items from my affiliate links. You can support my work by doing so and I'll be able to buy some afternoon tea ☕ and a cupcake. 🧁