Sophos Cloud Optix
Mac malware has been making the headlines in the last year or two, as regular users have been hit by in-the-wild threats.
It’s somewhat gratifying to find that more and more Mac users have woken up to the risks and are installing anti-virus software on their computers.
Probably the biggest single incident was the Flashback botnet, which infected over 600,000 Macs earlier this year, exploiting a Java vulnerability that Apple had left unpatched. (Apple eventually patched the vulnerability, some months after Windows users first had a fix made available to them).
Back then, things were pretty bad on the Mac malware front. Our free anti-virus product found malware on 2.7% (one in 36) of Macs, as well as a plethora of (less dangerous) Windows-based malware.
At the time, 75% of the Mac malware we found on Mac computers was associated with the Flashback botnet (called Flshplyr by Sophos security products).
There’s little sign of it now, however, as the latest stats from SophosLabs show.
Instead, fake anti-virus software and malware posing as fake video codecs rule the roost, with thousands of infections reported back to us each week.
Of course, that doesn’t mean that these are the only threats to be wary of – as some attacks have seen malicious hackers using new techniques.
For instance, we have seen backdoor Trojan horses hitting Mac users through boobytrapped Word documents, malware which can spy on its victims by capturing audio and video footage and multi-platform attacks which hit Mac, Windows and Linux users alike.
So, in summary, the Mac malware situation has been worse than it is now – but you shouldn’t be complacent.
Financially-motivated cybercriminals are targeting Macs, exploiting the fact that many users have poor security in place compared to their Windows cousins, or no protection at all.
Mac users – please get an anti-virus, for goodness sake. If you don’t want to pay for one, there is free anti-virus for Mac home users available for download. (Seriously, there’s no catch, no strings attached).
Stay safe.
Apple store image from Shutterstock.
Seriously, there is a catch. On Lion, it might make your mac freeze during Time Machine backups, like it did with mine. Hard shutdown is the only option then.
Seriously, there might be a different problem with your Lion Mac. Or maybe the integrity of your Time Machine backups.
I ran for about a year with the Lion/SophosAV combination and regularly ran Time Machine backups. I had very few problems in general and certainly nothing like the particular TimeMachine problem you've described.
MAC’s are starting to gain a larger user-base.
So it’s a given that the attacks will grow on OSX.
I have noticed a large MAC uptake in Australia over the past few years.
Government sector & SMB’s choose MAC, many iPad/iPhone/iPod users are moving from Windows for the full MAC experience.
My advise for MAC is: choose Sophos AV.
The free version works great!
This advise comes from an IT Technician with many different OS systems, I also like to use Sophos AV from my MAC to scan mounted Windows system data and external drives etc.
Note: yes it also picks up Windows nasties. 😉
so if you have a house hold with many different systems. It’s a great second layer of protection.
Thanks Sophos! Returning the <3 & kudos 🙂
Graham – is there any word on a fix for the bug affecting your latest Mac software when run under the new Mountain Lion?
In case you didn't know, the menu-bar shield disappears a while after logging in to a new session. It seems connected with pulling the latest update and then not being able to relaunch with the new data. When I took a look yesterday lunchtime, there was quite a bit of discussion of it over on your forums.
The good news is that the "disappearing shield" has nothing to do with updating or loading up the latest virus data – both protection and updating still work fine, whether the shield is visible or not.
(Having said that, we're working on fixing the "disappearing shield" issue right now, and once it's sorted, the product should fix itself automatically at the next update.)
We don't usually do Tech Support here on Naked Security, but here's what I did to sort out my own Mountain Lion setup: I just added the "Sophos shield" application back into my login items. Like this:
Go to Apple menu | System Preferences… | Users & Groups | [Select your username] | Login Items.
Click the [plus] button and add in this application:
/Library/Sophos Anti-Virus/SophosUIServer.app
You'll recognise the app in Finder because it shows up with the shield icon it's reposnsible for displaying.
Just to clarify: *both virus blocking and auto-updating continue working correctly* even if SophosUIServer doesn't run.
Thanks for the clarification Paul. I took a close look in Activity Monitor when I got back home last night and am happy to accept what you've said about root-level processes continuing okay in the background.
One of the reason I moved to OS X world is security and the daily headache with malware and viruses I used to suffer from. Yes, that was valid for -almost- the end of 2010 but starting with the middle of 2011, things have changed a lot. I am now less worried on my PC running Windows 7 SP1 with Kaspersky Internet Security 2012 running while on my MacBook Pro which is running OS X Mountain Lion, I am not sure of anything. I always like someone is stealing my data but I have no tool to check this out.
While typing this comment, I am installing SOPHOS for my OS X and I will get it a try but I am sure that it's going to be just great.
This growing concern is no longer a joke.
I still hear from clients that they are switching to MACs because "…they are safe from viruses and hackers." One can't tell them MACs can be infected – most still believe the rumor mills and old commercials that MACs are safe.
Those in the security arena know how hard it can be to overcome those MAC buyers who are in denial 😉
I
Given user is stupid enough to allow a malicious application to run. There is no 0 day in Macs unlike windows. You could get infected by just visiting a website or even worst sitting and doing nothing. Macs had those nasty Java based exploits which worked with word docs because Apple didn't fix it on time (Horrible Java vulnerabilities). Overall Mac is pretty safe compared to PC. Fully patched windows 7 was infected by Flame without any user trigger.
Get off the Anti-apple bandwagon. You seem to know very little about "security arena"
I've been using antivirus products since 2008 when i bought my first mac. During that time there wasn't really options.
Now time has changed and we do have lot of paid and free options for securing our macs. In my opinion Sophos is great product. Just install and forget it. It works background and it doesn't give you any annoying pop ups.
Thanks!
I'm reading this article and the comments 'now' because I'm currently in the process of cleaning up my iMac and the external drive of malware and virues. Much of it came from the 'usual' suspect sources. But I had no idea the situation was this acute – my situation at least. I have been experiencing a rash of problems, from the computer quitting cold as I log-in to browsers, to screen splitting, multiple images appearing in iPhoto, Preview items fugged up, no sound, or sound options ! etc. Some ( Preview ) were restored after cleaning my hard drive and doing disk utility repair. I can't even sign up for the Naked Security newsletter because some alien has hijacked my computer ( I think ) and is interferring with the process, messing with the URL as I attempt to enter it. Even my mouse functions aren't working properly . . jump scrolling when I left click. Using Mackeeper . . but of course I paid for it. Going to give Sophos a go when current sceening is complete. Posted a link to this article on Facebook moments ago.
Graham,
Thanks for this great article – very interesting to see how the threat is dveloping.
I'm a very happy user of Sophos for Mac but your article raised one question in my mind:
Is there an argument for adding a firewall component to the product? I know Macs have built-in firewalls but (as I understand it) they only control incoming connections.
Both from a privacy and security perspective, is it now time to keep a closer watch on outgoing connections, given the behaviours of some of the emerging malware threats?
Thanks for your thoughts.
Seriously, why don't you offer free AV for Windows users????