Support‎ > ‎Advice & Articles‎ > ‎

Viruses, Malware and Adware on the Mac



Back to: 

You may have heard that Macs cannot get viruses, but may still have some skepticism. This article will answer questions about viruses and malware on a Macintosh. Click here to skip to the adware section of the article.

Are there really no viruses on the Mac?
Yes. It is true. There are no viruses (currently) that appear on a Mac. However, there are a limited number of trojan horses and other malware on the Mac, which will be covered in the next section. For clarification on the terminology, viruses are actually a type of malware.

If you come across a pop-up that cannot be dismissed and claims that your computer is infected, or a similar message, see this article: A Browser Pop-up has Taken Over Safari.

Malware on the Mac
There are only around a few dozen known types of malware on the Mac, and the best news is that a good chunk of them have a very low threat level.

Anti-Virus Software may do more Harm than Good
Hearing about malware on the Mac may make you feel more cautious and make you think you have a need to install anti-virus (AV) software. The best protection you can get, however, is common sense. Most malware, as they are constantly changing, can easily slip past any anti-virus software. This is where the computer term "virus" gets its name, because of the analogy to viruses in the human body. Cures may be found for viruses, but they may only stop the virus for a year or two. Viruses can mutate, and become immune to the antidote. The same is true of computer viruses. But not only will AV software not be of much help, but they may actually harm your computer. Norton for Mac has been known to delete critical system files on the Mac, and cause kernel panics. Another nasty one is MacKeeper, not to be confused with the Mac Defender malware.

  • MacKeeper is actually anti-virus software, however, also may cause serious lag or harm to your Mac
    • Users have reported MacKeeper slowing down their Mac, as well as making certain Apple and other programs crash or unable to open
    • It is unethically marketed and is essentially a scam
    • It has been subject to two lawsuits for identifying every system as "infected" whether it is or not, and pushing their paid services
  • Norton for Mac has been reported to delete critical system files on macOS

Software that can harm your Mac, or have a very bad reputation:
  • MacKeeper
  • Norton for Mac
  • MacDefender (is actually malware)
    • MacProtector
    • MacSecurity
If you really feel a need for anti-virus, the list of reliable software is slim. The two listed below are not the only two out there, of course, but are the most commonly recommended and have decent reputations. But also keep in mind that you really don't need any anti-virus software.

Software that has a good reputation and will not cause harm to your Mac:
  • ClamXav
  • Sophos

Built-in Protection

macOS has built-in technologies to combat malware. One example is XProtect, which is included in Mac OS X Snow Leopard (10.6) and later. XProtect updates its malware definitions frequently, and will inform you if you are trying to open an installer package which contains known malware. For example:

Another technology is Gatekeeper, initially introduced in OS X Mountain Lion (10.8), and later made available to OS X Lion users with the 10.7.5 update.
You can control the settings for Gatekeeper in System Preferences > Security & Privacy > General, under the section "Allow applications downloaded from:"

The safest method to use is Mac App Store only. Since Apple maintains the Mac App Store and apps must be approved before they appear in the store, you have assurance that it is safe. Apps are also sandboxed, which limits the files and data they can access on the system and from other apps. The setting mentioning identified developers will allow you to download applications from sources outside of the Mac App Store, as long as Apple recognizes the developer who is offering the app (if they have registered for a developer account). The "Anywhere" setting can be used if you trust an application, but the developer is unidentified. If you need to open an application that Gatekeeper blocks, and you are confident it is trustworthy, right click and then click on Open.

Note that just because a developer is unidentified does not mean that their apps are unsafe. To get a Developer ID, one must enroll in Apple's Developer Program, which costs $99/year, and smaller developers might not be able to afford this. Likewise, just because a developer is identified does not mean that their apps are safe. Authors of questionable programs can still sign their apps with their own developer ID, or even use someone else's in theory; Apple can suspend developer IDs but this is not always a timely process.

More on MacKeeper: 
In addition to potentially causing harm to your computer, MacKeeper is a really shady program. It is developed by a company called ZeoBit (later acquired by Kromtech). Some users report the following: For starters, the "uninstaller" that is included with MacKeeper does not entirely remove MacKeeper, and remnants are still left on your computer. You will be constantly pestered to re-download MacKeeper if not all files are removed, and bombarded with pop-ups. Another tricky move they made is creating clamxav.org, which would seem like the download site from ClamXav, another competing AV program. However, the actual site for ClamXav is clamxav.com. clamxav.org, on the other hand, contained a phoney ClamXav review, and it turns out that their "Download" link was actually a download of MacKeeper, NOT ClamXav, until Zeobit finally changed it. Which brings us to the final tactic they use, which is posing as customers and writing good reviews. The majority of MacKeeper reviews out there are negative, but some people who badmouth MacKeeper have been rumored to be bribed by Zeobit to take their negative reviews down! 

Above all, if you download the "trial" of MacKeeper, it will claim that your computer is infected regardless of what's on it, even on a brand new, out-of-the-box Mac, which will require paying for the product to remove. Zeobit is facing two class-action lawsuits because of this practice.

So yes, technically, MacKeeper qualifies as malware, in the sense that malware is "a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software." Whether it is considered malware or not, MacKeeper is definitely a steer-clear piece of software.

Conclusion
Macs do not have viruses. Most malware out there is pretty lame and easy to spot. Anti-virus software for Mac, even if you find a safe program, is unlikely to pick up malware if you do manage to get infected. It is better not to install any anti-virus software, as it will bloat up your system. If something is going wrong with a Mac, some are quick to believe they have been infected, however there are several more likely possibilities. For example, email spoofing is done by hacking into mail servers (i.e. Google Mail (Gmail), Yahoo!, etc.) and not your computer, or by making it appear to have you as the sender when that is not actually the case. Third-party software conflicts may also be another cause for problems on a Mac. A slow Mac does not mean you have a virus. If you use safe web browsing practices, you greatly reduce the risk of getting malware.

Adware 
If your web browser displays ads on every single webpage you visit, this could be caused by adware. Adware is the most prevalent type of Mac malware, and the good news is, it is simply annoying, but not dangerous. Typical adware behavior could include redirecting you to an advertisement when you try to visit a legitimate website; the appearance of green, double-underlined words which display ads when hovered over; or changing your default home page or search engine. There has been a big rise in adware in 2014. Please note that this is not a virus, your data is not compromised, and this only affects your web browser. A trusted third-party program to remove adware is AdwareMedic (now known as Malwarebytes Anti-Malware for Mac). If you would prefer to remove the adware manually, see Apple's official instructions: http://support.apple.com/en-us/HT6506. The most common adware programs currently out there are Genieo (also known as InstallMac), Downlite (also known as VSearch), and Trovi. Also note that it is normal for some websites to display ads, including the double-underlined word variety. However, if you see this on most every webpage, or on sites that don't normally display them, it is probably adware. Common adware will display pop-ups or redirect you to pages promoting crapware like MacKeeper.

As a reminder, if you see a pop-up that you cannot close and claims that your computer is infected, or a similar message, see this article: A Browser Pop-up has Taken Over Safari.


 
Back to:   Submit Question: 
 Rate Article:  
https://sites.google.com/site/appleclubfhs/support/advice-and-articles/mac-viruses/rate

Article ID: AA1060


Overall User Rating: [5 RATINGS] • See the breakdown

Comments (6):
By danpage9 on 2/25/14 • Reply
There is no date on the article, don't know if it is ten years or ten months or ten minutes old.
in response to danpage9
By AppleClubSupport on 2/26/14 • Reply
We have definitely considered posting the date that our articles were last updated. However, also know that we always edit or add to our articles as needed, so the information is always current. If an article is no longer updated (meaning it's archived), it will be noted in the article.
By Anonymous85 on 9/24/15 • Reply
So, I received this pop-up that said it detected a virus and to call this 1-800 number, they asked for my serial number to check it out,then said they could not to anything to help with the virus unless I could pay.. What are my dangers with these people knowing/having access to my serial number ??

Sent from my iPad
in response to Anonymous85
By AppleClubSupport on 9/24/15 • Reply
Please see the "Related Articles" section here above, as we have an article dedicated to this scam. I would suggest filing a complaint with the FTC here. I would also go to the My Support Profile page on Apple's website and make sure that you see your Mac's serial number there. If it's there, then the scammers can't register it to themselves.
By Davlip on 11/13/16 • Reply
I tried to upgrade MacKeeper today and was told to call a number. The person was very insistent that the best way to upgrade was for her to connect directly with my computer for download!! I refused, and was then directed to the MacKeeper webpage. The installer package was downloaded after I over road a warning the package may damage the computer. The package failed to install. I would not use MacKeeper again
in response to Davlip
By AppleClubSupport on 11/13/16 • Reply
It would be a good idea to remove any traces of MacKeeper from your system, as it is entirely a scam. This article from The Safe Mac provides some good coverage: http://www.thesafemac.com/ongoing-mackeeper-fraud.