Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Desktops (Apple) Operating Systems Security Software Windows

Apple's Mac Computers Now Outpace Windows In Malware (vox.com) 97

According to cybersecurity software company Malwarebytes' latest State of Malware report, the amount of malware on Macs is outpacing PCs for the first time ever. Recode reports: Windows machines still dominate the market share and tend to have more security vulnerabilities, which has for years made them the bigger and easier target for hackers. But as Apple's computers have grown in popularity, hackers appear to be focusing more of their attention on the versions of macOS that power them. Malwarebytes said there was a 400 percent increase in threats on Mac devices from 2018 to 2019, and found an average of 11 threats per Mac devices, which about twice the 5.8 average on Windows.

Now, this isn't quite as bad as it may appear. First of all, as Malwarebytes notes, the increase in threats could be attributable to an increase in Mac devices running its software. That makes the per-device statistic a better barometer. In 2018, there were 4.8 threats per Mac device, which means the per-device number has more than doubled. That's not great, but it's not as bad as that 400 percent increase. Also, the report says, the types of threats differ between operating systems. While Windows devices were more prone to "traditional"; malware, the top 10 Mac threats were adware and what are known as "potentially unwanted programs."

This discussion has been archived. No new comments can be posted.

Apple's Mac Computers Now Outpace Windows In Malware

Comments Filter:
  • by gnasher719 ( 869701 ) on Thursday February 13, 2020 @05:13AM (#59723034)
    If as a Mac user you get an alert "This application was downloaded from the internet. Do you want to open it", and you didn't have any intent of downloading any application, and therefore click "No", I assume that is counted as an attack, but it fails immediately unless you are an idiot. So if we remove the cases of people just saying "No" when malware asks politely if it can infest their Mac, how many attacks remain?
    • Re: (Score:3, Insightful)

      by Opportunist ( 166417 )

      You highly overestimate the average intelligence of a person.

    • by arbiter1 ( 1204146 ) on Thursday February 13, 2020 @05:26AM (#59723052)
      The biggest flaw in Windows machines, people using Admin accounts every day for normal uses. remove the admin priv on you account 99+% of security vulnerabilities are stopped dead in their tracks cause they need admin power to do their dirt deeds. Classic IT terms are "ID-10-T" error or "there was an error between keyboard and chair"
      • by Anonymous Coward

        Remove the admin priv on you account 99+% of security vulnerabilities are stopped dead in their tracks cause they need admin power to do their dirt deeds.

        Ever since Windows Vista there's been this thing called UAC. Even users in the Administrators group (including the actual Administrator user) don't get administrative privileges in the current process until they've OK'd a UAC prompt for them. If they've turned off UAC prompts then they deserve to have their computer compromised.

        • by mysidia ( 191772 ) on Thursday February 13, 2020 @07:16AM (#59723264)

          don't get administrative privileges in the current process until they've OK'd a UAC prompt for them.

          There are multiple ways malware can circumvent UAC prompts, and still run malicious payload with privileges.
          Microsoft has an official statement that UAC is Not a security boundary, therefore it is not considered a flaw or vulnerability when malware is able to bypass UAC and escalate to Administrative privileges using the admin creds of same desktop user, see support.microsoft.com/en-us/help/2526083/.... [microsoft.com]

          One of the common misconceptions about UAC and about Same-desktop Elevation in particular is that it prevents malware from being installed or from gaining administrative rights.

          First, malware can be written not to require administrative rights, and malware can be written to write just to areas in the user's profile.

          More important, Same-desktop Elevation in UAC is not a security boundary and can be hijacked by unprivileged software that runs on the same desktop.

          Same-desktop Elevation should be considered a convenience feature, and from a security perspective, "Protected Administrator" should be considered the equivalent of "Administrator."

          By contrast, using Fast User Switching to log on to a different session by using an administrator account involves a security boundary between the administrator account and the standard user session. For more information about security boundaries, see the "References" section.

          • by AmiMoJo ( 196126 ) on Thursday February 13, 2020 @08:43AM (#59723492) Homepage Journal

            Yep, UAC is designed to make software behave better, not to offer extra security.

            Before Vista and UAC software would do what it liked with no consequences. Write files all over the place, write to the registry, change the user's settings. Vista made all that generate UAC prompts that annoyed the user, which in turn made software developers think twice before doing something that would upset their customers.

            Over time software got better and the number of UAC prompts decreased.

      • All their data is available without admin access. They can run arbitrary code. And access the Internet freely. There is autostart and similar non-root ways to keep running.

        What exactly would Admin access add to that? That only helps with the systems of computer experts who would notice changes in Autostart and unknown exectutables running. Not much though, as all private data and secrets would already be leaked, if the malware author wanted it.

        What's actually necessary, is to encapsulate all code is a separ

        • Security expert: system files are extremely important, no malware must be able to touch those! Malware may be able to delete all the user's files, but that's OK as long as the system files are safe.

          Normal user: who gives a f*ck about system files, I'll just reinstall the OS if I have to, just don't let it touch my personal stuff!

          When it comes to personal computers and laptops, I tend to agree with the normal user here. Like BAReFOot said, you don't need root to run executables and gain persistance. I think

          • by DarkOx ( 621550 )

            Security expert: system files are extremely important, no malware must be able to touch those! Malware may be able to delete all the user's files, but that's OK as long as the system files are safe.

            Normal user: who gives a f*ck about system files, I'll just reinstall the OS if I have to, just don't let it touch my personal stuff!

            And they are both right depending on context. For the home user absolutely getting Administrator/root does not matter. If I get code execution just as you, nothing stops me from sifting thru your files for CC numbers, bank routing info, passwords to online services, that video of your girlfriend shaking her tits, etc. Nothing stops me from ciphering it all and selling you the keys etc. Nothing stops me from using your electricity to mine some *coin. Oh and nothing really stops me from getting persistence,

      • by AmiMoJo ( 196126 ) on Thursday February 13, 2020 @06:25AM (#59723154) Homepage Journal

        MacOS has exactly the same flaw. Apps try to do things that need the admin password, the user gets trained to supply it without thinking. Arguably Linux is as bad, just with better trained users. How many people automatically sudo when downloading and installing new software? Do you check the repos haven't been compromised before sudo apt-get?

        The real problem is that the user isn't informed what the app is trying to do when prompted for elevated permissions. You just get some vague "allow this software to make changes to your computer?" If it was more like mobile apps where it says "allow this app to start when you boot up" and "allow this app to install a browser extension" people might be a bit more selective. Also it's typically all or nothing, if you click no the app doesn't work at all.

        • Re: (Score:2, Informative)

          by NoMoreACs ( 6161580 )

          MacOS has exactly the same flaw. Apps try to do things that need the admin password, the user gets trained to supply it without thinking.

          However, unlike Windows, that is constantly whining about "You need Administrator Privileges to Access this..." and then helpfully supplying a "Click Me for Admin Privs" button, macOS Applications pretty much only ask that once, during Install. And I frankly can't remember the last time I was asked that; because very few classes of Applications need to muck about in "dangerous" areas, anyway.

          I do agree, however, that in either case, it is an established fact that, other than a completely Walled-Garden, whic

          • by AmiMoJo ( 196126 )

            Windows is the same, any half decent app might ask once during installation, that's it.

            If MacOS doesn't ask when doing things like changing system settings within the app then that's a flaw, not a good thing.

        • Apps try to do things that need the admin password, the user gets trained to supply it without thinking.
          This is extremely rare and you usually can judge if the software really needs it.

          How many people automatically sudo when downloading and installing new software?
          Software is usually installed locally without the need of sudo ...

          The real problem is that the user isn't informed what the app is trying to do when prompted for elevated permissions. True.

        • by Anonymous Coward

          Arguably Linux is as bad, just with better trained users. How many people automatically sudo when downloading and installing new software? Do you check the repos haven't been compromised before sudo apt-get?

          While not completely unknown, repo compromises (at least of official repos of mainstream distros) are very, very rare.

          • While not completely unknown, repo compromises (at least of official repos of mainstream distros) are very, very rare.

            That you know of.

            Fortunately, by default, Macs have Secure Boot enabled by default; so with that on, a compromised OS Update would have to be legitimately signed by Apple to be allowed.

            There are 3 Levels of Boot Protection available. The default is Fully Secure, and the bottom setting is essentially âoeYouâ(TM)re the Boss!â. So, it is the best compromise between MSâ(TM)s wannabe Linux-Killer Trusted Computing bullshit, and Linuxâ(TM)s âoeWe donâ(TM) need no steenking Prote

        • Apt-get is automatically checking security credentials. You need key rings to add new repositories

      • Classic asshole admin : blaming and insulting users for badly designed system. It is because of those admins that we have users afraid to come and say "I think I made a mistake" or "I don't know what to do"... You what would allow us to avoid problems or react soon enough... Idiots are in IT dept. Idiots and assholes !
      • I'm sure this opinion is very popular on Slashdot, but any serious UI designer knows that computers are largely designed by people who mostly design what interests themselves.

        For HOW many years have Windows applications been demanding admin privileges by default? How much information does your tyipcal smartphone app require to run? HOW long have you had to log into root or type "sudo" to do anything on Linux?

        Yeah, everything is the fault of those stinkin' users. Maybe they should just all go away.

      • by labnet ( 457441 ) on Thursday February 13, 2020 @02:56PM (#59725100)

        Well, historically at least, windows was nigh unuseable if not logged in as admin if you were a power user.
        Windows was never historically designed with a security model mindset.

      • AKA PEBKAC: Problem Exists Between Keyboard And Chair...
    • by samdu ( 114873 )

      Also, if you get the "Adobe Flash needs to be updated" in a browser popup window, close the popup and get off that site. The only legit Flash update screen is produced by the Flash preference pane.

    • by AmiMoJo ( 196126 )

      Windows does the same thing. Downloaded files are marked as such and a security warning is produced when you try to open them.

      There are ways around it on both platforms. For example putting the executable inside an archive. The archive will be marked as unsafe because it was downloaded, but not the executable inside it.

      • It depends on how you un-archive the file.

        If you use the built-in Windows unzip tool to un-archive the file without first "unblocking" the archive, the file stream marking the files as originating from an untrusted zone is preserved for all unpacked files.

    • If as a Mac user you get an alert "This application was downloaded from the internet. Do you want to open it", and you didn't have any intent of downloading any application, and therefore click "No", I assume that is counted as an attack, but it fails immediately unless you are an idiot. So if we remove the cases of people just saying "No" when malware asks politely if it can infest their Mac, how many attacks remain?

      Precisely ZERO.

    • When asked the question, people want to answer yes.
      This is the problem during the 1990's and early 2000's with Active X and Microsoft "Trusted" Security (made really popular in Vista)
      When you get alerts when you do something, you normally say Yes I want to this, otherwise why would I click the button.

      1990's Active X controls were a huge offender. You wanted to see this web site, in 3d, with sound, vector graphics.... You needed to download an active X control, which may include a prerequisite. So people wo

    • If as a Mac user you get an alert "This application was downloaded from the internet. Do you want to open it"

      Mac users don't always get this alert. If you're on social media and you click on an image to open it, the Preview app should open the image. I have found some images that actually download a dmg install file when you click on it - no alert, no Preview app opens. Only the animated projectile effect of a download on the screen is any alert. That is a red flag that leads me to examine my download

      • Mac users don't always get this alert. If you're on social media and you click on an image to open it, the Preview app should open the image. I have found some images that actually download a dmg install file when you click on it - no alert, no Preview app opens. Only the animated projectile effect of a download on the screen is any alert. That is a red flag that leads me to examine my download folder and bingo there is the suspicious dmg. Delete the dmg file then empty the Trash icon to delete it forever.

        Did the .dmg get executed, or simply downloaded?

        If it got executed, you would get the Prompt. Period. No âoesettingâ will defeat that.

        But if the .dmg is simply downloaded, then it simply cannot do any harm, and a Prompt at that point would simply be confusing to most Normals.

        Safari has always had a âoeOpen Safe Files After Downloadingâ Setting, and the default was âoeYesâ; but that still would cause the âoeThis was Downloaded from the Internet...â First-Run Prompt; so

    • My lovely wife persists in falling for the old "Your copy of Flash is Outdated, Click Here to Update" scheme. The good news is that I have become an expert on malware removal on the Mac.
    • by mjwx ( 966435 )

      If as a Mac user you get an alert "This application was downloaded from the internet. Do you want to open it", and you didn't have any intent of downloading any application,

      Of course the Mac user opens it... After all the Mac automagically protects them from all evils and dark thoughts. The Apple adverts told them so.

      Given the kind of person who buys a Mac, I'm not surprised that there is malware on Macs are more successful. If you're writing Malware, you really want to target the most gullible of users. If someone is going to pay 3 or more times as much for a computer than the competitors just for a badge... AND then argue that they didn't overpay then as a malware writer the

    • I'd say more than half the malware installed was done by an idiot clicking something they should not have.

  • by Pinky's Brain ( 1158667 ) on Thursday February 13, 2020 @05:52AM (#59723086)

    If they add a compositing engine and route all keyboard/network traffic through the secure enclave, they could separate a huge amount of important information from the main OS.

    The Tx could handle all the menus to enter/autofill passwords in Safari, completely outside the x86 code base. A compromised browser could request you to re-enter them, but it would still limit the impact of exploits.

    The Tx could also composite windows on the screen with payment information for any online payment the secure enclave signs to stop MITM attacks there.

    Intel SGX and the AMD equivalent is completely useless as long there is a new sidechannel attack being published every week for x86 processors, but likely only the NSA and their equivalents in Russia/China wil be able to examine and try to exploit Tx code. So the more code in there, the harder the Mac becomes to hack.

    • by AmiMoJo ( 196126 )

      The more complex you make the TX the bigger the attack surface and the more likely it is to be abused. Handling network traffic, for example, means it has to have a robust network stack that can handle arbitrary packets without fault. Not just without things like buffer overflows, but without leaking information through timing attacks or because it starts to misbehave under excessive load.

      Plus it would have to be quite a powerful chip to handle the two 10G ethernet ports on the Mac Pro.

      Most of this malware

  • by aaarrrgggh ( 9205 ) on Thursday February 13, 2020 @05:55AM (#59723096)

    That does it, I am replacing my iMac Pro with a raspberry pi. Should I change the default password, or just don’t install this “malware bites” software?

  • FUD (Score:5, Informative)

    by Ecuador ( 740021 ) on Thursday February 13, 2020 @06:17AM (#59723136) Homepage

    You only need to install anti-virus software on a Mac if it is used by really careless or non-technical users. If you go to page 25 of the report you can see a list of the Mac "threats". The first one is a browser extension that you have to install. The second is a program you install after getting that popup "Your Mac needs cleaning, download Mac-something PRO". The rest are variations of stuff you have to install yourself after being duped and sometimes even require you going to the security & privacy settings to explicitly allow the malware to be installed because Apple makes it really hard for you to install stuff outside the app store. For a savvy user, adding the anti-virus on top of Apple's draconian limitations can only cause extra issues... I am getting an anti-virus installed on my dev Mac soon (for the first time in my 15+ years of developing on Mac/Linux), because some clueless sysadmin recommended it to my managers. Hopefully the anti-virus flavour they chose won't be too disruptive :(

    • Comment removed (Score:4, Informative)

      by account_deleted ( 4530225 ) on Thursday February 13, 2020 @06:47AM (#59723196)
      Comment removed based on user account deletion
      • ...if you put a USER in front of the keyboard, all the security in the world simply isn't gonna help.

        FTFY
        People will screw up. Some sooner than others.

      • Exactly. Years ago, I went to my sister's for Thanksgiving and being the "family member who knows computers", I was asked to clean up her virus ridden computer. Fine, I thought. So I installed and ran some anti-virus tools and took care of the problem. Then I installed a firewall to increase her security. A few months later, she called me to tell me that she needed me to clean out her computer again the next time I visited. I asked how her computer could have gotten infected with the security software I ins

    • by jeremyp ( 130771 )

      I had Avast (free version) installed on my Mac for years because my company had to tick the "everybody's got AV" box for some ISO standard. I disabled its real time scanning option and just had it run a scheduled scan once a week. I hardly noticed it after that.

      I eventually ditched it when I upgraded to Catalina because I thought it was causing a bug with the captive portal app. It turned out it wasn't the fault of the AV, but I haven't put it back yet.

      The problem with AV software is you have to give it low

    • Hopefully the anti-virus flavour they chose won't be too disruptive :(

      Funny story...my company just rolled out Catalina to all employees and the Symantec Anti Virus software they distribute is labeled by Apple as a vulnerability....but back to the topic...

      The second is a program you install after getting that popup "Your Mac needs cleaning, download Mac-something PRO".

      I blame Google on this one. Thanks to endless commercials on TV and online about their upcoming tour, I was reminded how much I love the German-language band Rammstein...a pretty mainstream band, but I don't speak German, so I have found myself looking up translations to these songs. (pro tip...prepare for disappointment o

    • by AmiMoJo ( 196126 )

      And yet there is apparently more of that stuff on Mac than on Windows now, which suggests that somehow despite there being far fewer Macs out there than Windows PCs they are a more attractive target.

      There are many possible explanations.

      - MacOS is easier to exploit, i.e. the warning messages are less clear or more likely to be ignored
      - Mac users are complacent and think they can't get viruses
      - Mac users earn the malware author significantly more money per infection
      - Windows users are better protected by anti

      • And yet there is apparently more of that stuff on Mac than on Windows now, which suggests that somehow despite there being far fewer Macs out there than Windows PCs they are a more attractive target.

        It seems you didn't read properly. They counted attacks, not infections. And all the infections could be easily avoided by clicking "no" when you managed to download malware that you never wanted and are asked whether you want to run it.

    • Regardless of HOW the malware is install, it still has to be mitigated.

      I am not sure what your point is. It is certainly not insightful or original.

  • Really..... (Score:4, Interesting)

    by bsdetector101 ( 6345122 ) on Thursday February 13, 2020 @06:37AM (#59723176)
    While Windows devices were more prone to "traditional"; malware, the top 10 Mac threats were adware and what are known as "potentially unwanted programs." Big difference..... Also beware the Source ! Malwarebytes - they are the only one reporting this ! Crying wolf to increases their business !!!
    • The days of "traditional" malware on Windows are a distant memory. Nowadays, almost all malware on the Windows platform is adware. So, it sounds about the same to me.

  • Oopsie (Score:5, Funny)

    by AndyKron ( 937105 ) on Thursday February 13, 2020 @07:22AM (#59723268)
    Apple malware: It just works
    • Actually, it doesn’t. My wife keeps downloading the same unwanted browser extension/app every few months (its name changes, but it’ll be things like UltraSearchApp or the like) to her 2012 MacBook Pro. This last time, she became aware of the infection after she was told the OS had denied network connectivity to the app, effectively rendering it inert.

  • by mysidia ( 191772 ) on Thursday February 13, 2020 @07:34AM (#59723290)

    Malwarebytes said there was a 400 percent increase in threats on Mac devices from 2018 to 2019, and found an average of 11 threats per Mac devices, which about twice the 5.8 average on Windows.

    Ok.. So the number of malicious programs targetting Macs in the wild increased from like 4 to something like 16 ?

    And they found 11 threats/device from people who use Malwarebytes on Macs.

    I suppose that makes sense; the people who become they have malware on their macs are likely to be the people who install Malwarebytes, but most Mac owners probably never consider using their software, so they should expect to have heavily biased data.

    Also; the system security features in current versions of OS X that segment and restrict applications are huge.
    It is misleading: this whole idea of just "counting" numbers of threats, before making sure it is an Apples to Apples comparison... for example Adware should not be counted in the same bucket as Malware and crimeware.

    Potentially unwanted programs that compromise the operation of a single app or cause some inconvenience or have privacy concerns should not be lumped in the same bucket as malware that can deliver an arbitrary payload later or steals files or data or functions as a Ransomware, Keylogger, or RAT, etc.

    • by AmiMoJo ( 196126 )

      The other problem with this data is that there are lot more Windows boxes than Mac machines out there. So when a malware author targets Mac they are going after a much smaller market.

      MacOS is at about 15% market share so if the ratio of malware produced for Mac/Windows was 1:1 that would mean MacOS is about 6.6x more attractive as a target than Windows. One infection on Mac is worth 6.6 infections on Windows, in monetary terms. That could include the cost of writing the malware, e.g. buying zero-day exploit

  • by syn3rg ( 530741 ) on Thursday February 13, 2020 @07:49AM (#59723310) Homepage
    "Phrase not found"
    • The only reason Linux isn't inundated with malware is the same reason it took so long for Apple's devices to become inundated. The whole point of most malware is to either 1) show you ads, or 2) collect information about you so they can show you ads.

      Until recently, Apple machines weren't popular enough to be worth the time for hackers to build this adware specific to the platform. They went where they got the largest bang for the buck. Now that Apple has risen in popularity, the financial incentive is great

      • There's lots of Chromebooks in the hands of idiots. And there's quite a few "EZ Senior PCs" in the hands of senile old farts, and they run Linux. So where's the flood of malware infecting them?

  • by v1 ( 525388 ) on Thursday February 13, 2020 @08:22AM (#59723416) Homepage Journal

    This isn't an independent report, it's from Malwarebytes , a company that profits from people buying anti-malware software.

    Who better to exaggerate the issue?

    Sure, there's malware for the mac. (and for web browsing users in general, on any platform) but I haven't seen an increase. I've only ran into three cases on campus here in the last four years, none of them recently. (and all of those I manually identified and removed personally - I just happened to look at the symantec logs two weeks ago, and was unable to find ANY log of action taken on ANY of the mac here at any point in the past...)

    It looks to me like they're trying a little jumpscare to generate a bump in sales. Can't blame them for that I suppose, but people need to recognize it for what it is, and take it with the grain of salt it deserves.

  • by geekmux ( 1040042 ) on Thursday February 13, 2020 @08:29AM (#59723436)

    It's not surprising to me to find Malwarebytes talking about some massive increase of "infections" based on a considerable increase of OSX downloads for their product. This is also the same product that is counting Potentially Unwanted Programs by the hundreds.

    Not saying we don't appreciate an anti-malware vendor helping out society as a whole, but validate the often exaggerated metrics first. Then we can start talking about which OS is "worse".

    Also, see botnet sources.

  • "Kill all humans" - Bender, Futurama. It would stop the virus writer in their tracks. It would stop the idiot users clicking yes to everything without reading even thinking about it. It would stop the criminals from being able to exploit anyone. just one little side effect....
  • With Windows 10, the operating system IS the malware. All the nasty stuff a user gets duped into installing is just icing on the cake.

  • Apple's new motto: "Malware: It Just Works"

    I applaud the Apple engineers and their supportive community for reaching this milestone!

  • Next year will be the year of the linux PC. Let's start writing malware for it now :) :) :)
  • My googlechrome (one word) told me flash wasn't going to work anymore. I got a pop up saying I need to download a newer flash player, so I downloaded it and installed, but googlechrome still says flash isn't going to work, and now I get redirected to hotnewsearch.cc every time I try and use google.

    The details change a bit, but that's the basic gist. The fact the account they are on doesn't have admin rights doesn't matter since they have the admin password, and don't understand computers as evidenced by the

  • Long time mac user, and after switching from Android to iPhone I feel like the Mac and iPhone work together to protect me whether it is face id unlocking passwords or limiting the folder an app can use. I also feel like Apple has a very strong stance on trying to reduce tracking.

    Some requests to Apple:

    1) I think it is too difficult currently to say "I want this app to use this folder". I sort of figured it out recently but I also see apps useful to developers saying they require you to allow access to your

  • "Confidence breeds distraction and that is when one is most vulnerable." -- Baron Vladimir Harkonnen (Dune Miniseries; 2000)

    I'm sure that quote came from somewhere else, but that's where I first heard it.
    "Macs don't have viruses." User base is small; they're not a valuable target.
    "iPhones are popular." Viruses and Malware incoming...
    The Fappening ensues. (cue whining about security)
    PC/Windows users laugh, having been baptized in fire many years ago.
    Linux/Unix/IRIX/Solaris/BSD/etc users don't feel a thing.

Be sociable. Speak to the person next to you in the unemployment line tomorrow.

Working...