Introducing security fundamentals for Mac users
Welcome to the first in a series of blog posts covering macOS security basics! The aim of this series is to debunk Mac security myths and misconceptions by providing clear, concise, accurate and up-to-date information on common security practices that can be used to better secure your Mac, keeping your sensitive data and user privacy protected.
While the target audience includes anyone new to using Apple devices and IT admins that perhaps come from a decidedly Windows environment that is now thrust into supporting macOS, it is written for anyone who just wants to gain more insight into how their Mac works to provide the best security possible. Without further ado…
“…you don’t have to deal with this stuff, Mac!”
Picture it: Earth, 2009. The Internet is crawling with malware that targets Microsoft’s OS. There’s a commercial on TV that’s part of the “Get a Mac” advertising campaign, advertising how many PC viruses there are and claiming that Apple users don’t have to worry about that because Mac doesn’t get malware.
This is a misconception. While not entirely accurate over a decade ago, one time has proven this to be completely incorrect in modern-day macOS computing. The reason for this comes down to basic economics: the more popular an item, the greater the demand and subsequent use. And the more an item is used, the larger the market share — or in the case of threat actors, the larger the pool of potential targets there is.
“2022 will surely bring a bevy of new macOS malware. So stay safe out there!” – Patrick Wardle, wrapping up his summary of the eight new macOS malware families that were introduced in 2021.
It's no secret that Apple adoption by consumers and business users in the enterprise space has exponentially grown during this time. Recently, the pandemic has thrust organizations to implement remote/hybrid work environments that rely on the usage of company-owned devices and/or the user’s personal computers to get work done. Many of these users and organizations have voiced their choice for Apple devices, like the new M1-powered MacBook Pro laptops, which were identified as the leading driver growing Apple’s market share to 11% compared to the industry average of 9.3% in 2021, according to 9to5Mac.
The real-world truth is that while Apple doesn’t command as large a market share as its PC competitors, the fact remains that Apple is still in fourth place, just behind Lenovo (23.9%), HP (20.5%) and Dell (18.1%). Not bad for being the only company that manufactures Apple devices compared to the dozens that manufacture PC devices.
Back to the future
The current state of macOS security is vastly different, with numerous threats looming over the platform from a variety of different Apple malware categories:
- RATs
- Backdoors
- Keyloggers
- Spyware
- Stalkerware
- Adware
- Crypto miners
- Worms
- Ransomware
- PUPs (potentially unwanted programs)
While the above is not an exhaustive list of malware threats, it answers the question of “Does Mac get malware?” with a resounding, “yes”. This further illustrates the point that Mac endpoint protection cannot be treated as an optional luxury but rather a necessary requirement, as a component that adds a layer of protection to your device’s security posture.
“…the number of organizations with a potentially unwanted application installed within their fleet more than doubled from 5% to 11%.”
Yes, I need some security
“Shlayer was the first malicious code to be notarized by Apple, granting it privileges to execute with default configurations…” according to the 2021 Threat Detection Report by Red Canary.
When installed, updated regularly and configured properly, good endpoint protection software is an effective mitigation practice that performs the following functions to safeguard your Mac:
- Actively monitors macOS for threats that may be running within processes
- Detects malware in macOS often hiding within files downloaded from the Internet
- Scans applications and binaries for the existence of malicious code
- Quarantines/deletes known threats (signature-based), as well as potential threats (behavioral analytics)
- Alerts users of possible threat activity detected and acted upon
- Includes detailed reporting capability to aid in triage, incident response and remediation
- Support for threat intelligence that provides extensive knowledge of current and newer threats
The features above are considered must-haves for basic macOS endpoint protection software. For IT admins looking to punch up support with enterprise-class features, they would do well to consider the following features in addition to the base features listed above:
- Support for modern security frameworks, such as CIS and MITRE ATT&CK, to align industry-best security practices with their endpoint protection management policies
- Integrations with third-party services to add a greater depth of insight through data granularity, unified logging and device management, such as SIEMs and MDM
- Achieving compliance to keep endpoints adhering with regulatory requirements through policy-based workflows
- Tailored workflows that aid IT to automate remediation, maintain regulatory compliance and reduce risk
- Customizing analytics, permitting behavioral detections to be tailored to the unique needs of your environment
- API access to securely exchange data with integrated apps and services, extending functionality
- Customer support is available as you need it, to provide your organization with assistance in troubleshooting software issues, answering knowledge base questions and/or providing training for IT
Friends don’t let friends get malware.
Jamf Protect is your Mac’s best friend, working tirelessly to keep macOS security maintained, privacy ensured and sensitive data protected.
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.