/ Technology

Apple admits it – Macs aren’t immune to viruses

Apple has removed a statement from its website which had implied that its Mac operating system was immune to viruses. If you own a Mac, did you think it couldn’t catch viruses?

Apple previously claimed on its website that the Mac ‘doesn’t get PC viruses’ and told owners they could ‘safeguard your data, by doing nothing’. ‘A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers’, the website also boasted.

For years Apple owners have been the ‘smug marrieds’ when it comes to security threats, and it is true that Macs have been less prone to malware than Windows-based PCs. But that situation has changed.

Flashback botnet changed the landscape

In April of this year the Flashback botnet infected over 600,000 Macintosh computers. Like Windows viruses before it, the botnet infected computers and lay in wait to steal sensitive information, such as passwords.

Since then the anti-virus firm Sophos has revealed that one in every five Mac computers is harbouring malware. The company took a snapshot of 100,000 Macs and found 20% of them were infected with some kind of Windows malware, which while not harmful to Macs could be passed on to and cause damage to Windows-based machines.

Sophos also found that 2.7% of Macs were infected with Mac OS X malware.

While Flashback drove a seismic shift in attitude, the change has been a long time coming. As Sophos wrote in its 2012 Security Threat report:

‘In 2011, the emergence of malware for the Mac upstaged Windows malware. There’s no doubt that the Windows malware problem is much larger than the Mac threat, but the events of 2011 show Mac users that the malware threat is genuine.’

Anti-virus protection for Apple Macs

Apple’s Mac OS X operating system claims to offer anti-virus protection. But, that protection is – again according to Sophos – limited.

It’s time Apple customers woke up to the threat of malware. However, I hope they’ll learn from the experience of Windows’ customers that it isn’t necessary to overload machines with sluggish anti-virus software in order to be safe. Equally, they should be wary of paid-for software that charges renewal costs automatically.

Apple’s new marketing message now says that the Mac is ‘built to be safe’ and ‘Safety. Built in’.

It may have safety built-in, but the best defence for Mac owners is the realisation that they aren’t as safe as they once thought.

Did you think Apple's Macs were 'immune' to viruses?

Almost - I just didn't think Macs were as likely to get viruses as Windows PCs (55%, 785 Votes)

Yes - I didn't think Macs could get viruses like Windows PCs (24%, 346 Votes)

No - I knew Macs were susceptible to computer viruses (21%, 301 Votes)

Total Voters: 1,442

Loading ... Loading ...

‘built to be safe’ and ‘Safety. Built in’ When I read that I just think typical marketing hype. The only reasons Macs have been seen as the “safer” option is purely down to the fact that there aren’t armies of hackers trying to break them like there is in the windows market.

Come the day “hehe” when there are as many macs being used in the world as windows PCs then lets see is Apple’s claim rings true.

After all Apple are the company that said there iPad was 4g compatible in numerous countries and we all know that’s only valid in the States. So they’ve already proved they don’t know what they’re talking it.

MacDonald says:
28 June 2012

Whilst I’m sure much of what William had to say is probably quite true, its tone was challenging and far from good-natured – with an unmistakable air of schadenfreude bordering on malicious envy all too typical of a growing number of PC devotees when discussing Macs.

@ _
>Whilst I’m sure much of what William had to say is probably quite true, its tone was challenging and far from good-natured – with an unmistakable air of schadenfreude bordering on malicious envy all too typical of a growing number of PC devotees when discussing Macs.

is seems for youre reply and name (Macdonald) you are harldy unbiased too

its simply time mac users realised they are becoming icnreasingly tergeted by malware and viruses too as Apple product become more popular its only a matter of time for the to be increasiinglt attacked by mailicous viruses and malware.

With Apples woefully sluggish response to the Flasback problem it causes even more concern (they refused to offer a fix until may weeks after Microsoft and Oracle had done so)

so beware, dont download or install stuff you werent expecting or specifically asked for.

LOL appologies it seems i am more in need of a spell checker than a virus scanner today – hopefully you get the message tho 😉

Dale says:
27 June 2012

Please say what the so called virus actually was, not the main system as it is virtually virus free, user error will always stop it being 100%.

The virus was through the web Java Runtime Environment, a piece of software that works within web browsers to deliver the interactive elements of websites (Picked up from unsavoury websites by any chance), not the main OSX, which is sandboxed and if users had setup the right steps in the first place they should not of been infected as shown by the proper figure of less than 270,000 initially (2.5% of 10 million sold a year alone, not counting computers already in circulation) this being no where near the millions suffering a daily bout on the PC. Ironic the the only other major Virus’s I that have affected Mac’s have been mainly through ‘Microsoft Office”.

One further note, Apple produced a removal tool free of charge and in the new OSX Lion will have a further free security tool within the software (gatekeeper), not expecting users to pay a supplement to have protection like Windows.

If Apple are guilty of anything, they were too slow to react to the Java warning.

Traceline says:
27 June 2012

“…not expecting users to pay a supplement to have protection like Windows.”

Please See:

“Microsoft Security Essentials provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software.”


MacDonald says:
28 June 2012

2nd Para – Line 4 “…in the first place they should not of been infected.”

CORRECTION: Aught to read “…should not HAVE been infected – (not “of” been…)


>One further note, Apple produced a removal tool free of charge and in the new OSX Lion will have a further free security tool within the software (gatekeeper),

pleaser check the facts first

The free removal tool you refer too was only made available many weeks, long after both Microsoft and Oracle had already released similar (FREE) fixes thus protecting their platforms from the same problem.

Apple (who control the fixes to Java on their platforms not Oracle) delayed, refusing to accept there was a ‘problem’, unitil they couldnt deny it any longer and fix was then released.

thats why it is important as you say to be careful when visiting any ‘unsavoury’ or just insecure websites, and attachments etc in expected emails etc.

Apple users just like Microsoft Google and other users simply need to be careful and not believe you are immune as you patently are not.

They are universal computing machines hence can be reprogrammed/subverted/conned through connections to other machines/devices and networks with unknown security states that can modify their behaviour in an undesired way = ever present security vulnerability.

It is the same principle as the Titanic – it was sinkable and computer systems of any hew are, in general, always at least two steps away from having their security breached in some form. The only thing is how difficult the steps are made and that is simply an ever changing and progressively more complex battle ground driven by money and power.

I have had one problem (Melissa, affecting Microsoft Word) in twenty years of using Macs. All that was needed to remove it was to bin a single file.

I have always used anti-virus software on Macs, though the main purpose is to avoid transmitting infected files from one PC user to another.

Yes there is Mac malware, but the problem is hardly serious. Mac users should be well aware that not everything that Apple says is to be believed.

I always feel that it’s just a matter of time before the full fire power of the hacker/criminal fraternity is turned on Macs. According to Wikipedia (wikimedia) Mac (rather than iPad etc) has 9.07% of the market so the question is what would happen if either this increased substantially or its proportion became a higher value target. It’s possible that the question will be eclipsed through a growing strength of mobile devices (creating a different playing field given limitations in processing power etc.), but there is nothing intrinsic to suggest that Macs couldn’t be just as vulnerable as PC’s if the effort and money is put in.

Absolutely, but I will start to worry when the problem becomes significant.

MacDonald says:
28 June 2012

My God…! – and (like most good, card-carrying PC users) it seems you really can’t wait for that to happen, can you…??? Why so much hatred for the Mac…???

Neil Jenkin says:
27 June 2012

Rather than taking a general Cassandra approach, it might be a bit more help if Which could actually take a look at antivirus software suitable for Macs of varying ages and make some recommendations: that’s what we subscribe to Which for!

Hello Neil, Which? Conversation is our place for all consumers to debate the big issues of the day. You can find our anti-virus reviews on Which.co.uk, along with some of those suitable for Macs: http://www.which.co.uk/technology/software/reviews/security-software/ Thanks.

MacDonald says:
28 June 2012

Good suggestion. But astonishing that Which? needed you to make it. Until it’s made clear that Which? nailed its colours to the PC mast, long ago…!!!

I reckon that Which? Is very positive about Macs but there was not enough in Which? Computing to encourage me to continue my subscription. That was a few years ago, though.

You are quite correct that it’s too easy (as per my comment) to be a bit gloomy and negative, but complacency can easily sets in when you start dealing with operating systems that don’t seem to be in the firing line. Macs fall into the same category as full fat Linux distributions in that they are a relatively small part of the market with better application control/isolation than windows and are used by people who are probably deemed to be very technically savvy when it comes to emails and going on-line (making some tricks used by virus/malware authors difficult to enact) – making them far less prone to attack, but not forever bullet proof.

I’m not a fan of Macs – due to propriety hardware – I have NEVER repeat Never had a virus/malware on my own PC.s since 1982. The only virus I have come across was when a child at school infected a school PC with one years ago from his own disc – A simple “lock” stopped that happening again. The fact that Macs are only 10% of computers means they are not so “valuable” a target – not they are immune. Linux is also relatively “immune” it is just far less likely to be targeted.

The self-interest of messengers of doom like Sophos leads to unwarranted headlines. The editor ought not to be so credulous. One point: “Flashback” is not a virus. It has to be loaded and is not self-generating. Here is an article that might actually be helpful: http://guides.macrumors.com/Mac_Virus/Malware_FAQ#Flashback_Trojan

PC user for 14 years.
Mac user for 5 years.
Chartered IT professional.
Still a PC user at work.

Touch wood my Mac has never had a virus.
My PC’s had plenty in their time, but all removed quickly and with no loss of data (can’t be certain no loss of privacy) thanks to A/V software, mainly Sophos.

Always keep the Mac A/V software up to date.

Never trust any advertising claims by any manufacturer.

I feel moderately confident that my Mac is safe, but that’s because I take precautions rather than because I believe adverts.

Any operating system can “pass on” Windows viruses without the non-Windows operating system getting “infected”. It is possible for someone to receive an infected Microsoft Office document and edit that document with OpenOffice, LibreOffice or any other office suite and send the infected file on. It is also possible to pass on an infected e-mail using any operating system. The viruses (or should I use the term “malware”, which refers to all threats?) do affect Windows because everyone knows that Windows has always been less secure than other operating systems.

I have always believed that Windows is insecure by design because it allows the user to do anything without security barriers in place. All security measures are inconvenient e.g. pin numbers, passwords etc. but not having the security built into Windows from “day one” has resulted in a worldwide spread of literally millions of viruses/malware which target Windows.

Don’t believe any of the glossy marketing hype from these American computer and software companies. I don’t believe their marketing and I don’t use their software – my computer never gets infected by *any* viruses/malware and I promise you that is completely true!

MacShmack says:
29 June 2012

”I always feel that it’s just a matter of time before the full fire power of the hacker/criminal fraternity is turned on Macs. According to Wikipedia (wikimedia) Mac (rather than iPad etc) has 9.07% of the market so the question is what would happen if either this increased substantially or its proportion became a higher value target. It’s possible that the question will be eclipsed through a growing strength of mobile devices (creating a different playing field given limitations in processing power etc.), but there is nothing intrinsic to suggest that Macs couldn’t be just as vulnerable as PC’s if the effort and money is put in. ”

The thing is, Mac’s are so overpriced for what you get compared to similar spec of PC that their market share won’t increase significantly. I understand using Macs, as the Macintosh part of the equation makes sense for Photoshop / Film and or music production, hpwever beyond that, I can’t see many average punters splahing out a grand for something you can buy for £350 retail

James says:
29 June 2012

I’m trying to evaluate building a Hackintosh vs a genuine Mac. Comparing with MacBook Pro Retina with an equivalent spec Sony Vaio, the Sony was more expensive, and without the high resolution screen.

Can you give me some examples of comparable Apple vs PC systems that are 3 times more expensive, with like for like hardware please?

Dale says:
29 June 2012

This old chestnut, you make a new Mac or something that can run OSX for £350, even if you built it yourself, its been tried by many a technophile and the Mac always came out value for money.

LCD TFT 13″ is £135
Processor 2.4 Core Duo is £145
Logic Board even used is over £300

Thats £580 without Aluminium Case, hard drive, CD Unit, Wifi N card, iSight camera, software that includes iLife.

Oh and it is to be super quiet, so I can use it while my wife is asleep next to me, never achieved with a Windows laptop I can tell you.

I paid £749, I think that is brilliant value for money.

PeterMc says:
29 June 2012

Why worry about viruses when you can simply install Linux. It’s free (with a completely discretionary payment option you’ll probably want to make) There’s no virus problem but there’s virus software available in case you want to be doubly certain. I don’t bother but it’s all free anyway.
Finding and installing software to do anything and everything you can think of is soooo quick and easy. And free, of course.
Linux boots or closes in half the time Windows would – less than half, I’d say.
Against Linux, I have two reservations.
1. The file and folder names seem quite different from Windows. As someone used to Windows, and before that to MSDOS, I find the system unintuitive when I need to use a file manager but that’s just because I’m still trying to do things the Windows way and it’s not necessary. It’s easier than that.
2. Some favourite programs have no Linux version, particularly games, so it may be necessary to keep Windows just to run your Bridge programs or maybe BASIC or DOS programs from away back.

I totally agree! I had to install Linux on a Netbook my wife was using as it would not have been capable of running Windows (even XP!). The Acer Netbook, was a Which? best buy, a few years ago, which should have been a don’t buy, was running a dead OS called Linpus Lite which was not updateable.

This was my first introduction to Linux and I have since installed Ubuntu on a Laptop, dual boot with XP. I now use Linux most of the time and boot into XP about once or twice per week. It was a fairly steep learning curve for a 65 year old but there is plenty of help on line for advanced features but it does require some patience and time but it is well worth it.

Unlike W7 (bloat-ware) it runs well on old hardware too.


With the App store thesedays why isn’t there an antivirus app that can be supplied and downloaded for a small fee (or even free, which would be even better) with regular updates? Weill we be needing one for the iPad as well in the future?

Not 100% sure but I suspect that unlike the android store, all apps that appear on Apple’s need to be approved by the a team at Apple before they appear on the app Store. But yes, there are several other ways you could end up with an infected apple device, although its probably just easier to get unsuspecting apple users to go to an infected website rather then trying to infect you apple device.

Try emailing your favourite AV supplier asking if they plan to release on.

Although I suspect an app like that would mean a greatly reduced battery life amongst other things.

Yes the apps do have to be approved. I was just thinking that now Apple acknowledges their products are not immune they could make available an appropriate app through the app store rather than consumers having to buy (often bloated) software packages from mainstream AV companies. Thanks

Mike says:
29 June 2012

Like many other Mac users I installed anti virus software, mainly to prevent Microsoft problems being passed onto others. I have never had a virus in the six years that I have been using Mac computers. I agree with an earlier comment that Which? does not provide enough information for Mac computers. One example is their review of AV software that does include some information for Mac users but did not review Itego VirusBarrier X6, a very popular software.

Roland Butta says:
30 June 2012

When will technical journalists or, rather, journalists who write about technology, understand the difference between a virus, a trojan and malware?

I have yet to hear of an effective viral attack on a Mac OS machine, many have been rumoured, mainly by companies such as Sophos trying to promote their own anti-virus software. In all the years I have used Macs, since the mid 1990’s, I have never come across a virus, a trojan or malware which has affected my Mac. I have had several instances of Windows OS computers being affected.

I run anti-virus software on my Mac, I am paranoid but still, no virus, trojan or malware has been found. Wish I could say the same for the Windows machines I have used in recent times.

Mac mania says:
30 June 2012

Please tell us what anti virus you run for your Mac


Technical journalists should have the skill to present information in terms that their readers can understand. Not all computer experts appreciate the importance of using simple terminology where appropriate.

Stewart57 says:
30 June 2012

Hey MacDonald – Give the man a break, anyone can make a typo as you OUGHT to know

MacDonald says:
30 June 2012

A “typo” is a spelling mistake – over which, as you say, anyone can trip. Even me.

Grammar, however, is sacrosanct – viz: only (ever) bad when delivered by those raised to believe that Walt Disney was the author of Winnie the Pooh…!!!

Hello MacDonald, Which? Conversation is a space for fast moving debate. Although spelling and grammar is incredibly important to us in our original copy, the only important thing in the comments is that you are understood. Mistakes, typos and wrong grammar are forgiveable – going off the topic of debate (Mac viruses) is not. You can find more in our commenting guidelines: https://conversation.which.co.uk/commenting-guidelines

Roland Butta says:
30 June 2012

Next, you’ll be saying that greengrocers’ apostrophes are acceptable. Standards, dear boy. Standards.

Interesting! What I would like to know though, does this also apply to Linux based PC’s? I have been running Ubuntu on my laptop and my wife’s Netbook for a couple of years or so now. From what I have read viruses written for this format are non existent although it is still possible to pass on viruses to windows users via email.

Not having to use anti-virus and anti-spyware makes a big difference in terms of speed as these windows essential applications really slow your system down.

Davy Barrett says:
1 July 2012

Very basic. Can anyone recommend a book to help a COMPLETE tyro start to use an iMac, please? Not the Dummies Guide, I’ve got it. Something even dummier!

You could try http://www.screencastsonline.com – these are Mac tutorials run by Don McAllister from Liverpool. They range from the absolute basics to the quite advanced. Some episodes used to be free, not sure if that still is the case. He also does the SCOTutor apps on the Mac App Store (they are currently unavailable as they are in the process of being upgraded).
(Disclaimer : I have no connection with Don other than being a satisfied customer).

Harmony says:
2 July 2012

I have always been a Mac user and my Mac support guy has told me that the only way a Mac can be infected is if the user is fooled into opening an attachment and installing the virus infected software upgrade or whatever. But obviously a Mac can be a carrier for unsuspecting PC users by sending a PC virus on so we do need to be responsible!
The only time I installed an anti-virus package (recommended for Macs) its crewed up my system and I had to spend money getting it fixed! But I am just buying a brand new MacBook Pro so will be taking Apple’s advice on what to do…..

The majority of computer nasties depend on some user doing something unwittingly, but the sophistication of attacks is growing and the cons get more difficult to detect. Since issues like SSL certificate theft (making people question the secure lock which is the every present token for assumed security by banks etc) and the growth of sophisticated (albeit presumed state sponsored) Malware like Flame have happened the landscape has clearly moved on. One security expert has said that he never did on-line banking in any form because he felt that the whole net system was intrinsically flawed as far as security was concerned. It might take a significant overhaul of the entire system for things to improve, but even then computers are simply universal machines whose behaviours can be changed in subtle and damaging ways and controlling this intrinsic behaviour while retaining their fundamental usefulness is the real problem.