As we talked about in last week’s Working Mac, you may have been led to believe that you don’t have to worry about computer viruses on your Mac. And, to some extent, there’s truth to that. While your Mac can definitely be infected with malware, Apple’s built-in malware detection and file quarantine capabilities are meant to make it less likely that you’ll download and run malicious software.
Apple introduced malware detection to the Mac OS with Snow Leopard (Mac OS 10.6). This system consists of the quarantine of any app downloaded from the Internet, the use of Code Signing certificates to verify that an app is coming from a legit source, and regular security updates that include databases of known malware targeting the Mac OS.
Because of this system, called File Quarantine and occasionally referred to as XProtect:
Apps in quarantine display a dialog window reminding you where the app came from and asking whether or not you’re sure you want to open it.
Apps with no code signing certificate, depending on your Gatekeeper settings, may display a message saying the app can’t be opened because of your settings. (For software you know is good you can bypass this by control-clicking the app and selecting Open from the resulting contextual menu.)
Apps that are known malware cannot be opened at all. You’ll be met with a message offering the option to toss the app in the trash.
And this is why Macs remain mostly virus and malware free.
To make sure your Mac malware database is always up to date you’ll want to verify that your Mac always automatically installs security updates and related system data files.
To do this:
- Open System Preferences
- Open the App Store preference
- Make sure that Automatically check for updates and Install system data files and security updates are checked.
This should keep your Mac free from most malicious software, although it’s important to note that it does not make it impossible for malicious software to be installed on your Mac. There is no software that’s able to catch everything. If new malware is released today and you download and run it today you will have done so before Apple’s databases could have been updated. So it’s always best to be wise when downloading software from unknown sources.
While it’s unlikely that your Mac will run any malware, there is possibly a more pernicious issue: You Mac could become the Typhoid Mary Windows viruses, which is to say, you could be harboring viruses on your Mac that won’t effect you, but can be problems for Windows users.
Think I’m joking? Have a look at this screenshot, taken from my Mac during the course of writing this column:
That, my friends, is a list of 30 potentially bad things that...you guessed it, were found on my Mac while I was running a test virus scan, one of which is a Windows virus. And, nope, I did not plan this, even though I did plan to write about this problem.
So, how do you keep your Mac from relaying Windows viruses to Windows users?
Why ClamXav? Because it has one job and it does it very well. It’s not too intrusive. It doesn’t try to do too much. If you’re using Apple’s Server app to host your email, it’s what Apple uses to scan incoming mail for viruses.
Once you’ve downloaded and opened the app you’ll want to set the app’s preferences, as the default behavior is to scan for viruses but not delete or quarantine them. ClamXav offers five configuration options:
- General: For setting up alerts and whether or not to scan for malware and phishing in your email messages (which is where the app found infected files on my Mac)
- Quarantine: For defining where you want to quarantine malicious files
- Exclude Files: To specify file types you don’t want scanned
- Log Files: For setting whether or not you want log files stored and for viewing them
- Schedule: For defining when you want the latest virus definitions downloaded and when you want scheduled scans to take place
Once you’ve finished your setup, click the Start Scan button and go grab some milk and cookies. Scanning may take awhile, but when it’s done you’ll know for sure your Mac is clean.