Apple’s devices are far better defended against malware and viruses than other platforms, but does that mean they don’t need anti-virus software?
No, yes, and maybe
I’ve lost track of the number of times Mac users have told me Macs don’t need virus protection because the machines are inherently more robust against such attacks.
I’ve also lost count of how many security researchers have said that Apple devices are becoming more liable to being attacked as their market share grows.
Both are right. Both are wrong.
[ Related: The iPhone user's guide to the WhatsApp hack attack ]
The nature of cyber attacks is changing. One good illustration of how the nature of these threats are changing comes in the form of the recently-revealed Intel processor vulnerability, ZombieLoad.
This flaw lets hackers use design weaknesses in Intel chips (back to 2011) to steal data from machines, including Macs.
Apple very quickly shipped security patches to protect against this vulnerability and published a detailed support document that Mac users who handle particularly sensitive data should read.
[ Take this mobile device management course from PluralSight and learn how to secure devices in your company without degrading the user experience. ]
Traditional computer security models have relied on perimeter protection – things like firewalls, virus checkers, and malware detection.
But those defenses aren’t robust enough to tackle or spot a threat like ZombieLoad.
Sophisticated, devious, dangerous
The important thing about ZombieLoad is that it shows how as platforms become more secure, attackers are exploring far more sophisticated ways to exploit devices.
They seek out vulnerabilities on a component level, and they engage in highly sophisticated phishing attacks that encourage people to click links that download malware to their machines.
These have interesting names – Roaming Mantis, for example, offered payloads that worked differently on different platforms – phishing for iOS and DNS-hijacking on Android. These attacks appear frequently, are fixed and then refined.
There have even been attempts to subvert device security before products leave the factory.
A hacker may have designed a one-off piece of malware, most likely in a standard programming language, that has only one function – to subvert security in a computer and download a more malware-infested package in the background – or to gather user data for a couple of weeks before sending it back to its command-and-control server in the middle of the night when no one is watching.
The complexity of such attacks makes it very difficult for existing anti-virus or anti-malware protections.
They may not even be aware of the code used in an attack – which means they won’t spot it.
Attackers are also finding ways to subvert things such as Wi-Fi routers and poorly secured connected home/office systems to penetrate networks.
The best defenses against such attacks include a combination of traditional permiter defenses, as well as Apple’s built-in anti-phishing tools.
What does this all mean?
Existing security protections are being bypassed by highly sophisticated exploits, some of which may have been designed to be used once and never used again.
What does this mean to an Apple user?
It means complacency is no defense.
Just because running a virus check application didn't spot anything on your device, it doesn’t necessarily mean you’re safe.
There are Mac malware “kits” available for sale on the dark web for just a few dollars.
Many don’t work well, some don’t work at all, but a few work a little – though most of these rely on a user downloading and installing code rather than traditional virus/malware attack trajectories. (Phishing)
These increasingly sophisticated attacks leave little trace and are very difficult to detect using traditional permiter protections.
We're also seeing a rapid increase in attacks against component elements of the system – Check Point claims 51% of enterprises have seen attacks launched against their cloud backup systems, proving that if an attacker can’t hack your iPhone or Mac, they might try to subvert your cloud storage service instead.
We need to use intelligence to thwart these attacks. In this case, machine intelligence.
Modern enterprises protect themselves using complex tools from the big security vendors. These security firms share attack data and develop monitoring systems that watch internal and externally bound network traffic in order to spot anomalies.
Is that little-used computer in the accounts department sending a zip file in the middle of the night over the weekend? Who to? Why?
AI is helping most platform, OS, and security vendors develop monitoring systems to watch for such events.
I imagine we’ll see platform providers develop and augment existing platform-based protections with AI-driven protection in future.
So, what about virus protection?
I hope I’ve made an argument that speaks to the diverse and