A Mac is not a fortress, but it has remained resistant to the worst kinds of attacks that have plagued Windows for decades and Android over the years. Ransomware and other malware seem to regularly target macOS users, but they usually require something more to come into play. We have made a misconception, or we hope something is true that is not.
So that your columnist does not seem to be looking at mere mortals, I should note that I received a text message from DHL the other day about an upcoming package. I actually had a package I expected from the UK, saw the link, and clicked on it – and three-tenths of a second later, I hastily closed the browser tab that opened. My defenses were down because I expected DHL text.
Normal DHL text looks like this:
DHL Express 1234567890 from SENDER NAME. Wednesday July 31. Manage delivery: https://delivery.dhl.com/US/adsfad Reply END to stop messages
But the one I received said something like:
Hello, man, your DHL package is trying to deliver http://98098adfadfasd.alsdfjas.com/98adf098asf0adf9
The text shouldn’t have been wrong, but my normal skepticism was an outdated expectation. As far as I know, this click was not related to a loading zero-day exploit – an uncorrected bug used for high-value targets, generally – but to an announcement. Can I interest you in beautiful beluga caviar, very inexpensive or in unbeatable leather bags? Click here.
Either way, it can happen to any of us, but we can prepare for the worst. Here’s how.
Make backups
Make backups. Make backups. I am a broken record, but it is the simplest and best thing you can do. With multiple backups, even if someone manages to corrupt your machine, infect it, or delete files, you will have a way to recover. Use the 3-2-1 strategy described in this previous column. Generally, you have a local backup, an offsite backup on which you perform a rotation and a secure online archive.
Run only known software
The main malware on the Mac is the software that you download and install. Do not click on the links in the emails to download the software. Do not accept online recommendations for software from people and sites you don’t know. Google search results are polluted at the top with bad actors, unfortunately. If you limit software installations to those of the Mac App Store and well-known developers, using downloads directly from their websites, you’ve eliminated the most risk.
Beware of adware
Although macOS has so far resisted self-installing malware, a category of applications called potentially unwanted programs (PUPs) remains a burden. This is software installed alongside a useful application, as you might think it is useful, and then rewrites the URLs in your browser or performs other activities that interrupt your computing (such as an interstitial ad full screen on your Mac!), but technically not malware. Jason Snell has written a lot about this PUP danger recently. Apple is increasingly preventing these applications from running, but they are still widely used, and I regularly receive emails from users who cannot install an application or find their pirated Safari home page. Like Jason, I also don’t recommend the routine installation of anti-malware software, as it offers little protection against the greatest risks of Mac users. However, if you regularly exchange files with Windows or Android users, antivirus software is useful for eliminating malware that you could transmit, such as a carrier, to these users if they don’t have AV software in place.
Don’t bypass macOS application protection
Apple allows developers of its program to submit and digitally sign their applications, which raises the bar a little higher than software that is not. Most people involved in the active development of free and paid software pay the money to join the program and get signed up to reassure their users. When you have an app that requires you to go through the extra steps to work around this, think twice. (There are very useful applications, usually free and updated thanks to the kindness of volunteer programmers, which are not signed. But you have to check the provenance very carefully on this small set of applications.)
Don’t click on unknown URLs
Don’t be like me (see above) and click on the URLs that appear in messages or emails unless you know the source of the message or email perfectly. I often type the URL of a known site rather than clicking to avoid being misled. Recently, the company where I rented a virtual private server (VPS) had a series of fake emails not sent by them – but which seemed scandalously legitimate – covering the Internet. Instead, I typed their URL and found the problem documented on their blog. (They hadn’t released any email addresses. It was just massive spam.)
What to do if you are attacked
If the worst happens, remember:
-
The best answer is to erase and restore from your last unassigned full backup, usually an offsite backup, but which can be a restore to Time Machine. You can spend a lot of time playing Whack-a-Mole to eliminate a problem. A net reversion is your best strategy.
-
If the attackers make the data on a disk unusable, contact an Apple consultant, DriveSavers or other companies specializing in the recovery of lost data.
-
Don’t blame yourself for being the victim of an attack. Hundreds of thousands, if not millions, of people around the world spend their days and nights trying to find your weakness. Blame them!
This Mac 911 article answers a question from Macworld reader Rick.
Ask Mac 911
We have compiled a list of the most frequently asked questions as well as answers and links to columns: read our great FAQ to see if your question is covered. Otherwise, we are always looking for new problems to solve! Send yours to [email protected], including screenshots, if applicable, and if you want your full name to be used. We will not answer all questions, we do not answer emails, and we cannot provide direct troubleshooting advice.