One in five Macs 'infected' with malware is inaccurate

One in five Mac systems having malware is testament to the prevalence of Windows-based threats, and does not mean that one in five is "infected."

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
3 min read

Recently security company Sophos released a report that claims one in five Mac systems has malware on it, after receiving data from about 100,000 snapshots of systems that have installed its free Mac anti-virus software. The analysis of these snapshots suggests that 20 percent of Mac systems has at least one instance of malware on it.

This may sound concerning, especially in the face of the Flashback malware and other recent news of threats on OS X; however, do not read this as a new development regarding new malware on the Mac. The malware in this finding that makes up this 20 percent figure is mainly for Windows-based systems.

As a result of this, any interpretation of this as one in five Macs being infected with malware is misleading. The keyword here would be the notion that the presence of any malware indicates the Mac is "infected," which implies the malware is active and performing malicious behavior (stealing information, breaching security, or changing the system).

In most cases, Mac systems containing Windows malware have received e-mail spam, or malicious Web browser cache and cookie information that is identified as Windows malware, and which resides in the user's inbox until deleted. Being Windows-based, this malware will not run in OS X, so Mac users who find it should not have to worry. Unfortunately many anti-virus utilities do not distinguish for the user which malware is a true threat to their systems, and instead claim that a threat has been found regardless of whether it is for Windows or for the Mac.

The more alarming statistics from Sophos' findings is that approximately 1 in 36 Mac systems (2.7 percent) were found to have true OS X-based malware on their systems. Of these systems, the majority were infected with the recent Flashback malware, but others have also been found including FakeAV (MacDefender and its variants), and RSPlug (the DNSChanger botnet).

Sophos' analysis shows the majority of Mac-based malware found is from Flashback, and this total comprises 2.7 percent of Mac systems instead of 20 percent. Sophos

These numbers follow reports that despite efforts to tackle the Flashback malware, its infection rate in OS X still continues to remain high. However, the statistics reported by Sophos are a bit higher than those estimated by other companies and suggests there might be a skew in Sophos' findings.

Currently, there are an estimated 600,000 Mac systems infected with variants of the Flashback malware, which is around 1 percent of all Mac systems worldwide. Sophos' claims that of this 2.7 percent figure, 75 percent is from Flashback, which translates to an estimate of 2 percent of all Mac systems being infected with Flashback--a clear discrepancy from other findings.

While the idea of one in five Mac systems being infected is an incorrect number, it does point to the fact that regardless of the target platform, the malware is being allowed to reside on Mac systems and therefore increases the potential for Windows systems to be affected by it.

There is also the looming possibility that following the recent increases in Mac-based malware, the criminals who use e-mail spam as a means of distribution will start using this means to target Mac users more. If one in five Mac systems is currently able to get Windows-based malware on them, then it is also possible that one in five could potentially get Mac-based malware if it is distributed through the same means as the Windows threats.

Because of this, you can help stem the existence of malware and help protect against future malware by installing a malware scanner on your system and periodically having it check your system. Even if your Mac never gets a Mac-based threat, the chances are higher that you will run into a Windows-based threat and being able to target and remove it will help everyone out.

Questions? Comments? Have a fix? Post them below or email us!
Be sure to check us out on Twitter and the CNET Mac forums.