A common discussion among the IT administrators on various email lists and subreddit forums is Mac malware and whether or not you need to install security solutions when deploying a fleet of Macs. Are Macs more secure than PCs? Do Macs get malware? Do you need endpoint security software solutions? Let’s discuss in our look at Apple in the enterprise for this weekend.
About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Basic malware removal
To begin, let’s look at macOS malware. Are Macs vulnerable to security threats? Absolutely, but I’ve found them to be far less maintenance when it comes to security threats than PCs. The majority of issues I’ve dealt with over the years are related to users installing rogue Flash upgrades and rogue Chrome extensions. That’s not to say that macOS doesn’t have security threats, but in general day to day use, it’s a very secure operating system. On the occasion when I’ve had issues, I’ve relied on the free version of Malwarebytes to clean up any problems I’ve run across. I’d love to be able to purchase an “IT version” of Malwarebytes that I could run off a USB-C flash drive to remove any problems quickly.
Like I mentioned earlier, one of the common problems I run into is with rogue Chrome extensions that change the default search engine, add a lot of pop-ups, etc. These are easy to remove by visiting Chrome’s extension tab.
Full-blown endpoint security
If you are at a larger organization, you might consider running something like Jamf Protect. I was at JNUC last year when Jamf Protect was first announced. What attracts me to Jamf Protect is it builds on Apple’s endpoint security APIs. Using Apple’s APIs means that Jamf Protect works as a kextless agent and uses minimal resources on your Mac. Solutions that don’t use Apple’s endpoint security API can cause system conflicts, slow down the Mac, and create a worse user experience.
With Jamf Protect, IT administrators have a 40,000-foot view of the security of their machines and be able to verify if they are running well and free of threats. Earlier this year, Jamf added new functionality to Jamf Protect as well. It prevents the execution of known macOS malware and quarantines the applications to keep their fleet safe from infection.
Additionally, the new functionality in Jamf Protect gives IT teams central visibility of known malware infection attempts across their organization. Another new addition is a new unified log forwarding feature. The Jamf Protect agent will collect targeted endpoint records from the Unified Log and send it to an organization’s security information and event management solution. The new updates allow organizations that monitor endpoint activity for compliance reasons to gather authentication and other activity tracked by macOS into their SIEM solution. For a lot of organizations, it’s not enough to be secure but they have to prove they are secure as well.
Wrap-up on Mac malware discussion
There are two possible ways to handle macOS malware and security; you can wait until you have an issue and remove it, or proactively monitor it. Depending on your organization size, you might lean one way or the other. Thankfully, macOS is very secure by default, and Apple’s Gatekeeper and XProtect do a great job of keeping all Macs free of malware.
Photo by Scott Graham on Unsplash