Do One In Five Macs Really Contain Malware?

This week antivirus company Sophos reported that “1 in 5 Macs has malware on it” and that “2.7% of Macs were found to be infected by Mac OS X malware” – startling results from their investigation of 100,000 Macs.

This caused an uproar in the Mac community – and some vicarious laughter from Windows users… But looking at the results in more depth, it is clear that some of the outraged readers didn’t read the whole article, or else didn’t understand what the report was saying.

All is not quite as it seems – let’s take a look at the key points:

2.7% Of Macs Are Infected By Mac OS X Malware

This is serious as it refers to actual infection by (not just carrying of) malware that is specifically targeted at Macs. Fake antivirus attacks and the recent Flashback botnet dominate these Mac threats.

This 2.7% infection rate of Macs is actually several times higher than the infection rates of Windows computers e.g. Microsoft’s latest Security Intelligence Report reveals infection rates of 0.86% for XP SP3 and less than 0.5% for Windows 7.

Whilst viruses on Windows may be harder to remove than on Mac OS X, these stats should still be of major concern to Mac users who may have thought antivirus software is only required for Windows – increasingly it isn’t. Die hard cynics might suggest that an antivirus company could exaggerate the risks to sell you their own antivirus program but Sophos don’t charge – Sophos Antivirus for Mac (Home Edition) is free and can be downloaded here.

One In Five Macs Contain Malware

This was the controversial headline of the report and the statement that caused most furore. What Sophos actually reported is that 20% of Macs were carrying one or more instances of Windows malware. Note the emphasis on ‘carrying’ – this does NOT mean ‘infected by’. Note also that it was Windows malware (NOT Mac malware) which could not infect a Mac (unless also running Windows via Parallels/Bootcamp).

The headline did state ‘has malware on’ and didn’t say that those Macs were actually infected. Whilst this lets Sophos off the hook, it does seem a classic example of link bait – an ambiguous title purposely designed to attract more publicity and visitors.

Is Windows Malware On Macs Dangerous?

If you don’t also have Windows running on your Mac then Windows malware is not dangerous – on your Mac at least. However, if it was transferred to a Windows computer (e.g. via flash drive, email or Cloud storage) then it could potentially infect that computer.

If you never share files with (or send files to) any Windows computer then I guess you don’t need to worry. If you do, it would be common courtesy to remove Windows malware before sharing files with friends or family to avoid passing on an infection – malware can reside in emails, programs, documents and even music files.

Investigation of 100,000 Macs

This number of Macs was in fact a snapshot from the “millions of Mac computers which have recently downloaded free Mac antivirus software from Sophos”.

This is not necessarily a representative sample of Macs as users who downloaded an antivirus program recently might have been worried by the publicity given to the Flashback botnet or be more worried than most about malware because they know they have not been practising safe computing.

E.g. they may have regularly used file sharing programs, downloaded pirated software, visited unsafe websites and clicked on anything that moves… In such cases it is far more likely that they will have downloaded malware.

However, the methodology used is a realistic and practical way to ascertain infection rates – Microsoft use a very similar technique to determine Windows infection rates (using the MSRT tool).


It’s a shame that the ‘one in five Macs’ title was used for the article – it may have gained more publicity but it alienated some readers and lost a certain amount of credibility by focusing on the least dangerous of the report’s findings.

In practise, the 2.7% of Macs which are actually infected should be of vastly more concern to most Mac users – good antivirus protection is no longer only an issue for Windows computers.