A brief & bumpy history of MacOS cybersecurity

Today we take a brief look into the history of MacOS and cybersecurity. Picture Shutterstock

This is branded content.

If you've paid attention to anything about the internet and major online corporations in the past few years you'll know cyber security is kind of a big deal. In 2023 the Australian government revealed that more than $557 million had been lost to cyber attacks being used to manufacture identity fraud. In fact, here's a list of known cyber hacks solely from the month of June 2023:

ACT government hit by cyber security breach

PwC victim of massive data hack, part of a global data breach, ASX closes up on Woolworths and CSL gains - as it happened

SmartPay investigates data breach

Russian cyber hackers compromise top-secret defensive data in historic breach

LG Energy Solutions Australia and Solar Service Guys Respond to Data Breach Allegations

Perpetual security incident spreads; client data compromised

And all of that is nothing on the massive Telstra and Optus hacks of late 2022 that affected nearly all Australians in one fell swoop.

With all of these stories about cyber hacks and data security, you might be wondering what your own personal security is like? For those of you who use Apple products such as the Macbook or Iphone, maybe you're wondering how seriously the makers of your favourite operating system take cyber security, or how protected you are and have been over the years? Well, today we take a brief look into the history of MacOS and cybersecurity.

MacOS & the first viruses

One of the first viruses in computing history was the Elk Cloner virus of 1982. It was hidden within the code of video games and infected operating systems, spreading to other computers via floppy disks. Before MacOS, Apple computers had to contend with this and other viruses. However it was not until the nVIR virus of 1987 that Apple began to take the threat of viruses seriously.

The nVIR virus, like the Elk Cloner virus before it, spread to computers via floppy disks. This virus was largely non-malicious, it would either cause the machine to beep, or, if MacinTalk was installed, it would make the computer say "Don't panic" in reference to the popular book by Douglas Adams, The Hitchhiker's Guide to the Galaxy.



However, at some point the source code of the virus was released and a sudden influx of viruses tailored to attack Mac PCs were released on the world.

In response, the first anti-virus products began to emerge - mostly commercial but some free. One notable virus known as a HyperCard virus gained fame in cyber security history for displaying this message before crashing the user's computer:

"Greetings from the HyperAvenger! I am the first HyperCard virus ever. I was created by a mischievous 14 year old, and am completely harmless. Dukakis for president in '88. Peace on earth and have a nice day."

From that time on, anti-virus software became a commercial enterprise, beginning with the free antivirus Disinfectant in 1989 created by John Norstad of Northwestern University.

MacOS & malware

However, MacOS itself did little if anything to combat viruses and malware. Little effort was put in to have the operating system itself detect, remove or otherwise combat malicious software.



This continued until 2007 with the introduction of code signatures by an Apple worker known as "Perry the Cynic". Perry's work formed the basis of early malware combative software within MacOS known as the Gatekeeper sub-system which finally got released in 2012.

Between 2006 and 2016 MacOS had to contend with a number of viruses, Trojans, worms and fake anti-security software, eventually culminating in the 2011 Flashback virus that affected more than 700,000 computers worldwide. Gatekeeper quickly became the first line of defence for MacOS from 2012 onwards, closely followed by two other pieces of in-built software designed to compliment Gatekeeper and provide added protection.

Gatekeeper worked by performing code signature checks, used to ascertain signing identity and app integrity, by sub-systems such as AMFI (Apple Mobile File Integrity). It was followed up by XProtect which blocked the functionality of certain vulnerable softwares such as Java, scanning it for known malware before letting it run.



But these scans were merely in place to alert the computer of potential threats. The actual detection and removal of malicious code was ultimately performed by the Malware Removal Tool, known simply as MRT.

MacOS & hackers

These protocols were a godsend for many users, however for many it was already too little too late. The early 2000s had been a golden period for hackers and cyber-crime as the growth of the internet and personal computers made it easy for hackers to infect multiple computers en masse.

We've already mentioned the Flashback Virus of 2011, but the early 2000s saw many major developments, including the rise of the hacker group known as Anonymous, the Albert Gonzales group of credit card hackers who obtained 45.7 million credit cards. Then in 2013 came the Yahoo attacks with more than 3 billion Yahoo accounts broken into and in 2014 a Korean state sponsored hackers emerged known as the Lazarus Group.

The MacOS security protocols came just as those new widespread threats were emerging, but more often than not it was a project spearheaded by a concerned few and was not a focal point of the wider company. For much of the early 2000s and 2010s, security was, for the most part, the responsibility of the user, and not a part of the Mac product. The Gatekeeper security checks were effective, and were updated every two weeks, but were often limited in their scope and some users learned how to either alter them or bypass them altogether - and many viruses and malware simply could not be picked up on by the Gatekeeper checks.

MacOS & cyber security

For many users and for the company itself, true cyber security was a thing for academics and the paranoid few to worry about, and back then a Master of Cyber Security or similar qualification that taught the skills necessary to fight viruses and malware was a rare thing to have on a resume.



However in 2018 MacOS introduced 10.15 Catalina, an effective replacement for the Gatekeeper system that was not so regularly updated. Then in November 2020 with the release of Apple Silicon Macs, these PCs restricted what software could be run on Mac systems at all, blocking any software that did not have a signature recognised by the Catalina system. This controversial move caused immediate backlash, and Apple was forced to reconsider this move.

Today, computer security is a concern of major companies and corporations at every level, from the individual employee to the front and backends of the system. As the world increases interconnectivity, and more and more demands are made of both computer systems and digital integration, the potential harm and exploitation of viruses and malware has increased several times over.



Mac can no longer treat cyber security as something that is in the hands of the customer, nor can they rely on the idea that commercial cybersecurity will do the job.

MacOS & today

Each new version of macOS released since 2012 has included additional features, enhancements, and modifications to improve the baseline security, but as time goes on that baseline has expanded and grown to deal with far more than simply the most common or basic threats.

