Sophos: Over 20% of Macs carry Windows malware but only 2.7% harbor Mac OS X malware

“A new report by security specialists Sophos suggests that as many as one in five Macs now carry Windows malware, with one in thirty six Apple computers containing Mac-specific viruses and exploits, further worrying users as they come to terms with the fallout of the Flashback botnet,” Matt Brian reports for TNW.

“According to a recent snapshot taken from 100,000 Mac computers running Sophos’ free anti-virus software, over 20% of Macs ran a Windows-specific form of malware, but only 2.7% of machines contained Mac OS X malware,” Brian reports. “Of course, this raises the issue of anti-virus software on Mac computers, something that Apple device owners have not typically had to think about in the past. Windows malware may not be able to infect Mac computers, they can still be spread via USB sticks and removable storage, potentially infecting other computers in the process.”

Read more in the full article here.


  1. over 20% of Macs ran a Windows-specific form of malware

    Ran? I doubt it.

    Carried? Quite possibly.

    Most of us carry diseases of plants and other animals, but we don’t “run” them. Incompatible systems, you might say.

    1. Saying that 20% of Macs “carry” Windows malware is a blatant misrepresentation to let the ignorant believe that 20% of Macs are also adversely affected.

      I do occasionally run ClamAV (NOT Sophos AV), only to discover every few years that someone sent me an infected Word document or so.
      Much depends though on the friends that you have. *WINDOWS* friends that is.

  2. To translate 20% of Macs have been sent infected files from windows users, these infected files have no affect on the Mac but could cause windows users problems if the file is sent to them.

    1. exactly. They are sitting in the Mail attachment archive..and totally helpless. And there are no viruses for the Mac. I don’t understand why these companies use that term (other than click bait).

  3. I can understand if said viruses were in emails and email attachments which were copied and/or forwarded to other users; but wouldn’t the virus have to actually infect the Mac in order to propagate itself through memory sticks and other removable media? If it can’t affect the Mac, then how could it spread in that manner? Seems like more wishful FUD on the part of Sophos. Again.

  4. “Windows malware may not be able to infect Mac computers, they can still be spread via USB sticks and removable storage, potentially infecting other computers in the process.”

    REALLY … How?

  5. Doesn’t this look bad on Sophos antivirus because the sample they took were from Mac running Sophos antivirus and isn’t it suppose to protect users against such thing.

    1. That’s what I was thinking. What is the point of Sophos’s free antivirus if it’s not stopping malware? Do you have to pay for the full version for it to do anything besides send statistics about your supposed malware back to headquarters?

  6. That report is so lame! Mac users have known this for years… Heck I knew this when I moved to iMac 8 years ago…. just like infected emails.
    Why should we care?? All the more reason for more people to switch to Mac OS. Why should WE buy AV software to protect stupid, ignorant windows users? Why should WE bog our computers down with clunky AV software just to protect Windows people?
    To hell with them all. They got what they deserved by sticking to M$.

  7. This is an old argument that comes up from time to time. Of course these companies want to lay the responsibility on Mac users to get some software sales. The way I see it… I got the file from some Windows user, why weren’t they more diligent in keeping their system clean?

  8. I call BS.

    The largest (BY FAR — maybe by as much as a factor of 100) outbreak of Mac malware was the recent Java hack. Multiple sources confirmed that at its peak was less than 1% of the installed base. Since that time with all the freeware and direct from Apple software to remove that hack, the percentage of affected installed base has gone down significantly.

    Therefore I, and every knowledgeable Mac user, would be shocked if the actual Mac malware in the installed base is at or above 1%.

    This clearly sounds like Sophos, as always, is just trying to scare Mac users and drum up business.

    Should Mac users routinely scan their systems for malware? ABSOLUTELY YES. Should any Mac user be frightened and react due to (or believe) Sophos’ scare tactics? ABSOLUTELY NOT.

    1. FYI:
      The worst previous Mac malware infection was due to Trojan.OSX.iServices.A-C. It was a Trojan horse that was infiltrated into Warez versions of a few different Mac apps available at Torrent websites. The result was a botnet estimated to contain 10,000 Macs. That was in early 2009.

      The worst estimate for the Flashback botnet (created by an estimated 19 different versions of the Flashback malware) was about 600,000 Macs. That is larger than the iServices botnet by a factor of 60.

      All of the Mac malware previous to the recent few Java versions of Flashback, have been Trojan horses with infections preventable by basic safe user practices. The people who infected themselves are generally considered to either be Mac newbies or to be ‘LUSERS’ who would figure out a way to become infected if not for their account administrators.

      The recent versions of Flashback have been unique in the history of Mac malware because they were drive-by infections from websites that required no user interaction. The cause of this problem was two-fold:

      1) Oracle don’t give a rat’s about Java and have allowed it to become the #1 source of third party security vulnerabilities for Mac users. Oracle don’t care.

      2) Apple’s experiment with having Oracle provide timely updates of Java for Mac OS X has FAILed. Oracle don’t care.

      My personal recommendations:

      A) Don’t install Java onto Mac OS X 10.7. Most people never need it.

      B) If you do install Java onto 10.7, or you run a previous version of Mac OS X, TURN JAVA OFF. This can be done in the Java Preferences app in your Utilities folder. Only turn it on again for critical uses, then turn it OFF when you’re done.

      IOW: Java now sucks. Avoid Java as much as possible.

      Hopefully this Java catastrophe has woken Apple up to being preemptive about Java security holes and the danger to Java users. Oracle don’t care.

  9. “According to a recent snapshot taken from 100,000 Mac computers running Sophos’ free anti-virus software” so all of these Macs in this survey had virus protection, provided by Sophos, and yet 1 in 5 still harbored Windows malware and 1 in 36 sitll harbored Mac malware. I’m not sure what this says about Sophos’ free anti-virus software.

  10. IF you’re conscientious about keeping inert Windows malware off your Mac, just to make sure you’re not sharing it with and infecting your Windows victim friends, do this:

    Download ClamXav (the Mac GUI version of ClamAV), which is FREE, install it, update it and run it on your Mac overnight. There, your conscience if cleared. AND ClamXav finds and removes most (if not all) of the 63 active Mac malware as well.

    I write about Mac-Security at:

    1. For Security Geeks Only!

      By my count, there are 80 Mac OS X malware out in the wild. However, I have decided to toss one Mac malware series into my “INERT” folder because it has become harmless. It is Trojan.OSX.RSPlug.A-Q, aka DNSChanger, aka Jahlav, aka Puter. It’s botnet has been shut down across the world.

      The resulting count of active in the wild Mac OS X malware is 63, by my count. In the future I will be reviewing other older Mac OS X malware for inert status as well.


    If a Mac receives a infected Windows file (such as a word document) it does not magically remove the Windows infection.

    Magic fail!

    This is just a story about how prevalent infected Word files are.

    But, you know, Apple is doomed!!! Sell that stock now!!!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.