Gandalf_The_Grey
Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,189
Introduction
It is an often-heard view that macOS computers don’t need antivirus protection. Whilst it is certainly true that the population of macOS malware is very tiny compared to that for Windows and Android, there have still been many instances of macOS malware getting into the wild. Moreover, Apple Mac security needs to be considered in the wider context of other types of attacks.
Apple ships some anti-malware capabilities within macOS: Gatekeeper, which warns when apps without a digital signature (i.e., not certified by Apple) are run, and XProtect Remediator, which checks files against known-malware signatures and remediates infections if malware makes its way onto the Mac. These features are essentially invisible to the user, other than configuration options and alerts. System and security updates are installed automatically using the macOS update process.
macOS includes other features which secure and harden the system. For example, Sandboxing isolates apps from critical system components, user data, and other apps. Sandboxed apps (e.g., downloaded from the Apple App Store) run in an isolated context where they cannot access areas outside of it and thus cause damage. This does not protect you from malware but limits what it can do.
Since macOS 10.15 (Catalina), apps require explicit permission to access user files and other sensitive information (e.g., camera, microphone, logs). Additionally, macOS system files and user data are stored on separate disk volumes which makes it more challenging for malware to cause problems with the system.
The effectiveness of Apple’s built-in anti-malware features have been questioned, however, and some security experts recommend strengthening the defences by adding in a third-party antivirus solution. There are many good reasons for this. Firstly, the approach taken by Apple might be adequate for well-established malware but might not respond quickly enough to emerging threats. Secondly, you might want a broader base of malware evaluation. Thirdly, macOS is not immune to bugs.
Some AV programs designed for macOS can also detect malware aimed at other operating systems (e.g., Windows, Android). In a scenario, where malware is inadvertently passed on from one operating system (e.g., Windows) to another (e.g., macOS) using an USB stick, even if the latter machine is not at risk, you might well benefit from effectively handling such threats.
Additional browser extensions and network monitoring functions can identify potential phishing websites. Readers should note that Mac users are just as vulnerable to phishing attacks as e.g., Windows users, as phishing sites deceive the user rather than alter the operating system.
Other programs might offer VPN (virtual private network) capabilities which can be useful when you need to operate your computer in an untrusted environment or a public location such as an Internet café, where the integrity of the connection is uncertain. You might also opt to utilize third-party tools for parental control instead of relying solely on macOS’ built-in features, if you believe this is more appropriate to your family needs.
Experienced and responsible Mac users who are careful about which programs they install, and which sources they obtain them from, may well argue – very reasonably – that they are not at risk from Mac malware. However, we feel that non-expert users, children, and users who frequently like to experiment with new software could definitely benefit from having security software on their Mac systems, in addition to the security features provided by the macOS itself.
In general, there are only a limited number of anti-malware products for macOS available on the market. As already mentioned above, the reason being that the threat landscape of macOS is very tiny compared to that of Windows and, therefore, Windows users are more likely to be attacked than Mac users.
Through our yearly Mac testing, we have found that the vendors being evaluated demonstrate a commendable commitment to threat research and continuous product improvement. Their efforts are focused on providing effective security solutions that safeguard Mac users against the ever-changing and potentially rapidly evolving Mac threat landscape. We strongly encourage other security vendors to actively participate in third-party tests to ensure their products meet the current standards and expectations.
Readers who are concerned that third-party security software will slow their Mac down can be reassured that we considered this in our test; we did not observe any major performance reduction during the course of the test with any of the programs reviewed.
As with Windows computers, Macs can be made safer by employing good security practices. We recommend the following:
- Do not use an administrator account for day-to-day computing
- Use secure passwords (iCloud Keychain) or passkeys (biometric identification such as Touch/Face ID) and enforce multi-factor authentication wherever possible
- Deactivate any services such as Airport, Bluetooth, or IPv6 that you don’t use
- Be careful about which programs you install and where you download them from
- Pay attention when granting programs permissions to sensitive system areas or information
- Be wary of opening any links that you receive via e.g., email
- Keep your macOS and third-party software up to date with the latest patches
Test Procedure
The Malware Protection Test checks how effectively the security products protect a macOS Ventura system against malicious apps. The test took place in May 2023, and used macOS malware that had appeared in the preceding few months. We used a total of 309 recent and representative malicious Mac samples.
In the first half of 2023, thousands of unique Mac samples were collected. However, this figure included many samples which could be classified as “potentially unwanted” – that is, adware and bundled software – depending on interpretation. Many samples were often near-identical versions of the same thing, each with a tiny modification that just creates a new file hash. This enables the newly created file to avoid detection by simple signature-based protection systems. There were in fact almost no new families, and only a few really new variants, of true Mac malware seen in 2023. Some of these will only run on certain macOS versions. After careful consideration, we ended up with 309 Mac malware samples to be used in the test. We feel these reflect the current threat landscape, even if the sample size seems very small compared to what is commonly used for Windows. As most Mac systems do not run any third-party security software, even these few threats could cause widespread damage. Precisely because a Mac security product only has to identify a small number of samples, we would expect it to protect the system against most (if not all) of the threats, so the protection rate required for certification is relatively high.
To prepare for the test, the macOS systems were updated and imaged, with no further OS updates applied afterward. Each security product was installed on a fresh image of the machine, and its definitions were updated to May 16, 2023. Throughout the test, the Mac systems remained connected to the Internet, enabling the use of cloud services. To begin, a USB flash drive containing the malware samples was inserted into the test computer. Some antivirus programs recognized some of the samples at this stage. We then performed a scan of the flash drive, either from the context menu or the main program window, and any detected samples were removed. Samples that were not detected by the real-time protection or scan were copied to the Mac’s system disk and executed, providing the security product with a final opportunity to detect them. Along with testing for Mac malware samples, we evaluated the products for false positives by testing a set of clean Mac programs, and none of the programs produced any false alarms.
Testcases
To address the rising number of potentially unwanted applications (PUAs) on Mac systems, we conducted an additional test to evaluate the detection capabilities of the products. Specifically, we assessed the detection of 712 Mac PUAs using the same testing methodology described for malware detection.
Many Mac security products assert that they can identify both Mac and Windows malware to prevent the user’s computer from transmitting harmful programs to Windows PCs. To test this claim, we evaluated if the Mac antivirus products can detect prevalent and current Windows malware samples. We used 500 samples and followed the same procedure used for Mac malware detection, excluding any undetected samples since Windows programs cannot be executed under macOS.
Full review:Test Results
The table below shows protection results for the products in the review. We would like to point out that while some products may sometimes be able to reach 100% protection rates in a test, it does not mean that these products will always protect against all threats. It just means that they were able to detect 100% of the widespread samples used in this particular test. We do not round up scores to 100% if there are misses. Programs with a score of 100% thus had zero misses.
Product Mac Malware Protection
309 samplesMac PUA Protection
712 samplesWindows Malware Detection*
500 samplesAvast Security Free for Mac 100% 99% 100% AVG AntiVirus FREE for Mac 100% 99% 100% Avira Prime for Mac 99.0% 99% 100% Bitdefender Antivirus for Mac 99.7% 98% 100% CrowdStrike Falcon Pro for Mac 100% 98% 89% Intego Mac Internet Security X9 99.4% 97% 100% Kaspersky Plus for Mac 100% 99% 100% Trellix Endpoint Security (HX) for Mac 99.7% 99% 100% Trend Micro Antivirus for Mac 100% 99% 100% * Detection of Windows threats on Macs can be seen as discretionary. Some products do not include detection for non-Mac threats or have limited detection capabilities due to technical constraints
Mac Security Test & Review 2023
Read the Mac Security Test & Review 2023 to learn how well Mac security software products can protect against Malware
www.av-comparatives.org
PDF download: