Battle Free AV recommendation for macOS?

Compare list
Your Recommendation
In-depth Comparison






Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
I am not sure Bitdefender has a free version for macOS, but if they do, I would recommend it. :) ;)
NOT Avast for sure!
Not free:
There is a free scanner:
But more on topic, what is wrong with Sophos?
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Not free:
There is a free scanner:
But more on topic, what is wrong with Sophos?
Good question, my understanding was Sophos was tops on MacOS.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044

Paul.R

Level 17
Verified
Well-known
May 16, 2013
844
I have an macOS laptop, for me Sophos is not a good to go because slow down web page loading, slow internet speed, slow aplication start-up. By the way Kaspersky for macOS is writing by children (function doesn't work properly)

I would recommend Bitdefender Free scan even Malwarebytes Free, if you want something Paid use Bitdefender for macOS.

BUT

If you know what you are doing you don't even need a real time antivirus or an antivirus overall...

BUT

If you are paranoid you can use little snitch for another layer of security.
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
Common sense, non-Windows OS don't need real-time AV, use uBlock + BD Traffic Light in your browser.
Common sense, non-Windows OS don't need real-time AV, use uBlock + BD Traffic Light in your browser.
As long as you don't download pirated Mac OS apps .
It's a way better solution.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
I honestly don't recommend running AV software on the Mac. One of the primary reasons is that the value-add is low. Most macOS realtime scanners are just kernel extensions that try to intrusively hook on filesystem calls, and such actions can lead to deadlocks and kernel panics when updating the OS. Apple should provide a better API for scanning.

In terms of protections, the OS has many layers built in. GateKeeper is like Windows Defender SmartScreen and almost all Mac malware requires going out of your way to click through those. There is a signature based scanner built into the OS's startup procedure to look for permanently installed malware, and since the recent versions, System Integrity Protection marks those areas of the OS read-only and not modifiable unless you reboot into the recovery mode to disable this feature.

Finally, Catalina has ransomware protection built in -- it prompts you when an application (signed or not) reaches into your Documents, Downloads, and other sensitive areas of your system without you selecting a file from there via a prompt.


Overall, yes, Mac malware does exist, but a realtime AV scanner's risks IMO do not outweigh their benefits. Most macOS antimalware engines are in their infancy and they have marginal value as a static scanner, and almost no value as a realtime scanner.
 

MegenM

Level 3
Well-known
Jun 8, 2020
119
I have an macOS laptop, for me Sophos is not a good to go because slow down web page loading, slow internet speed, slow aplication start-up. By the way Kaspersky for macOS is writing by children (function doesn't work properly)

I would recommend Bitdefender Free scan even Malwarebytes Free, if you want something Paid use Bitdefender for macOS.

BUT

If you know what you are doing you don't even need a real time antivirus or an antivirus overall...

BUT

If you are paranoid you can use little snitch for another layer of security.

Yes, I use Bitdefender.
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
I honestly don't recommend running AV software on the Mac. One of the primary reasons is that the value-add is low. Most macOS realtime scanners are just kernel extensions that try to intrusively hook on filesystem calls, and such actions can lead to deadlocks and kernel panics when updating the OS. Apple should provide a better API for scanning.

In terms of protections, the OS has many layers built in. GateKeeper is like Windows Defender SmartScreen and almost all Mac malware requires going out of your way to click through those. There is a signature based scanner built into the OS's startup procedure to look for permanently installed malware, and since the recent versions, System Integrity Protection marks those areas of the OS read-only and not modifiable unless you reboot into the recovery mode to disable this feature.

Finally, Catalina has ransomware protection built in -- it prompts you when an application (signed or not) reaches into your Documents, Downloads, and other sensitive areas of your system without you selecting a file from there via a prompt.


Overall, yes, Mac malware does exist, but a realtime AV scanner's risks IMO do not outweigh their benefits. Most macOS antimalware engines are in their infancy and they have marginal value as a static scanner, and almost no value as a realtime scanner.
Yeah kernel panics are very common around Mac OS av scanners .
As long as a user doesn't install any app / pirated ones built in is more then enough with better stability and overall security.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Yeah kernel panics are very common around Mac OS av scanners .
As long as a user doesn't install any app / pirated ones built in is more then enough with better stability and overall security.
Yeah I think the kernel panics are sort of on Apple for not providing a good 3rd party malware scanning API, causing realtime scanner developers to find undocumented/creative ways to hook into the kernel, which break over time. This practice on Windows for AVs that try to push the envelope also sometimes causes BSODs when Windows is updated.

IMO compared to Microsoft, Apple is much more responsive to closing down the fundamental flaws that lead to entire classes of malware. They’ve locked down the system partition from being mountable read-write last release, and in Big Sur it’s cryptographically verified so malware cannot hide by injecting into system locations. Entire application bundles (not just binaries) are signed so you cannot design malware that injects into unsigned data. After a few successful ransomware attacks, macOS Catalina has a Controlled Folder Access style permissions prompt built into the OS, but it gives you a chance to allow/deny each unknown app from accessing documents, external media, downloads, etc at that granularity.

Compared to Microsoft, WD is awesome but the proactive safety features of WD feel like they’re an afterthought. CFA is very difficult to use. SmartScreen and other features are conceptually great but their default settings don’t deliver a high level of protection. Luckily there are a ton more 3rd party tools for Windows that are stable and add protection but there aren’t for the Mac, but I wouldn’t worry as a Mac user.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top