AV-Comparatives Mac Security Test & Review 2021

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Introduction
It is an often-heard view that macOS computers don’t need antivirus protection. Whilst it is certainly true that the population of macOS malware is very tiny compared to that for Windows and Android, there have still been many instances of macOS malware getting into the wild. Moreover, Apple Mac security needs to be considered in the wider context of other types of attacks.

In addition, it should be noted that Apple themselves ship some anti-malware capabilities within macOS. Firstly, there is “Gatekeeper”, which warns when apps without a digital signature are run. Then there is “XProtect”, which checks files against known-malware signatures. Finally, Apple provide the MRT (Malware Removal Tool). Gatekeeper and MRT are essentially invisible to users and have no direct user interface for the user. System updates are installed automatically using the update process. The effectiveness of Apple’s built-in anti-malware features have been questioned, however, and some security experts recommend strengthening the defences by adding in a third-party antivirus package. There are many good reasons for this. Firstly, the approach taken by Apple might be adequate for well-established malware, but might not respond quickly enough to emerging threats. Secondly, you might want a broader base of malware evaluation. Thirdly, macOS is not immune to bugs.

Some vendors’ macOS security products can detect malware aimed at other operating systems too. Hence an AV program on your macOS computer could effectively handle Windows and Android malware as well. There are scenarios where you might well benefit from scanning for such threats. For example, if you are given a USB stick of photos by one friend, who asks you to make a copy for a second friend. They both use Windows, but you are using a macOS computer. There is Windows malware on the USB stick, and you make a copy of all the files. In this scenario, it is useful to be able to ensure that malware is not inadvertently passed on from one friend to another, even if your own machine is not at risk.

Mac security programs can offer other capabilities too. For example, browser extensions can identify web sites which are potentially phishing locations. Readers should note that Mac users are just as vulnerable to phishing attacks as users of e.g. Windows, as phishing sites function by deceiving the user rather than by altering the operating system or browser.

Other packages might offer VPN (virtual private network) capabilities which can be useful when you need to operate your computer in an untrusted environment, or a public location such as an Internet café, where you are not sure of the integrity of the connection. You might also want to replace macOS’ built-in parental control capabilities with third party tools, if you believe this is more appropriate to your family needs.

Before purchasing a Mac security solution, you also need to decide on the size and scope of the protection you wish to deploy. It might be for a single computer, or for a laptop and desktop. Or you might have a family environment. There might be a mixture of macOS laptops and desktops, but also other devices too like Windows desktops and laptops, along with iOS and Android phones and tablets. For this environment, a broader and more flexible licensing package might well be appropriate.

This could allow you to purchase e.g. 5 licenses and then distribute them amongst your collection of devices. It could also give you the flexibility to transfer licensing from one device to a new item, e.g. if you need to replace an aging Windows laptop with a new MacBook. Some packages offer cloud-based management interfaces. Usually this is to cover the licensing of the packages, but some can also be used to initiate malware scans and device updates and manage parental control capabilities.

Then there are packages which are really aimed at the business and corporate space. Here the macOS support is but one component of a much larger deployment and management infrastructure. This will cover all devices and operating systems, often running thousands of managed devices. Although it might be tempting to go for a larger and stronger solution than is appropriate for your organizational size, be aware that the larger platforms have significant up-front design, management and deployment overheads. This is required to allow these tools to scale to the sizes that they can support, and they usually bring in a level of day-to-day commitment which, although entirely proper and required in a larger enterprise, is simply beyond the capabilities and resourcing of a small company.

Experienced and responsible Mac users who are careful about which programs they install, and which sources they obtain them from, may well argue – very reasonably – that they are not at risk from Mac malware. However, we feel that non-expert users, children, and users who frequently like to experiment with new software, could definitely benefit from having security software on their Mac systems, in addition to the security features provided by the macOS itself.

Readers who are concerned that third-party security software will slow their Mac down can be reassured that we considered this in our test; we did not observe any major performance reduction during the course of the test with any of the programs reviewed.

As with Windows computers, Macs can be made safer by employing good security practices. We recommend the following:
  1. Do not use an administrator account for day-to-day computing
  2. Keep your Mac operating system and third-party software up-to-date with the latest patches
  3. Use secure passwords (the Mac includes the KeyChain password manager)
  4. Deactivate any services such as Airport, Bluetooth or IPv6 that you don’t use
  5. Be careful about which programs you install and where you download them from
Results
1625232865047.png
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
There were in fact almost no new families, and only a few dozen really new variants, of true Mac malware seen in 2021. Some of these will only run on certain macOS versions

They actually had trouble finding samples, and not even all of the samples work on Big Sur.
This is one reason why I’m not a big advocate of AV software for Macs yet. Most of them are just signature scanners with no interesting dynamic behavior or network blocking components. And there’s very very few such attacks against a Mac.

macOS’s read only + signed system volume plus the System Integrity Protection feature makes it really hard to plant malware that evades their built in malware removal tool which can get pushed updates for in the wild threats.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
@MacDefender , a bit off-topic but still related to Mac security. How much would you say it would help or benefit pure security wise, using a standard account also on a Mac?
I would say not a lot unless it is for a human who you genuinely do not trust to make system level changes. One big challenge with UAC on Windows is that Windows started with everyone being a superuser, so there are actions that auto-elevate you or even just you’re inherently elevated by being in the Administrators group. MacOS started from UNIX roots and it was never taken for granted that the primary user has root access.

macOS’s elevation system still requires either a password or Touch ID input, which also alleviates the concern around malware installing a VNC client to auto click through elevations for you, etc.

On top of all of that, macOS further restricts you by making even root or the kernel of macOS insufficiently privileged. If you want to install kernel extensions or turn off security features like the read only system volume, you must physically press and hold the power button to get into a recovery environment, making it impossible for malware, even with exploits, to get you there.

Sure once in a blue moon there is something like a sudo exploit or a really strange escalation path but it’s so rare I wouldn’t worry about it.

TLDR: your default user account is basically a standard user account until you enter your password in an elevation prompt. There’s basically no path for malware to auto-escalate itself without going through you.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
MacDefender already post a good answer but I want to add that reducing attack surface is always a good idea.
Yeah just to clarify: it does reduce attack surface a bit, though it’s a convenience vs attack surface trade off that might not be worth it for the vast majority of users. OTOH, I think a SUA is extremely important for Windows attack surface reduction, and if you can’t do that at minimum you want to set UAC to the highest setting.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top