AV-Comparatives Mac Security Test & Review 2023

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,365
Introduction

It is an often-heard view that macOS computers don’t need antivirus protection. Whilst it is certainly true that the population of macOS malware is very tiny compared to that for Windows and Android, there have still been many instances of macOS malware getting into the wild. Moreover, Apple Mac security needs to be considered in the wider context of other types of attacks.

Apple ships some anti-malware capabilities within macOS: Gatekeeper, which warns when apps without a digital signature (i.e., not certified by Apple) are run, and XProtect Remediator, which checks files against known-malware signatures and remediates infections if malware makes its way onto the Mac. These features are essentially invisible to the user, other than configuration options and alerts. System and security updates are installed automatically using the macOS update process.

macOS includes other features which secure and harden the system. For example, Sandboxing isolates apps from critical system components, user data, and other apps. Sandboxed apps (e.g., downloaded from the Apple App Store) run in an isolated context where they cannot access areas outside of it and thus cause damage. This does not protect you from malware but limits what it can do.

Since macOS 10.15 (Catalina), apps require explicit permission to access user files and other sensitive information (e.g., camera, microphone, logs). Additionally, macOS system files and user data are stored on separate disk volumes which makes it more challenging for malware to cause problems with the system.

The effectiveness of Apple’s built-in anti-malware features have been questioned, however, and some security experts recommend strengthening the defences by adding in a third-party antivirus solution. There are many good reasons for this. Firstly, the approach taken by Apple might be adequate for well-established malware but might not respond quickly enough to emerging threats. Secondly, you might want a broader base of malware evaluation. Thirdly, macOS is not immune to bugs.

Some AV programs designed for macOS can also detect malware aimed at other operating systems (e.g., Windows, Android). In a scenario, where malware is inadvertently passed on from one operating system (e.g., Windows) to another (e.g., macOS) using an USB stick, even if the latter machine is not at risk, you might well benefit from effectively handling such threats.

Additional browser extensions and network monitoring functions can identify potential phishing websites. Readers should note that Mac users are just as vulnerable to phishing attacks as e.g., Windows users, as phishing sites deceive the user rather than alter the operating system.

Other programs might offer VPN (virtual private network) capabilities which can be useful when you need to operate your computer in an untrusted environment or a public location such as an Internet café, where the integrity of the connection is uncertain. You might also opt to utilize third-party tools for parental control instead of relying solely on macOS’ built-in features, if you believe this is more appropriate to your family needs.

Experienced and responsible Mac users who are careful about which programs they install, and which sources they obtain them from, may well argue – very reasonably – that they are not at risk from Mac malware. However, we feel that non-expert users, children, and users who frequently like to experiment with new software could definitely benefit from having security software on their Mac systems, in addition to the security features provided by the macOS itself.

In general, there are only a limited number of anti-malware products for macOS available on the market. As already mentioned above, the reason being that the threat landscape of macOS is very tiny compared to that of Windows and, therefore, Windows users are more likely to be attacked than Mac users.

Through our yearly Mac testing, we have found that the vendors being evaluated demonstrate a commendable commitment to threat research and continuous product improvement. Their efforts are focused on providing effective security solutions that safeguard Mac users against the ever-changing and potentially rapidly evolving Mac threat landscape. We strongly encourage other security vendors to actively participate in third-party tests to ensure their products meet the current standards and expectations.

Readers who are concerned that third-party security software will slow their Mac down can be reassured that we considered this in our test; we did not observe any major performance reduction during the course of the test with any of the programs reviewed.

As with Windows computers, Macs can be made safer by employing good security practices. We recommend the following:
  1. Do not use an administrator account for day-to-day computing
  2. Use secure passwords (iCloud Keychain) or passkeys (biometric identification such as Touch/Face ID) and enforce multi-factor authentication wherever possible
  3. Deactivate any services such as Airport, Bluetooth, or IPv6 that you don’t use
  4. Be careful about which programs you install and where you download them from
  5. Pay attention when granting programs permissions to sensitive system areas or information
  6. Be wary of opening any links that you receive via e.g., email
  7. Keep your macOS and third-party software up to date with the latest patches
Test Procedure

The Malware Protection Test checks how effectively the security products protect a macOS Ventura system against malicious apps. The test took place in May 2023, and used macOS malware that had appeared in the preceding few months. We used a total of 309 recent and representative malicious Mac samples.

In the first half of 2023, thousands of unique Mac samples were collected. However, this figure included many samples which could be classified as “potentially unwanted” – that is, adware and bundled software – depending on interpretation. Many samples were often near-identical versions of the same thing, each with a tiny modification that just creates a new file hash. This enables the newly created file to avoid detection by simple signature-based protection systems. There were in fact almost no new families, and only a few really new variants, of true Mac malware seen in 2023. Some of these will only run on certain macOS versions. After careful consideration, we ended up with 309 Mac malware samples to be used in the test. We feel these reflect the current threat landscape, even if the sample size seems very small compared to what is commonly used for Windows. As most Mac systems do not run any third-party security software, even these few threats could cause widespread damage. Precisely because a Mac security product only has to identify a small number of samples, we would expect it to protect the system against most (if not all) of the threats, so the protection rate required for certification is relatively high.

To prepare for the test, the macOS systems were updated and imaged, with no further OS updates applied afterward. Each security product was installed on a fresh image of the machine, and its definitions were updated to May 16, 2023. Throughout the test, the Mac systems remained connected to the Internet, enabling the use of cloud services. To begin, a USB flash drive containing the malware samples was inserted into the test computer. Some antivirus programs recognized some of the samples at this stage. We then performed a scan of the flash drive, either from the context menu or the main program window, and any detected samples were removed. Samples that were not detected by the real-time protection or scan were copied to the Mac’s system disk and executed, providing the security product with a final opportunity to detect them. Along with testing for Mac malware samples, we evaluated the products for false positives by testing a set of clean Mac programs, and none of the programs produced any false alarms.
Testcases

To address the rising number of potentially unwanted applications (PUAs) on Mac systems, we conducted an additional test to evaluate the detection capabilities of the products. Specifically, we assessed the detection of 712 Mac PUAs using the same testing methodology described for malware detection.

Many Mac security products assert that they can identify both Mac and Windows malware to prevent the user’s computer from transmitting harmful programs to Windows PCs. To test this claim, we evaluated if the Mac antivirus products can detect prevalent and current Windows malware samples. We used 500 samples and followed the same procedure used for Mac malware detection, excluding any undetected samples since Windows programs cannot be executed under macOS.
Test Results

The table below shows protection results for the products in the review. We would like to point out that while some products may sometimes be able to reach 100% protection rates in a test, it does not mean that these products will always protect against all threats. It just means that they were able to detect 100% of the widespread samples used in this particular test. We do not round up scores to 100% if there are misses. Programs with a score of 100% thus had zero misses.


ProductMac Malware Protection
309 samples
Mac PUA Protection
712 samples
Windows Malware Detection*
500 samples
Avast Security Free for Mac100%99%100%
AVG AntiVirus FREE for Mac100%99%100%
Avira Prime for Mac99.0%99%100%
Bitdefender Antivirus for Mac99.7%98%100%
CrowdStrike Falcon Pro for Mac100%98%89%
Intego Mac Internet Security X999.4%97%100%
Kaspersky Plus for Mac100%99%100%
Trellix Endpoint Security (HX) for Mac99.7%99%100%
Trend Micro Antivirus for Mac100%99%100%
* Detection of Windows threats on Macs can be seen as discretionary. Some products do not include detection for non-Mac threats or have limited detection capabilities due to technical constraints
Full review:

PDF download:
 

MuzzMelbourne

Level 15
Verified
Top Poster
Well-known
Mar 13, 2022
599
I tried to buy Bitdefender and Avast over the past couple of days. Both were complete cock-ups.

The deals and prices simply changed between different stages of the sign-up process and Bitdefender actually charged me twice, for two different amounts.

I think I might just go back to my previous A/V, not a top performer in these tests, but nice and simple to own.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,715
What I am not seeing seeing in this AV-C test is how default macOS system does with its X-Protect and its other hardening mentioned in the article. And for example on a windows av test, MS Defender is treated and scored as an av, but X-Protect is not. Admittedly, I don't much about X-Protect, but I do know Apple prefers you do not add a 3d-party av, and if you do they suggest Malwarebytes, but MBAM is not tested (again). I tried using a few 3d-party av on a Mac too many years ago now, and they only mucked up the OS. So I remain leary of 3d-party av on macOS, although I am running Malwarebytes. (perhaps considering an enterprise av like DeepInstinct or Harmony??)
 

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,365
They all performed good in this test.
Use what works for you and pay attention to the tips from AV-Comparatives:
As with Windows computers, Macs can be made safer by employing good security practices. We recommend the following:
  1. Do not use an administrator account for day-to-day computing
  2. Use secure passwords (iCloud Keychain) or passkeys (biometric identification such as Touch/Face ID) and enforce multi-factor authentication wherever possible
  3. Deactivate any services such as Airport, Bluetooth, or IPv6 that you don’t use
  4. Be careful about which programs you install and where you download them from
  5. Pay attention when granting programs permissions to sensitive system areas or information
  6. Be wary of opening any links that you receive via e.g., email
  7. Keep your macOS and third-party software up to date with the latest patches
 

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,365
To quote AV-Comparatives (only own an iPad myself):
The effectiveness of Apple’s built-in anti-malware features have been questioned, however, and some security experts recommend strengthening the defences by adding in a third-party antivirus solution. There are many good reasons for this. Firstly, the approach taken by Apple might be adequate for well-established malware but might not respond quickly enough to emerging threats. Secondly, you might want a broader base of malware evaluation. Thirdly, macOS is not immune to bugs.
Readers who are concerned that third-party security software will slow their Mac down can be reassured that we considered this in our test; we did not observe any major performance reduction during the course of the test with any of the programs reviewed.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top