- Mar 28, 2019
- 569
If so, which suite is better and lighter?
Intel architecture yet.
Intel architecture yet.
macOS needs an AV?
- Thread starter fabiobr
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
If you are inexperienced, or unsure, there are both Free and Paid solutions available.
Other tools:
Disclaimer: I do not use any Antivirus software for macOS or Android. Only Windows.
Other tools:
Disclaimer: I do not use any Antivirus software for macOS or Android. Only Windows.
Last edited:
I personally don't think you do. macOS's built in protections have gotten pretty good over the years. If you have a recent macOS like Big Sur, there's built in things like:
MalwareBytes I think is most useful on the Mac because they take such an aggressive stance against PUA. I don't like their products for Windows because IMO the protection against true malware and ransomware is weaker than the combination.
In general I do not recommend realtime scanners on macOS. They are better since Big Sur because they use a new "system extensions" API that no longer requires a hacky kernel driver (and downgrading your security). However, they still add noticeable overhead, as AV software on macOS doesn't do all the clever tricks that Windows AV Software do in terms of skipping repeatedly scanning things or skipping system files. Plus, again, because the OS's built-in protections are great compared to Windows. You don't have that problem where a malicious software running without realtime protection can find a way to hide and remain resident and block future attempts to clean/remove it.
If you have annoyanceware on your system, you'll realize it, and at that point you might want to grab a scanner for it. Otherwise, IMO it's a waste of money, system resources, and time.
- Every software you download gets checked against a live internet database of notarized apps (apps that Apple has a copy of and has determined isn't harmful), and those can be live-revoked should they be deemed malicious
- "behavior blocking" style behavior is built in to the OS. Accessing sensitive folders like your documents, downloads, photo library, etc all trigger permission prompts from the OS by default
- macOS has a modest built in antivirus (XProtect and MRT), and they get regularly pushed updates in the background and will check your system for the most prevalent infections as well as running early in bootup to guard against malicious startup services
- The OS itself is now completely read-only and "sealed" with an Apple signature, and that's enforced at boot up. Unless you downgrade your security, attackers cannot modify any of your OS bits.
- Critical OS services like the antimalware are protected against even the root user and it cannot be defeated, especially not in a way that survives rebooting the machine.
MalwareBytes I think is most useful on the Mac because they take such an aggressive stance against PUA. I don't like their products for Windows because IMO the protection against true malware and ransomware is weaker than the combination.
In general I do not recommend realtime scanners on macOS. They are better since Big Sur because they use a new "system extensions" API that no longer requires a hacky kernel driver (and downgrading your security). However, they still add noticeable overhead, as AV software on macOS doesn't do all the clever tricks that Windows AV Software do in terms of skipping repeatedly scanning things or skipping system files. Plus, again, because the OS's built-in protections are great compared to Windows. You don't have that problem where a malicious software running without realtime protection can find a way to hide and remain resident and block future attempts to clean/remove it.
If you have annoyanceware on your system, you'll realize it, and at that point you might want to grab a scanner for it. Otherwise, IMO it's a waste of money, system resources, and time.
- Jul 27, 2015
- 5,458
Just being basic curious, I installed F-Secure on a real old MacBook Air 2012, with Catalina OS. RAM usage: 9,6MB
I thought I for sure saw wrong, but nope. It won't hurt the system, but I probably will be satisfied enough with their VPN. It's a plain simple machine I won't use for any malware testing anyway, but it sure could use a hardware upgrade and that's actually very possible. Sadly can't from the information I found update to the latest OS, Big Sur, but Catalina still gets security updates.
@MacDefender , how well would you say it's firewall is? I haven't done any testing so I don't know.
I thought I for sure saw wrong, but nope. It won't hurt the system, but I probably will be satisfied enough with their VPN. It's a plain simple machine I won't use for any malware testing anyway, but it sure could use a hardware upgrade and that's actually very possible. Sadly can't from the information I found update to the latest OS, Big Sur, but Catalina still gets security updates.
@MacDefender , how well would you say it's firewall is? I haven't done any testing so I don't know.
I would wager a guess that if you try to copy a bunch of files, you’ll notice a significant amount of extra CPU usage and a slowdown. It’s kind of like BitDefender’s conserve memory mode… a lot of these realtime engines on the Mac simply aren’t optimized for performance. It’s good that it’s not a memory hog though at least!
The built in firewall on the Mac is kind of similar to the Windows Firewall — it’s pretty effective but basically inbound-only and doesn’t control outbound traffic. By default, properly signed apps can open ports without warning you, but that’s a setting you can change in macOS.
I do think there can be value in adding an outbound control firewall just like on Windows. Little Snitch I think is the best written outbound firewall, but it’s expensive, and quite honestly I think for 99% of people, it will just be a lot of nags/hassle without much benefit unless you are really trying to run somewhat untrusted software and worried about it phoning home. But on the other hand, Macs strongly use process isolation so the alerts can be really fatiguing. For example, even a simple app like Weather might use 3 different processes to fetch different kinds of data.
Like one thing nice about macOS Catalina and above’s built in ransomware protection is that if an app tries to look at your photos or documents, that triggers a permissions dialog. It’s like a better / interactive form of Controlled Folder Access. A rogue app can’t steal/upload files from you if it can’t access them in the first place.
- Mar 28, 2019
- 569
Do you know if iCloud has some ransomware rolled back protection as OneDrive? Saving different versions of files.
In my experience, as in any system, it depends on the use that is made and the care that is taken.
I don't believe it's as good as OneDrive though I haven't really tried it. OneDrive does a great job with versioning and restoring files, and even giving you prompts for when it thinks you got ransomed.
iCloud Drive gives you some ability to restore deleted files but I worry that it's probably easy to modify then delete it in a way that you won't get iCloud backups of.
I do like that Time Machine, Apple's backup solution, works so well in terms of storing historical versions of your files. macOS's built in CFA-like system aggressively protects Time Machine backups too.
- Feb 23, 2018
- 46
Av don´t think we need to add an extra attack surface and exploit possibilities. macOS is secure by default but talking about firewall, the firewall in OS controls as you said the inbound traffic mainly. I would advice to install an hardware firewall from a reliable vendor with regularly releases so can control even more outbound traffic, also, botnets, cc´s etc and logging traffic is good for forensics also. My advise is securing by hardware since the macOS is secure by default. 
- May 19, 2016
- 1,580
I just read this report: "New AdLoad malware variant slips through Apple's XProtect defenses"
www.bleepingcomputer.com
New AdLoad malware variant slips through Apple's XProtect defenses
A new AdLoad malware variant is slipping through Apple's YARA signature-based XProtect built-in antivirus to infect Macs as part of multiple campaigns tracked by cybersecurity firm SentinelOne.
- Jul 27, 2015
- 5,458
When Apple Admits macOS Malware Is A Problem - It’s Time To Take Notice
Apple now say their layers of security have not prevented malware from becoming a problem on the platform. What does this mean and how can you address it?
www.sentinelone.com
- May 19, 2016
- 1,580
Thanks @upnorthPretty interesting report on the topic.When Apple Admits macOS Malware Is A Problem - It’s Time To Take Notice
Apple now say their layers of security have not prevented malware from becoming a problem on the platform. What does this mean and how can you address it?
However I'm wondering if in the end the purpose of this very interesting article is not the self-promotion of SentinelOne ?
- Jul 15, 2016
- 321
- Jul 27, 2015
- 5,458
Partially can agree with that, as we normally also see the exact same with almost all company/vendor created reports and articles as those are also used 24/7 with sites like Bleeping, but it's in this case way too small marketing if you compare the whole report. The marketing parts is for companies. It's also no surprise because these genuine security companies have very skilled and professional researchers. SentinalOne is thankfully at least not a complete unknown source.Thanks @upnorth
However I'm wondering if in the end the purpose of this very interesting article is not the self-promotion of SentinelOne ?
The main message is much more about what actually Apple themselves admits ( Craig Federighi, Apple’s Senior VP of Software Engineering ) and even officially states, but just as mentioned more then once by Phil Stokes the author of the report, this ain't about bashing Apple.
- May 26, 2014
- 1,130
Seems like it to me as well, every major player offers Mac protectionThanks @upnorth
However I'm wondering if in the end the purpose of this very interesting article is not the self-promotion of SentinelOne ?
The Best Mac Antivirus Software for 2024
Despite what you may have heard, your Apple computer isn't immune to malware. We've tested the top contenders to identify those offering the best antivirus protection for Macs.
I personally wouldn't use any additional real-time protection besides what's built-in. Adhering to safe browsing habits and best security practices should keep you covered.
Yeah I don’t think it’s bashing Apple, but the subtext is important. Apple executives are basically saying this to argue that it is impossible to solve the malware problem without an iOS style walled garden where the OS does not allow installing things that aren’t signed and approved by Apple.
Apple isn’t implying that any third party AV is a viable solution, though of course they have their agenda for pushing this discussion towards a walled-garden App Store.
As with most things, the truth is muddy. Apple’s argument doesn’t make sense given that these recent malware samples are notarized and signed by Apple (Note that the signing identity costs at least $99 per human identity, Apple detects trying to use another credit card under the same name to pay for a Developer ID), so it isn’t practical or cheap. And note that SentinelOne has a suggested set of YARA rules for detecting this attack, which simply says Apple’s XProtect ones are not sufficient. It’s not much different from how any malware (Windows or otherwise) attempts to evade static signatures.
The approach is correct, I add that Adguard and LittleSnitch are not over the top.
We go back and forth on this, if a supply chain attack occurs...oof. Maybe a network layer monitor is all that's needed, but would love to know whenever possible if there is any malicious activity in eco system.
- Jun 5, 2014
- 276
one of the best explanations of why you actually shouldn't install security software on a mac. a simple habit of installing known apps and visiting safe websites makes you near 99 precent safe with a mac and even windows. i have an m1 air which is my primary laptop and i take it as my primary device anyday compared to our windows laptops and desktops. you don't have to tinker with a mac or ios system. you use them. big sur was one of the most significant security upgrades to mac which for normal users was not advertised by apple. you hear news about a new malware for mac and think that they are unsafe but the impact they have and how many people get infected is actually really low and most who got infected used cracked software or had careless behavior. as someone who used macs as primary for about 7 years i never got a malware or bad app and my friends too didn't had any problem.
the realtime protection of most security softwares does NOT slow down the system noticeably but will create odd behavior i tested bitdefender and Kaspersky for mac as curiosity and i don't recommend installing one. they create odd behaviors like bad standby behavior, slow login in login screen(had that with kaspersky) and some other stuff. the mac os does not have the security software friendly behavior of windows because it has strict rules for programs behavior which makes it more secure by default.
as a mac user i say don't install security softwares. in future you may need them as the more users a platform get the more attention from malware writers it will get. but for now you don't need them.just use your mac.
Similar threads
