I've only tested trendmicro on the m1, good to know about the others having issues.
macOS needs an AV?
- Thread starter fabiobr
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Jul 16, 2021
- 53
- Mar 28, 2019
- 569
- Jul 16, 2021
- 53
- Jun 5, 2014
- 276
the only security softwares that updated to native m1 support are Kaspersky bitdefender and avast. avast was one of the first they did it really soon after m1 was announced. but yet i don't recommend installing one. if you insist to use mac security software, use Kaspersky why because of this reasons that i tested:
its the only mac security software that the realtime cloud protection works on mac too. so even newest windows threats will get detected. (KSN realtime protection) this does not happen in bitdefender or avast and so many others they just update the offline protection with updates so their cloud does not work in mac. if you want to test just use AMTSO cloudcar test which is the standard file to use to see if cloud protection works or not, only Kaspersky detects it on mac.
it has a good network protection unlike others
it recently got updated for m1 which will make it more friendly to m1 mac. i didn't tested the new version seems most problems got rectified. intel architecture is working the same so no difference
the internet protection link checker and stuff works better than the others only bitdefender comes close.
their behavior protection is somehow partially implemented on mac too i'v seen many heuristics and behavior blocking on many tests online or by myself. others have implemented mostly static detection for mac or have less effective methods.
regardless of your architecture i recommend Kaspersky if you look at their software it shows that they are taking mac security more serious than the others.from UI to detection capability
its the only mac security software that the realtime cloud protection works on mac too. so even newest windows threats will get detected. (KSN realtime protection) this does not happen in bitdefender or avast and so many others they just update the offline protection with updates so their cloud does not work in mac. if you want to test just use AMTSO cloudcar test which is the standard file to use to see if cloud protection works or not, only Kaspersky detects it on mac.
it has a good network protection unlike others
it recently got updated for m1 which will make it more friendly to m1 mac. i didn't tested the new version seems most problems got rectified. intel architecture is working the same so no difference
the internet protection link checker and stuff works better than the others only bitdefender comes close.
their behavior protection is somehow partially implemented on mac too i'v seen many heuristics and behavior blocking on many tests online or by myself. others have implemented mostly static detection for mac or have less effective methods.
regardless of your architecture i recommend Kaspersky if you look at their software it shows that they are taking mac security more serious than the others.from UI to detection capability
I generally agree with this. KAV on the Mac comes close to being a security suite, protecting at the network level as well as at the realtime level, and it's smart enough to skip scanning Apple's "sealed system volume" which is cryptographically read-only and signed anyway, making it a waste of time to scan for malware.
With that said, it does have a noticeable power impact on laptops, the daemon can easily reach 100% CPU usage when installing apps or doing other things, and it's not multithreaded so it also limits IO performance when kavd gets to 100%.
Note that the above is generally true of antimalware on the Mac, not a Kaspersky specific problem. I've found their engine has good detection rates on Windows/Linux/Mac malware, not much difference in static scanning performance. I don't see any evidence of behavior blocking though the macOS API doesn't provide much of an ability to implement one.
It's not without its bugs though. For example when the network filtering component blocks a file, it simply replaces the network stream with an HTML error page:
This causes some applications to behave really bizarrely if Kaspersky thinks a URL is malicious or phishing.There is no UI feedback for when this happens, though if you dig through the logs you can find it.
Overall, I still feel realtime Mac protection isn't worth the tradeoffs. It's gotten a little better compared to 2-3 years ago when crashy/panicky kernel extensions were the norm. But the slight protection it offers is not worth all of the ways the suite can fall over and make your life miserable when it misbehaves, especially since Apple is so known for changing their OS underpinnings rapidly.
- Jun 5, 2014
- 276
again a detailed writing. exactly what I'm talking about. as i said there are really strange behaviors when you install a security suit on mac. you went into details
most don't know that there will be some problems with battery and IO with actually any security suit
- Aug 21, 2020
- 608
Everything has changed with Monterey.
I have an M1. I am not happy with the current security solutions on the market. None of them are truly compatible with Monterey. You have to go into the "BIOS" equivalent of your M1 and disable critical security features in order for your AV to run. So you have to sacrifice hardware security for superficial software security. That's unacceptable. If someone knows of an AV that is M1-optimized and does NOT require System/Kernel extensions please let me know. As it stands I will not allow non-Apple signed code to run in kernel and scan everything when the default security policy is superior. As it stands, Mac Monterey and M1 just drove AVs out of business on Mac and none of them are willing to adapt.
I have an M1. I am not happy with the current security solutions on the market. None of them are truly compatible with Monterey. You have to go into the "BIOS" equivalent of your M1 and disable critical security features in order for your AV to run. So you have to sacrifice hardware security for superficial software security. That's unacceptable. If someone knows of an AV that is M1-optimized and does NOT require System/Kernel extensions please let me know. As it stands I will not allow non-Apple signed code to run in kernel and scan everything when the default security policy is superior. As it stands, Mac Monterey and M1 just drove AVs out of business on Mac and none of them are willing to adapt.
bobrob
New Member
- Dec 28, 2021
- 2
F-Secure SAFE for Mac no longer uses a System Extension, so you don't have to override any Kernel protections in your System Preferences to use F-Secure SAFE. From their release notes as of October 2020:
What's New in F-Secure SAFE for Mac - F-Secure Community
Kaspersky and ESET have switched to this model as well. Kaspersky’s system extension daemon that does the scanning appears to be M1 native but ESET is still using Rosetta and actually pretty heavy. I haven’t checked SAFE 17.9.
It’s good that for the most part you don’t have to downgrade secure boot level anymore to run an AV but a lot of the other trade offs still apply. MacOS antivirus is like the equivalent technology of 90’s windows AV, with a basic real-time scanner and on access component. (Maybe some have network protection too, sure). It doesn’t know how to disinfect other than deletion and it doesn’t really have behavior blocking, and even the signatures are easy to bypass due to the very basic anti-obfuscation techniques available.
- Aug 21, 2020
- 608
Thank you so much for the update! I am really disappointed that ESET is still stuck on Rosetta because it is by far my favorite. I tried Panda Dome (laughtrack.wav) and Bitdefender and I noticed a new issue arising. The way all AVs are now bundled with VPNs seems to break Apple's built-in Private Relay VPN. It will disable itself once the AVs install their own software. I 100% agree with your observations. The current AV landscape on macOS makes me realize that I really do not need a solution. The AVs I have tried just drain battery scanning everything when there little risk. No program I own has full disk access for example which eliminates that attack point for virtually all malware. The only program that did have full disk access was my AV which makes it my single point of failure. What I'm saying is that I am just not sold on the idea that an AV is essential on an M1 Mac after Monterey. AVs on Mac are just glorified adware. Vendors seem to be more preoccupied with upselling you a VPN plan than anything.
bobrob
New Member
- Dec 28, 2021
- 2
I just want to clarify that there are two independent concerns with MacOS Big Sur and up and M1 macs:
- Apple Silicon Binaries (vs Intel) - Some Anti-Virus have Apple Silicon binaries, and some do not. Some have a few components of both. F-Secure states that some of their modules directly support Apple Silicon and some do not. In my own experience F-Secure still relies on Rosetta on an M1 Mac, even though some of their modules do support Apple Silicon already. Kaspersky (in my experience) completely supports Apple Silicon on M1 Mac. You can tell if a binary supports Apple Silicon by viewing the Activity Monitor in MacOS on an M1 mac.
- Support of the Apple EndpointSecuity API (vs. Kernel Extension) - Starting in Big Sur Apple started to depreciate Kernel Extensions and added new Security around them, which requires the user to manually approve each one before they are executed. In my experience, only F-Secure SAFE supports Apple's preferred EndPointSecurity API currently. Kaspersky, and Norton still require a MacOS Kernel Extension to run. Because F-Secure doesn't use an extension, the only Security popup which needs to be approved during install is the one to allow Full Disk access.
I will point out that Kaspersky on Mac does utilize their security cloud, and has Network traffic inspection, and Network Intrusion prevention. F-Secure on Mac includes their Cloud Security, and has some Behavior Based blockers via their rules-based and user-configurable "DeepGuard" implementation.
Kasperksy is the best? So you, haven't found a Mac antivirus to rebrand as TTB Total Security yet?
No. I've never installed an AV on Unix/Linux. With MacOS, install the free front end firewall Lulu and you're good to go.
- Mar 13, 2022
- 599
Consider Intego AV suite's.
They have been developing and supporting MacOS since day one.
I have subscribed for years and get regular file updates and their support is excellent.
They have been developing and supporting MacOS since day one.
I have subscribed for years and get regular file updates and their support is excellent.
- Feb 7, 2023
- 2,349
I am using Norton on my Mac just for an extra eye.
It now natively supports M1 (not under Rosetta).
I tried few antiviruses and this is my opinion.
Panda:
Relatively light, not designed for M1 (runs under Rosetta). It doesn’t include uninstall routine, third-party uninstaller required to remove. Effectiveness under a question mark.
Bitdefender:
Overall great and natively supports M1. The whole antivirus engine over 500 MB is enclosed in a package. It clearly updates way faster compared to the Win version but produces too many read/write operations on a device where SSD is not replaceable by itself. The benefit doesn’t justify the impact.
Trend Micro:
Overall great user experience but caching is not optimised just like on Windows and produces too many idle wake-ups. CPU and memory usage constantly fluctuate.
Overall from the above, only Norton seems to be optimised. It includes antivirus and IPS. The IPS is a very striped down implementation compared to the Windows one.
It now natively supports M1 (not under Rosetta).
I tried few antiviruses and this is my opinion.
Panda:
Relatively light, not designed for M1 (runs under Rosetta). It doesn’t include uninstall routine, third-party uninstaller required to remove. Effectiveness under a question mark.
Bitdefender:
Overall great and natively supports M1. The whole antivirus engine over 500 MB is enclosed in a package. It clearly updates way faster compared to the Win version but produces too many read/write operations on a device where SSD is not replaceable by itself. The benefit doesn’t justify the impact.
Trend Micro:
Overall great user experience but caching is not optimised just like on Windows and produces too many idle wake-ups. CPU and memory usage constantly fluctuate.
Overall from the above, only Norton seems to be optimised. It includes antivirus and IPS. The IPS is a very striped down implementation compared to the Windows one.
- Apr 16, 2017
- 2,607
I am currently running Malwarebytes on my mac_mini as Apple support (level2) said if you must, use only mbam to scan and were neutral re mbam real-time. The nice thing, mbam has not slowed mac down and no issues. (once upon a time I put webroot on a mac -- that was
)I have Norton on win10_VM, and I like it. but not convinced to switch mbam for Norton on macOS, how strongly do you feel about needing Norton on mac?
What about DeepInstinct on mac, I have 2 thoughts about that, either good and smooth, or very very bad...??
/
- Feb 7, 2023
- 2,349
I wouldn’t classify installation of third-party antivirus on Mac a must. Specially after the latest XProtect updates. It falls into the “nice to have” group.
DeepInstinct on Mac I’ve not tried, this is software I use for business purposes. I am unable to confirm its effectiveness on Mac and due to their obscure, almost non-existent documentation regarding product features and internals (not talking about user manual), I am not even aware how it works on Mac. I am not sure that there is enough Mac malware to properly train the ML, it may be relying on Yara signatures, just like XProtect.
- Apr 16, 2017
- 2,607
Well I'm thinking, ok, try Norton on mac, since if Norton creates problems, Norton techs will get it fixed, correct, basically guarantee to get ti fixed...!! Correct??
fwiw, the webroot techs were useless on mac, almost worse than useless but that was several years ago. If my mac really gets borked, I'm minimum 4 hour drive one-way to mac store. And if I sent my macmini to Apple, they'd probably tell me time to replace with a new mini. Not that old, and newer than this windows hardware, although new mini is floating around in back of my mind.
- Feb 7, 2023
- 2,349
Since you’re a paying customer it is their duty to get certain product issues fixed. If they can’t, they will escalate it to the relevant team. As always, you’ll need to try for yourself, proceed with caution.
Similar threads
