Battle What is the best protection for my M1 MacBook Air ?

Compare list
Kaspersky, Bitdefender, MacAfee, Trend Micro, Intego, Others

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
I asked a friend what he did on his MAC for this, out of curiousity. He solved it with a combination of DNS blocking and little snitch, with AdGuard for cosmetic local filters. But that might or might not be too much effort, depending on how comfortable you're setting things up for and to 'set&forget' configuration.
 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,574
My favorite is 1Blocker, ‎1Blocker: Ad Blocker & Privacy

This works for Safari on Mac as well as iOS, and because it uses Apple's ad blocking APIs, it cannot phone home about what it's blocked. It isn't free ($5USD a year) but their curated rules are really good and I've rarely had to whitelist or add additional things to block.
I never heard about this Ad Blocker .
 
  • Like
Reactions: poopdookie and Nevi

seanss

Level 1
Verified
Aug 8, 2016
35
Hello,
I recently purchased a M1 MacBook Air.
It is my first Mac and I hope you can help me to choose the best protection for it.
If you're looking for more manual tools, take a look at the white hat security researcher / developer Patrick Wardle at Objective-See. He publishes a pretty great library of utilities for macOS. One that I use all the time is RansomWhere and it notifies you when a program tries to change permissions of a file or lock it!
 

poopdookie

Level 2
Feb 11, 2021
88
What are the best ad blockers extensions for Safari ?
I hate to beat a dead horse, but in my opinion...Adguard. After the Safari extension purge I tried various ublock orign replacements. 1blocker was recommended as well as wipr, none did the job that ublock origin did, adblock max/magic lasso did well also but broke some things for me, eventually I just went with the crowd and am using Adguard, sigh.
 

SpiderWeb

Level 10
Verified
Well-known
Aug 21, 2020
468
I am still trying to figure this out. NextDNS and the built-in security is my default now. All the AVs require reducing the security on my Mac in order to run. That seems backwards... For example M1 by default only allows Apple signed and checksum'd code to run in kernel. All AVs I have tried request that I disable this kernel security in Mac Recovery (it's like UEFI)... this is insane. They also request a special permission to access the entire drive when no app has this permission. Again, intrusive, backwards. And many AVs only run in Rosetta 2. Imagine having to use an emulator to run your antivirus. What the heck. lol

The consensus is M1 Macbook Air with Monterey is ridiculously secure.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
FWIW I just tested this today, installing Xcode from the App Store:

No AV: 20 minutes
Kaspersky running: 3 hours and currently still not done. kavd is using 100% CPU and installd is using 20%.


For heavy IO workload the single threaded nature of Mac antivirus daemons in user space is devastating to the hardware accelerated in-kernel storage architecture of modern Macs.
 

SpiderWeb

Level 10
Verified
Well-known
Aug 21, 2020
468
@SpiderWeb
I'm sorry but my English understanding is very low, so I would to be sure that when you say "ridiculously secure" you mean "very secure" ?
Yes. Very secure. The architecture on M1 is hardened so no side channel attacks like Intel.
XProtect is Apple's version of Windows Defender. It gets signature database updates frequently.
Gatekeeper is another built-in feature which only allows trusted and signed programs to run and be installed so no tampering.
Apple is also using some form of checksum to check files have not been tampered with.
Access to the file system for programs is prohibited and can only be granted by an admin in the Settings menu.
Finally the latest M1 with Monterey do not allow anything to run in kernel space unless it's Apple signed.

The only way to get around it is to boot recovery which is password protected and disable secure kernel which is what Kaspersky, Eset, Bitdefender and others are asking users to do. It's unbelievable that someone would want to compromise their hardware security for a little bit of software security.
 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,574
Yes. Very secure. The architecture on M1 is hardened so no side channel attacks like Intel.
XProtect is Apple's version of Windows Defender. It gets signature database updates frequently.
Gatekeeper is another built-in feature which only allows trusted and signed programs to run and be installed so no tampering.
Apple is also using some form of checksum to check files have not been tampered with.
Access to the file system for programs is prohibited and can only be granted by an admin in the Settings menu.
Finally the latest M1 with Monterey do not allow anything to run in kernel space unless it's Apple signed.

The only way to get around it is to boot recovery which is password protected and disable secure kernel which is what Kaspersky, Eset, Bitdefender and others are asking users to do. It's unbelievable that someone would want to compromise their hardware security for a little bit of software security.
Thanks for your explanations(y)
 
  • Like
Reactions: Nevi and oldschool

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Yes. Very secure. The architecture on M1 is hardened so no side channel attacks like Intel.
XProtect is Apple's version of Windows Defender. It gets signature database updates frequently.
Gatekeeper is another built-in feature which only allows trusted and signed programs to run and be installed so no tampering.
Apple is also using some form of checksum to check files have not been tampered with.
Access to the file system for programs is prohibited and can only be granted by an admin in the Settings menu.
Finally the latest M1 with Monterey do not allow anything to run in kernel space unless it's Apple signed.
So really all the user needs to add is good browser protection with µBO, etc. 🤔 Wish I could afford a Mac. 🤞
 

SpiderWeb

Level 10
Verified
Well-known
Aug 21, 2020
468
So really all the user needs to add is good browser protection with µBO, etc. 🤔 Wish I could afford a Mac. 🤞
Yup. And run standard user account. Mac has the same flaw Windows has that the first account is by default admin. You can avoid a lot of problems by downgrading your account or use Privileges to toggle between standard vs admin

I am using Firefox on MacOS. I think while Chrome is more secure by default, Firefox is just as secure or more secure after a few tweaks.

It will be interesting what AV companies will be doing on macOS once Monterey is released. They can technically only provide complementary security. I doubt 95% of people will ever go into recovery to REDUCE their kernel security to run an AV. But like @oldschool has said, your browser is your most powerful antimalware. Google Chrome would routinely delete strange files I downloaded marking them as malware. Firefox also has a built-in scanner.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top