Someone from the AskWoody community requested more information about Mac security. I’ve decided to post a series of articles on Mac security, beginning with the poster’s main request, antivirus and anti-malware for Mac. Other articles will cover other aspects of Mac security, including firewall, password management, junk mail protection, protecting Macs from being stolen, etc.
First of all, some Mac users believe that switching to a Mac will eliminate all the security issues they encounter on Windows PC’s, and that “Macs are secure” and “Macs don’t get viruses”.
It’s true that Macs generally don’t have as many security issues as Windows PC’s due to the Mac using a different system architecture from Windows, the fact that Apple has increased security measures in macOS over the years, and the fact that Macs have an overall lower market share than Windows, so malware targets would rather target larger swaths of users such as Windows users. However, this does not mean that Macs are immune to security issues, and security issues with Macs are beginning to increase as Macs become more popular, as well as Apple has made a few missteps with security in recent times.
Therefore, understanding how to be a good, secure-conscious Mac user, is important, and all it takes is a little knowledge and some common sense.
First off, many of the same common-sense measures that Windows users use in terms of security apply to using a Mac as well, such as: not opening suspicious emails or attachments, not clicking on suspicious links in email messages or in a browser popup, never handing over personal information to unknown sources, limit the use of browser plugins such as Flash and Java, etc. When browsing on the web and interacting with email and messaging, use the same common-sense measures that would be used on any platform, even if your Mac won’t be infected by as much malware as what is in the wild for Windows PC’s.
Second, I recommend Mac users review this Mac security article from Apple, as it explains what security measures are built into macOS, including runtime protections and app sandboxing. When possible, it is a good idea to use apps that take advantage of sandboxing in macOS, as it means that apps have access to fewer files that could compromise the security of your Mac (all apps on the Mac App Store are sandboxed, for non-Mac App Store apps, ask the developer).
https://www.apple.com/macos/security/
Third, Mac users should be cautious when there’s a prompt asking the user for their administrative password (similar to the UAC prompts that begun in Windows Vista and onward). When installing or updating a legitimate application that the user initiated, it is safe to type in the password, as it is generally required. If a prompt occurs out of nowhere, think twice before handing over the password.
Some security experts even recommend using a standard account for work, and only use an admin account sparingly for certain activities. I’ve found working day-to-day in a standard account too limiting, so I run with an admin account daily, but I also practice caution when using my Mac. Here’s an article from Intego that explains standard accounts.
https://www.intego.com/mac-security-blog/mac-security-tip-use-a-standard-user-account/
I also do recommend selecting the option to require a password for all system-wide preferences in the System Preferences pane under Security and Privacy and Advanced. Scrolling down in this article explains how to set this.
https://www.macworld.co.uk/how-to/mac-software/how-use-system-preferences-on-mac-3515967/
Fourth, I do recommend keeping macOS and applications up-to-date reguarly, as Apple does include security updates in macOS updates.
There are four kinds of updates that generally occur on every Mac:
1. Major upgrades: Upgrades to major macOS releases, such as the latest version, Mojave.
2. Minor updates: Minor updates to major versions of macOS, such as 10.14.1, 10.14.2, etc., both which are updates to Mojave.
3. Supplemental or Security Updates: Occasionally Apple will issue a “Supplemental Update” to resolve security issues, or issue the update specifically as a “Security Update”. When possible, Apple tries to include these in Minor updates instead of separate updates.
4. App Updates: App updates are generally handled via the Mac App Store or the third-party app’s app update procedure. Occasionally apps are updated using the Software Update mechanism in macOS, and all system-included apps are updated in macOS Major or Minor updates.
My general rules when installing updates are as follows:
1. Most app updates are generally safe to install shortly after the updates are released. If in doubt, search around about the app or read message boards about the app to see if there are any issues with the app updates. I generally either allow these to install automatically, or update them shortly after released when I have a free moment.
2. “Supplemental Updates” and “Security Updates” (which both are rare), generally are safe to and should be installed shortly after they are released. When Apple releases these, they’re generally for a secuirty update, and the sooner they are installed, the better. I’ve seldom seen issues with such updates, although it doesn’t hurt to research before installing just as a precaution.
3. Minor updates I generally install the following Friday after they are released (most are released on Mondays), so I have the weekend to troubleshoot to ensure the updates aren’t causing any issues with my Macs. In general, I haven’t had too many issues with Minor updates, and they usually fix more issues than cause issues for me, but I’d also recommend doing a little research first to ensure.
4. Major updates/upgrades I generally wait on and install after the first Minor update is issued for the Major update (so for Mojave, waiting until 10.14.1 was released is a recommended solution). The .1 Minor update is similar to “Service Pack 1” on Windows. By the .1Minor update, I know many of the post-release kinks have been ironed out, and I can proceed with installing. I actually broke with that convention during Mojave and upgraded sooner since upgrading to Mojave resolved an issue I was having in High Sierra.
Installing Mac updates are easy, and Macs can be set to install updates automatically. Minor and Supplemental/Security updates used to be installed using Software Update in System Preferences, then Apple moved these to the Mac App Store after a while. In Mojave, Apple moved them back to Software Update in System Preferences. This article explains the software update procedure:
https://support.apple.com/en-us/HT201541
App updates are installed either through the Mac App Store (which can also be done automatically) or through the app’s updating procedure (for non-Mac App Store apps).
Major updates/upgrades are installed through the Mac App Store, which then launches an installer to complete the process. It’s similar to going out and “buying” a new major release to Windows and installing the upgrade (just without paying for it since macOS upgrades are now free; they used not to be!) or using the Windows 10 upgrade tool to upgrade to Windows 10. It’s fairly easy to upgrade to new major macOS releases with a few clicks and a lot of downloading/installing.
Next, I want to talk about built in anti-malware protection into the Mac. The Mac includes two security measures that work together to combat anti-malware. The first is known as “Gatekeeper”, although you won’t see an app or preference with that name. The feature is instead on the Security and Privacy, General, section of System Preferences. In newer macOS releases, there are two options: allow apps downloaded from the Mac App Store, and allow apps downloaded from the Mac App Store and identified developers. Older macOS releases offered a third option to allow apps downloaded from anywhere, which has now been removed.
While the Mac App Store is generally a safe place to download apps since Apple has an app approval process developers must go through (although Apple has made a few slip ups before if you read Mac news), not all the apps I run are on the Mac App Store, and even some of the ones I do run that have options on the Mac App Store I can generally qualify for better pricing off the Mac App Store (such as educational pricing and upgrade pricing, in which Apple doesn’t offer upgrade pricing on the Mac App Store), plus I can get faster updates off the Mac App Store than on the Mac App Store. While some of the apps I use are on the Mac App Store, I keep the option checked to allow both Mac App Store and identified developer apps to be installed, which allows me to easily use both types of apps.
Identified developers have to pay an annual fee to Apple and sign their apps with a certificate verifying the application that allows Apple to “notarize” the app.
Occasionally, I’ll run into an app from a legitimate developer who hasn’t signed their app as an identified app, in which GateKeeper throws up the error message and refuses to allow the app to launch. In this case, to override GateKeeper and allow the app to launch (this only needs to be done once), all one needs to do is hit Control when clicking the app to bring up the “right-click menu”, then click Open. There will be a prompt to allow the override. I only recommend doing this on apps you know are legitimate, and I also recommend informing app developers to become identified developers with Apple to allow future versions to be considered “notarized”.
All the details about GateKeeper are in this article:
https://support.apple.com/en-us/HT202491
The other feature Apple has built into macOS that works in conjunction with GateKeeper is called XProtect, although again, it works transparent behind-the-scenes, so you won’t see an XProtect app on your Mac. When a file with known malware is clicked, Apple will prompt a similar prompt with GateKeeper, but inform you the file can damage your Mac, recommend you trash it, and offer to report it to Apple. This article from Malwarebytes explains the basics of XProtect:
https://blog.malwarebytes.com/101/2019/02/macos-protect-malware/
This article from How to Geek explains how to ensure XProtect updates automatically (on Mojave, these options are under Software Update instead):
https://www.howtogeek.com/217043/xprotect-explained-how-your-macs-built-in-anti-malware-works/
And if you want to know what “version” of XProtect you’re running, check out this OS X Daily article:
http://osxdaily.com/2017/05/01/check-xprotect-version-mac/
While GateKeeper and XProtect are good built-in security measures, XProtect doesn’t always get updated quickly with new malware definitions (at times it does, but at other times, Apple has dropped the ball on updates). Therefore, I still recommend some form of antivirus and anti-malware protection for macOS.
AppleCare Support teams personally recommend Malwarebytes for Mac. I’ve used the free version for years, and I’ve been testing the Premium version for a few months, and so far so good. One thing to note, however, is Malwarebytes Premium for Mac doesn’t offer all the same functionality as Malwarebytes Premium for Windows, nor does it offer any protection against Windows viruses. I still highly recommend every Mac user run at least Malwarebytes free, and Malwarebytes Premium is a nice plus if you want automated protection. It’s also a solid choice or Mac malware protection in general.
https://www.malwarebytes.com/mac/
Years ago, I also used a Mac anti-spyware tool I paid about $35 for, but I can’t for the life of me remember the name of it or how effective it was.
In some cases, however, you may want to supplement with protection that includes antivirus and anti-malware for preventing Windows viruses and malware as well. One reason is if you have Windows running on your Mac under Parallels or VMWare Fusion, and you wouldn’t want a Windows virus transmitted to the Windows VM (although it’s also a good idea to use some form of protection on the Windows VM as well, Windows Defender at a bare minimum). Another reason is to ensure you’re not transmitting Windows viruses onto Windows PC users through email or external hard drives or USB flash drives (while most email services include virus filtering, I’ve found an occasional virus sneak through company email virus scanners at places I’ve worked for).
One antivirus product I’ve used in the past which offers the most Mac-friendly user interface, as well as protection against Mac and Windows viruses and malware is Intego. They’ve even offered “dual protection” editions with a Windows antivirus vendor to offer protection for Windows VM’s or Boot Camp paritions. Overall, I was happy with using Intego. I haven’t used them in a while since I haven’t seen any virus lab tests on Intego lately and not sure if the protection is still solid.
https://www.intego.com/antivirus-mac-internet-security
Another antivirus product I’ve used in the past is Thirtyseven4 (they also offer protection for Windows users as well), which is based on the QuickHeal antivirus engine. Their Mac antivirus product offered protection against both Mac and Windows viruses, with an overall simple interface (although not quite as Mac-friendly as Intego). Their support was solid to work with as well. The only reason I’m not currently running Thirtyseven4 on my Mac is at last check, their Mac version is 32 Bit only, and with 32 Bit apps coming to an end with the next major macOS release, I need something future proof.
https://www.thirtyseven4.com/total-security-for-mac/
For those who want protection for free, Avast offers a free version of their antivirus software that I have tested, and it also protects against both Mac and Windows malware, as well as “shields” for the web and email. However, their web shield routes all of one’s web traffic through a proxy, which didn’t fare too well with my firewall extension (Little Snitch, more on that in another article). Plus, with Avast being free, I wasn’t sure how much of my personal data was being handed over for marketing purposes, and should I need support for Avast free, it would set me back far more than a typical antivirus subscription. The iterface was simple enough to use, although not the most Mac-friendly. For those interested, here are the details.
https://www.avast.com/en-us/free-mac-security
Currently I’m running Webroot as my additional form of antivirus and antimalware protection (I’m using the edition from Best Buy). The interface is overall simple to use (although not the most Mac-friendly, but it is similar to the Windows version), and it offers some (but not all) the features of the Windows version. It offers protection against both Windows and Mac malware. It uses few system resources since like the Windows version, it is “cloud-based”), so performance on my Mac is solid. Additionally, the schools I’ve been working with and one of the Microsoft Partners I’ve received consulting from recommend it, so I’ve been using it and so far, so good.
https://www.webroot.com/us/en/home
Another solution as a supplement to what I’ve covered above are the solutions from ObjectiveSee, which can help protect against ransomware, etc. These solutions are free, and I haven’t personally used any yet since I’m not sure which ones I should run, but if anyone else has used any of them, I’d love to hear about your experiences and which ones you use.
That’s my rundown of Mac antivirus and anti-malware. Feel free to chime in with your own recommendations and questions!
Nathan Parker
