Wondering if you need an antivirus for Mac? Macs get viruses despite the protection in macOS, so it is wise to extend the protection.
Do Macs get viruses? Do Macs need antivirus software? The answers to these questions are not as simple as they seem. In this article, we look at the dangers to Mac users and the pros and cons of using Mac antivirus software.
Historically, the Mac was considered safe for a number of reasons that we will discuss below, but in recent years the consensus has changed. In its 2020 State of Malware report, Malwarebytes said it saw “a significant increase in the overall prevalence of Mac threats in 2019, with an increase of more than 400 percent compared to 2018.” The following year, the company found that overall malware detected on macOS decreased by 38 percent, but the worst kind, namely “backdoors, data thieves and cryptocurrency thieves/miners,” increased by more than 61 percent.
One of the reasons for the decline in 2020 was the pandemic; when the restrictions were lifted, malware saw a rebound in 2021, with the number of Mac detections increasing by more than 200 percent to an astonishing 164 million. Even Apple software boss Craig Federighi acknowledged in May 2021 that Mac malware was a problem although it’s worth keeping in mind that at that time he was trying to make the case for iOS’ very different security approach. “Today,” he said, “we have a level of malware on the Mac that we don’t think is acceptable.” Federighi revealed that 130 different cases had been documented as of May 2020, and that one had affected more than 300,000 Macs. He even admitted that members of his family had gotten malware on their Macs.
When the judge asked about the fact that Mac users can buy and download software from different places on the Mac, rather than being limited to the Mac App Store, Federighi said, “Yes, it’s certainly how we’ve done it on the Mac and it’s regularly abused on the Mac. iOS has set a dramatically higher bar for customer protection. The Mac today does not meet that bar.”
Federighi noted that Mac users do not download as much software as iOS users and suggested that if iOS were as open to third-party downloads, there would be a real problem for that platform. “If you were to apply the security techniques of the Mac to the iOS ecosystem, with all those devices, all that value,” he said, “it would be turned upside down to a degree far worse than what’s already happening on the Mac.”
To get an idea of the number of attacks on the Mac platform, browse through our complete list of Mac viruses, malware and trojans. Adware and Potentially Unwanted Programs (PUPs) make up the majority of malware detections on Macs, according to Malwarebytes.
Do I need an antivirus for Mac?
So should Mac users panic? No. Mac malware poses a risk that users should be aware of, but it does not mean that Macs absolutely must be equipped with antivirus software. Such products have their benefits, and you may choose to install one for more peace of mind, but we don’t see them as essential for the Mac.
Apple has taken measures at the operating system level to protect Mac users from the worst malware threats. These built-in security features make it extremely difficult to attack a Mac. They include Gatekeeper, which blocks software not digitally approved by Apple from running on your Mac without your permission, and XProtect, which is Apple’s own antivirus built into macOS and inspects every app for malware.
As you can see, Apple goes to great lengths to protect you from malware by making it nearly impossible for you to download it at all, let alone install it. In addition, Apple keeps a close eye on vulnerabilities and exploits; if your Mac needs protection from these, a patch is quickly made available via auto-update.
Thanks to these features, before you can install an application, your Mac will check it against a list of malware, and even if there is no cause for concern, it will not make it easy for you to open an application from a developer that is not approved.
These features and other protections built into macOS (which we will discuss in more detail below) mean it’s not an essential requirement to install antivirus software on your Mac.
However, as good as these protections are, there have been occasions when malware has managed to infiltrate the Mac platform, and times when Apple hasn’t responded to a threat as quickly as Mac users might hope. If you want the very best protection from threats, therefore, consider adding a dedicated Mac security suite such as Intego Mac Internet Security. You’ll find Intego at the top of our roundup of the best antivirus for Mac, among other free and paid-for antivirus apps that might give you some peace of mind, including McAfee and Norton.
How Apple protects Macs from viruses
Macs are generally more secure than PCs, but as threats to the Mac increase due to the platform’s growing popularity, Apple has had to build protection into macOS and the Mac hardware itself.
In this section, we look at the built-in protection in macOS to determine whether it is sufficient, or whether you should also install antivirus software on your Mac.
How XProtect works
The Mac’s malware scanner, XProtect, works invisibly and automatically in the background and requires no user configuration. Apple has a list of malicious apps that it checks when you open downloaded apps. XProtect is regularly updated by Apple and works in the background, so you are always protected.
This is similar to running antivirus software from an external software developer on your Mac, with the bonus that it is written into the operating system and therefore does not hinder performance.
If you download and try to open files infected with malware, you may see an explicit warning that the files “will damage your computer,” along with a reference to the type of malware. In that case, delete the file immediately.
This is great news for Mac users, but is it enough? How does XProtect compare to the antivirus solutions out there? XProtect may not be as up-to-date as some other products and it does not look for as many different types of malware. Read our review of the best antivirus apps for Mac for a thorough evaluation of the available options.
How Gatekeeper works
Thanks to Gatekeeper, macOS blocks downloaded software that is not digitally signed, a process by which Apple approves the developer. This leads to the familiar error message when trying to use or install unsigned software: “[Deze app] cannot be opened because it is from an unidentified developer.” One change in Gatekeeper that came a few years ago in macOS Catalina was that software is checked for malware and other problems every time it runs, rather than just the first time you install it.
For maximum protection, you can set GateKeeper to allow software to be installed only when downloaded from the Mac App Store. Or you can set it up to allow you to install software from the Web, but only from verified developers.
You can adjust these settings through the Security and Privacy section of System Preferences:
Je kunt deze instellingen aanpassen via het gedeelte Beveiliging en privacy van Systeemvoorkeuren:
Choose from the options under Allow applications downloaded from.
Choose App Store or App Store and identified developers.
The safest option is App Store only, but if you also want to be able to install legitimate software from the Web, App Store and Identified Developers is the best plan. There used to be an option to disable the feature by selecting “Everywhere,” but this option is no longer available.
All software you download from the App Store is signed, but if you try to open an app you downloaded from the web that is not signed
This could mean that you are close to having malware installed. On the other hand, of course, it could also be a legitimate app. In that case (and if you are sure), you can bypass Gatekeeper’s protection and install it.
To do this, go to the Finder and find the app there. Now hold down Ctrl as you click on the app and select Open. This marks it as trusted. For more information, read how to open an app from an unknown developer.
The ability to download unsigned software may sound like a benefit, but it actually allows you to bypass Gatekeeper’s protection. This is a mixed blessing, and more and more malicious apps instruct users to do exactly this when they are installed.
Sandboxing and related protections
Apple-approved software also comes with a sandbox, meaning apps only do what they are intended to do. Sandboxing isolates programs from your Mac’s critical system components, your data and your other programs, so they cannot do any damage. It doesn’t protect you from malware invading the system, but it does limit the extent of what the malware can do once it’s in.
The biggest problem here is that apps sold in the Mac App Store have to be sandboxed, but other Mac apps do not.
But even without sandboxing, there are related features built into macOS that should keep apps from snooping on your data. Since macOS 10.15 Catalina in 2019, all Mac apps are required to ask your permission before accessing your files. macOS will also ask you for permission before an app can access the camera or microphone, or log what you type.
Another change with Catalina is that macOS itself is now stored on a separate disk volume. This means that your important system files are completely separated and thus harder to access. Apps cannot access your system files where they could cause problems.
Apple regularly releases security updates for the Mac. While these may serve to demonstrate that the Mac is not infallible, as Apple is all too often made aware of security flaws, they are generally issued quickly.
Less pleasing is that these security updates are usually released as part of a larger macOS update: for example, macOS Monterey 12.2.1 closed a security vulnerability in WebKit that would have allowed malicious code to be executed. Because these security issues were fixed as part of a macOS update, which often requires restarting the computer during the installation process, Mac users are less likely to install the update right away, even though these updates can be set to install automatically.
Since Ventura’s launch, however, Apple has begun separating security updates from broader macOS updates and rolling them out automatically. This way, the update can happen in the background, without having to reboot.
Password protection and passwords
Apple has improved the way users can manage passwords in macOS Monterey and also made some changes to two-factor authentication. You can find all your passwords in System Preferences > Passwords. Just unlock it with your master password to see all your other passwords. (You can also view this information on your iPhone in Settings > Passwords).
A new authenticator has been added in Monterey, allowing you to set up verification codes instead of using an authentication app. To add a setup key, you need to click on a password and then choose Enter Setup Key, which you should be able to get from the provider. Once entered, the 2FA authentication codes should automatically populate.
In macOS Ventura, Apple switched from passwords to passwords. Apple explains: “Passkeys use iCloud Keychain public key credentials, eliminating the need for passwords. Instead, they rely on biometric identification such as Touch ID and Face ID in iOS, or a specific attachment in macOS to generate and authenticate accounts.” Passwords are more secure, according to Apple. Essentially, your device contains one part of a cryptographic key pair and the other part is stored by the website or service you are logging into. Your device authenticates you biometrically (with Touch ID or Face ID) and logs you in. For more information, read How to use paskeys.
In macOS Monterey, Apple has added a recording indicator in the menu bar so you know if an app is recording you. A bit like the light that indicates that the microphone is in use on your iPhone.
Adhesive board warnings
Starting with macOS Ventura, any app that wants to access your bulletin board must ask for permission.
Protection in Safari
The anti-phishing technology in Safari detects fraudulent websites. The page is disabled and an alert is displayed when you visit a suspicious website.
Anti-phishing is not the only way Safari protects you while browsing. Apple also allows users to prevent advertisers from tracking them on the Internet. You can view a Privacy Report detailing all the cross-site trackers that Apple has prevented from profiling you.
You’ll also find that plug-ins such as Silverlight, QuickTime and Oracle Java won’t run if they haven’t been updated to the latest version, another way to make sure your Mac is safe. And now that Adobe has stopped using Flash, hopefully people won’t fall for malware hidden in Flash Player.
Safari will also identify weak passwords and suggest a strong password when you open an account on a Web site. This strong password is stored in your iCloud Keychain, so you don’t have to remember it. It’s a lot more secure than the same password you always use. For more on this topic, read about How Apple plans to do away with passwords.
In the past, a problem with Apple’s suggested passwords was that they sometimes did not match the website’s requirements. For example, a website may require one capital letter, one special character, one number and so on. Since the launch of Ventura, users can edit suggested passwords in macOS to meet these requirements.
New in Safari 15 are improvements to Intelligent Tracing Prevention that made its appearance in Safari 14. Now web trackers cannot see your IP address, so they cannot create a profile of you. Check this by choosing> Preferences > Privacy > IP address hide from trackers in the Safari menu.
Privacy of photos
A few years ago, there was a lot of bad publicity for Apple when celebrities reported that their iCloud photos had been stolen. (For more on this, read How to Stop Photo Cracking on iPhone.) Since then, a number of security improvements have been made to iCloud and Apple has given users other ways to protect their photo privacy: for example, the ability to hide photos and albums. In Ventura, Apple extended this so that hidden albums and the recently deleted album are locked by default and can only be authenticated with Touch ID or Face ID.
macOS Monterey brought a new feature to Mail on the Mac. Mail Privacy Protection improves privacy for users. For example, it prevents email senders from finding out if you opened an email, or even determining your location from your IP address. Check if the feature works for you by opening Mail > Click Mail in the menu > choose Preferences > Privacy > and make sure Protect Mail activity is selected. That should be standard.
There are additional Mail protections if you are an iCloud subscriber. Hide my email allows you to create an alternate email address that you can provide. The email will still be delivered to your inbox, but you can easily delete the alternate email address later.
You can enable this in System Preferences > click Apple ID > and select Private Relay (currently in beta).
In Ventura, Hide My Email has been extended to third-party apps.
If you’re an iCloud subscriber, you’ll be interested in a feature added in Monterey (part of the upgrade from iCloud to iCloud+) called Private Relay. It’s a bit like a VPN in that it encrypts your network traffic and routes your DNS lookup requests through two servers, one of which is not managed by Apple. However, it is not a VPN because it only works in Safari and obviously lacks the other usual features of a VPN. (By the way, if you want a VPN, check out our list of the best VPNs for Mac. You may even be able to save some money if you take a look at our listing of VPN offers, or try one of these free VPNs).
You can manage your Private Relay settings in System Preferences > Apple ID > click Options next to Hide My Email. Here you will see all the fake e-mail addresses you are using; click Disable if you want these e-mails to stop arriving. You can also change which e-mail address they are forwarded to.
A new feature in macOS Ventura is Safety Check, a feature that allows anyone who fears they are in danger from an acquaintance to revoke the access they have granted to that person. For example, that person will no longer have access to their location, their photos or anything else that can be used to track them.
File encryption with FileVault
In addition to Gatekeeper, which should keep malware off your Mac, FileVault 2 ensures your data is safe by encrypting it.
If you’re worried that someone could access the files on your Mac, you can encrypt them with FileVault, which allows only you to decrypt them again. Read our tips for keeping your Mac secure, including using FileVault.
Warnings about spyware
Apple announced in November 2021 that it would warn its users about government-sponsored spy attacks, such as the notorious Pegasus spy software, on their iPhones, iPads and Macs. The alert comes via email or message. The same warning appears on the user’s Apple ID page at appleid.apple.com.
The alert provides advice on how affected users can protect themselves from the attack. More information can be found on Apple’s site.
Not every threat to your data comes from malware. Sometimes a criminal can get their hands on your Mac, in which case Apple’s Find My Service comes in handy.
The Find My app can return the location of your lost or stolen Mac to you. If you are afraid that your Mac cannot be recovered, you can erase the contents of your Mac so that your data is no longer accessible. For more information on this, read How do I find a lost or stolen iPhone?
In addition, any Mac with an M1, M2 or T2 chip has an activation lock, allowing it to be remotely bricked.
When Apple’s security measures are not enough…
The security measures described above are great, but unfortunately there have been cases where they have not been enough.
Gatekeeper, for example, has occasionally been bypassed because malware had an approved developer signature. OSX/CrescentCore, for example, was signed with a certificate assigned by Apple to a developer. It took Apple a few days to revoke that certificate.
In the case of OSX/Linker, a zero-day vulnerability in Gatekeeper was exploited. Apple normally responds quickly to such threats, although there have been instances where the company ignored an identified vulnerability; on one occasion, a teenager reported a flaw in the FaceTime group feature that allowed someone to listen in on a conversation, and Apple failed to take action.
When Apple is notified of a threat, the company usually releases a security update for the latest version of macOS and for the two versions before that. In this way, Apple protects users from vulnerabilities and flaws that can be exploited by hackers.
Normally, our advice would be to install security updates immediately. However, sometimes these themselves can cause problems. For example, a Sierra and High Sierra security update in July 2019 had to be withdrawn after people experienced problems after installing it.
How Apple responds to security threats
Apple has its own security research team, but it relies on users and independent researchers to help by reporting any flaws they find in Apple products.
To this end, Apple has an incentive program that rewards such discoveries with payments of up to $200,000, depending on the severity of the error. But Apple was the last major tech company to establish such a program. (Microsoft set up its own bug reporting program in 2013, and then was itself criticized for being so late).
On Aug. 4, 2016, Apple security boss Ivan Krstic announced the Apple Security Bounty Program. “We’ve had a lot of help from researchers all along in improving iOS security,” Krstic said. “But we’ve heard pretty consistently that it’s getting harder and harder to find the most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple.”
The highest reward of $200,000 is given to those who discover vulnerabilities in Apple’s secure startup firmware components; for less critical vulnerabilities, the bounties drop through a series of smaller amounts to a low of $25,000. Wired has the details.
We imagine most Mac users will be pleased to hear that Apple has an incentive program to encourage more widespread reporting of vulnerabilities. By encouraging security researchers to notify Apple of a flaw rather than passing it on to hackers (which unfortunately can still be more lucrative), Apple products become safer for everyone.
One such bug was the High Sierra root bug, discovered on Nov. 28, 2017. This leak in macOS 10.13 could allow access to settings on a Mac without requiring a password. Apple immediately issued a statement confirming that it was working on a fix and that an update would be released within days.
Here’s how to protect your Mac from malware
Apple does a lot to keep your Mac safe, but you have to do your part too: by installing updates as soon as they come in, not clicking on suspicious links in emails, not installing Flash, and so on. There are also third-party antivirus programs you can try. We have a complete guide to the best antivirus for Mac.
Here are a few things you need to do:
1) Keeping MacOS up-to-date
Despite what we said above about the security update that Apple later withdrew, the advice would normally be to install a security update as soon as possible.
Apple addresses Mac bugs and vulnerabilities by releasing updates to the operating system. Therefore, it is important to keep your Mac up-to-date. Regularly checking for OS updates is an important part of a good security strategy.
You can find the latest version of macOS here: macOS Ventura latest version information.
You can set your Mac to automatically update as soon as a new version of the operating system is available. Follow these instructions to set that up:
Here’s how to automatically install macOS updates
1: Open System Preferences.
2: Click on Software Update.
3: Check the box next to Automatically keep my Mac up-to-date.
4:Or click on Advanced and select exactly which actions you want to be performed automatically. You can choose from “Check for updates,” “Download new updates as they become available,” “Install macOS updates,” and “Install app updates from the App Store.
2) Do not connect to public Wi-Fi networks
Do not connect to a public Wi-Fi network, as someone may spy and gain access to your passwords and other private data, or your session may be hijacked. Snoopers can set up their own Wi-Fi hotspot and pretend to be your hotel or coffee shop. Once you connect, they can intercept any data you send through this hotspot.
In the past, bugs have been discovered in the operating system that allowed access to your Mac, such as the SSL flaw in an earlier version of Mac OS X, which allowed a hacker to gain access to your machine when using public Wi-Fi.
3) Do not install Flash
Adobe discontinued Flash on Dec. 31, 2020 for a good reason. Intego, Malwarebytes and other security companies have advised against installing Flash Player, because fake Flash Player updates have often been used to get people to install malware. For example, you want to download a popular movie or TV series for free and see a search result that leads to a request to update Flash Player to view the content. This is probably not legitimate.
There is simply no need to install Flash Player now that HTML5 has made Flash obsolete. Our advice is simple: do not use Flash!
4) Keep Java up-to-date on your Mac
If you must use Java (which is also problematic), make sure it is up-to-date. Vulnerabilities in Java have demonstrated cross-platform threats that even Mac users should be aware of. Apple blocks Java by default and leaves it up to the user to decide whether to install these tools. If you do need to update them, pay close attention to where you download updates!
5) Avoid falling into the trap of phishing emails
Protect yourself from phishing attacks by not responding to emails asking you to enter a password or install something. You can also use free software such as BlockBlock. That way, even if you perform the steps to start the malware, the malware cannot write files or mark itself as starting at startup.
6) Don’t fall for Facebook scams
Facebook fraud is usually designed to collect data. If it seems like it’s too good to be true, it probably is and you’d be wise not to share it on Facebook. At best, you look like a fool and those scammers will approach you with more scams; at worst, they may succeed in gaining access to your personal information and that of your friends. Don’t click on a link just because a friend shared it and certainly don’t give out your personal information on Facebook.
Why you need to protect Windows users
Macs are reasonably safe from malware, but one reason to use an antivirus is to protect your Windows-using friends and colleagues. An unprotected (and carelessly used) Mac can become a kind of Typhoid Mary of Windows viruses; in other words, you can harbor viruses that don’t affect you, but can cause problems for Windows users.
A few years ago, while writing about Mac malware, we discovered the following nasties on our Mac:
That’s a list of 30 potentially bad things that you guessed it, were found on the Mac on which we ran a test virus scan, including a Windows virus.
This is how to tell if a Mac has a virus
Watch for the following signs that your Mac is infected with malware:
Aggressive web page banners and browser pop-ups recommending software.
Text on a web page that turns into hyperlinks.
Programs appear that you have not authorized.
Mac is running hot.
Mac accelerates for no reason.
If you think something suspicious is happening, open Activity Monitor and click on the CPU tab. Check what software is running, especially if something is taking up a lot of your resources.