The best antivirus for Mac is none at all
The online world is still a dangerous place, but while antivirus vendors try to sell you subscriptions to their wares, macOS is still secure enough for users to resist the products. The best antivirus for Mac is a combination of existing defenses and common sense.
Viruses and malware are a fact of life online, with numerous reports detailing how various digital baddies are badly affecting systems around the world. For both individuals and organizations with stricter security practices.
Some form of additional protection was and is required on Windows, especially since this is the biggest target for virus manufacturers. With a smaller user base, the Mac was less of a target at first, but has grown in size over the years.
What helped the Mac was its reputation for being very immune to malware and viruses in general. That it was virus proof in some way and you didn’t need an antivirus tool at all.
To a certain extent, this is still true today. Apple builds various mechanisms into macOS that make it very difficult for malware to actually be a problem for the typical user.
This hasn’t stopped various companies from offering extra security and in some ways declaring themselves the best antivirus for Mac.
Sure, it’s still a target for viruses and malware, but certainly not in a way that Windows users need to be concerned about. While part of this is due to users being careful and thinking about how they behave online, a large part is still due to the protection systems that macOS has installed.
This reputation for safety is there for a reason. Here’s why.
Of all the protections Apple offers in macOS, Gatekeeper is the most visible to users. You know it as the warning that appears when you download any software from the internet and try to run it.
Gatekeeper can prevent malware from running on a Mac by putting several obstacles in the way for the user to bypass themselves.
Rather than scanning for malicious code directly, Gatekeeper instead acts as a bouncer at a nightclub, making sure the software has the correct authorization to run.
Gatekeeper is a secondary defense against online threats, after the user’s own sense of security.
Gatekeeper verifies a downloaded app before it runs for the first time, ensuring that it’s either from the Mac App Store or has a valid developer ID and has been notarized by Apple.
So if it’s from the Mac App Store, the app has already gone through various checks by Apple itself, so Gatekeeper correctly assumes there’s nothing wrong and lets the app run.
When it comes from other sources, more controls come into play.
The developer ID is primarily provided to the developer as an indicator that they are a trusted creator of the app. Applying the certificate to the app can ensure that it came from that specific developer without any modifications being made to it.
The notarization part consists of developers providing apps to an automated notary service operated by Apple, which verifies that the app can be run securely.
Think of attestation as the equivalent of Apple doing some checks to make sure the app is okay, and returning it to the developer with a token to indicate that that particular executable is okay.
Apps with a valid Developer ID and notarized are allowed to run by Gatekeeper and are therefore trusted by macOS.
If an app package is compromised by a malicious third party, it can compromise either the developer ID certificate or the attestation security. In such cases, Gatekeeper would detect a problem and stop the app from running.
The problem is that it’s still possible for users to run apps that aren’t notarized by Apple on a Mac, or see the alerts given by Gatekeeper and press to run the app anyway. It’s not difficult to bypass such gatekeeper cues.
Unfortunately, this gives viruses and malware a chance to exist on macOS that Gatekeeper would otherwise thwart in the first place.
Nonetheless, Gatekeeper’s protection has caught the attention of virus makers because if they could thwart this system, they would have a head start in infecting the Mac. There have been some issues occasionally, but Apple is working to fix them as soon as they arise.
Outside of those rare occasions, Gatekeeper has been fairly resilient and a very useful tool in the Mac security arsenal. At least as far as his powers go.
Gatekeeper can do a lot of the heavy lifting to keep a Mac safe. It simply cannot cover all eventualities.
System integrity protection
System Integrity Protection (SiP) is another mechanism that comes into play that restricts an application from running on a Mac.
Specifically, it prevents malicious software from making changes to certain protected folders and files on Mac. By restricting the root user account, the main account with free management powers, SiP can help limit the damage caused by malware that operates as if it were a root user.
Prior to OS X El Capitan, applications installed with an administrator’s username and password were given root-level access without any restrictions. A malicious app with such privileges would be able to affect important areas of the Mac operating system and nothing could stop it.
You can verify that SiP is enabled by using the System Information app in macOS.
SiP protects a number of extremely important areas of macOS, including the system folder, usr, bin, sbin, var, and applications that come preinstalled as part of macOS itself.
At the same time, SiP also allows third-party apps to write to the Applications, Library, and usr/local folders, which are typical areas a legitimate app needs to access.
As part of these safeguards, SiP still allows modifications to protected folders and files, but only under processes that Apple itself has signed and that also have specific permissions that allow such activity. For example, Apple’s own software updates and installers are usually allowed to make changes through SiP.
Just as there are occasional gaps in Gatekeeper’s security history, there are minor bugs in SiP, such as: B. An October 2021 bug that allowed Apple notarized app installer packages to perform activities normally blocked by SiP.
Again, Apple worked quickly to fix the problem before it became a real problem.
Another thing Apple’s hardware gets right is the hardware itself. Apple’s move away from Intel brought more than just performance gains and more control over the entire system.
It also means that Apple’s systems aren’t affected by the same chip issues that can plague Intel-based computers.
Take the example of Meltdown and Specter, which were exploits that took advantage of vulnerabilities in Intel chips. Apple computers, which also used Intel chips, were affected by the same vulnerabilities and therefore had to undergo various fixes.
Apple Silicon can avoid vulnerability issues with Intel chips, but Apple has yet to address issues in its chip designs.
With the move to Apple Silicon, the Mac is no longer affected by the same processor-based vulnerabilities that Intel struggled with simply by using other designs.
This isn’t a change that frees Apple from dealing with any chip issues. Researchers have already found their own problems with Apple Silicon.
The key here is that these are hardware issues that Apple can fix and manage itself without having to rely on Intel to develop a patch. And also hardware problems, which are not caused by third-party decisions, but only by Apple.
The best antivirus for Mac is user awareness
The problem with security features like SIP and Gatekeeper is that they can protect as much as they are allowed to. If a user thinks they know better, they can bypass the restrictions and potentially run malware unhindered.
It’s not just in macOS, it’s pretty much everywhere. While any protection can be made available, an indifferent user can do whatever it takes to thwart those very systems.
For example, a well-secured Windows system might be well protected with antivirus and a firewall. Except that the user can still disable both the antivirus and the firewall if they want, leaving their PC vulnerable.
You’ll find that macOS is fairly secure on its own without necessarily having an antivirus program installed.
You could put a sandwich in an office fridge, in a rigid container wrapped in several layers of duct tape and with several notes explaining that it’s your sandwich and not to steal it. But you know deep down that the office thief is still going to eat your sub anyway.
The best antivirus for Mac might be the user himself, because if he can remember to be careful with things he downloads from the internet, then he should do well.
For example, it makes sense to only download applications from sources you trust. This can be the developer, an established marketplace, or even better, the Mac App Store.
Then you need to pay attention to Gatekeeper’s warnings, as they should make you think twice about running the download in the first place.
And then there are the other obvious things like: For example, to pay attention to which websites you visit, which links you click on and what information you provide online.
If you’re vigilant, you can be pretty safe online with a Mac without an antivirus installed.
That’s not to say that you shouldn’t install an antivirus program on your Mac. They can be a handy backup, a cognitive safety net, and could catch things slipping past Apple’s own systems.
But only if the user is careless from the start. And even if they can bypass Apple’s protections, they also bypass all other anti-malware tools installed on a Mac, even if securely blocked by corporate security teams.
The best antivirus for Mac is not to be too stupid about how you use it in the first place.