This question pops up every other week in the various facebook groups and forums I’m in. And I cringe every time I see it pop up. Why? because the comments are abundant and are typically full of misinformation. I can write a 10 page article about this but I will try to keep it brief. Here are a few of my issues with common comments:
1. Product recommendations
“I use ClamXav”, “Avast has never let me down!” “McAffee is the best” and even “Norton is awesome”. Here’s the problem with 99% of the recommendations: they are not backed up by… anything. No-one has done extensive testing to see what a product’s detection rates are. There are hundreds of thousands of malware samples out there, for Mac alone. Yes, hundreds of thousands. This doesn’t mean there are that many different pieces of malware out there but one malware variant can have many different samples. One can be an installer in a .dmg file, another can be just the installer .pkg, yet another can be just the Mach-O and another can be the .pkg with different obfuscation methods implemented. A good antivirus solution needs to be able to handle many different filetypes. If it can scan a .zip file but not a .dmg file, it’s useless. If it detects a .pkg but not the Mach-O on it’s own, it’s useless. If it detects a download but not the individual components that make up a malware, it’s useless.
I have personally tested every antivirus solution available for Mac (50+). Publicly from 2012-2013 and offline from 2013-current (publishing results just took wayyyy too much time, couldn’t do it anymore). My sample sets run in the thousands and I am constantly on top of updates for each and every AV product. When I recommend an AV product, it’s because it has proven to be the best, countless hours of testing provided that proof.
Most, if not all, recommendations however, are based on nothing more than hear say or the fact it happens to be installed at the time. In short, they are based on nothing useful.
2. “Macs don’t get viruses”
Shut up and go away. This statement is made by one of two kinds of people:
– The kind that truly believe Macs are impervious to malware.
– The kind that are trolls and focus on the literal definition of “virus”, then ignore to mention malware is a real threat.
A virus is defined as being a malicious piece of code that can self-replicate. Such code does not exist for Mac so in that sense Macs do not get viruses. However, malware (malicious software) can infect a Mac and does so regularly all over the world. So when you see that argument, block the person and run away, they have nothing valuable to add to the conversation.
3. “I’ve never used AV and never had a problem”
This statement is based on an outdated understanding of how malware works. Back in the day, if you were infected by malware you would almost instantly know about it. Files would get erased, systems would brick, chaos all around. This has not been the case in a very long time.
With the exception of ransomware, malware will try it’s very best to remain undetected for as long as it can. The idea is simple; it can not steal your data, turn your Mac into part of a botnet or use your Mac to infiltrate a network if it is discovered and deleted. Malware that can run on a system for months or years can exfiltrate much more valuable data than malware that is detected within a day.
If you don’t use an AV solution and think you’re fine because you have never noticed an infection, you are going about this all wrong. Malware may have been taking data, logs of keystrokes, screenshots and much more without you knowing for months. And yes, there is plenty of malware for Mac around that has such functionality.
You won’t know if you have a malware problem until you install an AV solution, good firewall solution such as Little Snitch (so you can spot anomalous network activity as it happens) or packet inspection hardware solution. Until you have one or some of those, you don’t know anything. Again, anyone that makes this statement should be ignored and avoided.
4. “Malwarebytes is all you need”
Thanks to Thomas Reed’s awesome work, Malwarebytes is recognized as one of the top antivirus solutions for Mac. I agree that Malwarebytes is a great product but it should not be compared to most other AV solutions, because it’s not an AV solution. Malwarebytes checks common places on your system where malware may be installed. It does NOT check your downloads, what’s on your desktop, what is attached to your emails etc etc.
Malwarebytes is a very lightweight app that will find malware that tries to infect or has already infected your Mac. And that is where it’s usefulness ends. You may have dozens of malware infected files on your Mac that can be in your Time Machine backups, distributed to other Macs and you’ll never know. The way Malwarebytes works is very effective but also gives a false sense of security. Most will assume every file on their Mac is safe because Malwarebytes is installed but a malware infected installer or other file can be distributed to another Mac without ever being actually checked. I recommend Malwarebytes for all mac users, it’s free and awesome at what it’s built for but it’s certainly no AV solution.
If you’re serious about protecting your Mac(s), an AV solution needs to be one of the security layers. Another layer needs to be network security. If you want to handle that on a per-Mac basis, Little Snitch is the way to go. An alternative to Little Snitch is LuLu which is free but not nearly as advanced or bug free. If you want to protect the whole network, a hardware firewall is required. You can build your own using a powerful Mac and Murus or buy a hardware box that does this all for you. There are many options out there but you want one that at least has serious SPI (Stateful Packet Inspection) capabilities. Yet another layer is keeping your OS and applications up to date to minimize vulnerabilities on your system. Don’t install Adobe Flash Player, get software only from the developer’s website and not 3rd party websites, use common sense when browsing the web etc. etc. Many layers are involved if you want to keep your system secure and antivirus protection is still one of them.
As for my recommendation: Malwarebytes + Intego = Malware does not stand a chance.
You can find malwarebytes here.
You can find Intego in the App Store (Virusbarrier Scanner, free) or on their website (better overall protection, paid). The App Store version is less capable than the full version. The full version will create a more secure Mac.
With those two watching your Mac’s back, some really crazy things have to happen for malware to make it’s way onto your system.
Damn, still ended up writing a 1000+ word article. Ah well, sometimes some things are just worth saying 🙂