The best Mac antivirus software

One of the following statements isn’t true:

  • Macs don't get viruses
  • Ed Sheeran's Galway Girl is a great song
  • TV presented Bob Holness played the ax solo in Baker Street

Did you spot it? That’s right: they’re all bobbins. But as far as Mac users are concerned, the first statement has a corollary: while Macs can get viruses, most don’t. We should probably explain.

Do Macs get viruses?

Yes and no. Mac viruses do exist, but it’s very hard for them to spread. OS X and macOS are based on the Unix operating system, which is sandboxed. That means it’s very difficult for viruses to do any damage. Think of them as locked in a little box from which they can’t escape no matter how hard they try. 

Not only is a Mac much more difficult to hack or compromise than a Windows PC, but the relative obscurity of Macs means that even if a criminal does find a vulnerability to exploit, it’s a lot more effort to attack far fewer computers. That means Macs benefit from security by obscurity; the baddies target the more common and potentially lucrative Windows machines instead.

Mac users were spared the WannaCry ransomware that devastated Windows systems, but Apple devices have experienced other malware attacks

That’s great for Mac users, of course, but it’s also meant an entire generation of people believing that Macs don’t get malware of any kind. Unfortunately, Macs can and do, so when malware affecting Macs does appear or a popular Mac app gets bundled with a trojan, users are completely unprepared.

For example, Mac owners might have been spared the hassle of ransomware app Wannacry/WannaCrypt in May 2017, which only targeted Windows devices, but 7,000 Macs were infected with similar malware in 2016.

Ultimately, if you use a Mac, you need to consider whether the (so far, fairly remote) risk of infection is worth sacrificing performance, money or both.

What are the biggest security risks to Macs?

The bad guys’ favourite malware is currently ransomware – a type of app that locks up the victim’s computer and only unlocks it if a ransom is paid. And as some victims have discovered, it turns out that you just can’t trust criminals: people who did pay up found that they were asked to pay again, or that their card details were copied and used.

Ransomware made it to the Mac in 2016, when the KeRanger trojan was discovered in the Transmission BitTorrent client. It’s believed that the infection happened through compromising the Transmission website and replacing the real DMG download with an infected one. Some 7,000 Macs are believed to have been infected.

The readme file included with the KeRanger trojan, telling the user that their files have been encrypted and will only be released for a ransom of one Bitcoin

The fact that KeRanger generated so many headlines underlines how unusual such malware actually is: nobody holds the front page when a new Windows vulnerability is discovered. The reality is that unless you’re exceptionally unlucky, if you keep your Mac up to date, don’t download cracked software, don’t mess with OS X’s default sandboxing settings, don’t believe pop-ups that tell you to upgrade Flash and don’t click on phishing or other fraudulent emails then you’re likely to remain perfectly safe.

That may not remain the case forever, though, and Apple has been accused of reacting too slowly when genuine threats are discovered. So what can you expect from Mac antivirus software?

Mac antivirus: which is best at detecting threats?

The excellent AV-TEST regularly puts anti-virus programs through their paces, and their most recent tests took place in July 2017 on macOS Sierra. They tested two key areas: how well the packages detected Mac-specific threats, and how well they protected against Macs in mixed-OS environments being hijacked to spread Windows malware.

For Mac malware, four packages achieved 100% detection without false positives:

The next four achieved between 99.5% and 98.4% without false positives:

The worst performer was MacKeeper, with 85.9% detection.

In mixed operating system environments, five programs achieved 99% detection of Windows threats:

Mac antivirus: what’s the effect on performance?

Most of us believe that anti-virus software has a negative effect on performance, but chances are it’s much less negative than we think: in their tests, AV-Test found that there was no measurable performance drop when using ClamXav, MacKeeper, Kaspersky or Norton. There was a measurable difference with Sophos and Trend Micro (2% of additional system load), and with ESET and Bitdefender, which added around 4% to the overall system load.

Mac antivirus: which tools are recommended?

If you don’t want to spend money, go for AVG: it achieved 100% detection in AV-TEST benchmarks. However, AV-TEST did point out that unlike paid-for products, AVG had a significant effect on system performance, taking around 10% of system resources.

Of the paid-for products, AV-TEST recommends Kaspersky Lab and Norton, noting that they deliver 100% detection with no noticeable effect on performance.

Bitdefender and Trend Micro are highly recommended too, as is Intego – albeit with the caveat that it can increase system load by 16%.

AV-TEST recommends Kaspersky’s antivirus suite, which gives excellent protection without a noticeable effect on system performance

Mac antivirus: do I really need it?

That really depends on you. The risk of infection remains pretty remote, and if you practice basic security measures and don’t fall for common scams then you’re very unlikely to suffer from any problems. Even ransomware can be defeated with the cunning tactic of having a backup of anything important. 

That said, if you’ve ever experienced the mess malware can make on a Windows system you’ll know that just getting things back to normal can be an incredible time thief, especially if key data has been damaged. Perhaps the question shouldn’t be whether anti-virus is worth the money, but whether your time is more valuable than the cost of a security app.

Leave a Reply

Your email address will not be published. Required fields are marked *