Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Mac Malware Guide : Do I need anti-virus software?
Published June 17th, 2012 at 8:38 PM EDT, modified April 10th, 2015 at 3:52 PM EDT
There is no simple yes or no answer to this question. The answer will depend on many factors, the biggest of which is your own opinion on security. However, I do have some recommendations. Before we get to those, we need to examine some basic facts about anti-virus (AV) software.
Perhaps the biggest fact that often gets swept under the rug is that no AV software (including XProtect, the anti-malware feature of Mac OS X) catches 100% of all viruses. It is known that AV software in the Windows world recognizes at best 90% of all malware. Although some Mac anti-virus software does better than that, none is perfect, and some is actually pretty awful. Some is known to detect almost no Mac malware.
Another important thing to understand is that no AV software is capable of intercepting brand-new malware. When new malware appears, that malware must become widespread enough to be noticed by the companies publishing AV software. Then they must find a copy of the malware, examine it and add it to the list of malware definitions used by their software. And, of course, none of that does you any good until you actually download the update, which doesn’t happen immediately. This means that, even if a particular AV program worked with 100% efficiency, it still would be completely useless for a period of time after the introduction of new malware. In the case of the MacDefender outbreak, frequent name changes and minor tweaks to the “packaging” kept the MacDefender trojan variants one step ahead of all anti-virus software, for a day at a time here and there.
Because of all this, blind usage of AV software can often make one more susceptible to infection by the right malware. If you become complacent, assuming that your AV software will protect you, it is unlikely that you will be as cautious as you should be, and something will eventually slip past your AV software. This is not just a theoretical concern, it has been documented to actually happen. I have personally seen reports from people with AV software who nonetheless got infected with something.
In addition, the vast majority of AV software will cause some kind of negative effect. These effects can include, but are not limited to:
- Slowing the computer
- False positives
- Damage to the system, apps or even user data
At this time, Mac OS X protects against all known Mac malware, in some way or another. It will not catch brand new malware, but neither will AV software. Thus, if you use anti-virus software, you’re trading a lot of potential problems for very little gain. However, there are some cases where AV software may be warranted. For example:
- If you need to use older software containing known vulnerabilities, such as older versions of Java or Flash, or old versions of Mac OS X (such as Mac OS X 10.6, aka Snow Leopard).
- If you are using a Mac in an environment where AV software is required inflexibly
- If you frequently trade files with Windows users and don’t want to be accused of passing on a Windows virus
- If there is a major change in the malware affecting Mac users (in which case I will note it here)
If you decide to install anti-virus software, do some research before installing it. There is a lot of very bad anti-virus software out there. Some of the commercial AV packages are renowned for their ability to bring a healthy Mac to its knees. Others are practically scams, detecting very little Mac malware (or even none). Beware of anti-virus “review” sites, which are often fake or paid “advertorials.”
At this time, ClamXav is the only choice I recommend. It can be used for purely manual scanning of specific files/folders, but can also be used to “watch” particular folders, scanning any new files. It has no effect on system performance except when scanning, and even then performance impacts are minimal. Personally, I think setting ClamXav to watch your web browser’s download folder, and manually scanning any files obtained through other sources from Windows users, is more than adequate at this time, even on an older system like Snow Leopard.
|<- How does Mac OS X protect me?||How can I protect myself? ->|