[Pexels/Anna Shvets]
The online world is still a dangerous place, but while antivirus vendors try to sell you a subscription to their products, macOS is still secure enough for users to resist the products. The best antivirus for Mac is a combination of existing protections and the user’s sanity.
Viruses and malware are a fact of online life, and numerous reports have detailed how various digital nasties are drastically affecting systems around the world. For both individuals and organizations with more stringent security practices.
On Windows, some form of additional protection was and still is necessary, especially since this is the biggest goal for virus creators. With a smaller user base, the Mac was a smaller target at first, but has become a bigger target over the years.
What helped the Mac was its reputation for being very immune to malware and viruses in general. That it’s protected from viruses somehow and you don’t need an antivirus at all.
This is still largely true today, up to a point. Apple includes various mechanisms in macOS that make it very difficult for malware to become a problem for the average user.
That hasn’t stopped various companies from trying to provide extra security by billing themselves as the best antivirus for Mac.
It is certainly still a target for viruses and malware, but certainly not in the way that Windows users should be concerned. While this is partly due to the fact that users are careful and think about how they act online, a lot still depends on the protection systems that macOS has.
This reputation for safety exists for a good reason. That’s why.
Gatekeeper
Of all the protections Apple has in place on macOS, Gatekeeper is the most visible to users. You will recognize this as a warning that appears whenever you download a piece of software from the Internet and try to run it.
Gatekeeper is able to prevent malware from running on a Mac, creating many obstacles in the way that the user must bypass.
Instead of directly scanning for malicious code, the Gatekeeper acts as a nightclub bouncer, ensuring that the software is authorized to run.
The gatekeeper is a secondary defense against online threats after the user’s own sense of security.
Gatekeeper verifies a downloaded app before running it for the first time, ensuring that it either comes from the Mac App Store or has a valid developer ID and is notarized by Apple.
If it’s from the Mac App Store, then the app has already passed various checks through Apple, so Gatekeeper rightly assumes there’s not much wrong with it and allows the app to run.
When it comes from other sources, this is where more checks come into play.
The developer ID is provided to the developer as an indication that they are the trusted creator of the application in the first place. Applying a certificate to an application is a way to make sure it belongs to that particular developer without making any changes to it.
Part of notarization involves developers submitting applications to Apple’s automated notary service, which verifies that the application is safe to run.
Think of notarization as the equivalent of Apple doing some checks to make sure the app is ok and returning it to the developer with a mark indicating that that particular executable is ok.
The gatekeeper allows applications with a valid developer ID and notarized applications to run, and therefore macOS trusts them.
If a malicious third party tampers with the app package, either the developer’s certificate or the security of the notarization can be affected. In such cases, the gatekeeper will see the problem and stop the application from running.
The problem is that users can still run non-Apple verified apps on a Mac, or can see warnings issued by Gatekeeper and click to launch the app regardless. Bypassing such Gatekeeper notifications is easy.
Unfortunately, this gives a chance for viruses and malware to exist on macOS, which otherwise would have been prevented by Gatekeeper in the first place.
However, Gatekeeper protection has caught the attention of virus makers because if they can interfere with this system, they have an advantage in infecting Macs. There have been some issues from time to time, but Apple is working on fixing them as soon as they appear.
Except for these rare cases, Gatekeeper has been a pretty solid and very useful tool in the Mac’s security arsenal. At least as far as his powers extend.
Gatekeeper can do most of the hard work of keeping your Mac secure. It just can’t cover all the possibilities.
System Integrity Protection
System Integrity Protection (SiP) is another mechanism that comes into play and limits the ability to run an application on a Mac.
Specifically, it prevents malware from making changes to certain protected folders and files on Mac. By restricting the root user account, the main one of which has free administrative control, SiP can help limit the damage caused by malware running as if it were the root user.
Prior to OS X El Capitan, applications installed using an administrator username and password had root access without any restrictions. A malicious application with these rights will be able to affect important areas of the Mac operating system, and nothing will stop it.
You can check if SiP is enabled using the System Information app on macOS.
SiP protects a number of very important areas of macOS, including the system folder, usr, bin, sbin, var, and applications pre-installed as part of macOS itself.
At the same time, SiP also allows third-party applications to write to the Applications, Library, and usr/local folders, which are typical areas that a legitimate application should have access to.
As part of this protection, SiP still allows changes to protected folders and files, but only in processes that are signed by Apple itself and that also have certain rights that allow such activity. For example, Apple’s own software updates and installers can usually make changes via SiP.
Just as there are gaps in Gatekeeper’s security history from time to time, there are small spikes in SiP, such as a vulnerability in October 2021 that allowed Apple’s notarized app installation packages to perform actions normally prohibited by SiP.
Again, Apple quickly fixed the issue before it became a real problem.
apple silicon
Another thing Apple’s hardware does right is the hardware itself. Apple’s move away from Intel brought more than just performance benefits and more control over the entire system.
It also means Apple systems aren’t affected by the same chip issues that can plague Intel-based computers.
Take, for example, Meltdown and Specter, exploits that exploit vulnerabilities in Intel chips. Apple computers that also used Intel chips were affected by the same vulnerabilities, so they had to be patched.
Apple Silicon may avoid the vulnerability of Intel chips, but Apple still has to deal with any problems in the design of its chips.
With the transition to Apple Silicon, the Mac is no longer subject to the same processor vulnerabilities that Intel had to deal with, simply due to the use of different designs.
It’s not exactly the kind of change that frees Apple from having to deal with any issues with the chips. Researchers have already found their own problems with Apple Silicon.
The key here is that these are hardware issues that Apple itself can fix and manage on its own without having to rely on Intel to come up with a patch. As well as hardware problems caused not by third-party solutions, but by Apple’s own.
Best Antivirus for Mac – User Awareness
The problem with security features like SIP and Gatekeeper is that they can only provide as much protection as they are allowed to. If the user believes they know better, they can bypass the restrictions and potentially let the malware run unhindered.
It’s not just on macOS, it’s pretty much everywhere. While every protective feature may be available, an inattentive user can do everything in his power to interfere with these very systems.
For example, a well protected Windows system with an antivirus and a firewall can be well protected. Except that the user can still disable the antivirus and firewall if they wish, leaving their computer vulnerable.
You’ll find that macOS itself is secure enough that you don’t need to install an antivirus for it.
You can put the sandwich in the office refrigerator in a rigid container wrapped with several layers of duct tape and with a few notes stating that it is your sandwich instead of stealing it. But deep down you know that the office thief will eat your submarine anyway.
The best antivirus for Mac may very well be the user himself, because if he remembers to be careful about what he downloads from the Internet, he should succeed.
For example, it makes sense to only download apps from sources you trust. It could be a developer, a well-established marketplace, or even better, the Mac App Store.
Then pay attention to the Gatekeeper warnings as they should make you think twice before starting the download.
In addition, there are other obvious things, such as paying attention to what sites you visit, the links you click on, and the information you provide online.
If you are vigilant, you can be relatively safe on the Internet from a Mac without an antivirus installed.
This does not mean that you should not install an antivirus on your Mac. They can be a handy backup as a cognitive security system and can detect things that elude Apple’s own systems.
However, this is only if the user is initially careless. And even so, if they can bypass Apple’s protections, they will also be able to bypass any other anti-malware tools installed on the Mac, even if it is securely blocked by corporate security services.
The best antivirus for Mac is not to be stupid in how you use it.