The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!


Mac anti-virus detection rates

Posted on November 14th, 2012 at 9:03 AM EDT

e-biohazard

Studies have shown that Windows anti-virus programs do not detect more than 90% of all malware at best. It has been speculated by some that Mac anti-virus software may not suffer the same problem. There are hundreds of thousands or millions of different malware programs for Windows, while on the Mac there are only around 33 (by my current count), most of which are “extinct” at this point in time. This document will attempt to answer the question of how accurate Mac anti-virus software is at detecting malware.

Methods

A selection of 51 different malware samples for Mac OS X was collected, representing 19 different malware programs, from a variety of sources. Although it was important to have a large enough sampling to achieve a fair test, some effort was made to ensure that biases were not introduced. It is important to note that every malware sample used for testing either was already in the VirusTotal database or has been added to it during testing, and is therefore easily accessible to security companies that choose to look for it.

Testing was done on a base OS X 10.8.2 system, installed freshly on a 30 GB volume on an external hard drive and updated fully. The resulting base system was also saved to a disk image on another volume, to allow for easy restoration to its original state, should that prove necessary. No third-party software was installed on this base system. All testing was done from a mid-2010 17″ MacBook Pro, while booted from this base system rather than from the internal hard drive. All testing was done within a three-day time period, from November 11 to November 13, 2012.

Anti-virus software was downloaded, one at a time, and installed on the base system. Each time, any on-access or background scanning features (if any) were disabled, to prevent interference with controlled testing. All other settings were left at their default values. (If asked by a setup “wizard,” however, settings to scan for hacking tools or other potentially unwanted applications were enabled.) Then, a fresh folder containing the 51 malware samples was copied onto the same volume as the base system and a manual scan of that folder was initiated. The results were often impossible to export or analyze in any automated manner, often requiring multiple screenshots to save the information, but the information was saved however it could be saved. The results of each test were tabulated in a Numbers spreadsheet. Finally, the anti-virus software was uninstalled and the malware folder (which may have been “tampered with” by the anti-virus software) deleted.

16 different anti-virus programs were tested. All anti-virus programs were required to be compatible with the latest version of Mac OS X, and the focus was on software that might be downloaded by the average home or small business user. Enterprise and server products were not examined. The full list of anti-virus software that was tested was:

  • ClamXav 2.3.2
  • Sophos 8.0.8C
  • VirusBarrier Express 1.1.6 *
  • BitDefender 2.21 *
  • Dr. Web Light 6.0.6 *
  • iAntivirus 1.1.1 *
  • avast! Free 7.0
  • VirusBarrier X6
  • ESET CyberSecurity 4.1.86.4
  • F-Secure 2012
  • ProtectMac 1.3.1
  • Norton AntiVirus 12
  • Kaspersky 8
  • McAfee VirusScan 9.2
  • MacScan 2.9.4
  • MacKeeper 2012

* Downloaded from the Mac App Store.

Data

The raw data can be downloaded as either a Numbers spreadsheet or a PDF file. That data includes a detailed list of all malware used for testing and a complete breakdown of which specific malware was detected and missed by each anti-virus program.

Detection rates varied widely, from 90% down to 4%. (The 4% from MacScan was an outlier, however. The next worst after that was considerably higher, at 51%.) The average detection rate was about 65%, or 69% if the MacScan outlier is omitted. Some malware has little significance, as it is now considered “extinct” and thus poses no danger at all. Although data relating to detection of such antique malware may seem unimportant, it does provide some historical perspective as to the past and present detection rates of anti-virus software. More concerning are the instances where a piece of potentially active malware was missed. Not one of the 16 anti-virus programs tested was capable of detecting currently active malware with 100% accuracy.

It is interesting to note that the raw detection count is not necessarily the most important metric of how well a given anti-virus program performs at detecting malware. For example, ignoring MacScan, the worst performer overall is ClamXav. However, several anti-virus programs detected less of the active malware than ClamXav, meaning that ClamXav would do a better job at protecting users from current malware, despite its low overall detection rate.

Conclusions

First, it is important to understand that these findings represent only one metric to be used to compare the tested anti-virus software. Detection rate is important, but so are other factors. Many anti-virus programs are capable of causing significant problems, and it’s important to understand that examination and comparison of performance and stability were outside the scope of this test. Some of the programs in this test are known troublemakers, regardless of how they perform at detecting malware.

That said, detection rate is certainly not something to be ignored. When choosing anti-virus software, it should do the job that it is made for as well as possible. There is very little reason to use anti-virus software that has a poor detection rate, especially when Mac OS X already includes a number of basic protections against malware. (See How does Mac OS X protect me?)

Keep in mind that apps downloaded from the Mac App Store cannot do any kind of real-time scanning, only being capable of manually scanning specific locations, although they also cannot install any components that will run in the background, causing stability or performance problems. In contrast, more sophisticated apps may have a greater feature set and can scan the entire hard drive, but generally rely on kernel extensions and background processes that can cause a number of problems and conflicts.

Updates

I have been contacted by representatives from several anti-virus companies following my testing. Although I am not re-testing any of those anti-virus apps, there are a couple cases where additional information should be disclosed.

A senior manager from Sophos has told me that a couple of the samples Sophos didn’t detect in my testing were components of malware that they recognize, but that they detect different components. Nonetheless, I cannot change the results in that case, as other anti-virus engines do recognize those components. In addition, they have added definitions for other items in my testing that Sophos missed the first time.

A representative from Intego brought to my attention some inconsistencies in the VirusBarrier X6 data. According to Intego’s tests, their November 1 definitions catch more of my samples than my testing showed. However, I have also discovered that VirusBarrier, when run with the default settings as before and without updating the definitions, detects more malware now than it did in my first test. Intego’s suggestion is that I may have forgotten to update the virus definitions, which does look like a possibility. However, due to the inconsistencies, it’s hard to say exactly what’s going on. In any event, VirusBarrier will recognize more now than my testing shows.

Mark Allan, who is responsible for ClamXav, has added almost all of the missed malware to ClamXav’s definitions at this point, and plans on getting the rest added very soon. So ClamXav now performs far better than it did, and better than many of the commercial alternatives. I feel better recommending ClamXav again.

Note that I am not officially re-testing any of these products at this time, as such comparisons would not be fair to other products. However, I do plan to run another set of tests, with a larger sample size and more anti-virus engines, within a few months or so.

Personal Observations and Recommendations

First, I have to say that I was appalled at how much active malware was missed. I had assumed that the low number of Mac malware programs would mean that Mac anti-virus software should perform better, in terms of detection rate, than Windows anti-virus software. That was not the case. Fortunately, use of anti-virus software on a Mac is less important than on Windows, for a variety of reasons. The results of these tests underscore the importance of learning how to protect yourself, rather than relying on any particular anti-virus software to protect you. For more information about these topics, see my Mac Malware Guide.

I have always recommended only two anti-virus programs: ClamXav and Sophos. I find, after running these tests, that that will probably change in the future. Sophos will probably become my top recommendation at this point, having the best detection rate (90.2%) and being stable and well-behaved in my own testing. Also worth recommending are Dr. Web Light and VirusBarrier Express, both from the App Store. Although they have slightly lower overall detection rates, these apps both perform equally to or better than Sophos in terms of detection of active malware. These apps both have the limitations and advantages of any App Store app, mentioned previously.

The only two free anti-virus programs I tested that include options for more active scanning, besides Sophos, were ClamXav and avast! Free. It’s a bit of a toss-up between the two. I can say from personal experience that ClamXav is very stable and does not cause performance issues, but it had a worse detection rate (at the time of the testing) than avast!. I have no personal experience with avast!, though I have encountered a few people who have had problems with it, both through private contacts and on the Apple Support Communities.

With regard to commercial anti-virus products, only ESET and F-Secure came close to performing as well as Sophos against current malware. I have no personal experience with either of these programs outside the very limited scope of this testing, so I cannot comment on how they behave and whether they cause any stability problems. However, my perspective is, when you can get Sophos for free, why would you want to spend money on something that does only almost as well?

It is also worth noting that a couple of these programs (to my knowledge) have issues beyond the data presented here. Norton caused a number of issues in my testing. Restarting after installation took more than 5 minutes, which was very unusual. Once installed, I was unable to start scanning until I manually ran Norton LiveUpdate, to update Norton’s malware definitions. (Why this did not happen automatically, I’m not sure.) Finally, after uninstalling it and rebooting, the system froze hard, requiring a forced reboot and restoring the system from the backup image. Norton has a long-standing bad reputation on the Apple Support Communities, and my brief experience with it suggests that that reputation is well-earned! It is always possible that future versions of Norton could improve, of course.

In the case of MacKeeper, many believe it to be malware itself. Although it is not strictly malware, it does have issues which I have outlined in the past, in Beware MacKeeper. In my brief testing, it alerted me to a “critical” problem with my computer, consisting of nearly 2,000 “junk files” that it claimed needed to be deleted. Keep in mind that this was a base OS X 10.8.2 system, right after the restore from backup made necessary by Norton. All those “junk files” were normal parts of the system, and removing them would probably have had negative effects. Although I was not able to actually test the effects of removing them, as MacKeeper would not do so without purchasing it, many people have reported that doing so causes problems that require reinstallation of the system.

Tags: , ,


68 Comments

  • Someone says:

    Were you the one who did all of this testing?

  • Al Varnell says:

    The only thing that appears to be missing is at least one column for OS X. I suspect results would be the same whether running 10.6, 10.7 or 10.8, but I feel it’s important to know what one is already protected against when choosing increased security from the alternatives you presented.

    • Thomas says:

      Because of the way Mac OS X handles malware, it was not possible to directly compare it with the other apps in this testing. Further, because Mac OS X protects against malware on multiple levels, it wouldn’t be fair to compare simple malware detection in Mac OS X against malware detection in anti-virus apps. (If you did do that comparison, Mac OS X would appear to have failed in comparison, when the truth is far more complex than that.) Details about these aspects of Mac OS X can be found in How does Mac OS X protect me?.

  • Scott says:

    I removed MacKeeper from my computer. How do I ensure I have removed all aspects of it and do not have residual malware installed that will continue to prompt me to purchase it again or to scan my computer?

  • Someone says:

    So you installed malware and the AV software on your own computer?

  • Someone says:

    Oh… scratch my last comment. Re-read article and answered my own question :-)

  • Someone says:

    Ok, now I have a real question: If you only have 33 items in your malware catalougue, why 51 programs? Were you counting all of the “AKA’s” for each malware (i.e., you counted MacDefender, MacSecurity, MacProtector, MacGuard, and MacShield)?

  • Someone says:

    I meant catalogue (and no, I’m not from England)

  • Someone says:

    I must be bugging you with all of my many questions, but I’m one of those people that wants tons of details. So i have 1 more question [sigh]. How do you download malware if it’s not active (like macdefender)?

  • Colstan says:

    Greetings, I have a couple of questions. First, you state that you tested ClamXav 2.3.2. Version 2.3.3 was released on Nov 8 and includes a newer version of the ClamAV scanning engine (0.97.6). Is there any chance you could test with this newer version, assuming it may have an impact on test results? Second, while I am very impressed with the success rate you had with Sophos, you’ve probably seen the recent articles where researcher Tavis Ormandy has found significant security flaws with their software (and specifically supplied exploits for the Mac version). He very much recommends against using Sophos. Does this impact your recommendation for using Sophos?

    http://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/

    Regardless, thank you very much Thomas for the time and effort you put into testing these products and releasing this article.

    • Thomas says:

      I can’t do another round of tests with one particular engine without invalidating the results. A few AV companies have already acted on the results of my testing and would score better on the test with this particular malware at this point, while others probably have not and would not. However, I am continuing to expand my malware collection and intend to run another set of tests at some point in the future. (How long will depend on how quickly I’m able to obtain a larger sample base for improved testing, but it will certainly be at least a few months.)

      Also, as for Mr. Ormandy’s findings with regard to Sophos, many of the vulnerabilities he found are already patched, and those that aren’t yet are on their way to being patched. Further, no exploits against those vulnerabilities have been seen in the wild. They don’t concern me too much, though it’s always possible that could change.

  • Colstan says:

    Ah, I understand about retesting invalidating your results, so it’s perfectly understandable that you wait until your next review. This is one of the best head-to-head comparisons of Mac specific anti-malware results. I hope that all the vendors involved take note and improve their results.

    About Mr. Ormandy, he seems to have a history with Sophos, and it appears to be a negative one. Regardless, it is good to see that Sophos fixed the issues. Do you think they fixed them in an appropriate amount of time? Sophos also claims that they are going to implement a new internal review process for their products. Are there any anti-exploitation features that you think they should implement in their products? (The most obvious to me would be to do a 64-bit build with function arguments passed via registers, etc.)

    Anyway, I just want to thank you again for the hard work you put into your Mac security articles, Thomas. There are very few quality articles written on the subject, and many of them have a bias (such as being from an AV vendor). I appreciate the hard work you put into this and I’m sure many other readers do as well.

    • Thomas says:

      Yeah, Mr. Ormandy has a history of releasing techniques for exploiting vulnerabilities only a very short time after making vendors aware of them. Sophos called him out for it once, and he focused his attention on them. I find his methods unsavory, because it’s not always easy or possible for a large company to push out an update in a very short amount of time.

      Regarding Sophos’ response time, I really don’t know enough to be able to judge whether it’s reasonable or not. From their response, I believe they are taking this very seriously, and are probably acting on it as quickly as possible. I have no real information to support that feeling, though.

  • Gerard says:

    Excellent reading!
    Would have liked to see the performance of Trend Micro anti-virus software as well.
    Perhaps next time.

    Keep up the good work Thomas, I for one appreciate it very much.

    • Thomas says:

      Yup, Trend Micro is one I’ll probably include in future testing. It probably should have made it into this testing, but as it’s not one that is often considered by Mac users, I overlooked it.

  • Steve B. says:

    Great article, thanks for the excellent work! Once again, I find clarity and conciseness on the subject of Mac Security on your site.

    I’m leaning toward one of the App Store free AV packages: either VirusBarrier Express, or Dr. Web Light. Which one do you prefer and why?

    Thanks in advance!

    • Thomas says:

      Dr. Web Light did very slightly better with recent malware than VirusBarrier Express, though probably not by a statistically significant margin. I think either one would be fine, as long as they are used with the understanding that they (like all App Store anti-virus apps) cannot scan all locations and can only do manual scans.

  • Colstan says:

    One more question, if I may. Is there any chance you could add Avira’s free anti-virus to your next review? Their free AV product is popular on Windows, but I’m not sure of how capable their Mac software is.

    http://www.avira.com/en/avira-free-mac-security

    Thank you again for your time and attention.

  • Someone says:

    If Sophos is the best and free, why might you want an App Store package that isn’t as good? If they’re both free, why not use Sophos?

    • Thomas says:

      Some people prefer not to install kernel extensions and whatnot that most anti-virus packages from outside the App Store will install. Sophos definitely does install a kernel extension, which means it has a higher chance of causing problems. Of course, that also means it can do things that all the App Store anti-virus apps can’t do. In my experience, Sophos is well-behaved. I actually have it installed right now, with no problems whatsoever, though I must admit that I usually keep the on-access scanning turned off. (When you play with a lot of malware, anti-virus software kind of gets in the way! ;) )

  • Someone says:

    Kernel extensions?

  • Someone says:

    I’m a total computer novice and don’t understand most technical terms.

  • Someone says:

    Very interesting…If you have a virus on your computer and you publish a file onto a website would the virus attach itself to that file and infect users that have downloaded it?

    • Thomas says:

      There is no Mac malware that behaves as a virus, attaching itself to other files. So, no, that can’t happen with a Mac at this time.

  • keith says:

    My Imac computer has become infected with something called Gossip Center. I can’t find any way of getting rid of it. Can anybody help, please?

  • Fernando Gonzalez says:

    I appreciate as many out there; your time and effort; as you recommend sophos; do you know why it keeps quitting on scan?? Any input? Thanks again for your work!

    • Thomas says:

      That’s definitely not normal behavior, but I don’t know why it would be happening. That’s probably something that you should contact Sophos tech support about.

  • Cy says:

    I’m surprised you didn’t test Kaspersky in round one considering its wide use. Any thoughts on Kaspersky? Thanks.

  • Jim Hamm says:

    Thomas, let me add my thanks and appreciation for an interesting article, and all the time and effort you put into it. Here’s a couple of comments on AV programs: I’ve used Avast Free for many years on PCs, and for about a year now on my Macs. I’ve never had a problem with Avast, and welcome its use as just one more safeguard against malware. Just about everyone I know that uses a computer immediately removes the Norton AV program — too many issues and problems with it.

  • Mark Hennon says:

    Thank You, Thomas, for your hard work! Great Job and excellent spreadsheet design!

    I, too, have been recommending ClamXav, but I am loath to tell all my clients to switch to Sophos if the 2.3.2 version of ClamXav or its defs were anomalous at the time of testing — if, for instance, someone was sick with the flu or something.

    Although it wouldn’t be fair to the other ones, I would still love it if you could see your way to re-testing Clam with its current 2.3.4 version, engine, and defs.

    • Thomas says:

      Fortunately, I have heard from Mark Allan, and he is working on adding the missed malware to the ClamXav definitions. I’m greatly looking forward to re-testing it in the future, as that was one I was really rooting for. :)

  • Mark Hennon says:

    Great! Thanks again, Thomas!

  • Someone says:

    I’m probably an idiot not to know this, but is Mark Allan the person in charge of ClamXav?

  • Tom C says:

    Mark Allan is the developer of ClamXav (http://www.clamxav.com/) – note that ClamXav is the Mac OSX port of ClamAV. Virus defs come from the ClamAV side of the house and are used by all ports of the code. http://www.clamav.net/

  • Damir says:

    One key thing that is not mentioned in your evaluation is that there is a major difference between the Mac App Store AV products and those who were installed through regular means (CD or web download): Mac App Store products are on-demand scanners only and do not protect in real-time. For users, that means that if they are using the Mac App Store products, they have to initiate the scan themselves. Those products will not stop malware when it comes in, and potentially will discover it during the initiated scan, at which point your machine might already be infected.

    And this is due to Mac App Store guideliness, which requires all apps to be in sandbox and not have root access priviliges.

    I’m simply mentioning this as a note to your followers and readers so they’re aware.

  • Damir says:

    I apologize – I saw that you did in fact mention the difference. Sorry about that

  • Steve B. says:

    Did you have any problems with installation, or especially uninstallation, for either Dr. Web Light or VirusBarrier Express?

    • Thomas says:

      @Steve B: Not at all! Since they are both App Store apps, uninstalling them couldn’t be simpler. Just delete them and no other processes are left behind.

  • Joseph says:

    Thomas…have you ever taken a look at or had any experience with Webroot SecureAnywhere? I know that they just recently offered a plan that covers both windows and mac. Don’t know how many of your readers (just came across your excellent site) may be transitioning from Windows and dealing with more than one OS. Thanks.

  • mike says:

    thanks for an enlightening site. I don’t know diddly about computers/aps but reading you guys that do is fun and inspiring.

  • John says:

    Great article.

    I was wondering if you were planning on scanning for key loggers in future tests.

    Also, do you know how Apple’s XProtect would have faired with these samples? Thanks.

    • Thomas says:

      @John: I can only scan for what the anti-virus programs recognize as malware. As for XProtect, it’s impossible to test it fairly against other AV software, because it only recognizes a fraction of what they do. Mac OS X has other methods for blocking some types malware, like Flashback, so XProtect doesn’t contain definitions for those.

  • Someone says:

    Why would XProtect not recognize as much as AV software?

    • Thomas says:

      XProtect is only designed to protect against applications that would be opened by the user. Malware like Flashback that installs through vulnerabilities in something like Java is not an application opened by the user, thus cannot be protected against by XProtect (and is not found in the definitions). Apple uses other methods for protecting against such malware, like removing Java from the OS by default or blocking insecure versions of Flash.

  • Eric says:

    Regarding sophos, did you use the sophos for mac home edition? And for the earlier post about sophos, sometimes sophos will exit out during a scan because there is an update from what happens to me when i use it. Just my guess because I dont really know what it could be from.

  • Steve B. says:

    Thomas, I hope you don’t mind me posting this, but I thought everone might be interested in reading about it…

    Recently, I came across a new startup company called “Bromium” (www.bromium.com), and they’re dealing with malware security in an entirely different manner. Their website explains it all. Basically, instead of trying to head off malware by matching up a set of preset definitions against incoming files, they instead isolate those files in what they call “micro-virtualization.” This is just a fancy way of saying that when you are finished with whatever application you are running, the malware that you’ve encountered with it just disappears, because it, and the application you were using, were isolated from the rest of the system the whole time. It’s almost like sandboxing for malware. It’s really ingenious.

    This will protect against malware that you unwittingly encounter in the web, through email, etc. But, it won’t protect you against malware apps that you download yourself. Which is a good reason to get most of your stuff from the app store, and trusted sources.

    Presently, they only have a product for a Windows environment, but they are working on an OS X product which should be ready early 2013. Right now, their market focus is on IT professionals, but sometime in the future, they’ll address the retail market.

    Their CTO estimates that Bromium does, however, extract approximately a 5% system overhead. I think that sounds pretty reasonable (especially compared to some other AV apps).

    I have no idea if it’s the ultimate answer or not…I just thought it looked like some brilliant and creative thinking to a problem that besets us all.

  • Someone says:

    A few questions for Steve or Thomas:

    1. Does this micro-virtualization protect against Java drive-by malware (like the 2012 versions of Flashback)?
    2. Are viruses that attach to email etc as big an issue in the Mac world? I always was under the impression that Java drive-by malware and trojans were the major Mac malware types.

  • John says:

    Comodo also has their antivirus for Mac. I know that their firewall is good but I wonder how their antivirus compares.

  • Someone says:

    I found something very interesting last night. I’m visiting a relative for the holidays, and she’s an avid reader of Consumer Reports magazine. I came across a stash of old magazines dating as far back as 2005, and saw that each year, the magazine published a “State of the Net” feature that talked about online security, viruses, spyware, etc. I was looking at these “State of the Net” articles, and when I came to the 2010, 2011, and 2012 articles, I noticed that absolutely nothing was written about Mac malware or AV software, not even MacDefender or Flashback. The CR “AV software testing” mentioned nothing about ClamXav/ClamAV (well, that makes sense) but didn’t mention Sophos or any of the Mac AV software you tested. The articles only mentioned Windows AV software, antispyware, etc. It baffled me to think that CR was turning a blind eye to the Mac malware world, because that world definitely exists.

  • Brittany D says:

    I installed Sophos AV on my 10.8 and it caused instability in my system. I since removed it and then ended up needing to format/reinstall. I’ve not had any problem since. So I’m sticking to manually scanning once in a while with ClamXav. It works for me so far.

  • Mo L. says:

    Thanks for the great work on this, Thomas. I’m a new Mac user and trying to figure all of this out. Have installed ClamXav without the Sentry feature. I’ve read differing opinions on whether this is sufficient or whether the real-time Sentry functionality is critical. Do you have an opinion?

    • Thomas says:

      My personal opinion is that no anti-virus software is truly necessary. A properly-updated Mac running Mountain Lion (OS X 10.8) does a darn good job of protecting itself. But there are exceptions to everything, so you can see a more detailed evaluation of this and more in my Mac Malware Guide.

  • Mo L. says:

    Thanks, Thomas. I read your MM Guide–very helpful. One more question–is there anything you would recommend to identify installed keylogger programs, as my understanding is that they are not always considered malware. I understand the normal precautions to avoid something like this being installed, but I’m paranoid and would like the ability to check periodically to make sure nothing has found its way on to the machine (running Mountain Lion (10.8.2)). Thanks.

    • Thomas says:

      There really isn’t anything reliable. Some anti-virus apps will detect “potentially unwanted applications” (aka, PUAs), like keyloggers (many of which are installed for legitimate purposes), but none can do so with 100% reliability. However, I think you’re worrying unnecessarily. Keyloggers can’t just “find their way” onto your machine at this time. Either they are installed by malware, which you’d have to go to some effort to install on a Mac running OS X 10.8.2, or they are installed by someone with physical access to the machine. If you believe someone in that latter category may have installed a keylogger on your machine, it would be best to erase the hard drive and reinstall the system from scratch. Then use security measures, such as a user account password, firmware password and FileVault encryption, to protect your machine and prevent a future occurrence of such an incident.

  • Mo L. says:

    Thanks much–really appreciate your time.

  • JORGE DIAZ says:

    I contacted Mac Store asking for a recommendation on extra protection for our newly purchased I Mac currently shipping to us, I have a friend who swears by Kapersky, i have have used norton on all our windows PC’s (hated how it slows things down) any how the Mac Store suggested ESET. We will be interfacing with Windows 8 PC machines and my wife uses Outlook and Excel. I know very little about Mac’s (this will be our first) but I know enough to know we will need additional protection from malware, viruses, and we should have Internet Security to protect from information hackers..We like the reliability of accessible tech support or redundant real time updates form whatvere software protection we do end up purchasing! what do you recommend?- what say you about ESET vs Kapersky or can you use them in tandem? Thanks Jorge

    • Thomas says:

      Actually, you really don’t need any of that at this time. See my Mac Malware Guide. As for recommendations, the article you posted this comment on has some recommendations. Did you have questions about those recommendations?

  • JORGE DIAZ says:

    Dear Thomas –

    If i understand your advice is to feel comfortably secure that the new I mac will fine without Sophos, Kapersky or ESET and defnitely better off witout Norton 360 for Mac? Iam currentlyuneployed and surfing for jobs, sending resumes all over, while my wife works with outloolk. Do i understand you to say dont buy anything extra? If not then what would you buy? for extra peace of mind? Thanks Jorge

  • Nick S says:

    Thanks for all your useful information. I have a MacBook Pro running OSX version 10.6.8. I frequently send files to PC users so I have been using Norton Security in the hope that this will prevent my files from infecting their computers. In the last year, I have had 2 occurrences of emails being sent to my complete contacts list where I (supposedly) recommend that they check out some web site. To try to prevent future occurrences of this, I no longer keep a contacts list. Is this type of problem something that anti-malware should protect against? I have no idea if my computer is still infected or not but in reading the descriptions of the known malware in your list, I did not recognize anything close to the problem I have. Your comments would be appreciated.

This post is more than 90 days old and has been locked. No further comments are allowed.

This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.