Mac Malware Guide : Do I need anti-virus software?

Published June 17th, 2012 at 8:38 PM EDT, modified January 28th, 2013 at 2:25 PM EDT

There is no simple yes or no answer to this question. The answer will depend on many factors, the biggest of which is your own opinion on security. However, I do have some recommendations. Before we get to those, we need to examine some basic facts about anti-virus (AV) software.

Perhaps the biggest fact that often gets swept under the rug is that no AV software catches 100% of all viruses. It is known that AV software in the Windows world recognizes at best 90% of all malware. Although some Mac anti-virus software does better than that (see my latest round of anti-virus testing), none is perfect, and some is actually pretty awful.

Another important thing to know is that no AV software is capable of intercepting a brand-new virus. When a new virus appears, that virus must become widespread enough to be noticed by the companies publishing AV software. Then they must find a copy of the virus, examine it and add it to the list of virus definitions used by their software. And, of course, none of that does you any good until you actually download the update, which doesn’t happen immediately. This means that, even if a particular AV program worked with 100% efficiency, it still would be completely useless for a period of time after the introduction of a new virus. In the case of the MacDefender outbreak, frequent name changes and minor tweaks to the “packaging” kept the MacDefender trojan variants one step ahead of all anti-virus software, for a day at a time here and there.

Trojans also make extensive use of what is called “social engineering”. Much like phishing scams and other online fraud, they are often carefully designed to use fear, greed, lust and other emotions to fool you into doing what they want. The MacDefender trojans are a perfect example: a malicious JavaScript injected into a legitimate site redirects you to a page that tries to fool you into thinking viruses have been detected on your machine, and from there fools you into downloading and installing “anti-virus software”. In reality, that software is a trojan that will do its best to make you think you’ve got real viruses (even faking some symptoms), all while pestering you to buy the software to remove them. If you “buy” the software, you have given the criminals your credit card number.

Because of all this, blind usage of AV software can often make one more susceptible to infection by the right malware. If you become complacent, assuming that your AV software will protect you, it is unlikely that you will be as cautious as you should be, and something will eventually slip past your AV software. This is not just a theoretical concern, it has been documented to actually happen. I have personally seen reports from people with AV software who nonetheless got infected with something.

This doesn’t mean that AV software is worthless, but it does mean that you can’t just install it and then do whatever you like in perfect safety, as most people believe. As security experts say, the biggest flaw in a computer’s security is between the keyboard and the chair. It is extremely important to be careful and think carefully about what is downloaded. AV software should be thought of more like a safety net to catch anything that slips past your own defenses.

I personally don’t use AV software.  It simply is not necessary at this time for someone who is cautious about their online activities.  However, there are some cases where AV software may be needed right now. For example:

• If you need to keep Java turned on in your web browser, AV software may be a good idea to avoid malware that takes advantage of Java vulnerabilities.
• If you are using a Mac in an environment where AV software is required
• If you frequently trade files with Windows users and don’t want to be accused of passing on a virus
• If you want the peace of mind and don’t mind installing software that may be obtrusive
• If you can’t be bothered to give any thought to what you download, though this is a very dangerous attitude on today’s internet
• If you are not at all tech savvy and have trouble accurately determining what is trustworthy and what is not
• If there is a major change in the malware affecting Mac users (in which case I will note it here)

If you decide to install anti-virus software, do some research before installing it and be sure to choose a program that is not reviled by other Mac users. Some of the commercial AV packages are renowned for their ability to bring a healthy Mac to its knees. Sophos Anti-Virus for Mac Home Edition is probably the best choice for most users. Those who just want something that will do manual scans of selected files would also do well with either Dr. Web Light or VirusBarrier Express, both available for free in the App Store.

<- How does Mac OS X protect me?

How can I protect myself? ->