The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!


Mac Malware Guide : Do I need anti-virus software?

Published June 17th, 2012 at 8:38 PM EDT, modified June 10th, 2015 at 2:37 PM EDT

There is no simple yes or no answer to this question. The answer will depend on many factors, the biggest of which is your own opinion on security. However, I do have some recommendations. Before we get to those, we need to examine some basic facts about anti-virus (AV) software.

Perhaps the biggest fact that often gets swept under the rug is that no AV software (including XProtect, the anti-malware feature of Mac OS X) catches 100% of all viruses. It is known that AV software in the Windows world recognizes at best 90% of all malware. Although some Mac anti-virus software does better than that, none is perfect, and some is actually pretty awful. Some is known to detect almost no Mac malware.

Another important thing to understand is that no current AV software is capable of intercepting brand-new malware. When new malware appears, that malware must become widespread enough to be noticed by the companies publishing AV software. Then they must find a copy of the malware, examine it and add it to the list of malware definitions used by their software. And, of course, none of that does you any good until you actually download the update, which doesn’t happen immediately. This means that, even if a particular AV program worked with 100% efficiency, it still would be completely useless for a period of time after the introduction of new malware. In the case of the MacDefender outbreak, frequent name changes and minor tweaks to the “packaging” kept the MacDefender trojan variants one step ahead of all anti-virus software, for a day at a time here and there.

Trojans also make extensive use of what is called “social engineering”. Much like phishing scams and other online fraud, they are often carefully designed to use fear, greed, lust and other emotions to fool you into doing what they want. The MacDefender trojans are a perfect example: a malicious JavaScript injected into a legitimate site redirects you to a page that tries to fool you into thinking viruses have been detected on your machine, and from there fools you into downloading and installing “anti-virus software”. In reality, that software is a trojan that will do its best to make you think you’ve got real viruses (even faking some symptoms), all while pestering you to buy the software to remove them. If you “buy” the software, you have given the criminals your credit card number.

Because of all this, the “set it and forget it” style of using AV software can often make one more susceptible to infection by the right malware. If you become complacent, assuming that your AV software will protect you against all threats, it is unlikely that you will be as cautious as you should be, and something will eventually slip past your AV software. This is not just a theoretical concern, it has been documented to actually happen. I have personally seen reports from people with AV software who nonetheless got infected with something.

In addition, the vast majority of AV software will cause some kind of negative effect. These effects can include, but are not limited to:

  • Crashes
  • Slowing the computer
  • False positives
  • Damage to the system, apps or even user data

At this time, Mac OS X protects against all known Mac malware, in some way or another. It will not catch brand new malware, but neither will most AV software. Thus, if you use bad anti-virus software, you could be trading a lot of potential problems for very little gain. However, there are some cases where AV software may be warranted. For example:

  • If you need to use older software containing known vulnerabilities, such as older versions of Java or Flash, or old versions of Mac OS X (such as Mac OS X 10.6, aka Snow Leopard).
  • If you are using a Mac in an environment where AV software is required inflexibly
  • If you frequently trade files with Windows users and don’t want to be accused of passing on a Windows virus
  • If there is a major change in the malware affecting Mac users (in which case I will note it here)

If you decide to install anti-virus software, do some research before installing it. There is a lot of very bad anti-virus software out there. Many AV packages are renowned for their ability to bring a healthy Mac to its knees. Others are practically scams, detecting very little Mac malware (or even none). Beware of anti-virus “review” sites, which are often fake or paid “advertorials.”

At this time, ClamXav is the only choice I recommend. It can be used for purely manual scanning of specific files/folders, but can also be used to “watch” particular folders, scanning any new files. It has no effect on system performance except when scanning, and even then performance impacts are minimal.

If, at some point in the future, there were some anti-virus software that had a minimal impact on performance and stability, but could prevent never-before-seen malware from infecting the system, then my recommendations would likely change.

<- How does Mac OS X protect me? How can I protect myself? ->


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.