The Safe Mac

Do I need anti-virus software?

There is no simple yes or no answer to this question. The answer will depend on many factors, the biggest of which is your own opinion on security. However, I do have some recommendations. Before we get to those, we need to examine some basic facts about anti-virus (AV) software.

Perhaps the biggest fact that often gets swept under the rug is that no AV software (including XProtect, the anti-malware feature of Mac OS X) catches 100% of all malware. It is known that AV software in the Windows world typically recognizes at best 90% of all malware. Although some Mac anti-virus software does better than that, none is perfect, and some is actually pretty awful. Some are known to detect almost no Mac malware.

Another important thing to understand is that no current AV software is capable of intercepting brand-new malware. When new malware appears, that malware must become widespread enough to be noticed by the companies publishing AV software. Then they must find a copy of the malware, examine it and add it to the list of malware definitions used by their software. And, of course, none of that does you any good until you actually download the update, which doesn’t happen immediately. This means that, even if a particular AV program worked with 100% efficiency, it still would be completely useless for a period of time after the introduction of new malware. For example, in the case of the MacDefender outbreak, frequent name changes and minor tweaks to the “packaging” kept the MacDefender trojan variants one step ahead of all anti-virus software, for a day at a time here and there.

Trojans also make extensive use of what is called “social engineering”. Much like phishing scams and other online fraud, they are often carefully designed to use fear, greed, lust and other emotions to fool you into doing what they want. The MacDefender trojans are a perfect example: a malicious JavaScript injected into a legitimate site redirects you to a page that tries to fool you into thinking viruses have been detected on your machine, and from there fools you into downloading and installing “anti-virus software”. In reality, that software is a trojan that will do its best to make you think you’ve got real viruses (even faking some symptoms), all while pestering you to buy the software to remove them. If you “buy” the software, you have given the criminals your credit card number.

Because of all this, the “set it and forget it” style of using AV software can often make one more susceptible to infection by the right malware. If you become complacent, assuming that your AV software will protect you against all threats, it is unlikely that you will be as cautious as you should be, and something will eventually slip past your AV software. This is not just a theoretical concern, it has been documented to actually happen. I have personally seen reports from people with AV software who nonetheless got infected with something.

In addition, the vast majority of AV software will cause some kind of negative effect, ranging from mild to extreme. These effects can include, but are not limited to:

  • Crashes
  • Slowing the computer
  • False positives
  • Damage to the system, apps or even user data
  • Reduction in security of your computer (yes, you read that right)

However, there are some cases where AV software can be a good idea, or even a requirement. For example:

  • If you need to use older software containing known vulnerabilities, such as older versions of Java or Flash, or old versions of Mac OS X (such as Mac OS X 10.6, aka Snow Leopard).
  • If you are using a Mac in an environment where AV software is required inflexibly
  • If you frequently trade files with Windows users and don’t want to be accused of passing on a Windows virus
  • If there is a major change in the malware affecting Mac users (in which case I will note it here)

If you decide to install anti-virus software, do some research before installing it. There is a lot of very bad anti-virus software out there. Many AV packages are renowned for their ability to bring a healthy Mac to its knees. Others are practically scams, detecting very little Mac malware (or even none). Beware of anti-virus “review” sites, which may be fake or paid “advertorials.”

It should be fairly obvious, but I stand behind my own product, Malwarebytes Anti-Malware for Mac, as an example of good anti-virus software. It’s lightweight, easy to use and has no impact on the system’s performance. Further, if the program doesn’t fix your problem, Malwarebytes support is dedicated to helping you do that.

Just keep in mind that no anti-virus software can ever take the place of cautious online behavior, which will be discussed in detail in the next section.