We design Mac hardware and software with advanced technologies that work together to run apps more securely, protect your data, and help keep you safe on the web. And with macOS Catalina available as a free upgrade, it’s easy to get the most secure version of macOS for your Mac.*
Apple T2 chip.
The next generation of security.
The Apple T2 Security Chip — included with many newer Mac models — keeps your Mac safer than ever. The Secure Enclave coprocessor in the Apple T2 chip provides the foundation for Touch ID, secure boot, and encrypted storage capabilities. Touch ID gives you a seamless way to use your fingerprint to unlock your Mac, fill passwords in Safari, and make purchases with Apple Pay. Secure boot helps ensure that you are running trusted operating system software from Apple, while the Apple T2 chip automatically encrypts the data on your Mac. So you can be confident knowing that security has been designed right into the architecture of your Mac, from the ground up.
There are some people saying that people should use an antivirus software on Mac. And there are thousands of people claiming that Macs don't get viruses (under this term I mean spyware / malware as well), some even say that it's just a trick from antivirus companies to say that there is a need for antivirus. Honestly, I'm a bit confused.
Do Mac Need Antivirus
Apple helps you keep your Mac secure with software updates.
The best way to keep your Mac secure is to run the latest software. When new updates are available, macOS sends you a notification — or you can opt in to have updates installed automatically when your Mac is not in use. macOS checks for new updates every day, so it’s easy to always have the latest and safest version.
Protection starts at the core.
The technically sophisticated runtime protections in macOS work at the very core of your Mac to keep your system safe from malware. This starts with state-of-the-art antivirus software built in to block and remove malware. Technologies like XD (execute disable), ASLR (address space layout randomization), and SIP (system integrity protection) make it difficult for malware to do harm, and they ensure that processes with root permission cannot change critical system files.
Download apps safely from the Mac App Store. And the internet.
Now apps from both the App Store and the internet can be installed worry-free. App Review makes sure each app in the App Store is reviewed before it’s accepted. Gatekeeper on your Mac ensures that all apps from the internet have already been checked by Apple for known malicious code — before you run them the first time. If there’s ever a problem with an app, Apple can quickly stop new installations and even block the app from launching again.
Stay in control of what data apps can access.
Apps need your permission to access files in your Documents, Downloads, and Desktop folders as well as in iCloud Drive and external volumes. And you’ll be prompted before any app can access the camera or mic, capture keyboard activity, or take a photo or video of your screen.
FileVault 2 encrypts your data.
With FileVault 2, your data is safe and secure — even if your Mac falls into the wrong hands. FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AES 128 encryption. And on Mac systems with an Apple T2 Security Chip, FileVault 2 keys are created and protected by the Secure Enclave for even more security.
Designed to protect your privacy.
The most secure browser for your Mac is the one that comes with your Mac. Built-in privacy features in Safari, like Intelligent Tracking Prevention, help keep your browsing your business. Automatic strong passwords make it easy to create and use unique passwords for all the sites you visit. And iCloud Keychain syncs those passwords securely across all your devices, so you don’t have to remember them. You can also easily find and upgrade any weak passwords you’ve previously used (and reused and reused and reused).
Automatic protections from harmful sites.
Safari also helps safeguard you against fraudulent websites and those that harbor malware — before you visit them. If a website seems suspicious, Safari prevents it from loading and notifies you. And when connecting to unencrypted sites, Safari will warn you. So everything you need to browse without worry is right at your fingertips.
Find your missing Mac with Find My.
The Find My app combines Find My iPhone and Find My Friends into a single, easy-to-use app on Mac, iPad, and iPhone. Find My can help you locate a missing Mac — even if it’s offline or sleeping — by sending out Bluetooth signals that can be detected by nearby Apple devices. These devices then relay the detected location of your Mac to iCloud so you can locate it in the Find My app. It’s all anonymous and encrypted end-to-end so no one — including Apple — knows the identity of any reporting device or the location of your Mac. And it all happens silently using tiny bits of data that piggyback on existing network traffic. So there’s no need to worry about your battery life, your data usage, or your privacy being compromised.
Keep your Mac safe.
Even if it’s in the wrong hands.
All Mac models with the Apple T2 Security Chip support Activation Lock — just like your iPhone or iPad. So if your Mac is ever misplaced or lost, the only person who can erase and reactivate it is you.
macOS Security
When people find out I’m a security expert, I can almost guarantee the ensuing conversation will evolve in one of three ways. If they are technologically illiterate, I’ll have to explain I don’t know anything about trading securities and can’t help them with any hot tips. If they use Windows, I’ll tell them to back up their data and reformat the system. But if they use Macs, the discussion usually becomes a little more complicated.
Best Antivirus On Mac
There is a misperception among much of the security community that Mac users don’t care about security. Since joining TidBITS I’ve learned that Mac users are just as concerned about their security as their Windows brethren, but they aren’t really sure what they need to know. Even the most naive Windows user understands that their system is under a constant barrage of attacks, but the Mac user rarely encounters much beyond the occasional pop-under browser ad and, of course, oodles of spam.
Should I Install Antivirus On My Mac
When people find out I’m a Mac security expert, they ask, “Oh, so do I need to worry more about security?”, quickly followed by, “Do I need antivirus software?” While the antivirus answer isn’t completely straightforward, it’s also not all that difficult.
The reality is that today the Mac platform is relatively safe. Hundreds of thousands of viruses and other malicious software programs are floating around for Windows, but less than 200 are known to target the Mac, and many of those are aimed at versions of the Mac OS prior to Mac OS X (and thus have no effect on a modern Mac).
It’s not that Mac OS X is inherently more secure against viruses than current versions of Windows (although it was clearly more secure than Windows prior to XP SP2); the numerous vulnerabilities reported and patched in recent years are just as exploitable as their Windows equivalents. But most security experts agree that malicious software these days is driven by financial incentives, and it’s far more profitable to target the dominant platform.
Desktop antivirus software is also only a limited defense, and one that’s typically very resource intensive. By even the most positive assessments, antivirus software catches only 85 to 95 percent of known malicious software (viruses, worms, trojans, and other nasty stuff) in the wild. This leaves a significant level of exposure, especially considering you’re running software that brings your system to its knees whenever you have a full scan scheduled. Antivirus tools are intrusive by nature, don’t offer nearly the security they advertise, and can be costly to maintain over time. I personally rely on other defenses to prevent malicious code from ending up on my computers in the first place, and so far (fingers crossed) have never hadantivirus software find anything on any of my Windows XP systems. I don’t even bother to run it on my Windows Vista systems, due to that platform’s stronger security and the limited number of malicious programs that target Vista. When I’ve tested Macintosh antivirus programs, they typically only find infected attachments in my spam folders. Scanning all your incoming mail at the gateway, maintaining safe browsing habits, and using a browser plug-in or two can be more effective than desktop antivirus software, as I’ll discuss.
Even if Mac OS X is no more secure, we Mac users are currently at a lower level of risk than our Windows counterparts. It’s reasonable to assume that this dynamic could change, but considering the current level of risk, and the resource intensity of most antivirus software, it’s hard to recommend antivirus except under limited circumstances. Here are the factors I suggest you consider before using antivirus software.
- I do not recommend desktop antivirus software for the average Mac user, but you need to take other precautions. While desktop antivirus software isn’t necessary (I don’t use it), make sure you use email accounts that support spam and virus filtering, such as Gmail, Yahoo Mail, or Hotmail. Spam is one of the major vectors for malicious code propagation, and gateway protection will reduce your risk should an email-driven Mac virus appear. Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack yoursystem during visits. I also recommend you keep your eyes open and subscribe to a news source like TidBITS so if something does change, you’ll know sooner rather than later.
- If you engage in risky online behavior, use antivirus software and definitely switch to Firefox with NoScript. Risky behavior isn’t just limited to browsing Web sites you might want to avoid at work. Installing strange software from non-standard locations, failing to filter for spam, installing any random social networking plug-in you find, or creeping around unusual corners of the Internet can also lead to a malicious code infection. Some other examples of risky behaviors include online gambling, hacker research, illegal file sharing (or legal file sharing on the same network that supports illegal activity), browsing media-heavy sites other than brand names like YouTube, or downloading software posted to forums or lesser-known sites.It’s hard to determine exactly where to draw the line, but my general advice is if you download a lot of content, engage in clearly risky behavior, or spend a lot of time browsing fringe sites (especially forums), you should take extra precautions. If you let your children, including teenagers, use an unmonitored Mac you should also take these precautions and make sure they use a non-administrative account.
- If you exchange large numbers of potentially risky files (especially forwarded email messages with attachments that aren’t otherwise scanned) with Windows users, and your email isn’t scanned at your mail server, consider antivirus software for their protection. If you like to pass on every email joke and greeting card that hits your inbox, you should either change your habits or consider antivirus software so you don’t spread something to your Windows-using friends. If you use an email service that includes outbound filtering, and don’t exchange files other than through email, you can skip the desktop filtering.
- If you use your Mac in an enterprise environment with antivirus policies, you still need to use antivirus software. Ideally, this should be provided by your company’s IT department so it is compatible with corporate standards and is centrally managed. Use of antivirus software in the corporate environment is often required for a variety of reasons, including compliance or as a response mechanism in case of an internal infection. Even though your Mac might be safer, you don’t want it used to spread an infection to Windows systems or become a compliance deficiency. If you’re in corporate IT, some major enterprise antivirus tools support Macs and can be deployed with policies consistent with your Windows systems. While you might havereasons for not supporting Macs in the enterprise, lack of available antivirus software isn’t one of them.
- If you run Windows on your Mac, via Boot Camp or virtualization, install Windows antivirus software. Even if you’re running Mac antivirus tools, they won’t help you when you’re running Windows. You need to protect that partition or virtual machine just as if it were any other Windows system.
At some point, assuming Apple continues to make appealing products, we Mac users will become bigger targets and face a higher level of risk. Adam J. O’Donnell, Ph.D., is the Director of Emerging Technologies at Cloudmark and has recently been using game theory to analyze at what point Macs become more targeted for malicious attack. He states, “Game theory shows that an inflection point will come when the rate at which a malware author can reliably compromise a PC rivals that of the Mac market share. It is at this time you will see monetized, profitable Mac malware start popping up.” For example, Windows Vista is a dramatically more secure product than its predecessor. As it’s deployed more widely, we could hit an inflection pointwhere the combination of growing Mac market share, and increased difficulty in exploiting Windows, makes the Mac a more profitable target.
How can we avoid this? That’s mostly up to Apple. In Mac OS X 10.5 Leopard, Apple began implementation of a number of anti-exploitation technologies that could increase the difficulty in exploiting the platform, but most features weren’t fully completed and don’t provide the necessary protection to limit attack effectiveness (see “How Leopard Will Improve Your Security,” 2007-10-22). If Mac OS X maintains even just security parity with Windows, yet Mac market share stays in the low double digits, Windows should remain the dominant target. We need to continue to pressure Apple for a more secure platform so these technologies are fully implemented before the malicious software marketdynamics shift. Better library randomization, sandboxing, and QuickTime and Safari security features will go a long way to protect Mac users.
In short, at this point in time, I don’t recommend desktop antivirus for the average Mac user. You only need to deploy it if you engage in risky behavior, need to protect friends on Windows, or comply with corporate policies. It’s quite probable this will change in time, so it makes sense to take some reasonable precautions today and stay aware of the world around you. Better yet, let’s continue to pressure Apple for stronger security so we can completely avoid resource leaching desktop antivirus in the long term.