Apple Mac computers, like any other device, can become victims of malicious applications. For this reason, they need antivirus protection.
This article describes antiviruses for Mac that will protect one, two, or several computers at once. 8 popular programs with different functionality are considered. The list is updated with the release of new interesting solutions from developers.
The information is intended for ordinary Mac users who are thinking about installing an antivirus for macOS, but do not know what is best to choose. If you are wondering whether you need an antivirus on your MacBook or not, know that there are already twice as many malicious threats on macOS as on Windows.
After the description of each antivirus, its advantages and disadvantages are given, where you can indicate whether you like it or not. Based on user ratings, the ranking of antiviruses for Mac is displayed at the end of the article.
Kaspersky Internet Security (KIS)
The best in terms of price and quality ratio. Prevents your computer from being infected by malware and controls access to your webcam without your permission.
- There is a trial full-featured version for 1 month.
- Sold by subscription. Protecting 1 computer will cost 2,390 rubles for 2 years (for 1 year you can only buy from 2 to 5 licenses).
Kaspersky Internet Security for Mac is one of the few test programs that scored 100% for protection against malicious applications.
The program reliably removes threats, preventing them from infecting your computer with a virus. However, even with deep virus scanning, the macOS system does not slow down on modern Macs.
At this point, you can easily send emails with attached files, download programs, work in the browser, and even watch online videos without lag or buffering.
Kaspersky is excellent at stopping viruses on Windows as well, reducing the risk of infection when different computers interact.
For its price, KIS offers many security tools that are not found in many simpler antiviruses for Mac. There is a password manager that will securely store your logins and passwords for logging into different accounts.
There are also additional layers of protection, primarily for banking applications and online purchases, including within the browser. For example, a virtual keyboard is supported, which will be difficult for keyloggers (programs that monitor keystrokes) to track.
A notable security tool is webcam monitoring. The program monitors whether a person or another program has access to the camera without your knowledge.
The only thing missing is a vulnerability scanner that would help protect against hackers, but you can additionally install free protection against ransomware applications.
Pros and cons of KIS
Can block webcam
Contains tools for secure work with banking applications
In Russian
Built-in password manager
No vulnerability scanner
You cannot buy a 1-year license for one Mac
No microphone control
Check out the capabilities of Kaspersky Internet Security:
You can download a trial version for a month from the official Kaspersky website. It is perfect for finding out if there are viruses on macOS.
Antivirus comparison
First of all, we present a table displaying general information on the compared antiviruses.
Table 1. General information on antiviruses.
Kaspersky Security for Mac | Dr.Web for Mac OS X | Norton AntiVirus 12 for Mac | ESET NOD32 Cyber Security | Bitdefender Antivirus for Mac | avast! Free Antivirus for Mac | Avira Free Mac Security | |
Products webpage | kaspersky.ru | drweb.com | norton.com | esetnod32.ru | bitdefender.ru | avast.ru | avira.com |
Commercial distribution | 1200 rub. | 990 rub. | 999 rub. | 1290 rub. | 1653.35 rub. | No | No |
Supported Mac OS versions | Mac OS X 10.6 and higher | Mac OS X 10.4 and higher | Mac OS X 10.7 and higher | Mac OS X 10.6 and higher | Mac OS X 10.5 and higher | Mac OS X 10.5 and higher | Mac OS X 10.6 and higher |
In the second table we will directly compare the functionality of the antiviruses we have selected.
Table 2. Comparison of antivirus functionality.
KasperskySecurity for Mac | Dr.Web for Mac OS X | Norton AntiVirus 12 for Mac | ESET NOD32 Cyber Security | Bitdefender Antivirus for Mac | avast! Free Antivirus for Mac | Avira Free Mac Security | |
real time protection | + | + | + | + | + | + | + |
Checking messages via POP3, SMTP, IMAP4 protocols | + | — | + | + | + | + | — |
Verification via HTTP protocol | + | — | + | + | + | + | — |
Checking site reputation | + | — | + | — | + | + | — |
Checking files received via IM iChat | — | — | + | — | — | — | — |
Heuristic analysis* | + | + | + | + | + | + | + |
Exploit Protection | — | — | + | — | — | — | — |
Cloud technologies | + | — | — | + | — | — | — |
Parental control | + | — | — | — | — | — | — |
Virtual keyboard | + | — | — | — | — | — | — |
* — This technology is designed to detect Windows-based malware.
Let us briefly explain the purpose of some functions.
Cloud technologies are designed to increase the speed of antivirus response to new threats. In essence, an anti-virus cloud is a company’s infrastructure, which is designed to process information received from the computers of users of a personal product in order to identify new, signature-undetectable threats.
Parental control. This module allows you to block device users’ access to a certain category of data on the Internet, control the time spent online, the use of personal data, etc.
Exploit protection. In this case, it is a set of signatures for identifying an attack. Essentially a variant of IDS (Intrusion Detection System).
Heuristic analysis. Based on the analysis of the code of an executing application, script or macro, it allows you to detect code sections responsible for malicious activity. It is worth mentioning here that the presence of heuristic analysis is aimed at searching for purely Windows-oriented malicious objects. There are no heuristic checking algorithms for Unix-oriented scripts (Unix shell), as well as for files in the Mac OS Mach-O executable format.
Let's move on to the conclusions.
How the testing was performed
The main risk of antivirus testing is that the network may actually be infected with viruses. To avoid this, computers connected to a separate network were used.
During testing, only one computer on the network was connected to the Internet, and all other devices, including mobile devices, were disconnected from the global network. Test computers were used with factory settings and default programs installed.
After testing each antivirus, these settings were reset. After installing each antivirus, all security features were disabled on both the Mac and browsers.
A large compressed file containing several hundred malicious files was downloaded and opened onto the computer. It was immediately possible to see whether the antivirus stopped the download process or detected the threat only when the files were launched. Typically these files were quarantined.
After downloading, an antivirus application scanner was used to check the Mac for viruses. Sometimes threats were detected that were not stopped during the download process. They were also sent to the quarantine folder.
After testing the antiviruses on a Mac computer, the tests were repeated on Windows. Although malicious Windows apps cannot harm a Mac, they can be redirected via instant messaging or email from a Mac, infecting Windows computers.
Browser extensions from each antivirus were checked, and the security settings of the browsers themselves were disabled. This allowed us to see how antiviruses recognize and block malicious sites, especially phishing ones.
The final testing involved installing the programs on a home computer and on lab computers with a variety of other applications installed.
In these cases, no attempt was made to download malware. Instead, the work of antiviruses in the natural environment was considered. First of all, the system speed drops during updates and virus scanning. This is the most annoying aspect of antiviruses - when they interfere with the user's work by slowing down the computer.
This testing was conducted by Nicole Johnston, an iMore project expert who has over 13 years of experience testing consumer products ranging from food processors to parental control software.
The case is about a third-party antivirus. Story
All of these security features help protect your Mac from attacks, but no platform is immune (as stated at the beginning of the article). New instances of macOS malware are discovered every year. Many of them break through Apple's defenses by design, or they exploit a zero-day vulnerability that Apple has failed to patch.
In June 2020, OSX/CrescentCore was discovered, which is an Adobe Flash Player installer disk image. The malware installed an application called Advanced Mac Cleaner, LaunchAgent or Safari extension, checked antivirus software and then exploited unprotected computers. OSX/CrescentCore was signed with a developer certificate, so it was infecting machines for days before Apple caught it.
A month earlier, malware known as OSX/Linker took advantage of a zero-day flaw in Gatekeeper. Because Apple didn't patch the security vulnerability when it was first reported earlier this year, OSX/Linker has eluded Gatekeeper.
By the way, hardware is another weakness in the chain. In early 2020, it was discovered that almost every processor sold over the past two decades suffers from serious security flaws. These flaws became known as "Spectre and Meltdown" - and yes, your Mac was probably affected. Weaknesses could allow attackers to access data in parts of the system that are considered secure.
Apple eventually patched macOS to protect against Specter and Meltdown. Exploits require you to download and run the malicious software for it to cause any harm, and there is no evidence that any Mac owners were directly affected. Specter and Meltdown highlight the fact that even hardware outside of Apple's control can lead to serious security risks.
In 2020, OSX/Keydnap was infected by the popular BitTorrent Transmission client. He attempted to steal login information from the system keychain and create a backdoor for future access to the system. It was the second transmission-related incident in five months. Again, since the infected version was signed with a legitimate certificate, Gatekeeper did not intercept it.
While the Mac App Store hopes to catch any rogue apps, several malware programs have passed Apple's review in 2020. Applications such as Adware Doctor, Open Any Files and Dr. Cleaner are marketed as legitimate antivirus programs. However, they sent information - including browsing history and current processes - to servers in China.
Because Gatekeeper implicitly trusts the Mac App Store, the software was installed without additional checks. Such an app can't cause too much damage at the system level thanks to Apple's sandbox rules, but stolen information is still a serious security breach.
In August 2020, LoudMiner was discovered in pirated copies of VST (Virtual Studio Technology) and Ableton Live 10 plugins. LoudMiner installs virtualization software that runs a Linux virtual machine and uses system resources to mine cryptocurrency. The exploit affected both Mac and Windows computers.
These are just a few examples of recent macOS security issues. Third-party antivirus software will not be able to catch them all and will not lead directly to treatment (especially Meltdown and Specter).
Are there viruses on Mac devices?
If you are a Mac user, this does not mean that hacker attacks will not affect your device and personal data.
Back in 2014, a hacker was able to create a botnet of about 20,000 bits in size with iWorm malware.
In 2012, the Flashback vulnerability in Java affected more than 500,000 Mac computers, prompting Apple to publish a security update for OS X Lion to fix the vulnerability.
Just recently, encryption malware known as KeRanger was distributed inside the popular BitTorrent client for macOS. And according to Malwarebytes, Mac malware in 2017 increased by 230% during 2020.
Macs can certainly get viruses, and Mac-specific viruses and malware do exist. They are much less common than on Windows devices.