It’s an age-old question among Apple fans: Does your Mac need antivirus software? Traditionally, the popular answer has been no — Macs have strong built-in protections, the argument goes, and antivirus apps can potentially slow down your computer. In the end, the trade-off didn’t seem to be worth it.
But is that still true today? After all, Macs are increasingly becoming a target of cybercriminals, with some Mac malware strains supposedly even being created by nation-states. In that kind of situation, has the game changed?
To find out, we approached a raft of experts, from antivirus pros to security bloggers, to find out where things stand right now and whether your Mac needs that extra layer of protection.
‘Insufficient to protect Macs’
Even without an antivirus app, Macs aren’t defenceless. They come with XProtect, which uses signatures to recognize and thwart malware, and Gatekeeper, which prevents untrustworthy software from running if it hasn’t been signed by Apple. Mac apps are also sandboxed, which means they (theoretically) can only do what they’re supposed to and are blocked from accessing restricted parts of the operating system.
That all sounds like a lot of armour, but it’s not a remedy for every single Mac malware problem. So, the big question is this: Are these safeguards enough, or do Macs need standalone antivirus software as well?
You won’t be surprised to hear antivirus developers say that virus scanners are a must, but their justifications make sense. For instance, Michael Covington, VP of portfolio strategy at Mac security and management firm Jamf, argues that “XProtect is signature-based and is only as good as the last update to its malware definitions. This means that XProtect may not detect new malware families or effectively identify older malware variants that have been altered just enough to fool the detection rules.”
Joshua Long, chief security analyst at Mac antivirus outfit Intego, agrees that XProtect is “insufficient to protect Macs from today’s malware.”
Long also says that Gatekeeper is similarly limited in that a user can simply bypass it with a couple of simple clicks. If someone has been tricked into doing that by a clever piece of social engineering, the Gatekeeper is powerless to protect them.
Howard Oakley, a macOS developer, freelance journalist and blogger who frequently posts deep dives into Mac security topics, takes a slightly more nuanced approach. He believes that the need for antivirus software “depends entirely on the user’s assessment of threat and risk.”
He continues: “For a conscientious user on the lookout for phishing attacks, who don’t engage in high-risk activities, I believe that macOS Sonoma does now provide good protection, and additional third-party products shouldn’t be necessary.” Ultimately, this relies on Mac users keeping their devices up to date and not turning off important features like System Integrity Protection (and leaving them off permanently), Oakley says.
That touches on an issue alluded to by Long: the person controlling the Mac, rather than the Mac itself. As Covington says, “The Mac is only as secure as the user sitting at the keyboard … if the user falls victim to a dangerous or unsafe link, like a phishing attack, there are no built-in protections to prevent web threats from putting the user, device, or organization at risk. Adding tools that prevent web-based threats from reaching the device is critical in this connected age.”
Taxing your system
On hearing those words, however, you might well be sceptical. After all, antivirus apps have a reputation for burdening Macs and tanking their performance. Is the trade-off worth it?
“Most release versions of anti-malware products are pretty good,” Oakley says. “If you let them loose to perform a scan of your entire boot disk, then naturally things get slow for a while.” While he noted that he’d once had a Mac become almost unusable when a macOS update sent his antivirus app haywire (with the problems vanishing once the virus scanner was updated), Oakley concedes that he doesn’t think it’s a common problem.
He also emphasizes the importance of getting software from “Mac specialists with good Mac engineers.” However, he points out that some people need cross-platform software that works on Mac and PC (especially if their employer mandates it), meaning things aren’t quite so simple.
For Covington, “Users should never have to trade performance and reliability for security, but it’s not uncommon for some solutions that were initially designed for another operating system to cause problems when they’re ported to macOS … Developers that build for Apple first know to build using Apple-exposed frameworks that ensure key features are achieved without disrupting end-user experience.”
Long, however, believes that the idea of antivirus apps slowing down Macs is mostly a relic of the past.
“It’s largely a myth that antivirus software slows down Macs,” he says. “This may have been more of a concern 15 to 20 years ago, but it’s not something that Mac users need to be concerned about today — especially if they’re using antivirus software developed by a Mac-focused company.”
If you are going to get an antivirus app for your Mac, the experts we spoke to said it should be one built by a Mac-focused development team, rather than one that builds Mac antivirus apps as an afterthought to their Windows counterparts. As long as you use a virus scanner that is designed for macOS by people who understand the operating system, you shouldn’t have a problem.
The Apple silicon era
What has changed in recent years, and why are Macs becoming more of a target for hackers and malware writers? Has Apple’s switch to its own ARM-based processors made a difference?
Neither Covington nor Long would be drawn on whether Apple Silicon has made Macs more or less secure, although Long did note one particular issue: current Macs’ ability to run old Intel-based apps using Rosetta 2, which can potentially allow old malware to gain new life on a modern Apple computer. However, he adds that this is not an especially noteworthy vulnerability since “today’s Mac malware developers typically design their malware to run natively on both Intel Macs and Apple silicon Macs.”
For Oakley, however, there are many security benefits to Apple silicon. He points out that “Because of Secure Boot, the boot process of Apple silicon Macs is far more secure than Intel EFI … Recovery from malware is also far better with Apple silicon Macs, as you can wipe and perform a full restore in DFU mode, which is as deep cleaning as possible, and even takes care of malware that could have penetrated the firmware.”
For now, Apple silicon Macs have another advantage, Oakley says: “Most malware developers know Intel well, and few know ARM.”
Is the App Store safe?
Over the past year or so, complaints have consistently been raised about the App Store and Apple’s policies surrounding it. But instead of high commissions, the experts we spoke to were concerned about something else: the propensity for dangerous apps to make it past Apple’s reviewers and into the App Store.
Lewis Duke, threat intelligence lead at antivirus developer Trend Micro, argues that, “Although we have seen an increase in malicious applications found in Apple’s App Store, it is still generally safer than other app stores.” However, he sounded a word of caution that “Apple’s vetting process is one of the better ones out there, but it’s certainly not infallible.”
Long, however, was scathing about Apple’s review process. “Apple’s app review team frequently lets dangerous apps into the App Store,” he said. This is problematic for macOS users, he says, because, “By design, no Apple-provided tool or macOS component protects against harmful App Store apps. If a malicious app has already slipped past Apple’s review team, then any macOS built-in protection will recognize it as safe, even if it really isn’t.”
The implication from Long is that an antivirus app is a must because it might catch malicious apps that slip through Apple’s fingers. The number of nefarious apps that do this (compared to the general population of safe apps) is likely to be low, but the idea is it’s better to be safe than sorry.
More than just antivirus
Given the protection you get — and the known gaps in Mac’s armour — it can be a good idea to install an antivirus app on your Mac to bolster your defences in case something makes it past Apple’s own systems. But it’s not as simple as just booting up the first antivirus app you see and leaving it at that. There are other considerations to remember.
As Oakley alluded to, you need to understand your own actions. If you lean toward the riskier side of things — “if someone engages in crypto trading or downloads ‘warez’ or software from dubious sites,” as he puts it — then you need more than what macOS provides. But regardless of whether that sounds like you, everyone needs to be careful online, and that means refraining from using pirated software, downloading mysterious email attachments, and the like. That alone can help.
But even if you take plenty of precautions, it only takes one slip-up (or one malicious app getting past Apple’s app review team and onto the App Store) to ruin your day. That’s where an antivirus app can potentially have your back. As long as you get one made by developers who understand Apple’s systems and know how to write Mac-first software, the chances of a virus scanner tanking your Mac’s performance are fairly low.
Do that — and maintain a healthy level of common sense online — and you should be able to keep most digital nasties safely at arm’s length.