Often people ask about the best anti-virus software, sometimes because they feel they need to have something installed, or they are required to do so by their company or school. But macOS already comes with anti-malware software, built-in as part of the operating system. There are three parts to this: Gatekeeper, XProtect and the Malware Removal Tool. Learn about them and find out how to make sure they are up-to-date.
You can also watch this video at YouTube.
Watch more videos about related subjects: Security (133 videos).
You can also watch this video at YouTube.
Watch more videos about related subjects: Security (133 videos).
Video Transcript
Hi, this is Gary with MacMost.com. Today let's look at the best anti-virus software for your Mac.
MacMost is brought to you by a community of more than 350 supporters. Find out how you can become a part of it at macmost.com/patreon.
So I often get asked what's the best anti-virus software for the Mac. A lot of times people say I just don't feel comfortable not running anti-virus software or my company says I have to have it on my computer. So what should I get. You're not really looking for anti-virus software. You're looking for anti-malware software. A virus is just one type of malware and it's rare today. Most malware today are trojans. These are pieces of software that you install yourself because you've been tricked into downloading software from a site you shouldn't trust. Sometimes that software itself is malware. Sometimes the malware comes along for the ride when you install the software.
Now you want to prevent that malware from getting on your Mac. So what software should you install. The good news is that the best software for the job is already on your Mac. It's included as part of Mac OS. For years now Apple has include anti-malware software built into the operating system. They don't talk about this much because, of course, they don't want to publicize that part of it. They don't want to talk about how there are trojans out there for the Mac. They just quietly built it into the operating system and it protects you.
Now this protection software is in three parts. The first part is called Gatekeeper except you won't find something called Gatekeeper anywhere on your Mac anymore. If you go to Apple menu, System Preferences and then you go to Security & Privacy and you look under General there's a section here called Allow Apps downloaded from. Years ago they actually had a little icon there and they called this gatekeeper. So that's what people refer to it as. Now it's just some settings here. You can't even actually change them unless you authenticate and then you have two options. You can only allow apps to be installed from the App Store or you can allow apps from the App Store and from identified developers. Beyond these two options you do actually have the ability to install any software you want as long as you give it permission.
So this is like your first line of defense. If an app is in the App Store then it was submitted by an identified developer with a developer account with Apple and Apple reviewed it before they allow it in the App Store. It's not a perfect system but it does allow Apple to check for a lot of things including whether it presents a security or privacy vulnerability and just some quality guidelines that Apple has. If there are problems Apple can actually pull it out of the App Store and take away the developer's ability to produce new apps in the App Store or even as assigned developer. Even if the app is from outside the App Store if it's an assigned app, that means the developer is part of the Apple Developer Program. There's been some identification checks and Apple can revoke that. So there's some level of security with just signing an app.
So Gatekeeper is kind of a gateway system. It just prevents things from getting installed. So if you're not that tech savvy then you should definitely set it at the lowest level and have it only allow apps from the App Store. Even if you set it to the other one you should always question whether or not you really need an app and whether you really trust the site that you're downloading from. If there's any question just don't do it.
The next part of Apple's Anti-malware system is called XProtect. You won't find any mention of it anywhere official either. It's built into Mac OS and you can actually check to see that it's there and that it's been updated. So what XProtect does is it prevents you from installing some of the worst pieces of malware out there. It does this in the same way antivirus software works. It has these little identifiers that identify if a piece of software is bad and it will then prevent it from being installed.
You can check in the Apple menu About This Mac, click on System Report, and then look on the list on the left and go, Under Software, to Installations. Then you're going to get this long list. If you look all the way under XProtect you'll find a bunch of XProtect plist ConfigData entries. The most recent one is the one that you want. You can see right here that version 2102 installed on April 19th. Now if you want you can actually find XProtect just to see that it's there. So in the Finder choose Go and then choose Computer. Dig down into your hard drive, then System, and then Library. Under there look for Core Services. Look there and you'll find one called XProtect. If I Control click on it and say Show Package Contents, I can look in Contents, Resources, and I can see a XProtect plist and an XProtect meta plist. Under meta I can see here in the little preview that the version is 2102 right there. Under the other one I can open it up just by hitting the spacebar and look at it in QuickLook. You can see all these different definitions for different pieces of malware. So if I look for something like a dictionary entry here under description I can see in the string there's the name of it. If you actually search for that online you might find a little bit about that piece of malware. Here's another one and here's another one.
All right. So Gatekeeper prevents you from installing something that you probably shouldn't. XProtect is the next line of defense making sure that even if you give it permission it's not going to let you install some of the worst malware out there. What's beyond that? Well, there's something called MRT which is the malware removal tool.
This is an app that's on your Mac that will actually remove pieces of malware.
You can also find that if you go to About This Mac and then System Report and then look under Installations. You'll find MRTconfigdata and a version number there and the last updated date. In the Finder if you go into your Computer and then System and then Library and then from there you also look in Core Services that's where you'll actually find MRT.
So how do you run MRT. Well, you don't and it's kind of a mystery as to when it runs. Some people say it runs every time you reboot your Mac. If you have malware if you simply do a restart of your Mac it may get rid of it because MRT will trigger then. Other people say it runs whenever there's an update. So you do an update and then it will run and scan your drive and then look for that malware and remove it.
Now to keep XProtect and MRT updated make sure that under System Preferences and Software Update click on the Advance button. Make sure you have Install System Data Files and Security Updates checked.
So that's Apple's three part anti-malware system built into Mac OS. It won't protect you from everything. You can still go to a site that you probably shouldn't, download a piece of software that you definitely shouldn't, install it and give it permission to install, and then you might be stuck with something like some adware that actually shows ads or changes how Safari searches and things like that. So you can still be the weak link here. Only install software that you're absolutely sure you need and it's from a site or service that you know you can trust. Always keep your Mac updated.
Thanks for a super-helpful video, Gary. An eye-opener. I guess I'm not alone in not having realised that all that protection came baked in to my Mac already! Saving me a load of cash and clutter that I might have wasted on 3rd party anti-virus software.
Thank you for this valuable information! The most valuable tool one can ever have is knowledge.
The people who object to this video are those who have abdicated their fiduciary responsibility in favor of feeding their piggy bank.
This security info video cleared up any questions I had regarding malware protection. Never had a clue that security came built-in. I am more than grateful to have found MacMost!
What do you think about malware bytes free version or Malwarebytes Comprehensive cybersecurity I have a 1 yr 3 device it works on windows, Mac or android. I just haven't had installed it yet. I do have the free version. Would I need to remove the free version first then install the Malwarebytes comprehensive cybersecurity vs using what comes on the Mac already?
Robin: I know the free "scanner-only" version has come in handy for people who have been careless about installing software and have ended up with malware. You download, scan, and then uninstall (no need to keep around as hopefully you don't need it again, and if you do you'd want the latest version anyway). I ahem no experience with the paid version since I am very careful about what I download so it isn't necessary. Plus... Gatekeeper/XProtect/MRT as I talk about in the video.
Next is mandatory notarization for apps distributed outside of the MAS: it'll greatly reduce malware threats. Also: SIP, i.e. if you do get infected, the system files cannot be modified. Other great tools for dealing w/ unknown threats: anything from Objective-See, Little Snitch, Google Santa, XFENCE & most important: a good adblocker. I recommend the Adguard Desktop app. Personally I also have ClamXAV, esp. because of the CLIs, and you can add millions more AV definitions e.g. w/ ExtremeShok.
Great post.
I have Mac Os 10.14.4 installed but my latest version of XProtect was installed 4/30/17. Should I worry about this?
Oops. Should have watched the video to the end. Thanks for saying how to make sure the software is updated.
I’m concerned about the info being described here. The built-in functionality of XProtect, Gatekeeper, and MRT have been shown repeatedly by Mac administrators and security researchers to not be adequate malware protection on a Mac. Gatekeeper is easily bypassed. Items downloaded via CURL bypass it cmpletely. Items download via Firefox were also bypassed for a long time (not sure if they still are)
Xprotect still doesn’t include some common malware like MacKeeper.
Please, if you’re going to post videos about “the best antivirus for Mac” actually talk about additional software that can help people keep their computers secure and safe. Often people are their own worst enemy and they need something to protect from themselves.
No software will ever save a user from him/her self, knowledge will always trump software features. I ran Linux/BSD for 18 years, and a Mac for 7 years now, and have never had any type of malware infection despite avoiding anti-virus apps like the plague. Thank you, Gary, for encouraging users to continue to educate themselves.
Gary, Thanks for the informational video. In viewing, I noticed that that your XProtect states version 2102 and mine is 2101. I have the auto updates on and am running OS 10.14.4 and I just check to see if any updates were available, it stated that "Your Mac is up to date". Well, I don't have x protect 2102. Is that cause for concern?
Greg: I would check to make sure you have updates turned on (like I show in the video) and if it is I wouldn't be too concerned.I don't think 2102 was anything too important. I would check in a week or so.
Hi Gary, First of all, great post as always. Crystal clear and enlightening. I went looking in "Installations" under "About that Mac and found something odd, though. I don't have either XProtect or MRT listed (though I can find both in the actual Coreservices folder, as you said). Instead, see eight other items, all of them 3rd Party incl. two called "Malwarebytes for Mac Uninstaller" (two diff. install dates) and three mysterious files called "$[PRODUCT_NAME]"... did I screw something up?
Hi Gary, what about programs like Clean My Mac? Are they needed to get rid of unneeded junk, free up ram, optimize?
Thank you,
Chris: No. See https://macmost.com/do-you-need-a-mac-cleaning-program.html
John: Did you use Malwarebytes at some point? If so, then the presence of the uninstaller in the list makes sense. As for the other thing, there isn't enough information there to know either way. Unless you are having an issue, there is no reason to worry about it.
Great information. I recently started having issues using Chrome, where Google searches automatically rerouted to Bing. Research on the web said it was malware, so I ended up sorting through extensions installed on Chrome to eliminate it. Does any of this Mac Security software help with those kinds of issues?
Scott: I know the malware you are talking about. In order for it to get on your Mac you had to install something you downloaded (you gave it permission), and it rode in on that install and in the fine print. So no matter what other security measures you take, you still have to avoid downloading and installing things from sites you shouldn't trust.
Gary, your information is always valuable, but this video helped me discover that my MacBook Pro had not updated the security files since November 2017! It's updating fine now, and I would have never known about this without your help. Thanks!
Used to have a Software Update Icon in my System Preferences. I tried to trace your steps just now, and see that ALL icons in System Preferences are there, except for Software Update. What could have happened - where did it go?
Ingrid: Are you using Mojave? Then it should be there in the third row, next to Internet Accounts. If you don't see it, go to View, Customize and see if it is there but unchecked.
Scott: To clean up a browser highjack I had on iPad, I uninstalled Chrome (also on all my other Apple devices; on Mac, data left behind by the simple "move to trash" of the app). And I used advanced tools on Windows (antivirus, Malwarebytes, and ADWCleaner) to clean my Windows computer.To prevent browser hijacks I no longer synchronize browser data from one machine to another. The data sync'd could itself be a malicious extension.
Bob: If you have an issue with Safari, simply switching to Chrome is a bad idea. Even if you want to use Chrome, you should still clean up the malware and not leave it in place. Syncing browser data in Safari will not sync extensions so turning that off will only disable one of the most useful features of iCloud.