Check out the rest of the videos in this special course: The Practical Guide To Mac Security.
You don't need third-party anti-virus software on your Mac. In fact, your Mac already comes with anti-malware software as part of macOS.
You can also watch this video at YouTube.
Watch more videos about related subjects: Security (130 videos).
You can also watch this video at YouTube.
Watch more videos about related subjects: Security (130 videos).
Video Transcript
Hi, this is Gary with MacMost.com. This is Part 9 of my course The Practical Guide to Mac Security. This course is brought to you thanks to my great Patreon supporters. To find out more go to MacMost.com/patreon. There you could read more about the Patreon Campaign. Join us and get exclusive content and course discounts.
So one of the biggest questions when it comes to Mac security is do you need to buy anti-virus software. Get a third party app that you install on your Mac and it runs and it protects your Mac. The answer is very simply NO. You don't. The main reason being that your Mac already has it. So Apple doesn't talk much about this but built into macOS are three tools that basically comprise anti-malware.
First you've got Gatekeeper. Now Gatekeeper is the simplest of them all. When you go to install software it's basically going to prompt you making sure that you know what you're installing and that you are confirming that you want to install. So this protects you from being tricked say at a website from downloading something and have it automatically installed. Gatekeeper will provide a layer of protection making sure that you know that you're installing something. If software has been signed by the developer, in other words they've identified themselves clearly in the software registered with Apple, then you get one level of security. If they haven't done that then it's even more difficult to get past Gatekeeper and install something. This prevents most, if not almost all, malware from being installed on your Mac.
Second, is XProtect which is a more traditional malware prevention tool. It basically looks and when you're going to install something it checks that against the list of software and tries to identify if that is a piece of malware. That list is quietly updated in the background all the time. So when Apple identifies a piece of malware from Mac it adds it to that list. You go to install that piece of malware it's going to identify that and you won't be able to install them on your Mac.
The third part is called Malware Removal Tool or just MRT. That's if software has already been installed in your Mac, say Apple finds that something is malicious that people have already installed this kind of works after the fact and will remove that from your Mac. So these are all built-in to macOS. You can read more about them at the URL here. Basically they comprise what you would consider to be an anti-malware or anti-virus tool built into your Mac. No third party tool is needed.
Now if you want to install some third party tools then you should know that there are a lot of downsides for these. First, a tool like this is probably going to be running in the background using System resources all the time. So I often hear people having problems with their Mac. Their Mac is running slowly and the culprit is some anti-virus software that they've installed causing the problem. So you install it to make things work better but, in fact, the opposite happens.
Next a lot of times this type of software will brag about how much malware it's looking for and what it's doing. In fact a big part of what it's doing is looking for Windows malware. The idea being that if you work at a large corporation and there is a mix of Mac and Window machines that the anti-virus software on your machine, on your Mac, will look for Windows' malware so that you don't accidentally spread that to somebody with Windows. But for most home users that's not a concern at all. You're also going to get many false positives. So I hear about this all the time. I see it in the forums. I get asked about it when a piece of software is installed and somebody is running some third party anti-virus software, they are warned about it and in fact there's no warning necessary. It's simply a false positive and I know people that they only ever see false positives and that's it. You're going to get many unneeded warnings. For instance, you may get warnings about visiting webpages, warnings about doing things in software, warnings that can be confusing if you don't know security telling you that maybe this app could violate your privacy, for instance, but of course maybe that's what the app is supposed to do. It's a social media app and you're supposed to be sharing things with people. So there's a lot of that and it creates basically a lot of paranoia when you use the software. That things are wrong all the time. This software is mostly subscription so, of course, they want to show you things every once in a while that are warnings to show you that oh, it's doing something and it just makes you more and more paranoid that things are going wrong when in fact they are not. But you want to keep paying your annual subscription.
I've even see it break or block legitimate software when you download something you need for work or you want to use as part of your job and it won't actually work when you have this anti-virus software in there blocking some part of it or going to some websites and things like that. So there are a lot of negatives. In addition to this consider that when a new piece of malware comes out and it's targeting the Mac who is most likely to actually put a block for that. Is it going to be this third party anti-virus company or is it going to be Apple through its XProtect and Malware Removal Tool. It's almost always, and I track these things, Apple that gets there first. Updating XProtect and Malware Removal Tool very quickly and then after that the third party apps maybe adding the definition there which, of course, is unnecessary because macOS has already taken care of it.
So I want to quickly show you where you can check to make sure that XProtect and MRT are being updated. You go into System Preferences, go into Software Update and then go to Advanced and here you'll see Install System Data Files and Security Updates. Make sure that is checked. Then you'll get those updates. Of course you should also have all of these checked. In addition Apple keeps these tools pretty well hidden. But if you wanted to actually see, because you're curious, as to what is actually there, what it's checking for, you can go to your computer level and then on your drive go into Library and then Apple and then System, Library Core Services, so you can see this is really deep down in the System Library here. Here you'll see there's MRT and there is XProtect. XProtect is a bundle. If you Control Click on it you can Show Package Contents. In the Contents here under Resources you could see several different files here which are really just text files. So you can, for instance, select this one here, let's open up TextEdit and that way I could drag to TextEdit here and you could see what's in this file here. You could see these are looking for patterns matching this which identifies a piece of malware. There's tons of these.
As you could see in general anti-virus is not needed for typical Mac users and in the next lesson I'll show you the things that you should be doing to protect your Mac rather than installing some third party software.
Gary
Your instructions are: "So I want to quickly show you where you can check to make sure that XProtect and MRT are being updated. You go into System Preferences, go into Software Update and then go to Advanced and here you'll see Install System Data Files and Security Updates. Make sure that is checked."
I have Mac OS 10.13.6 and my System Preferences does not include a "Software Update" button. Where should I look?
Charlie: You are on a much older version of macOS. Off the top of my head I can't remember where they are on that version. Any reason you haven't updated (also an important security practice). Maybe check in the App Store app? Though I don't think you've got the checkboxes there.
Hi Gary, How about detecting emails which might be attempting to install malware? I've been using Avast (mainly for the VPN). It seems to be quite good at catching phishing emails. However, agreed, it rarely finds anything in the system scans. Any thoughts?
Gary: Thanks-that's what I thought. This iMac is a mid-2010 model and though I have max'd the memory and shifted to a SSD, there is not enough processor power to go any further than 10.13.6. I guess I am going to have to upgrade.
Gary, I'm still on High Sierra (as Charlie is) because going to something more recent breaks 32-bit apps and I have a couple of specialized ones that have not been updated. Maybe that's why he's still there as well...
Hi Gary, Thanks for all the tutorials. You say the "average home user" does not need anti-virus. I am a home user and help run a club and use MS Office on my Mac and share MS Word and Excel with the club Windows users. You say most AV products search for Windows virus/malware so in my case I think I am correct in running an AV product, both for protecting mine and other club members from Windows viruses. Do you agree?
Timothy: To protect against malware that comes in an email message, simply never run an app or installer that comes to you in an email message. Apps can't install without your permission.
Bernard: Which 32-bit apps are you using in 2021? If a developer hasn't updated the app at this point, they probably are never going to. I would replace that app ASAP. Think about it: if your old Mac failed now (stolen, damaged, etc) you'd get a new one and that wouldn't be able to run 32-bit apps. Find another solution now while you can transition instead of being put in a tight spot later.
Richard: Just because you use an app (Office) that also has a Windows version doesn't mean it is insecure. Just using Office for Mac isn't a problem and wouldn't mean you'd need to run an AV app.
Many thanks Gary, my Mac slowed right down when I installed the anti-virus, fixed now. Should I do the same for my iOS devices?
Gary, the main app that's been holding me up is one called Perfectflite Datacap - it is for downloading, plotting and exporting flight data from their recording altimeters used in model rockets. While I take a cheap Windows laptop to the field for this purpose, I like being able to reload saved files and generate plots from the app here on the Mac (which is a 2016 15-inch MBP) as it is my preferred workstation. There is no "replacement" app, per se, for this. That said, I get your points.
Every few months, I run across an article in reputable publications—PC Magazine, for example—that lays out lots of reasons why Macs need third-party antivirus protection. I fell for that stuff once—several years ago—and I observed a big performance hit on my MacBook Pro. I haven't used any of that stuff since then. Articles such as the recent one in PC Magazine's newsletter made me question my decision, but along comes Gary's timely article. Thanks, Gary, for keeping us straight!
Kym: There is no such thing as anti-virus for iOS. Each app is restricted in what it can access, so no "anti-virus app" could possibly know what else you have going on. Maybe you have some "security app" you are using? I consider them a waste of money because they don't do much, but they shouldn't slow down your iOS device.
Lucas: I often find myself shaking my head at those kinds of articles. They still repeat myths about security, batteries, and other computer things that changed decades ago.
Gary Rosenzweig said
Richard: Just because you use an app (Office) that also has a Windows version doesn’t mean it is insecure. Just using Office for Mac isn’t a problem and wouldn’t mean you’d need to run an AV app.
Thanks. I appreciate my Mac is not at risk, I was thinking if I receive an infected MS Office file from my Windows colleagues, I could pass that on to another Windows colleague so running an AV would prevent transmission to my Widows friends. Does that make sense?
Richard: I think the proper way to handle that would be for AV software on their end to catch it. If their only line of defense was that it happened to pass through your Mac first, then they will probably end up getting it anyway. But I don't think this sort of thing happens today anyway.
I use a fully updated MacBook Pro, but I use Parallels to run Windows 10 and all the Office 365 apps. Do you see any potential for malware getting through with my setup?
Lucas: On the Mac side, no. On Windows, you'd probably want to take precautions (as a Windows pro). But why are you doing such a convoluted thing to use Office? Just use the Office for Mac apps. I think your subscription will even work so you don't need to buy anything extra.
Yes, I can use Office on both sides. However, the Windows version of Word, for one example, is more robust than Word for Mac. The Mac version of Office does not have Microsoft Access, Publisher, and others.
Gary. I've been using a 3rd party (malwarebytes) for a year or so. Don't want to put you on the spot, but if I drop them and my monthly fee my Mac (Big Sur 11.6.2) is still ironclad? Thanks for all top notch info.
Curt: As long as you remain vigilant and don't download things from sites you shouldn't trust, you don't need it.
Thanks for this info Gary R. Your self-help for non-techies like me is greatly appreciated. I always wondered, when I've seen the software ads for security, if I should purchase one to 'protect' my Mac Pro. Your posts and You Tube videos are so helpful.