There are some that say that there is absolutely no need to use any means of an Anti-Virus or Anti-Malware solution on a Mac. Well, it’s a difficult topic to cover because it’s a yes and no situation. Compared to Windows there is only a fraction of known virus that can affect Mac OS X… but that does mean that there are viruses and malware out there that can affect Macs.
So do you need to use an Anti-Virus and Anti-Malware app on your Mac? Well I suppose it depends on you. Are you the kind of person who wildly installs and runs any program they randomly come across? Or are you the kind of person who comes across an app and first goes and does quick google search about it? Apple has implemented a few ways to protect yourself, and Mac OS X itself is very secure against most malware, spyware, virus and the like. The thing about these viruses and is that they are built to get around the standard security features. This is where a good Anti-Virus or Anti-Malware / Spyware app comes in.
In this article I’ll go through some ways to make sure your precious Mac is safe and secure, as well as how to use some of the security features built into your Mac. And finally I’ll quickly go over an Anti-Virus client that I recommend if you want extra protection.
Built in Security – GateKeeper
Mac OS X is capable of protecting itself from viruses and malware and even it also gives you control of some of the security features. For instance all Macs that run Mountain Lion (10.8+) and OS X Lion (10.7.5+) have GateKeeper. Think of it this way, GateKeeper has a list of approved guests (apps), when one of those guests show up they are allowed entrance to the party (Mac). When an uninvited guest comes along and tries to sneak into the party, GateKeeper asks for its ID (Developer ID). After not being able to provide any means of ID, GateKeeper will shut the gate in its face.
As you can see in the screenshot, under “Allow applications downloaded from:” there are a few options from that let you choose how GateKeeper runs.
If you select “Mac App Store and identified developers”, then only applications from the Mac App Store and apps have gone through the process of getting verified with Apple can be installed. It’s very unlikely that Apple would randomly verify and approve a virus or malware, so with this option selected you should be pretty safe when it comes to installing apps.
You may eventually come across an application for your Mac that is not verified by Apple. The app may be perfectly fine and simply just hasn’t bothered getting verified by Apple (or can’t get verified). For applications like that, I can only suggest that you do a quick google search on the app and make sure you download the app from the apps homepage instead of some random download website.
GateKeeper will warn you if it finds an unidentified app. If you decide that you want to run the app despite Gatekeepers warning, then you can still run or install it, however you’ll have to enter your password. If it doesn’t allow you to simply bypass it by entering your password, you’ll have to temporarily turn it off, then turn it back on once the app is installed.
To get to GateKeepers settings, Open System Preferences -> Security & Privacy -> General tab -> looked under “Allow applications downloaded from:”.
Built in Security – SandBoxing & Runtime Protections
Sandboxing is another security feature on you Mac. Basically it makes the app that you’ve downloaded play only in its own sandbox by isolating its access to other apps sandboxes. So basically even if the app is malicious and tries to escape its own sandbox and mess with another app, it can’t because it is restricted.
There are also other runtime protections (running all the time) that are built right down to the very core of your Mac and runs on every level of it. It has a strong wall between the data and memory used for executable instruction. Basically this prevents malicious software from tricking your Mac into treating the data the same way as it treats an app, which could have been used to compromise it.
It even randomly changes the memory locations where different parts of the app is stored. This stops an attacker from being able to find and record certain parts of app to make it do something it wasn’t intended to do.
Built in Security – Anti-Phishing
Most browsers have some form of Anti-phishing. There are sites out there that will try to steal sensitive information such as your usernames and passwords. Sometimes these sites will try to trick you into believing that they are a legitimate websites that you can trust. Meanwhile they are simply trying to get ahold of your credit card and other sensitive information. If you use Safari on your Mac then you’ll be warned the moment you come across a suspicious or harmful website.
Anti-Phishing in Safari can be enabled by going to its preferences -> Security tab -> make sure “Warn when visiting a fraudulent website” is checked.
Don’t leave it all in your browsers hands though, if you come across a site asking for personal information and it seems sketchy then do some quick research on it. Google can help here.
So do I need an Anti-Virus or Anti-Malware app?
The above may make you feel safe enough to say that you don’t need an Anti-Virus or Anti-Malware app. And if you do feel safe enough then that’s perfectly sensible, Mac OS X is very secure and has quite a few safeguards against most of these threats and exploits. If you are safe about what you install and what websites you go then it’s less likely that you will get a virus. Just because you are safe though doesn’t mean that you are impervious to all threats however.
For instance, I’m pretty techie, I’ve had a large interest in computers and other technology since I was young and have become somewhat versed in things like instantly spotting out malicious sites and even possible viruses; and still, I currently have an Anti-Virus solution on my Mac.
So if there are viruses and malware out there that can harm a Mac then why doesn’t everyone use one? Well the most common issue with having an Anti-Virus program is that it is constantly running (realtime scanning). Realtime scanning means that as apps (and other “stuff”) are opened they are being scanned by the Anti-Virus / Anti-Malware app. Basically everything is scanned as it is processed. This is a good thing and a bad thing. Since it’s always scanning, it has a really high success rate of stopping any threat the moment it appears, however since it’s always scanning it’s also taking a toll on your computers speed and resources.
The solution (for me anyways) is to use app that doesn’t have realtime protection (or can have it disabled). I use ClamXav because it’s free, simple, smart and does what it says it does. When I close ClamXav, it stops using my Macs resources and when I need it, it’s there right away. My favorite feature is the ability to right-click (control-click) any file and be given the option to immediately scan the file.
There are tons of Anti-Virus / Malware apps and solutions out there to choose from, some are free, some cost money. It’s up to you to decide on what you feel safest with.
For example, if you look up in your browser and see a whole bunch of toolbars and have no idea how they got there then you should probably use a really good realtime solution. If you’re smart about what you do and install on your Mac, then you most likely don’t need a realtime protection solution.
Without realtime scanning your Anti-Virus / Malware app is useless unless you do manual or scheduled scans.
Most Anti-Virus / Malware clients allow you to set up scheduled scans and do manual scans. For this example I’ll use ClamXav, as it’s the app I currently use and like.
Have you ever downloaded something and been hesitant on opening it? Sometimes I can be hesitant on opening up zipped (.zip / .rar) files. Luckily with ClamXav on your Mac all you have to do is right-click (control click) the item and click “Scan with ClamXav”. It will perform an instant scan on the files and show you the results when done.
Scheduled tasks are pretty important if you plan on using ClamXav because it does not have realtime scanning (Mac App Store version). Setting up a scheduled tasks is really easy, the most difficult part of it is deciding when you’d like to have it run. Personally I have it set to run on the weekends at 9:00 am, this is because it’s the weekend and I know that I’m not going to be up before 9. Try to choose a time when you know you’ll be away from your computer. You can still of course use your computer while a scheduled scan is going on, it just may run a little slower since when scanning, a lot of your Macs resources are being using to complete the scan.
It’s also important to have your virus defections updated regularly, preferably right before a full system scan is done.
There are two versions of ClamXav, the Mac App Store version and the version you can download from the apps homepage. The version that you can download from the apps homepage has more features.
Features not included in the Mac App Store version of ClamXav:
- It does not have realtime scanning – the version from www.clamxav.com does.
- It does not have the bundled ClamAV engine used to build your own installation.
The best advice I can give you is to be smart about what you do and what you download. Don’t just install anything without knowing what it is. When installing an application don’t blindly click the next button. This is usually where you are asked if you want to install other promoted software. For instance, do you have a bunch of uninvited toolbars in your browser? This is most likely how they got there.
Be safe out there.