Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Virus/Malware program recommendations? [MERGED]
- Thread starter vjicecool
- Start date
- Sort by reaction score
No it’s not necessary.
Most of the time Mac viruses are spread by pirated software. Avoid that at all costs. Other than that following some basic common sense rules will keep you out of trouble
If you’re worried get the free version of Malwarebytes.
Thx..I just browse to the internet,and email and some spotify and paying bills on line.
Sounds like relatively low risk activities. Email can always have malicious links, but anti virus won’t save you from that. Most of the time if you’re careful not to click some email that says Hey your account balance is overdrawn, please click this link to sign into your account or something similar.
I kind of wish there was some training program that everyone took before going on the Internet. Just knowing what to look for sometimes is all you need. There are rotten eggs out there, but they’re usually easy to spot.
Yeah i'm very careful when viewing my emails...I get bogus text not all the time ..like today I got a text that I had and unpaid parking ticket.
Generally I do agree with @russell_314. MacOS offers security by default with mechanisms like XProtect, Gatekeeper, Application firewall or System Integrity Protection. You can read more about that here.
However, nothing prevents you from clicking bad links in mails or on websites and thinking twice and a good portion of distrust can keep you away from the worst scenarios.
At some time in the future, you might use a deprecated device, that doesn't get regular software updates from Apple anymore. Fortunately Apple serves XProtect updates for a very long time, even to unsupported devices. But native browsers and mail apps from Apple can have serious security flaws at that time and then it's a good idea to use 3rd party browsers and mail clients.
Then, one can benefit from 3rd party IP firewalls like Little Snitch or Murus by getting better insights of what's going on with ones internet traffic and maybe blocking some unwanted connections.
If you need to exchange a lot of common files, such as office documents or PDF, with others and want to check, if those files are infected by some virus, that probably doesn't hurt you on a Mac, but could be dangerous for the recipient, especially other (Windows) users, then the use of an Anti-Virus tool might be reasonable, too. Unfortunately there are not so many AV tools that can be recommended. I utilized ClamXAV, a macOS GUI for the open source app clamav, before ClamXAV went to a subscription model some years ago. Unfortunately I didn't find a real good alternative until now. Although there are many AV tools for macOS, most of them are bloated with useless features and they are quite expensive for what they should do.
Although there is little risk to catch some harmful malware, one can never be completely save. So always be careful what you click and make one or better two offline backups of your important data.
Conclusion is not to use any 3rd party AV tool, except you need to avoid passing over viruses to your clients and friends.
However, nothing prevents you from clicking bad links in mails or on websites and thinking twice and a good portion of distrust can keep you away from the worst scenarios.
At some time in the future, you might use a deprecated device, that doesn't get regular software updates from Apple anymore. Fortunately Apple serves XProtect updates for a very long time, even to unsupported devices. But native browsers and mail apps from Apple can have serious security flaws at that time and then it's a good idea to use 3rd party browsers and mail clients.
Then, one can benefit from 3rd party IP firewalls like Little Snitch or Murus by getting better insights of what's going on with ones internet traffic and maybe blocking some unwanted connections.
If you need to exchange a lot of common files, such as office documents or PDF, with others and want to check, if those files are infected by some virus, that probably doesn't hurt you on a Mac, but could be dangerous for the recipient, especially other (Windows) users, then the use of an Anti-Virus tool might be reasonable, too. Unfortunately there are not so many AV tools that can be recommended. I utilized ClamXAV, a macOS GUI for the open source app clamav, before ClamXAV went to a subscription model some years ago. Unfortunately I didn't find a real good alternative until now. Although there are many AV tools for macOS, most of them are bloated with useless features and they are quite expensive for what they should do.
Although there is little risk to catch some harmful malware, one can never be completely save. So always be careful what you click and make one or better two offline backups of your important data.
Conclusion is not to use any 3rd party AV tool, except you need to avoid passing over viruses to your clients and friends.
Wow nice information, thanq you!
does a reliable or nay VPN fit this equation for secure web browsing?
Exactly. I'm running it to mitigate my reputational risks. even if I am safe, I don't want to pass it on to others. That could cost me dearly.
Windows has a pretty decent anti-virus software - in my opinion, even less horrible than all paid alternatives - built-in these days, but even on Windows, "anti-virus" stuff makes little to no sense: "Current" malware is detected almost a year too late, "smart" heuristics throw too many false positives.
Even on Windows, there are three "normal" ways to get malware:
- Click links and/or open attachments in a sketchy e-mail. Solution: Don't.
- Download "cracked" or "patched" software from people who don't try to look like a serious business. Solution: Don't.
- Run outdated software without current security updates, exposing your computer to easy attacks just because you chose to skip update checks. Solution: Don't.
Nobody should use this kind of software in 2025 anymore, on no operating system.
I run CrowdStrike Falcon. Expensive, but very happy with it. You have to have your own domain name and basically be a business to get it. (I do consulting work and have a business license for doing work-from-home.) Have it on all my macOS and Windows devices. Can't tell a speed difference at all.
Funny as you go against any and all certifications for a secure setup. I’m sorry but I think you give out terrible advice. You would never be able to access any of our corporate resources with your machine configured like that. Too much of a liability.
Sounds like the certifications need an overhaul. That “secure setup” sounds like a huge problem to me.
Example, right above you:
While this would probably satisfy your certification, it is the exact opposite of a secure setup.
In case anyone had missed it, in 2024, CrowdStrike’s “security” software was responsible for the outage of over 8 million computers:
2024 CrowdStrike-related IT outages - Wikipedia
From my own experience, that’s not a CrowdStrike-related problem per se. “Security” software runs with full system privileges, and complex software usually has complex bugs and/or its own set of security holes.
If I had to choose between having a secure computer and getting ill-advised “certificates”, I’ll choose the former. Twice.
And your credentials in cybersecurity are what exactly? Is this just some feeling you have in your belly?
If only it was as simple as that, in business you need both....Example, right above you:
While this would probably satisfy your certification, it is the exact opposite of a secure setup.
In case anyone had missed it, in 2024, CrowdStrike’s “security” software was responsible for the outage of over 8 million computers:
2024 CrowdStrike-related IT outages - Wikipedia
en.wikipedia.org
From my own experience, that’s not a CrowdStrike-related problem per se. “Security” software runs with full system privileges, and complex software usually has complex bugs and/or its own set of security holes.
If I had to choose between having a secure computer and getting ill-advised “certificates”, I’ll choose the former. Twice.
Several decades of experience on the other side of the fence.
A secure setup and a software that makes your setup insecure? Does that work well for you?
What does that mean?
No, you need a secure setup and the certifications that you have, or do what you say you are doing. Not doing that can implicate massive liabilities through fines and even jail time through negligence, pending the industry you are working in.
You do you, but advocating against antivirus software is dumb. Dumb for home users, and especially not acceptable in a commercial setting. The impacts are not just those on personal data, identity theft, smart devices etc. But also protection of IP, regulatory compliance, business continuity, data loss prevention, and don't underestimate the employee and customer trust.
Perhaps you are being a little pedantic or under the misconception of what the term antivirus really encompasses in 2025. Modern versions cover a whole layered system of services which still include the signature-based detection, and the heuristic analysis, but go much further (depending on the products) such as real-time protection, firewall integration, phishing defenses, ransomeware protection, device control, sandboxing, endpoints, centralized management, the list goes on.
But you'll only get those certifications by lowering your setup's security, e.g. by installing Clownstrike or whatever, according to your own posts...?
It's a bit unfortunate that you didn't really address my point that - no matter how "modern" - antivirus software jeopardises rather than guarantees the protection of your personal data, your identity and the maintenance of your business operations.
As I have already explained above, home users have no advantage from software that opens more security gaps than it closes. If they install one anyway because they've fallen for marketing ploys, that's dumb. Or can you tell me a single advantage of installing software that is both inherently insecure and buggy and doesn't solve any problems that two simple rules (don't click on everything and do updates) can't solve much more easily? (As an aside, no software in the world can help someone who clicks on anything that looks like a link and gets all sorts of fun malware).
No you don't, not at all. You do that by having a suite of security controls, backed by a solid Information Security Management System. I've never mentioned Crowdstrike, it wouldn't be on my list there are better alternatives. For most people and organisations, the Microsoft Defender range is just fine when configured correctly.
Those rules only work if you disconnect from everything. But in reality, people have emails, people download stuff, people forward messages, people chat. I would not class Microsoft Defender as an example of what comes with Windows 10 or Windows 11 as inherently insecure. Similarly with the standard macOS options. Enable whole disc encryption to go a step further and you are a large part there. Now a proper configuration would also mean that your machine account won't have sudo style rights, but that goes too far for most and especially developers get annoyed although they know it is true
Security is like an onion, there isn't just one thing you can do to be protected, there are many layers that work together.
I am running a 2020 MacBook Air M1 and would like to know if a malware/virus program is a good idea to download and use. If so what is the most commonly used one for Mac users that you can get from the App Store.
Last edited:
Used Malwarebytes way before but now I don't use any tool because mac provides built-in security features so don't want to take unnecessary burden & unnecessary load to the system.