Internet-based threats come in many forms these days and things will only get worse, not better. While viruses are still a very real problem, there are other types of attack which a Mac security suite can help to protect you from.
While we all think of antivirus software as something that stops malicious programs being downloaded and run, a modern security app does a lot more than that. It can warn you of dodgy email attachments, sketchy websites and some of the options here will protect other devices you use, since you probably don't use a single Mac exclusively.
But as to the question of which antivirus software you should choose for your Mac, our current top pick is Intego Mac Internet Security. However, you will find seven other recommendations below as well which may suit you better depending upon the type and number of devices that need protection.
Do Macs need antivirus?
Plenty of Mac aficionados will tell you that Apple computers are inherently secure and don't require protection. We'd argue that they are wrong - or overconfident, at the very least.
Although Mac threats decreased by 38% in 2020, they had previously increased by 400 percent in 2019 (according a report from Malwarebytes). The bad guys, then, are still targeting Mac users and they're getting smarter and greedier. As a result, cyber security is something you can't afford to ignore, and good antivirus is a very good place to start if you want to stay safe.
Macs are generally more secure than their Windows brethren for two reasons. On the technical side, macOS is a Unix-based operating system. As a Unix-based operating system macOS is sandboxed.
Sandboxing is like having a series of fire doors: even if malware gains access to your Mac, it is unable to spread to other areas of the machine. They are more difficult to exploit than Windows PCs, but Macs are not unhackable.
More general advice can be found in our Mac security tips; and those who have been hit by a malware attack should try how to remove a virus from a Mac.
Best antivirus for Mac reviews
How to choose Mac antivirus
Features fundamental to all packages are two ways to find viruses: on-demand protection and via always-on protection. The former finds viruses by examining one file after another during scheduled scans, or when you choose to undertake a scan, perhaps because you’re worried your Mac might be infected. The speed at which the antivirus app can do this is important, because some take a long time and also hog the Mac’s CPU while they do so. Waiting six hours to find out if your Mac is infected is neither convenient nor relaxing.
Always-on malware protection is what protects the user outside of the times when scans are run. If some malware arrives, perhaps via an email or a downloaded file, then the always-on protection should be able to detect it and either quarantine it (copy it to a safe folder so the user can decide what to do with it), or simply delete it. Usually a notification is shown when malware is detected in this way, but not all antimalware apps show the same amount of explanation of what’s happened - and this was one of the factors we examined in our testing.
Outside of direct malware detection, many security suites include additional tools such as ransomware protection. Ransomware is a new kind of malware that, once it’s infected a computer, encrypts all the user’s files and then demands a fee to decrypt them. To protect against this infection, anti-ransomware features typically block any app from writing to a user’s home folders, such as Documents or Photos, unless the app’s preapproved (a process called whitelisting). Lots of apps come already preapproved, of course, such as Microsoft Word, or Apple’s own Photos app. But you can add others.
Several products also include virtual private network (VPN) add-ons. These protect an internet connection by encrypting it, and this is useful when utilising unsafe open WiFi such as that provided by a café or hotel. In our experience, these are not replacements for separate paid-for VPN services as many do not unblock video streaming services and some are cut-down versions which constantly nag you to pay extra for the full, premium versions.
Web protection via browser plugins or extensions is also popular and aims to stop the user (or their children) doing anything they regret online, such as visiting dodgy websites or handing over personal information.
There are usually different options from each vendor, and you get more extras with the top packages. They might include password managers, parental controls, cloud storage - the list goes on. Generally, the underlying antimalware engine is the same in all products from the same company, so you can save money if you don't need those additional features.
And price was an obvious factor in our test. All the antivirus apps are sold as yearly subscriptions. That’s right, you can’t just pay once and use forever. Often there’s a hefty discount for that first year’s subscription, but this can burn you when automatic renewal occurs a year later and the full retail price is charged: often 100% more. Alternatively, you can purchase several years’ subscriptions at once, receiving a discount.
Many subscriptions allow you to install the software on more than one computer (including Windows and Android devices), which can sometimes add significantly to the value - all computers, phones and tablets within a household can be protected with one subscription.
How we tested
For various reasons, quantitively testing antimalware apps is difficult to the point of near-impossible, and for this reason the results of our testing are intended to be indicative rather than definitive.
For example, we ran a full scan using each app and our goal was to determine relative speed and CPU loads. One app scanned the system in 30 minutes, while another took six hours. Your own scans might be quicker than this, or take longer. However, it’s clear that the former antimalware app has a faster scanning engine compared to the latter.
This is the kind of difference we hoped to identify.
The full scans were run on a MacBook Pro running macOS Mojave with an i7 2.8GHz CPU, 16GB of RAM and 512GB flash-storage based disk, around 400GB of which was occupied. This Mac effectively has eight CPU cores—four actual cores, and four hyperthreaded virtual cores. This Mac is used daily for tasks such as email, web browsing, watching movies, listening to music, and more. As such, it’s very much a typical system.
In order to test always-on malware protection for each app, we downloaded 26 malware samples from a Mac security site representing most malware targeting the Mac from 2018 until the first quarter of this year. Because placing these onto a "live" system represents an obvious security risk, we unleashed them within a virtualised Mac running on VMware Fusion, with macOS Mojave installed. This VM was assigned four CPU cores, plus 8GB of RAM, so represents an average Mac system.
Notably, we did not actively infect the system with this malware. This is generally impossible because of Apple’s Xprotect technology that’s built into macOS that blocks the majority (if not all) malware for the Mac.
Instead we simply placed the malware sample files on the hard drive by extracting them from password-protected archives. This was enough for most malware apps to respond and either quarantine or delete the malware files, and was enough to test the extent of each app’s malware database.
If an app didn’t catch a particular malware sample, we checked the VirusTotal database for more information. VirusTotal is an open project intended to act as a freely-accessible information repository covering most malware and antimalware apps.
Our goal was to find if the antimalware app claimed to defend against any malware that it ignored. We found that in most cases it did indeed claim to do so.
So, what’s going on? Perhaps it’s this: we tested the Mac version of an antimalware app, and there are likely to be Microsoft Windows, Linux and even Android versions of that app. The Mac version might have a weakness in that it can’t spot that malware, even though it should.
Alternatively, it might be an issue with our particular sample of that malware - although we note that some antimalware apps we reviewed got a 100% detection and clean-up score, so claiming it’s “the wrong type of malware” is perhaps a weak excuse.
