One of the most frequently-asked questions about Macs is what anti-virus and other security software should be used. My response almost invariably starts with two words: it depends. It depends on what you do, on assessing your risk, whether you live an exciting and dangerous online life, or never stray from the App Store and a handful of relatively safe and secure sites.
There is, though, a common core of tools which every Mac user should be aware of, and the great majority should keep at hand. Most of them should be drawn from those provided by Objective-See. This article explains a little about the tools available there, what to use them for, and suggests some others which are valuable supplements.
KnockKnock examines those extensions, daemons, and other components which are most likely to become infiltrated by malware. It lists them all, and checks them against the reference database of malware at VirusTotal. If you spot anything suspicious, you can obtain further information about it which will either enable you to do something about it, or allay your fears.
Every Mac user should run this periodically to scan for traces of malware and unwanted software. It is non-invasive and doesn’t give rise to compatibility or performance issues.
TaskExplorer is one of my favourite general-purpose tools, as its value extends far beyond security. It lists all running tasks, and lets you see their scores against the VirusTotal reference. For each of those tasks, it lists the dynamic libraries which it is using, the files that it has open, and any network connections.
This is a wonderful and thorough spot check for anything – malware, unwanted software, adware, or just bad apps – which might have found its way onto your Mac, and is currently sitting there, waiting to give you grief. I also use it to check which running apps and tasks are using specific libraries, which files they are accessing, and whether they have open network connections.
KextViewr has become less essential now that third-party kernel extensions (KEXTs) are becoming less common, or perhaps I am just getting better at avoiding products which install them. It lists all kernel extensions, gives the same assessment for them against the VirusTotal database, and detailed information about them. I keep this at the ready, but now seldom have to use it.
What’s Your Sign? is probably the security tool which I use most frequently. Once installed, it adds an item to the Finder’s contextual menu which inspects the code signature of the selected item. I routinely do this on all freshly-installed apps, so that I can see details of the developer. If that information looks suspicious, I can them check them out more thoroughly. My only regret is that this cannot check the signing of Installer packages.
If you’re worried about the threat of ransomware, then RansomWhere? is compelling. It sits in the background, watching for the creation of encrypted files by untrusted processes. If it catches any such activity, it reports it to you. This is an effective way to keep a watch on such suspicious activity, and it is neat and unobtrusive.
The current most worrying trend in Mac malware is the growth of spyware, which uses the mike and/or camera built into your Mac to acquire information about you. Many expert users have taken to taping over their cameras and muffling the mikes, but OverSight is much more effective. Once installed, it watches for any process which activates the internal mike or accesses the camera, and lets you know what is going on. It has already revealed some significant security issues which were not intended, and enabled them to be fixed.
BlockBlock is perhaps Objective-See’s most powerful protection against malware which installs itself to persist. Once installed, it watches for the telltale signs of such actions, and alerts you to them. Not all will be malicious, of course, but this gives you the chance to catch malware as it tries to infect your Mac.
Objective-See’s toolset is currently free of charge, but you are encouraged to donate to express your appreciation of the products. Please do so, as each donation will encourage further development.
There are two other tools which I recommend users consider: Little Snitch, and Malwarebytes Anti-Malware.
Little Snitch does a vital job: it watches for any processes which try to make outgoing connections from your Mac over the internet. These may be signs of malware, of apps which are leaking personal information, or perfectly normal and permissible. You can build rulesets so that it does not trouble you with reports of the latter, allowing you to watch for the first two.
Although your router’s firewall should be locked down to block incoming connections, most of us quite wisely allow most or all outgoing connections. Recent versions of Little Snitch now provide sophisticated network monitoring features too, which will often save you having to start inspecting packets in order to discover what is going on. Its website provides a free demo version, and a single-user licence costs around €29.95.
Malwarebytes still provides its Mac anti-virus scanner free of charge, which is another excellent deal for macOS users. However, it does not perform background or continuous scanning, so you will need to run manual scans whenever you feel there is a need. For a Mac at high risk, that could be daily, or more often, perhaps.
There are many other anti-virus products and more general protection tools available. If you do opt for those, ensure that you keep your subscription up, or you will find the product falling behind the current release of macOS and not coping with the latest malware.
I hope that is a good starting point for the answer to that question.