Mac Antivirus Software – Reviews on OS X Antivirus

What’s important about Mac Antivirus

  • Even if OS X is considered secure, there is also malware for Apple’s operating system.
  • Virus scanners for Mac add useful features to the security feature of OS X and close any existing vulnerabilities.
  • In addition to a high virus detection rate, users should also pay attention to features such as e-mail protection and parental controls.

Our winners

Bitdefender Antivirus for Mac comes out on top in a Mac virus scanner comparison. The antivirus program scores with a high detection rate for both Mac and Windows viruses. The revised program interface combines all necessary functions without overburdening the user. The high-performance package is also available at a reasonable price. Tightly behind Bitdefender are two and three Kaspersky Internet Security Macs and Intego Mac Internet Security. Both suites also offer good all-round protection, which users can also use for their mobile Apple devices.

1. Overview

The operating system

Apple’s operating system, just like its products, such as the MacBook, iPad or iPhone, is based on elegant design, clear lines and a look that is thought-out down to the smallest detail. The US company is constantly developing the user interface of the PC operating system. With the continuous improvement of OS X, for example, sheets and drawers were added as new control elements, which should make working with multiple windows more transparent. Sheets (English for “sheet” or “sheet paper”) solve the problem that dialog boxes cannot be uniquely assigned when using several programs. The sheets are now appended directly to the title bar of the corresponding program. Drawers are drop-down menus that hide functions of programs that are not needed. Only by a click they are displayed. Both features show that Apple is committed to the design line of its product and wants to make things different from the competition.

OS X is safer than Windows

There are users who think that Apple’s operating system is safer than Windows. Therefore, anti-virus programs – at least paid software – are not necessary for the Apple platform. Malware figures speak for themselves: In 2010, there were 60,000 different types of malware for Windows platforms per day. In the same period, there were only 50 forms of malicious software for all other platforms, including Mac OS X. This makes Windows a system where malware is more diversified. Conversely, this does not mean that Apple users live safer in principle. Firstly, it is sufficient for a malicious program to infect the system, and secondly, the intensity of attacks can increase at any time.

At present, Apple users still benefit from the fact that comparatively few people use the operating system. In Germany, OS X’s market share in July 2015 was 8.3 percent. Windows platforms reached about 80 percent in the same period. For developers of malware, this is a simple cost-benefit calculation: the more common an operating system is, the more worthwhile is the development of malware, which is supposed to generate profit in the end. With the increasing popularity of Apple’s products, it can be expected that they will continue to become targets of malware more frequently in the future. When 700,000 Macs were infected by the Flashback Trojan in 2012, the vulnerability of Apple’s PC operating system proved to be comprehensive; it was pointed out that Gatekeeper and Xprotect were also not a 100% guarantee of the system’s security. The conclusion: Mac users of OS X also benefit from purchasing an antivirus program.

This conclusion is particularly true because Mac users use their devices for both personal and professional purposes more often than Windows users. After all, the Mac is well known for its frequent use in image processing. If users should then even work independently, virus infections can quickly threaten their very existence. Some companies also insist that employees who connect their private Macbook to the corporate network use external Mac anti-virus protection. The Mac can quickly turn into a virus ejector on a network, not necessarily for itself, but for all other computers on the network. This makes it all the more sensible to invest in comprehensive protection. Virus scanners for Mac offer this.

2. Features – This is what Mac Antivirus should provide

Most virus scanners for the Mac contain more features than simply scanning the system for malware infections. That’s why you should talk about Mac Internet security or a security suite for Mac. The most important functions of such bundles are briefly and concisely portrayed below.


The heart of every Mac virus scanner is of course the antivirus function.
The Mac virus scanner scans the system at regular intervals and according to individual user specifications for possible malware infestation. Since the virus scan also happens in the background, the virus scanner on the Mac should be as inconspicuous and resource-saving as possible. This is especially true when running resource-intensive applications such as image or video editing software on the Mac. A virus scanner that places too much strain on the Mac system in this case has too much potential for conflict. Many Mac anti-virus programs also monitor your Mac’s Internet browser. Real-time protection when surfing can be appropriate, especially if sensitive bank or customer data is frequently processed via the browser.


A firewall controls access to network services.
The program checks whether communication with a particular service – such as a website – is allowed. If unknown services request network access from the Mac system, the firewall alerts the user directly. This keeps Mac users in control of what services can and cannot access the Internet. For example, a firewall can prevent the unwanted exchange of data over the Internet if malware has not been detected.

Email Security

The email inbox is often a gateway to malware and malware.
Therefore, there is a separate e-mail protection for these programs, which secures electronic letters transmitted via protocols such as POP3, SMTP, IMAP, MAPI or NNTP. This protection applies not only to incoming mails, but also to those sent by Mac users. This may be useful in cases where your mailbox is used by hackers to spread spam unnoticed. Email protection usually checks the mails for header, body and – if available – attachments. If an e-mail is now classified as potentially dangerous, the e-mail protection reports this to the user and prevents the user from opening or activating the malware.

Background monitoring

Behavior-based monitoring detects the behavior patterns of malicious software and alerts immediately when such structures are recognized.
Live updates keep Mac antivirus databases up to date. Updating the Mac virus scanner often happens several times a day, but at least on a daily basis. Such an update is absolutely necessary to keep pace with the rapid growth of the different forms of malware. PC viruses behave in a similar way to biological models that infect living bodies. They are able to change their source code by small nuances, so that existing antidotes and detection variants of the virus scanners can no longer attack. As a live update of the antivirus program is mercilessly inferior in such a case, the security software developers have developed behavior-based monitoring.

Such a program detects the behavior patterns of malicious software and alerts immediately when such structures are recognized – even if the source code in question is not listed in any known security database. In this way, even unknown malware can be detected at an early stage and its damage can be prevented by the Mac virus scanner.

Parental Controls

Anyone who has children knows the worries about the content that circulates on the Internet. Pornography, violence, harassment, extremism and dubious chat portals are not necessarily something that has to be left unfiltered and unattended for young people on their way through life. Therefore, a backup that is often included in Security Suites for Mac is recommended. It can be used to block or password-protect certain websites and regulate the time spent on the Internet. This gives parents full control over their children’s home network and Internet use.

3. How Mac Security Software Works

Antivirus programs – whether real-time scanners or manually run scanners – use different methods to analyze the system and detect malicious software. This does not mean that antivirus software uses only one type of detection. Antivirus software often uses many different strategies called search engines. The simplest principle of virus detection works in such a way that the antivirus program accesses a malware directory. This directory is constantly updated by the vendor of the antivirus software. Unknown malware, however, cannot be detected by such a reactive procedure. That’s why Mac anti-virus programs have proactive methods that are explained below.


The gatekeeper monitors the apps installed on the Mac system. The program checks the developer ID assigned to an app. These IDs identify a specific developer. This makes it easier for Apple to control the apps on the Apple Store. If a developer is negative, it is possible to block programs produced by him/her in the future. If an app does not have a developer ID, Gatekeeper alerts the user before installation. With the Ctrl key pressed down, the app can still be installed at the request of the user.


Under OS X, it is possible to run applications in a protected environment on the Mac using the included Sandbox app. In this environment, the sandbox prevents applications from accessing important system components. This type of quarantine also automatically has malicious programs. Such programs can then no longer cause any damage as a result of the withdrawn access. The Safari Internet browser can also be run in sandbox mode. If corrupted files are then downloaded via it, the rest of the system is also protected against access.

File Vault 2

File Vault 2 encrypts all data on your Mac’s hard drive with XTS-AES 128-bit encryption. This prevents unwanted viewing of private data should the Mac be used by unauthorized persons. In addition, data can be deleted more effectively. Removing the key first and then the encrypted data makes a subsequent recovery process extremely difficult.


The built-in malware protection on OS X is known as Xprotect. The program monitors content that is downloaded via the browser, e-mails or messages. A message informs the user about possible dangers. The system makes use of an Apple database. Malware that is not listed here will not detect Xprotect. It therefore does not replace complete virus protection.

iCloud keychain and password generator

Many users do not pay much attention to the backups of their various user accounts. By using few simple passwords and then using them for all their accounts, unauthorized persons can easily override password protection. With the Password Generator, Apple provides its customers with a tool that creates secure passwords. However, as these are not always easy to remember and notebooks with different passwords can easily get lost, the iCloud keychain stores these passwords with allocation of the different accounts. An antivirus program is most effective when it relies on both practices – reactive and proactive. The reactive strategy reliably detects known malware and proactive procedures can protect the operating system from unknown threats.

4. Free-of-charge MAC virus scanner

The Apple Retail Store offers a wide range of Mac anti-virus products for free and paid download. What are the advantages and disadvantages of paying for free protection?

Freeware or Paid?

Free Mac anti-virus programs offer the clear advantage of being able to use them at will without the need for monetary means. If they don’t deliver the desired results, it doesn’t matter, as they can be removed from the system without any losses. In addition, the free Mac virus scanner often eliminates the need to register, so that these antivirus software can be installed at short notice. Frequently, free antivirus programs can be upgraded to a paid version.

However, this already shows a disadvantage of free anti-virus programs: The antivirus software usually does not contain more than the basic functions. This means that they often only have a reactive approach that detects malware based on defined signatures. Heuristic methods for proactive detection of malicious software usually do not include free Mac virus scanners. This means that free anti-virus programs are not prepared for new types of malware that have not yet been registered in the databases. In addition, programs that are subject to a fee include useful additional functions that go beyond the actual scanning of the operating system. Depending on your needs, the purchase can be worthwhile. This is especially true for parents, as some of the Mac virus scanners include a backup for their children, allowing balanced control over the home network.

5. The greatest threats to OS X

Despite all the built-in security features, Apple’s OS X is not completely secure. On the contrary, security researchers claim that the built-in security features such as the key ring or the sandboxing process can produce uncertainties. In a 2014 scientific study at universities in Indiana and Beijing, researchers Luyi Xing, Xiaolong Bai, Tongxin Li, Xiao Feng Wang, Kai Chen, and Xiaojing Liao have investigated the security mechanisms built into OS X. The result: both the iCloud keychain and the sandbox offer gaps that malicious software can exploit.

Keychain- The iCloud’s Gatekeeper

According to the researchers’ report, the keychain mechanism works similarly, though not the same as sandboxing. This means that keychain also isolates individual apps from each other, so that unauthorized access between apps cannot occur. This is to prevent malicious software from reading out passwords and other sensitive information associated with a specific app. However, if attackers succeed in placing a corrupted app in the Apple Store, it could make an entry in the keychain for a program and enter certain values in the associated Access Control List (ACL). The ACL determines for an entry whether an app is authorized to read and write objects. In addition, the malicious software must be aware of the attributes for a specific app that is to be adopted. These are values such as the account name or the file path of the app. The six researchers believe that such a scenario is possible. However, they do not provide any information about the probability.

Sandbox – Perfect security or just a good feeling?

Incidentally, there is criticism of both scenarios for OS X regarding the implementation of such a technology. Because all apps that can be downloaded from the Apple Store are scanned for malicious software in advance. In addition, the gatekeeper represents a further obstacle for malware from the net. Nevertheless, the researchers have proven that exploits exist in Apple’s operating system and that additional protection from a Mac virus scanner and sensitive handling of downloads is also worthwhile on a Mac. The Sandbox is also not a 100% guarantee for the security of OS X, according to researchers from China and the USA. So the access mechanism can be cancelled by smaller helper programs, because as soon as the app in the sandbox contacts such a helper service, access to the directory of the respective other app is granted – the so-called container. This includes, among other things, all presettings. This way, a sandboxed, secure program can connect to other software via a utility and still get access to its container, even though these access rights should actually be withdrawn.


As early as November 2014, security consultant Emil Kvarnhammar drew attention to a vulnerability called Rootpipe in OS X. Errors baptized by the rootpipe cause an unwanted extension of rights under OS X. This allows attackers to use the Mac system as an administrator without having the necessary privileges. Users should therefore revoke the administrator rights for the account they work with on a daily basis. This works by creating a new administrator account on the Mac and withdrawing the rights from the actual work account. In addition, important data can be protected against unauthorized access with the File Vault.

6. The History of Mac Viruses

Apples of the apple brand are also popular because they offer good protection against malware. One reason for this is the lower spread of Apple products – Macs continue to run on Unix and not on DOS like Windows computers, which makes it very easy for typical PC malware to spread to Windows PCs. In spite of all this, the computers with the apple logo are not completely immune to digital dangers either – the number of successful Mac attacks by malware has even increased in recent years. This makes it all the more important to understand where the entry points for viruses, worms and the like lie in order to protect computers sensibly and effectively with the help of a Mac virus scanner. The first dangers for Mac: Word macro viruses. The very first viruses for Macs are harmless to ironic. In the 1980s, Elk Cloner infected the boot sector of Mac computers and blended in short poems. Even nVir spread via floppy disks and caused Macs to “Do not panic!” after printing errors, program and system crashes via voice synthesizer. to proclaim.

The first serious malware for Macs was the Word macro viruses of the 1990s, some of which can still be found today in the macro functions of Microsoft Office. These viruses spread when the macros are activated in Word or Excel files and can damage the system, but they cannot spread on their own. To date, therefore, it is better to deactivate macro functions in Office for Mac to avoid waking up sleeping pests.

Few attacks by worms and trojans

The 1990s were the era of Windows PCs – Macs were therefore uninteresting for the developers of malware. Even after the turn of the millennium, the number of malware programs for Macs remained very limited. In 2006, for example, Leap (OSX. Leap. A, Oompa Loompa) caused considerable damage in 2006: this is an instant messaging worm that spread via the iChat Buddy lists. The malware was camouflaged as an image file, which the respective user had to download and actively execute. In 2007 RSPlug (DNSChanger, Jahlav, Puper) spread via porn sites and pretended users that a plug-in was needed for a missing video codec. The malware changed the DNS records of the infected machine and attempted to retrieve passwords from fake versions of popular websites such as eBay. While malware such as the 2009 Tored failed due to its own faulty code, serious dangers such as the 2010 HellRTS (Pinhead, Hellraiser) required the active cooperation of the user, who had to download infected disk images and enter his admin password to activate them. In the past, this meant that self-propagating malware didn’t have to fear Mac users.

Increased malware threat since 2012

Since Mac and other Apple products have become increasingly popular with customers, attacks on computers and mobile solutions have also increased. The new threats spy on Mac users or install themselves through manipulated pirated copies to damage systems. The best example of this is Flashback, a Trojan horse that spread through an outdated Java version in 2012 and infected hundreds of thousands of Macs for the first time. The malware was spread via manipulated web pages that prompted users to install a new version of Flash Player. What exactly this pest causes is still controversial today – but it is suspected that passwords and bank data can be accessed over a large area. Three pests appeared in 2014.

The LaoShu Trojan horse spread via fake email delivery notification and was able to not only find files and certain file types, but also transfer them to a remote server and allow additional codes to be reloaded. iWorm and WireLurker were also able to open backdoors and retrieve data. From this direction, future dangers are also looming, especially since malware for Mac is now more intelligent in its design and can fake software signatures, for example, that can bypass Apple’s GateKeeper. This makes it all the more important to protect the computer in the future with a good Mac virus scanner in order to complement the integrated security systems.

This security is ensured by OS X

Apple’s operating system is already equipped with several security features. So the Mac system is not completely unprotected right from the start. However, the most important measure for a secure operating system is to keep it up to date. Apple therefore updates OS X regularly. In this way, weak points in the system that can be exploited can be repaired. All programs installed on the operating system should also be regularly checked for updates. Frequently, it is not the operating system that provides the target, but software from a third-party vendor. To prevent this from happening, OS X offers programs that protect against exactly such vulnerabilities.

7. And this is how we compare

Although Mac systems tend to have a high level of security, a professional Mac anti-virus program never hurts. But what does it come down to? Which features should I pay particular attention to? In the course of the Mac virus scanner test of the different antivirus programs, these four test criteria were chosen: security, performance, operation as well as help and support. The Mac virus scanners can reach a maximum of 5.00 points per rating category. Since all test criteria are equally weighted in the test, all Mac virus scanners can be compared neutrally with each other. At the end of each review is a short and concise summary that sums up the most important information of the Mac antivirus software. Based on these criteria, it should be easy for the interested user to find the virus scanner that is perfectly tailored to his or her individual needs and will in future be able to protect his or her Mac computer even better against all kinds of malware attacks.


Under the heading Security, the Mac virus scanner test deals with the respective protection modules and security features of the antivirus programs. The main focus of the test is the detection of malware and its efficient and complete removal. In addition, it checks which bonus features the antivirus programs can throw into the balance to bring the security of the Mac computer to an even higher level. These include the above features such as email protection, parental controls, a firewall and special protection for instant messaging services. If you want to score very well in the test of antivirus programs, you should have all these features on board.


Antivirus software should be able to detect and remove malware effectively without overloading the computing capacity. The Performance section checks to what extent the antivirus programs slow down Mac load times and how long an average scan takes. Can the Mac still be used during a full scan or is the system load too high? Mac virus scanners should also be able to prevent presentations or other full screen applications from being disturbed by sudden updates of the antivirus program. These and many other questions are addressed by the Performance checkpoint in the test.


Not everyone can be a computer professional and spend the time needed to learn how to use complicated antivirus programs. For this reason, the checkpoint Operation checks whether the antivirus software can be operated perfectly even by non-professionals, so that all functions of a program can be used and configured without any problems. Furthermore, the user interface of the antivirus programs is also the focus of attention. Is it attractively designed so that everyone from beginners to professionals can find their way around the software? Is the program guidance intuitive and can all functions be found easily?


Questions or problems with program operation can occur at any time; there may even be a problem with the software itself. In this case, professional help from the manufacturers is desirable. In the Help and Support section, we check which tools companies provide to help solve problems efficiently. Are the competent service staff available around the clock or do users have to stick to fixed opening hours? What languages does Technical Support provide?

Conclusion on Mac Antivirus

The most serious differences are undoubtedly in safety. While users can do without longer service opening hours, the protection of the computer is the top priority. The performance of all Mac antivirus programs – with the exception of the Anti Malware byte Anti Malware For Mac – is impressive. Overall, the test winner not only impresses with its numerous functions and safety standards, but also with an acceptable price.