My husband and I would like to scan a MacBook Pro, iPhones, and iPads for malware. We haven’t received any system alerts, but we would like to positively confirm that the devices aren’t infected. What Mac OS software and iOS apps work best for this? Thanks!
For what purpose?
If you have to work with the content of that Mac, then yes, you should scan it. Malwarebytes is free and easy to use, but others may recommend something else. And if you can’t be sure, then maybe copy the documents you need to another computer (where your apps are all up to date and have macros disabled for security, etc.)
On the other hand, if you are buying/receiving a used Mac and you don’t need its existing content, then I’d say you should boot into recovery (or Internet recovery) mode and use that to delete the macOS APFS containers and perform a clean reinstall of the OS.
It is not possible for an iOS app to scan for malware. Fortunately, the risk of getting malware on an iOS device is low and Apple has a review process regarding app admission into the App Store.
The biggest threat to iDevices are targeted attacks by Nation States to monitor political and media individuals. Although there is scanning software that can detect known versions of such malware, it seems there is no way to remove it other than returning the device to factory new and starting over.
Apparently iMazing is an example of such software:
While the (free!) iMazing spyware scanning for iOS and iPadOS is a great and welcome offering, an important constraint to keep in mind is that the scans only look for traces of a limited set of spyware attacks of the sort that are usually used by government intelligence agencies. So iMazing isn’t a complete solution for anti-virus or anti-malware.
I guess I need to point out that the terms “anti-virus” and “anti-malware” as used in this discussion are synonymous. A virus is just one type of malware that can occur. Companies that still use the AV terminology for their products simply haven’t changed their naming convention over many years to adapt to current realities. They all attack the same malicious threats with varying means of accomplishment.
Apple recently told a number of people that state-sponsored actors may be targeting their iPhones, including journalists and politicians in India. Devices that get warnings usually show signs of spyware infection (or an attempt).
Although Apple almost never reveals details of defensive security measures they include in their OSs, most of us assume that they include means of detecting such signs in recent versions of iOS, making the need for 3rd party scanning for these threats to be redundant and certainly not worth spending any money on. So unless you are associated with a known targeted group, it’s likely unnecessary to be spending further time or energies worrying about it. It’s far more likely for a user to be scammed by a malicious app installed from the App Store and overlooked by Apple code enforcement staff.
On the off chance that anybody reading this discussion has received one of these warning notices or believe you belong to a targeted group, you should implement Lockdown Mode.
I agree that for the OP’s question, it’s a matter of semantics but if viruses are a subset of malware, then the two are not synonymous.
In any case, iMazing provides its spyware scanning for free (within an application that does cost money for its other functions) so trying it out is pretty low risk. The software has been around for several years and seems to have a decently sized user base.
But that’s not what I said. Anti-Virus software and Anti-Malware software perform exactly the same function, therefor those terms are synonymous.
Wikipedia says “Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user’s computer security and privacy. Researchers tend to classify malware into one or more sub-types (i.e. computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper and keyloggers.”
I did understand that the Spyware scan of iMazing is free and I did check it out when it was first mentioned it in another discussion, but iMazing was unable to access my iPhone mini to conduct the scan.
Do you know of any other such products for iOS or iPadOS?
Malwarebytes has an iOS app…but it’s really a privacy utility, unlike the macOS version. As has been mentioned before in discussions here, Apple doesn’t seem to allow any AV/AM apps for iPhones and iPads.
Users, consequently, have to rely on staying alert, checking app settings, and using the limited number of privacy and security oriented apps that are available. This is what I have on my iDevices:
- Firefox Focus (for general browsing)
- DuckDuckGo browser (for use with a small number of trusted sites since Firefox Focus has limited functionality)
- Sophos Intercept X (has a Wi-Fi network security checker and a secure QR code scanner)
- Disconnect Privacy Pro (a free version that acts as an ad blocker)
- Norton Ad Blocker
But none of this is as comprehensive as AV/AM software. I’ve considered subscribing to a VPN as a privacy measure but haven’t done so yet because I rarely connect my iPhone to public Wi-Fi and only do financial and sensitive stuff on my Mac. Plus with zero-click attacks, none of these measures matter much.
Two important details about iMazing’s free-to-use scan tool:
- It only scans for infections and provides notification if found. It cannot “fix” them.
- It scans a backup of the device. (It first makes a full backup of the iPhone to your Mac’s drive and then scans it for potential infections.)
iMazing has a blog posting discussing things in more detail for those interested:
My husband and I would like to scan a MacBook Pro…
With regard to your Macintsosh, you can do a comprehensive scan (and disinfect your Mac, if necessary) using:
VirusBarrier Free Edition (free)
Note that anti-virus programs, surprisingly, do little or nothing to combat adware. Adware isn’t malicious, it just serves up extremely annoying ads. AV companies (and Apple) for some reason usually decide to ignore adware. So, in the event that you find yourself infected by adware, you may want to download and use:
DetectX Swift (free)
NOTE: If you have a recent version of the MacOS (macOS 12.3 or later), fully interactive anti-malware protection is built-in. There is no need whatsoever for third party anti-virus software:
A “Rapid Security Response” feature was added for macOS 13 (Ventura) and later:
This feature addresses security concerns that, when they arise, are considered so severe that they need to be addressed immediately.
Apple apparently has hit pause on this feature after its initial use in July ended up causing issues that seemingly were due to insufficient testing. There have been several instances since then when Apple told us they were they “aware of a report that this issue may have been actively exploited…” which one would think would meet the criteria for an RSR, but were handled along with other vulnerabilities in a regular Security Update.
IMHO, consider the “weakest” one of these to be Macbook Pro. I wouldn’t worry about iPad and iPhones.
I agree with what has been said and in the whirlwind confusion of hyperbole and discussion, I have settle upon the following for my MacStudio and Macbook Air.
Phil Stokes’ Detect X Swift: DetectX – sqwarq | security for your mac
Malwarebytes Free Home Edition: https://www.malwarebytes.com
Intego VirusBarrierScanner: Free in the Apple Store
Howard Oakley’s XProCheck: Free at XProCheck, T2M2, Ulbow, Consolation and log utilities – The Eclectic Light Company
Howard Oakley’s SilentKnight: SilentKnight, silnite, LockRattler, SystHist & Scrub – The Eclectic Light Company
Make sure in System Settings >Network>Firewall is turned on.
I also use some other free apps from Patrick Wardle’s ‘Objective-See.com’ website.
I am at the level most likely of overdoing it and fine with that.
My view is that the ability to rely solely on the built-in macOS virus and malware defenses depends on many factors, especially:
- If the computer is used for business purposes.
- What kinds of sensitive and confidential data are stored on the computer.
- If files are sent to and received from Windows computers.
Further, I think anybody who believes they are a target for malware or doesn’t want a single point of failure should use both Apple’s built-in protection and another anti-malware application.
For example, macOS didn’t provide protection against this threat:
I guess if you know of a third party anti-virus program that is more effective than Apple’s own multi-layered anti-malware program, and you think that there are threats that it can handle that Apple can’t, then you are wise to use that.
I am in a profession where we are required to use “best efforts” to protect client data. So, I’ve been using the full commercial version of VirusBarrier for about 20 years now. (VirusBarrier consistently wins best AV program shootouts from believable sources.) The thing is, in 20 years, it has never “saved” me from anything that I needed saving from. It’s hard to say that I need something better than what Apple offers in the Mac OS when the best AV program available hasn’t had to save me from anything.
I have extremely sensitive and confidential data on my computer. That’s why I use a third party encryption program to keep that data safe when it’s not being accessed. This is what I use. It’s free:
(Instantly encrypt and password protect your files or folders. Decrypt them with a double-click and enter the password. Not even the FBI can break this encryption. There is also a free version of this product for Windows, so encrypted files can be shared across platforms!)
As far as being hacked goes…I’ve been in touch with literally tens, maybe hundreds of thousands of Mac users over the decades. I’ve yet to hear a believable first hand account of a Macintosh user being
directly hacked. Most users are behind a firewall that is part of their Internet access hardware in any case. No additional software is necessary.
There has long been the myth that Macs spread viruses to Windows PC’s and some PC users even refer to Macs as “Typhoid Mary’s.” At best, this sort of statement is ill-informed, and at worst it is a nefarious lie.
Macs do not spread Windows viruses and there is no sound reason why Mac users need to be using anti-virus software to protect Windows users from viruses.
Windows viruses usually show up in one of two ways on a Macintosh. First, they can show up as an e-mail attachment to a message sent out by a Windows virus on a Windows computer. In this case, the attachment won’t run on your Macintosh and it will open (if at all) as just a mess of code in a text editor or word processing program. It can’t do any harm to your Mac. Since a Windows virus can’t run on a Mac, it cannot re-e-mail itself out from a Macintosh (i.e. it cannot be self propagating). Such a virus will be easy to spot and just trash. There is little to no chance of spreading such a virus to a Windows using colleague.
The second common way to get a Windows virus on your Mac is to receive a Word or Excel macro virus as part of a Word or Excel document that someone sends you. You should have “Macro Virus Protection” turned on in the preferences of both of those applications, which will keep any unidentified macros from running. Documents with unidentified macros should never be sent to others.
So, if a Mac user exercises the slightest amount of care, the likelihood of a Mac user accidentally infecting a Windows-using colleague with a virus is ridiculously low. No virus detection software is required to protect Windows-using colleagues.
Possibly more importantly, Macintosh anti-virus software isn’t designed to identify all Windows viruses. Even the best Macintosh anti-virus programs only identify the most common Windows viruses. (I’ve asked AV developers about this specifically.)
In any case, any Windows user who isn’t running good, meticulously updated anti-virus software to protect themselves, frankly, has only themselves to blame if they become infected. It’s mind-numbing, but there are over A BILLION examples of malware for Windows, with over a HALF MILLION new examples arising EACH DAY!
Windows users should protect themselves. They shouldn’t have to rely on Mac-using colleagues to use AV software to protect them from the minuscule possibility of receiving a Windows virus from a Mac user. Windows viruses are Windows-users’ responsibility.
The “threat” that you reference isn’t malware, it’s adware. Adware isn’t precisely malicious, it just serves up extremely annoying ads. Your data isn’t threatened by true adware. Traditional third party anti-virus programs, and Apple, for some reason usually decide to ignore adware (unless it is so intrusive that it borders on being malware). I can’t tell you why they ignore it, but I strongly suspect that is has to do with past legal precedent.
In the event that you find yourself infected by adware, you may want to download and use:
DetectX Swift (free)
I don’t want to stoke a (all too common) loop of competing Mac security claims. So instead of responding point-by-point to others’ views, I’ll just post my personal perspective assuming you are still looking for guidance on how to approach security and privacy on your Apple devices:
- Focus on how you use your computer. Your daily activities and habits are more important than your hardware specifications when you make security decisions.
- Do what you feel is best for your situation and workflows. None of us here are as familiar with why you use your Mac, where you use your Mac, and what data is stored on your Mac as you are. And if something ever goes wrong, none of us have to face the consequences of a successful attack on your Mac. Don’t worry about pleasing a bunch of anonymous people on an Internet message board.
- Try viewing privacy and security measures as a type of insurance. Insurance helps protect you if something bad happens. Insurance doesn’t take the place of good habits, such as eating healthy foods, driving safely, locking the doors to your house when you go out, or installing smoke detectors in bedrooms. Similarly, staying vigilant when reading emails and downloading files is complementary to security software. Layers of security work better than a single barrier. Things can happen to you that are outside of your control.
- Take your personality into account. Are you an extremely conscientious and detail oriented person in all aspects of your life? Or are you somebody who likes to be spontaneous? When you’re faced with stressful situations, how do you feel and react? How do you approach making decisions? This is similar to retirement planning. Some people have the personality traits to plan and manage their retirement savings and investments on their own. Other people are better off working with a professional advisor.
Remember, security decisions usually are not binary. You have the ability to do nothing, do some things, or do a lot of things. You can do things in stages or over a period of time. You can uninstall software or cancel subscriptions. So try not to overthink this stuff. Do what feels comfortable to you, at a pace that you feel is right.
I have a laptop license for the CleanMyMac software, a utility which includes a Malware scan. It gives me an additional peace of mind, although I agree with most commenters that Mac’s vulnerability is very low, and are smart about email, web browsing, etc. I have been hacked twice in recent years, but on my external accounts (Amazon and my cable service email).