I would like to propose a Do You Use It kind of poll, for anti-virus software.
There was a somewhat annual poll in DSL Reports. I took over maintenance of it, and created polls for Windows, Mac, and Linux users. (Here I’m only proposing Mac users.)
The problem was that 1) the poll system used by DSL Reports stopped working, and then 2) DSL Reports died.
But I do remember that I was thinking that the next poll wouldn’t have a just a long list of products. Instead it would be two questions.
What kind of anti-virus software do you use?
Just what’s built-in to Mac OS
A free product (or a product that is provided to me for free)
A commercial product, that costs $
(For Windows would you believe that this question needed an option for "none at all, not even what comes with Windows? Seriously.)
If you use an anti-virus product, which product do you use?
For this question, in previous pools I gave as choices specific product names, because otherwise it wasn’t distinguishing between free and paid-for versions of a product. But that was a very long list, especially since some products are like mattresses or TVs: different marketing channels have their own “bespoke” product name. Such as McAfee Total Virus Protection Plus vs. MacAfee Security One AI Edition. (I’m making these names up).
So my plan was to instead just have product families, like “McAfee”, “Sophos”, “AVG”, etc.
I got the list of products from Wikipedia and a few authoritative round-up reviews.
I suppose you can also distinguish between users who have an antivirus product but only use it for explicit scanning, rather than real-time protection. I know some people work that way. And some people work that way with different products, e.g. one product for real-time protection but a different one when they want to scan a file or the machine.
(If you don’t know this: it is a very bad idea to run more than one anti-virus product that are both doing real-time protection.)
I think it should also capture whether someone uses antivirus software because their employer requires it, and in that case whether they otherwise wouldn’t.
I would guess that on macOS the vast majority only use the built-in scanning, and that most people who do use anti-virus software on the Mac only do so because it’s required by their employer.
At least as of relatively recently, my understanding was that third-party macOS anti-virus software was somewhere between not useful (because macOS does a good job) and actively harmful (because it interferes with the OS too much).
I think if you have sensitive or irreplaceable data to protect, it’s not a good idea to rely solely on macOS’s Gatekeeper and XProtect. Build up layers of security with other utilities and apps.
I’m open to running something like this, though I strongly suspect that most readers don’t use any third-party anti-virus software, in part because we have long recommended against it.
I guess there’s also a question of how often you use such software. I keep Malwarebytes on my Mac and run it once a year or so. It’s never found anything. Does that count? (Or rather, it’s on my last Mac—I probably wouldn’t think to download it again for another six months or so.) I’d never leave such software running all the time.
Again, THIS IS NOT A POLL, but if people can share what they use if it hasn’t already been mentioned (like Malwarebytes has), I can see about working up such a poll.
You would be a “don’t use third-party software for real-time scanning but do for on-demand scanning”.
Free Sophos (Sophos Home)
If we have such a poll, what I’d say in the comments would be that I’ve debated whether I should stop running it, both because maybe macOS’s built-in protection does effective protection now, and I’ve had cases where Sophos has caused problems until I rebooted.
But I’m not convinced the built-in system is complete. I think it only does web protection in Safari, and I question whether it blocks bitcoin mining scripts – I know for a fact that Sophos does.
For file-based malware, it doesn’t catch the EICAR test. That’s a red flag.
When I pointed this out on another site, the response was that of course it doesn’t block EICAR, because EICAR is an anti-virus test file, not an actual virus. But by that logic, pressing the test button on a smoke alarm shouldn’t do anything, because it is not a real fire.
Lastly, the built-in software only detects Mac threats. Sophos also ensures you’re not a vector for Windows threats. Such as, someone sends you an infected Word document and you send it on to someone else, where the infection is Windows-specific.
Many years ago (whenever the Microsoft virtual machine still existed) I ran a virus check and found Windows malware in a Word document. This was about the same time there were some common OS X malware files that could be found using Finder search. Recently, for several years I have run MalWareBytes scans and have never found anything.
I keep my OSs up to date and rely on Apple’s XProtect and Windows Defender. Based on my experience supporting other Apple users, the biggest threats come from naive clicking on iffy ads or links in emails. As with vampires, be careful who you invite into your home system.
A good thing to know about Malwarebytes is that it doesn’t do full-disk scans. This isn’t as big of a problem as it was in the past, I’d say, since macOS now has a sealed system volume but it is a design decision that could be exploited by an attacker. So, as always, layered security is a good practice for anybody who needs to protect sensitive or irreplaceable data.
I don’t regularly use any anti-virus software. I do use CleanMyMac, and it has an “on-demand” software that I occasionally use. To the best of my knowledge, I have never had a virus or any other malware on any of my Macs.
A broader question might make an interesting poll. What do you do to make your Mac more secure? Run 3rd party AV software, run other security-related 3rd-party software (e.g. Lingon X, a launchd GUI tool that alerts on new installs), run as a non-admin user, have company-provided security proifle (e.g. Kandji), lock it in a drawer or closet. Increase web browser security settings. Do you click on emailed links that lead to a login (I try not to)? Cover the camera? There are likely others. Password manager, or did you do that already? Exclude VPN, since you’ve already done that.
A good thing to know about Malwarebytes is that it doesn’t do full-disk scans.
I’ve never been able to recommend Malwrebytes. It’a always been obvious that the product is only looking in a few places for files with particular names.
Here is a list of what Malwarebytes looks for, from Malwarebytes themselves:
There are only 21 pieces of malware there. (Some of it arguably isn’t even malware.) But if you go to the site where all of the commercial anti-virus software developers keep an archive of all Mac malware since the advent of OS X, there are close to 300 pieces of Malware. So, I ask you, do you think that Malwarebytes is a comprehensive anti-virus program?
Each morning I run Detect X Swift and Intego Virus Barrier before plugging in my back up disks (two CCC and one TM). Very rarely the Intego product will claim there is malware in a file in Firefox’s cache.
I have used Intego for years and from time to time it flags what it claims is malware and confines it. I use Firefox and I don’t recall Intego flagging anything in Firefox’s cache.
Another question might ask if anyone relies on spam filtering to catch viruses.
If you mean user-created filters, not the “automatic” scanning email providers such as Gmail do on every attachment, what rules do you use? And which parts of emails (text, links, graphics, attachments, etc) do you focus on, if any?
