Mac Virus

As I’m no longer regularly working in the security industry, this page is no longer being maintained. It’s left up here for historical reasons only.

David Harley, 15th April 2020

Added 30th April 2012

Avast!, which already carries a popular free antivirus application for Windows users, has now released a free AV application for the Mac. Download link below. I’ve also removed a couple of dead links to ESET pages and corrected  links to their Mac products.

Added 1st March 2011

Johan point out to me that I hadn’t included Dr Web’s Mac product in the list of vendors below, so I’ve repaired that omission (sorry, Boris!).

I also noticed in a recent Naked Security blog that there are links to another useful Sophos resource: Ben Jupp’s Mac OS X security tips part 1, part 2 and part 3.

Added 27th February 2011

The Mac Security Hub offers Mac-related links to Sophos blogs and other pages, links to information on the latest Mac threats, and videos.

Added 20th February 2011

Graham Lee’s blog: http://blog.securemacprogramming.com/ – the domain name is pretty self-explanatory. (That’s the same Graham Lee as the “Fuzzy Aliens” consultancy link below.)

Added 22nd January 2011

Intego’s report on “The Year in Mac Security 2010”

Cisco’s annual report, noting an uptick in mobile malware attacking smartphones including iPhones.

Symantec blog on the high proportion of Macs recruited into the Boonana botnet.

Added 5th January 2011

SophosTalk Community: See the About Sophos Talk page for more information.  This looks like an excellent resource for the many home users who’ve taken advantage of Sophos AV for Mac’s availability for free for non-commercial/home use. It also includes a link to the Support Knowledgebase.

Added 17th December 2010

Fuzzy Aliens, a business that offers tablet and smartphone security-related services, specializing in in secure coding, vulnerability audit & code review, and penetration testing, with expertise in iOS and Android.

Added 14th December 2010

Some unpleasant lout took me to task for not providing information on whether any “trusted” security products for the Mac exist. Since quite a lot of my current income comes from a security company whose portfolio includes Mac products, I don’t think it would be appropriate for me to discuss the comparative merits of these products (though if my colleague Mac ever had time for the non-trivial task of running some comparative tests, I’m sure he would do a better job than most of the Mac-oriented reviewers whose work I see from time to time). However, I don’t have a problem listing some of the more competent products currently on the market (strictly alphabetical order):

• AVAST! Mac Edition
• Avast! free edition
• Dr Web
• ESET Cybersecurity for Mac; ESET Antivirus Business Edition for Mac
• Intego AV and security products (Mac-specific)
• Kaspersky for Mac
• McAfee Endpoint Protection for Mac
• Sophos AV for Mac (enterprise):
• Sophos AV for Mac (free to home users)
• Symantec for business
• Symantec for home users (see the Macintosh tab):

I did actually write at some length about Mac-specific AV technology in one of two chapters I contributed to “OS X Exploits and Defense” (edited by Paul Baccas, published by Syngress in 2008): some of that info is now out of date, of course, and it isn’t free!

Note that while I have at some point tested all the products listed above, “at some point” does not mean “recently”. So I won’t be drawing on those test results for performance comparison purposes.

A product that I’ve never tested, but which some people seem to like as an anti-spyware measure, is SecureMac.

There are free security products for Mac. of course, that don’t come from mainstream security vendors. I rarely come across any that I can recommend without expressing explicit reservations, so there are none here at the moment. Next year, maybe.

Note that regularly checking that these links are still current is not top of my priority list. If you find one that is no longer current, feel free to comment here, but please keep it polite.

PS: I notice that I forgot to mention a very nice paper by Methusela Cebrier Ferrer for Virus Bulletin 2010 on “Sneaky Mac OS X threats”. Unfortunately, her blog seems to have disappeared, and I’m not sure if any of her recent papers are available on the ‘net. I’ll check that, though not necessarily right now.

Added 12th June 2010

At Virus Bulletin in 2009 Methusela Cebrian Ferrer presented an excellent paper on Mac malware issues, which I cited in the Mac security paper I presented at EICAR 2010 along with Andrew Lee and Pierre-Marc Bureau. (Meths was also there, by the way, and did a very interesting presentation on “Is there a future for Crowdsourcing Security”. )

Added 11th June 2010

Since you got here, you may have noticed already that I’ve started an Apple Malware Descriptions page here. Ryan L. Russell also has a descriptions page here, and while he cheerfully admits that it has a forlorn and abandoned look, it’s worth looking at both for the links and for the comments, which have less fanboi hatemail than usual.

Intego’s Mac Security Blog (http://blog.intego.com/) not only highlights the Mac malware they uncover themselves quite successfully, but also covers other Apple-related security issues. Intego is a specialist in Mac security products.

The SecureMac site at http://www.securemac.com/ posts Apple security news fairly regularly, and is the source of the MacScan antispyware application.

David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer