Though it's often thought that Apple users with a Mac are exempt from worrying about viruses and malware, that isn't the case anymore and these days, more and more malware is being developed specifically for macOS. According to a blog post from security researcher Patrick Wardle who specialized in Apple products, there were 22 new Mac malware families in 2024 – up from 13 in 2022.
Even without the surge of new malware being developed for Apple's operating system, much of the viruses and scams that are designed to infect Macs rely on user error, like phishing, cryptojacking or USB jacking. There are ways to protect yourself against those threats too, but they rely on, well, you.
Here's a rundown of what security features are included in Apple's ecosystem, as well as what you can do to stay informed and alert on your end.
The one that scans: XProtect
XProtect runs in the background automatically without interrupting anything that you're doing, and you won't need to configure it or touch it much at all if ever really.
It's basically a scanning tool that helps your system continuously check apps against a reference list of malicious and infected programs. If you attempt to open one that XProtect identifies as being on that list, it will tell you what kind of malware it is and give you a pop-up warning with details.
If that happens, you should delete the file, though this won't provide you with complete protection. XProtect is considered basic protection, with the benefit of it being written directly into the operating system which keeps it from bogging down system performance.
But because the updates to XProtect are vital to keeping its list relevant, and effective in protecting your system, it's essential that you keep your Mac up to date to keep it protected. Unfortunately though, unlike with Windows Defender on PC, you can't tweak its settings or run a manual malware scan.
The one that blocks: Gatekeeper
Gatekeeper, also automatic, is designed to block any software that is "unsigned" which means the developer hasn't been approved or verified by Apple. The company is notoriously strict about the software it approves, and though it is not unheard of for malware to sneak through, this is extremely rare.
The Gatekeeper program checks for malicious software every time you run an app, and if you try to open something that is unsigned you'll get a warning message to notify you that the program is from an unidentified developer.
Gatekeeper can be configured to only allow you to install programs from verified developers (as well as the App Store).
The one that contains: Sandboxing
You may be familiar with sandboxing from iOS, as it is also used there, but the concept carries over into macOS as well: Apps are isolated from the operating system and other apps in a way that keeps them from making any changes without prior permission. This means that, hypothetically, even if you were to download an infected app it couldn't spread to other apps or areas of your computer.
However, there are various flaws known to sandboxing – such as, users are frequently asked permission to use the camera or microphone and don't think deeply upon giving this approval to apps. Additionally, Mac apps that are not sold on the App Store do not have to be sandboxed.
The one that locks: Lockdown mode
Lockdown mode is a pretty straightforward feature, and was more recently introduced in order to combat cyberattacks.
If you toggle the feature on to activate it, all your Apple devices are protected and threat actors will (theoretically) be prevented from stealing your data.
The setting limits a variety of apps like Messages, Safari, FaceTime and Apple services from full functionality. Once you've regained control of your devices, it can be disabled and you can restart your device to enable normal functions.
The one for the web: Safari protections
There are a variety of protections in place for Apple's Safari web browser from phishing prevention and anti-tracking technology. If you visit a fraudulent website, Safari will disable the page and show an alert. It also provides a Privacy Report that gives users information on the cross-trackers that Apple has prevented and allows users to keep advertisers from tracking them on the web.
Other Safari features include alerts that inform users of weak passwords when they're creating accounts online, and Private Browsing which keeps others from viewing your screen when you're not around and stops trackers from using tracking codes and recording data about you online.
The one for login credentials: Passwords and passkeys
As we mentioned, Apple will warn you if you try to create a weak password, but ecosystem will also alert you if you have reused a password, if your password has appeared in a leak, or if your password is easy to hack.
And with the recent transition to Passkeys, more secure methods are being used more frequently in addition to the increased use of the iCloud Keychain password manager across all devices. There's a dedicated app to manage passwords, and one password to unlock all others as well as an option to set up verification codes instead of using an authentication app.
Do you need third-party antivirus software on your Mac?
So, with all of those features (and more) do you still need a third-party option on your Mac? Well, the answer to that depends on what kind of device you have, what version of the software you're running and how you're using your device.
Apple offers a lot of well integrated features to keep users protected, and a third-party solution may provide you with an added layer of security. For instance, you might need a VPN or parental control software too. Third-party options like Bitdefender or Intego can scan your machine for malware, but can also back up files, provide dark web monitoring or identity theft coverage, cloud storage and more.
Some of these features can extend to your mobile devices as well, so depending on what your needs are, it may be well worth an additional subscription fee to include a third-party software in your Mac security arsenal while also relying on Apple's built-in protection.
However, that doesn't let you off the hook. Given that much of the malware that's developed for macOS is intended to prey on user error, you still need to watch your own online habits and make sure you're well informed.
How to stay safe on your Mac
Whether or not you opt to install a third-party solution, you need to know and practice good security habits to stay safe.
Phishing is one of the main ways that threat actors look to prey on Mac users, so make sure you know the signs: Don't click on or download anything from someone you don't know or are not expecting. When in doubt, ask the sender through an independent channel about a particular message or file they've sent over. Also, be suspicious of anyone who is trying to pressure you to do something with a sense of urgency or immediacy.
Update your software as soon as new patches become available. Your Mac's built-in security features rely on those updates to keep you safe and hackers love to exploit any holes left by old or outdated software.
Also, don't install apps from unknown sources, and don't plug your device into power chargers in public spaces or put unknown USB flash drives into your machine. Likewise, you want to avoid connecting to public Wi-Fi unless you're using a VPN.
With this bit of background knowledge in hand and taking some proactive steps, you can keep both your Mac and the sensitive personal and financial data it contains safe from hackers and cyberattacks.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
