The best Mac security software
Whether you’re worried about ransomware, phishing emails, or your webcam being hijacked, you’re probably aware of the need to protect your Mac from malicious actors who seek to do you, and it, harm. One solution is to install security software on your Mac, to add to the protection already provided by the operating system.
Security software comes in many different types from antivirus tools, to firewalls and virtual private networks (VPN). Some programs offer a number of different tools, while others specialize in just one function. In this article, we’ll take a look at the best security software for your Mac.
While it’s primarily known as a tool for clearing out the clutter and improving the performance of your Mac, CleanMyMac X also has a couple of security tools. Its malware removal module allows you to scan your Mac for malware and remove anything it finds. It’s known for its large database that allows to remove macOS-specific adware.
It uses a regularly-updated database of known malware to compare against the files on your Mac. If it finds a match, it will alert you and offer to remove it. And you configure it to monitor your computer in the background so that you’re always protected. It also has a Privacy module that clears out browsing files like history, cookies, and temporary cache files, and cleans up your chat history in apps like Messages and Skype.
CleanMyMac also allows you to manage Safari extensions and plugins, and it has a file shredder that enables you to securely delete sensitive files.
CleanMyMac X is notarized by Apple and can be downloaded for free here.
Intego Mac Premium Bundle & Virus Barrier
Intego’s Mac Premium bundle is a combination of a number of its separate security tools. It includes: Virus Barrier; NetBarrier; Washing Machine: Content Barrier; and Personal Backup.
All of these, with the exception of Personal Backup, are designed to keep your Mac secure, with the backup tool providing contingency in case something does slip through and your hard drive is wiped, or you need to wipe it and start again.
VirusBarrier is an antivirus tool, while NetBarrier is designed to protect your Mac from unauthorized access. Content Barrier is a suite of parental controls, and Washing Machine provides tools to clean out files on your Mac and improve performance.
From a security point of view, the most interesting tools are Virus Barrier and Net Barrier. The former includes support for detecting Windows’ viruses so that if, for example, you’re on a mixed network, you won’t transmit a Windows virus to a PC on the network. The latter allows you to configure different settings for different locations so you can, for example, be more strict about which applications and services can connect to the internet when you’re on a public wifi network.
Little Snitch is different from most of the other tools on this list. Whereas they are concerned with things that are trying to attack your Mac from the outside, it focuses on apps already on your Mac that attempt to connect to an external server.
This could be an email client connecting to a server to send or receive mail, or an application that needs to check you have a license before it allows you to run it.
When any app tries to connect to a server, Little Snitch will alert you and give you the chance to block the connection or allow it once or every time. The app learns from your decisions and creates rules for the future. There’s a silent mode that prevents you from being overloaded with alerts, allowing you to come back and deal with them later.
Most malware attempts to connect to an external server at some point, so by running Little Snitch, you can be alerted not just to the attempted connection, but to the existence of the malware on your Mac.
Block Block is an anti-malware tool that successfully detected the MacSpy and MacRansom malware in 2017. It works on the principle that most malware is designed to be persistent. That is, it launches whenever your Mac restarts and stays active for the whole time your Mac is running. Block Block scans your Mac for known locations where persistent malware stores files and alerts you if it finds anything.
Like Block Block, Ransomwhere successfully detected MacRansom. It works on the basis that ransomware encrypts files on your Mac in order to attempt to extort money from you to unencrypt them. Ransomwhere scans your Mac looking for files that are being encrypted by what it calls ‘suspicious processes.’
Lulu is a firewall designed to complement the firewall that Apple built into macOS. While the built-in firewall is designed to prevent unauthorized incoming connections, Lulu does the same job for outgoing connections. It blocks all unknown outgoing connections until they are authorized by the user. In that sense, it’s similar to Little Snitch.
Lulu is shared source software, and the source code is published on GitHub, so anyone can inspect it. Lulu supports rules at the ‘process’ level — that means a process is either allowed to make a connection or it’s not. If you decide to block a legitimate app from making a connection, it won’t be able to make any external connections at all. Likewise, if you allow an app or process to make a connection and that app is hijacked by malware, the malware will be able to make external connections.
Do Not Disturb
Most of the security tools on this list are designed to protect your Mac from remote attacks. However, some of the biggest threats come from attacks that require access to your Mac. If you leave your MacBook in a hotel room, for example, and someone enters the room, they could potentially physically install malware on it or compromise it some other way. These attacks are known as ‘evil maid’ attacks and require what are called ‘lid-open events’ because the attacker must physically access the Mac.
Do Not Disturb monitors your Mac for unauthorized lid-open events and logs them. It can display alerts on the Mac itself or send them to a remote device such as an iPhone. It can also run a script when an unauthorized li-open event is detected.
Keyloggers – malware that captures keystrokes — are a particularly nasty form of malware that can steal passwords and other login details for online accounts. They work by installing persistent keyboard ‘event taps’ to intercept keystrokes. On the Mac, these event taps use the CoreGraphics API. ReiKey detects these event taps and alerts you anytime it spots one. By doing that, it intercepts and warms you about the most common type of Mac keylogger.
Aside from keyloggers, the other method for malware to take over your Mac’s hardware is to hijack its webcam and/or microphone. OSX/FruitFly, OSX/Crisis, OSX/Mokes are three examples of malware that have used this technique. This is less of an issue in recent versions of macOS, as applications must now gain explicit permission to access the camera and microphone, and that permission can be revoked in System Preferences. However, in older versions of macOS, it’s still an issue. OverSight monitors your Mac’s camera and microphone and alerts you any time either of them is activated, making it impossible for any process to access them without your knowledge.
While macOS’ Activity Monitor allows you to view currently running processes, it’s designed to help you spot performance problems, not malware and so it is organized on the basis of the resources used by each process. Task Explorer allows you to see running processes, but also to view information such as which processes are signed by their developer, which use dynamic libraries, the files they have opened and the network connections they have initiated. To anyone with knowledge of what to look for, this gives plenty of clues as to which processes may be malicious.
There are several excellent password managers available for macOS and 1Password is one of the most fully-featured. It allows you to create secure passwords for websites and store them in an encrypted database. You can then access them from your Mac or iOS device. 1Password also allows you to create and store secure notes, as well as credit card and bank details, and license keys for software. Items can be organized in folders, tagged, and marked as favorites to make them easier to find.
As you can see, there is a wide range of security software available for macOS, covering just about every aspect of security from firewalls, to network monitors, to password managers. And the good news is that many of these tools are either free or have free trials available. So check them out and decide which ones are right for you.