Is antivirus needed for OSX in 2020?

This question pops up every few years but I'm now in a position where I have to evaluate what protections are appropriate for a fleet of company MacBook machines.

So... again... is an antivirus program required/recommended for Mac?

If so, which tool would you recommend?

I don't know about "needed", but I certainly feel better for having it. I subscribe to ClamXav, and have it update its signatures every day. I let it scan everything in the Downloads directory automatically, and make sure all internet downloads, and all email attachments, go there. Having been in charge of a company's IT for some years, and having witnessed how careless and/or clueless people can be, I definitely recommend it for business users (along with mandatory backups, but that's a different topic).

MacOS, like Linux, is a Unix-style OS. Literally Unix, in the case of MacOS. And, as such, designed from the core to be secure.

But, as an article I was reading just last night pointed out, security is very dependent on the operator. Just about all of the recent scary exploits for Linux require a poorly-secured/obsolete version of Linux, but unlike the article's author, I'm less than sanguine about the number of people running, for example, CentOS 6 (I hated systemd enough that I didn't migrate myself until a year ago), or granting excess privileges to people who shouldn't have had them.

Knowing Apple, they probably have some aggressive measures in place to keep software current, although update channels themselves have been known to be infected. And just this morning I caught an discarded an email with malware payload.

So, yes, for consumer systems, I'd recommend a good anti-virus program. I can't recommend brands in general, but Avast seems to be popular for Linux, and I believe there's a MacOS version.

I'm using the free version of AVG Antivirus.  Mostly it seems to work silently in the background, with an occasional nag to upgrade to the full paid version.    

Tim Moores wrote:I don't know about "needed", but I certainly feel better for having it. I subscribe to ClamXav, and have it update its signatures every day. I let it scan everything in the Downloads directory automatically, and make sure all internet downloads, and all email attachments, go there. Having been in charge of a company's IT for some years, and having witnessed how careless and/or clueless people can be, I definitely recommend it for business users (along with mandatory backups, but that's a different topic).

I once got a security alert on one of the more infamous Windows viruses and I forwarded it on to my boss instantly. It showed up in his inbox right after an infected document. From Corporate.

I think we pulled about 140 instances of that viruses off one of our servers.

And yes, ClamAV is also well thought-of!

Thanks for the feedback. ClamAV got multiple mentions so I'm going to go with that I think, although it looks like some careful setup is required which will need some thought and experimentation. The positive side effect being I can use it for our Linux machines too.

I realize I am waayyy late to the party, but I came across this thread and wanted to chime in.

I've got over 23 years in the IT industry, which includes a ton of client support work. One thing is for certain, there is no such thing as a virus-proof OS. The old cliche that claims "Macs don't get viruses" has always been a false narrative that was derived, by fanboys, from a true narrative. Since the OS on a Mac is built up from Unix, there is an inherent level of security that comes with that. However, back when that cliche started surfacing, one of the other factors in Macs seeing fewer infections from viruses was that they weren't being targeted. Hackers usually hack for a purpose, and most of those purposes don't place them face-to-face with Mac systems. Ergo, fewer viruses that target Macs.

However, that isn't the case anymore, as there are quite a number of viruses nowadays that do target Macs. As I point out to the fanboys, why would a software publisher waste time and money to make anti-virus applications available for the Mac OS if it wasn't actually needed? That would equate out to poor resource management on their part. Furthermore, the OS isn't the only factor when looking at viruses, hardware also plays a role, which is why it is absolute truth that there is no virus-proof OS. (And for the record, because I just couldn't get through to a particular Apple fanboy, I intentionally infected my own Macbook Pro with a few different viruses).

That said, if you want the best in AV protection, I always recommend Sophos. One typical issue I find with many of the AV products available, especially the freeware/freemium titles, is that they are sloppy resource hogs (and tend to be rather annoying with their obnoxious notifications). Sophos not only provides incredible protection, it also gets an A+ in both of the aforementioned areas. I've rolled out various levels of their software on numerous corporate/enterprise infrastructures, and I use the [free] home version on my own Macbook Pro. The company behind Sophos is based out of the UK, and in the 13+ years I've been using/recommending their products, I've experienced nothing but excellent protection and performance.

That's my two cents. I hope someone finds it helpful.

Adam Wentz wrote: As I point out to the fanboys, why would a software publisher waste time and money to make anti-virus applications available for the Mac OS if it wasn't actually needed? That would equate out to poor resource management on their part.

Any marketing expert will tell you that you "waste time and money" on whatever sells. If an AV product did absolutely nothing, but you could sell it, they'd market it.

Notwithstanding, over the years I've had two intrusions on Linux servers that had to be fended off and I don't have clueless users randomly clicking this and sharing that. An anti-virus product is no guarantee, but it can help. An alternative I used to use was a system whose name temporarily escapes me that would catalog the files on your system and monitor for changes in them. That's after-the-horse-is-gone checking and subject to corruption in its own right (as is any program, including anti-virus programs), but it was at least polite enough not to eat my machines alive. The interminable wait when Windows boots and a product like Norton beats the hard drive to death for 20 minutes before the machine becomes usable is in my view dangerous. It incentivizes the user to switch it off.

Tim Holloway wrote:The interminable wait when Windows boots and a product like Norton beats the hard drive to death for 20 minutes before the machine becomes usable is in my view dangerous. It incentivizes the user to switch it off.

You hit a very important nail on the head here, Tim. And when I speak of sloppy resources hogs, Norton is the very first name that comes to mind. It always perplexes me how one can unmistakably note the performance decrease realized by simply installing Norton on their system. Norton is to computer security what AT&T is to telecommunications! (and that isn't a good thing)