But... How would I know there is not a virus etc. in the downloads, from random websites?
The link I gave you is not a "random" website: it was a link to mozilla, those that make the Firefox browser.
Isn't the AppStore is the best and safe place to download stuff from, for newbies?
App store for sure is fine, but you'll find more outside of it.
Little known tools and so: those are easier to trust form the App store indeed.
You mac has some protections built in:
There are 3 levels of trust your mac has into applications:
- App store downloads: these are signed and are trusted by your mac
- Applications downloaded from the Internet at large and signed by a known Apple Developer:
These can be trusted by your mac (or not), but before they run the first time: you'll have to confirm you want to run them
- Applications not signed by a known Apple Developer: You mac will resist starting these applications: in recent versions of macOS you need to start them twice to get them to work: close it the first time and then confirm you want to open them the second time.
That second level is where you have a control panel:
> System Preferences ... > Security & Privacy > General
Unlock it with your password at the bottom
View attachment 1693434
Why is that signing by a known Apple Developer so important: Signatures can be revoked by Apple, so developers are much less likely to sign "bad" software as they risk their ability to get all theur things running on any mac.
On top of that your mac is monitoring what applications can do what with certain parts of your system and will ask you for confirmation (just once) to allow or deny applications to do certain things.
You can review those permissions and change your mind at any time in
> System Preferences ... > Security & Privacy > Privacy
On the left you see what can be accessed, on the right you see which programs have access to what.
This is also where you can detect that even a signed application is poking in places it has no business to access.
e.g.:
View attachment 1693448
Nah Chrome you're a browser. You won't ever get to play with bluetooth on my mac. In fact this prompted me to start to shun Google even much more than I already did (I'm a paying customer of theirs for some services)
As this seems like your first mac: it's pretty safe compared to windows.
No you don't need an anti-malware package on a mac as a general end-user:
- You have preventative measures as explained above (and more)
- Apple reacts if there were something harmful in the wild and blocks it on your mac just as reactive as an anti-virus package on windows does their reactive response (and you get it for free).
- There is little to no known malware for macOS active at any time, but it IS possible so you need to be aware of it and avoid things like websites that collect downloads in one place for you and you should think twice before you run that unsigned application. Also never follow instructions that would disable gatekeeper (some still suggest users do that - bad idea!).
You might wonder why there are still developers that distribute useful tools without signing it as an Apple Developer.
Yes some of us do that too. Some have a problem with the 99 USD a year the Apple Developer program costs. I also presume that singing things like a torrent client might not be all that easy as -let's face it- it's most often going to be used for copyright infringement.
more info:
-
https://support.apple.com/guide/mac-help/set-up-your-mac-to-be-secure-flvlt003/mac
-
https://support.apple.com/en-in/guide/mac-help/mh40596/mac
-
https://support.apple.com/en-us/HT202491
-
https://support.apple.com/en-in/guide/mac-help/welcome/mac
