Lightweight Antivirus Recommendations?

haravikk

macrumors 65816
Original poster
May 1, 2005
1,494
21
I've recently had to reinstall macOS and I haven't yet installed any antivirus; for the past few years I've been using the free version of Avast!, which has been fine, but I've never been completely comfortable with the invasive way that it operates (requiring root permission to inject itself into a bunch of places), and found I ended up disabling a lot of its features anyway.

All I'm really looking for is something that can scan files arriving in my ~/Downloads folder, and also lets me scan other files on demand.

I'm looking for something that doesn't require root permissions except when absolutely necessary, i.e- if I want to a run an on-demand scan of my entire system. I don't mind running one process per user account, so long as all it's doing is waiting for changes to some folder(s) I specify, i.e- nice and lightweight.


I seem to recall that ClamXav used to be an option, but it appears to be a paid-only product now, despite just being a wrapper around the open-source ClamAV. Are there any other free ClamAV based alternatives?
 

Fishrrman

macrumors Core
Feb 20, 2009
19,981
7,008
There has never been a single Mac "virus" discovered "in the wild" since the introduction of OS X.
Not. A. Single. One.

You don't need "virus protection" -- UNLESS you work with documents from PC's that -might be- infected with certain viruses. That's possible, and then such protection -might be- warranted.

But all you really need for the Mac -- as Mr. Taylor says above -- is "MalwareBytes".
Download MalwareBytes and run it:
https://www.malwarebytes.com

IMPORTANT:
Select the "home" option.
It's a FREE download

IMPORTANT:
You DO NOT NEED TO BUY A SUBSCRIPTION to run MalwareBytes.
It will run FOREVER IN FREE MODE.
When you open it, IGNORE the button to "Upgrade Now".
Just click "Scan Now".
Again, you DO NOT have to buy the pay-for version!
 
  • Like
Reactions: chabig

Mousse

macrumors 68020
Apr 7, 2008
2,180
3,773
Flea Bottom, King's Landing
IMO, there is no such thing as a light weight anti-virus program. You either have useless (good against a specific virus) or USELESS (hordes 50% of you system resources makes everything slow to a crawl). I would use useless when the needs arises, but never, EVER use USELESS (aka Norton :mad:).

Even on a mui vulnerable system like Winders 7 (I hate 8, 8.1 and 10), I don't use AV because the best security is that stuff between your ears.
 

haravikk

macrumors 65816
Original poster
May 1, 2005
1,494
21
There has never been a single Mac "virus" discovered "in the wild" since the introduction of OS X.
Not. A. Single. One.
Well, I know for a fact that this isn't true.

Even in the strictest sense of the term "virus" there have definitely been a number of examples for macOS, though I can't think of any recent examples, almost all recent examples require for the user to run an infected app first which I think technically makes them trojans rather than viruses as such.

I should probably have used the term "malware", of which there is plenty for Macs.

While yes, the best protection against malware is to not run suspicious apps, or enter admin passwords too casually (I already have a separate admin account with a slow to type password for this purpose, I also install most apps into ~/Applications to avoid root prompts). But even with the best precautions, I don't trust myself to never make a mistake, or to never be fooled by a compromised website that is normally trustworthy.

This is why I'm looking for something geared towards doing a basic automatic scan on folder(s) that I specify, as a safety net for anything that I do download.

Malwarebytes seems interesting, but it also sounds like the free version only allows for on-demand scans? Please correct me if I'm wrong.

What I'm really looking for is something that will monitor any folder(s) I specify, and scan new files as they arrive in it; so it'd be a "real-time" scan, but without the more invasive methods required for a full system-wide solution, which is what most AV software with "real time scanning" actually do (usually they use a kext and scan everything, except for folders that you whitelist, but this is the opposite of what I'm looking for).

Again this is basically how ClamAV operates, and it does it very well (it's basically dormant until a file-system event for the chosen folder(s) occurs) and there used to be a GUI (ClamXav) for setting this up (and getting alerts) on Mac, but it now seems to be a paid-only product. I could just set up ClamAV I suppose, but without a wrapper around it there's no easy way to trigger visible alerts when malware is found.
 
  • Like
Reactions: thizisweird

BLBL

macrumors 6502a
Apr 11, 2018
913
134
There has never been a single Mac "virus" discovered "in the wild" since the introduction of OS X.
Not. A. Single. One.

You don't need "virus protection" -- UNLESS you work with documents from PC's that -might be- infected with certain viruses. That's possible, and then such protection -might be- warranted.

But all you really need for the Mac -- as Mr. Taylor says above -- is "MalwareBytes".
Download MalwareBytes and run it:
https://www.malwarebytes.com

IMPORTANT:
Select the "home" option.
It's a FREE download

IMPORTANT:
You DO NOT NEED TO BUY A SUBSCRIPTION to run MalwareBytes.
It will run FOREVER IN FREE MODE.
When you open it, IGNORE the button to "Upgrade Now".
Just click "Scan Now".
Again, you DO NOT have to buy the pay-for version!
As a MacOS newbie myself, I've been wondering about whether I really need antivirus on not?
Many peoples say no need for Mac but then again I was wondering about is MacOS really immune to those malware programs that can infect your PC just from viewing an infected website that is trying to spread malware? Like in Windows if website is infected with certain type of malware it often try to infect your machine pretty much automatically. This is not the case with MacOS?
 

mpainesyd

macrumors 6502a
Nov 29, 2008
647
157
Sydney, Australia
I use ClamXAV. It has a sentry function so you can monitor your downloads folder (maybe also email attachments)
The main reason for having a virus scanner is so that you don't inadvertently pass on infected files to Windows users.
 
Last edited:

960design

macrumors 68040
Apr 17, 2012
3,073
1,003
Destin, FL
I've recently had to reinstall macOS and I haven't yet installed any antivirus; for the past few years I've been using the free version of Avast!, which has been fine, but I've never been completely comfortable with the invasive way that it operates (requiring root permission to inject itself into a bunch of places), and found I ended up disabling a lot of its features anyway.

All I'm really looking for is something that can scan files arriving in my ~/Downloads folder, and also lets me scan other files on demand.

I'm looking for something that doesn't require root permissions except when absolutely necessary, i.e- if I want to a run an on-demand scan of my entire system. I don't mind running one process per user account, so long as all it's doing is waiting for changes to some folder(s) I specify, i.e- nice and lightweight.


I seem to recall that ClamXav used to be an option, but it appears to be a paid-only product now, despite just being a wrapper around the open-source ClamAV. Are there any other free ClamAV based alternatives?
http://www.websmithstudio.com/blog/who-got-hacked/got-hacked-avast/
https://www.forbes.com/sites/thomas...er-attacks-target-tech-industry/#ee0490245fc0
https://www.express.co.uk/life-styl...on-hijacked-hack-computer-malware-doubleagent

Adding antivirus to your mac increases the risk of you being hacked.
 

960design

macrumors 68040
Apr 17, 2012
3,073
1,003
Destin, FL
I use ClamXAV. It has a sentry function so you can monitor your downloads folder (maybe also email attachments)
The main reason for having a virus scanner is so that you don't inadvertently pass on infected files to Windows users.
If you MUST use AV software ClamAV is noteworthy.
It is also open source and easy to repackage a virus that will escape detection.

Malwarebytes is fantastic for finding the little things that are easily missed ( side loaded extensions, keystroked local data: Inspect Element -> Storage -> Local Storage, ect ).

To be translucent, our Macs are running Intel based chips. You have been hacked. Fortunately the government players are not messing with our systems, because they do not care about us. We just have zombie loads sitting and waiting. Search for prefetch vulnerabilities for more info.
 

hobowankenobi

macrumors 65816
Aug 27, 2015
1,439
465
on the land line mr. smith.
It's true there are no Mac viruses. There is some malware/adware....and some other rare intrusion issues.

MalwareBytes is the best free tool for Malware/adware.

If you MUST run a traditional AV tool....I know of none that are truly lightweight. Sophos Home is good, simple, and fairly light on resources overall.

As for "root" access, sounds like what you are talking about is both admin access and possibly a kernel extension. Pretty much every AV tool will need this, because Apple requires it. It is actually a good thing; you should see and approve access to the OS and any and all sensitive directories.

This exact thing—or the lack of it—was one of the biggest reasons older versions of Windows was nearly impossible to secure. Installers, scripts, and all manner of executables could run with administrator level access and the user would never know because they were unaware, never having the chance to approve or deny.....or even get notified.
 

LinMac

macrumors 65816
Oct 28, 2007
1,195
12
The one you're looking for is Cylance. It is targeted at enterprise for the most part, but the home version works very well too for OSX and Windows. It is owned by Blackberry now after the company was purchased for over a billion dollars. AI based malware protection for much less than others.
 

thizisweird

macrumors regular
Jul 20, 2017
141
38
Phoenix, AZ
The main source I use for virus/malware protection is AV Comparatives. Here's their list of what they've tested (mainly just big name AV companies, but still a good look through): https://www.av-comparatives.org/test-results/

I use Bitdefender, but that's mostly because I like their free AV. Never had a real problem with them, and I do use some pretty sketchy programs on my computers lol. My extracurricular activities aside, I've found them to be a solid free solution for AV uses. For all else, MALWAREBYTES. Can't beat MBAM for malware stuff.
 

thizisweird

macrumors regular
Jul 20, 2017
141
38
Phoenix, AZ
There has never been a single Mac "virus" discovered "in the wild" since the introduction of OS X.
Not. A. Single. One.
I think Kaspersky would have to disagree with you...... https://www.kaspersky.com/blog/mac-viruses-are-here-to-stay10-examples-of-mac-viruses/556/

Check out #6 on the list; Renepo/Leap A was a virus/worm. Also, The Virus Encyclopedia says it was found in the wild.... http://virus.wikidot.com/opener#toc3

If you read the last source listed on TVE, Rixstep, the author found Renepo/Opener on two of his macs; thus the "in the wild" factor comes into play, as the author presumes that's where the worm came from. I would be surprised if the author brought the worm to his own computers, given "My Macs are behind locked doors, and not accessible physically by any malicious persons. I have an Actiontec DSL device between the outside and inside, running the 'normal' level of firewall."

The Rixstep article is also pretty informative, pointing out that Apple denied that Renepo was a virus of any kind, and quoting Sophos saying, "Renepo is a worm, and since a worm is just a special type of virus - one which neither requires nor uses an existing host file as a carrier - it is a virus."

So yes.... there has been a virus "in the wild" since the introduction of OSX. Just one example, and I'm sure I can find more with another 30 minutes of google and reading. I'm not saying this is a reason to download an AV, but it does make your comment factually incorrect.
 

hobowankenobi

macrumors 65816
Aug 27, 2015
1,439
465
on the land line mr. smith.
Did you actually read the Kapersky link?

No viruses, at least for OSX. None of those things are viruses. Any so-called security company that would use such obvious FUD should not be trusted.

And even if you want to argue they are....look at the dates. Pointless.

The second link is nearly as useless. A unix shell script that was patched in 2005....and needed root access to be executed. That was 10 OSes ago. Many, many security improvements, and upgrades that have happened since then that make this a non-issue.
 

thizisweird

macrumors regular
Jul 20, 2017
141
38
Phoenix, AZ
Did you actually read the Kapersky link?

No viruses, at least for OSX. None of those things are viruses. Any so-called security company that would use such obvious FUD should not be trusted.

And even if you want to argue they are....look at the dates. Pointless.

The second link is nearly as useless. A unix shell script that was patched in 2005....and needed root access to be executed. That was 10 OSes ago. Many, many security improvements, and upgrades that have happened since then that make this a non-issue.
Did you read this part of my post?

So yes.... there has been a virus "in the wild" since the introduction of OSX. Just one example, and I'm sure I can find more with another 30 minutes of google and reading. I'm not saying this is a reason to download an AV, but it does make your comment factually incorrect.
Which was a response too.....

There has never been a single Mac "virus" discovered "in the wild" since the introduction of OS X.
Not. A. Single. One.
Care to explain why you're so wound up over how my comment was FUD?

Edit: The link for Rixstep actually goes a bit in depth about the forum posts that were made prior to the Renepo/Opener virus being published (it was written by two forum members, and released slowly over time). So that link is fairly pertinent to my point lol. Why someone would get so wound up by me "proving" someone wrong (about as close as it gets on the internet with 30 minutes), I may never know.
 
Last edited:

The Hammer

macrumors 6502
Jun 19, 2008
431
92
Toronto, Canada
The main source I use for virus/malware protection is AV Comparatives. Here's their list of what they've tested (mainly just big name AV companies, but still a good look through): https://www.av-comparatives.org/test-results/

I use Bitdefender, but that's mostly because I like their free AV. Never had a real problem with them, and I do use some pretty sketchy programs on my computers lol. My extracurricular activities aside, I've found them to be a solid free solution for AV uses. For all else, MALWAREBYTES. Can't beat MBAM for malware stuff.
They do they're homework at AV-Comparatives.So IF your intent on using an "AV" that's the place to look.
 
  • Like
Reactions: thizisweird

thizisweird

macrumors regular
Jul 20, 2017
141
38
Phoenix, AZ
They do they're homework at AV-Comparatives.So IF your intent on using an "AV" that's the place to look.
Agreed. I used to follow their reports religiously, especially when I had a Win7 box. They're about as transparent as they can be for their testing. I think I've even seen their list of viruses published, and they document their testing procedures fairly reasonably. It's the most informative place I've come across in years, regarding AV. Just wish they had MBAM added to their testing. Or maybe I should go double check their site?....
 

hobowankenobi

macrumors 65816
Aug 27, 2015
1,439
465
on the land line mr. smith.
Care to explain why you're so wound up over how my comment was FUD?
Maybe I was unclear....Kaspersky is spreading FUD. Intentionally. Linking to FUD is not so great...at best.

Rixstep has always been an Apple basher or pot stirer. Pretty far off from an unbiased source.

I'm not wound up. Just pointing out that you did not disprove anything....more like you proved the opposite. Stating that in clear language is not what most folks would consider getting "wound up."
 
Last edited:
  • Like
Reactions: willmtaylor

thizisweird

macrumors regular
Jul 20, 2017
141
38
Phoenix, AZ
Maybe I was unclear....Kaspersky is spreading FUD. Intentionally. Linking to FUD is not so great...at best.

Rixstep has always been an Apple basher or pot stirer. Pretty far off from an unbiased source.

I'm not wound up. Just pointing out that you did not disprove anything....more like you proved the opposite. Stating that in clear language is not what most folks would consider getting "wound up."
I'm not here to split hairs, but that response was far more "called for" than the previous.

You seem to care more about me maintaining credibility than myself. Maybe I should hire you for PR?

I did state I spent a meager 30 minutes on google, which I'm sure is more than most people would do... so I'm pretty easily lead to believe that an average reader would likely come to a similar conclusion.... which means that you'd need to explain more for them to understand why.... but now we enter into "but it's been done before", and linking stuff that few people read.... blah blah blah

Let's agree to disagree. I've provided stuff you disapprove of (maybe many on here disapprove of, idk); I've provided what I'd consider an average reader's perspective given what google provides in my search results...... I think our back and forth is done lol
 

hobowankenobi

macrumors 65816
Aug 27, 2015
1,439
465
on the land line mr. smith.
We can disagree. Everybody is entitled to their view or perspective.

The only thing I care about with regard to this topic is misinformation or unuseful information. Been watching the FUD about Mac threats for 20 years now. Used to run AV servers at the enterprise level a decade ago with hundreds of Macs, and now working at an institution over 2000 Macs that are protected...so it hits pretty close to home.

Perhaps I have too much scar tissue. But maybe we can stay on topic, and help users figure out what real threats to keep out, and not worry about or distract with examples of legacy, theoretical, or rare/unlikely threats?
 
  • Like
Reactions: willmtaylor

rumplestiltskin

macrumors 6502
Apr 12, 2006
270
92
The problem is not so much "viruses" as it is an ID10T error. Users do it to themselves with all the crapware they download including Flash Player (in spite of all the warnings). I clean up malware/adware/crapware users install on their own three times a week. For anyone to recommend installing Malwarebytes and then say to rely upon the freeware version (which requires the user to run it manually! - which we all know they won't do!) is the height of irresponsibility and hubris.
Malwarebytes: Yes, absolutely; it will also prevent drive-by infections on the web but only if it's the subscribed-to version!
Subscribe to it: Yes; absolutely.
...and stop downloading nonsensical software designed to make your Mac "faster" or "better". None of it works.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.