14 DAY TRIAL // Since you've bought your Mac, you must have wondered if an anti-malware solution should be one of the apps running on your computer. There are a lot of different opinions on this matter, but fortunately, Apple made sure that they at least offer basic protection to all of their Mac customers.
Apple did this by introducing XProtect with the release of OS X 10.6.7 and Gatekeeper in OS X 10.7.5, which come with two different ways to protect the end-user from malicious software.
XProtect detects and blocks malware using a database of signatures updated periodically whenever new malware is detected for the OS X platform. The problem it has though is the same for all anti-malware solutions out there: it will not detect malware not present in its signature database.
Moreover, if you copy files to your Mac from a CD, DVD, USB or other types of external drives, those files will not be checked by Apple's XProtect because they are not downloaded.
Gatekeeper works by checking if the apps you are trying to install on your Mac are signed using a certificate issued by Apple to one of the app developers enrolled in their Developer Program.
By default, Gatekeeper is enabled on all Macs, but it can be tweaked or toggled on or off by going to System Preferences > Security & Privacy > General. At the bottom of the window, you can choose what types of apps you can install on your Mac: from the Mac App Store, from the Mac App Store and identified developers or from anywhere.
If you want to get the best protection, you should check the "Mac App Store" option because there have been cases of trojans affecting OS X that used disposable developer IDs to sign their malware. In this instance, having Apple also checking the application before adding it to the Mac App Store is one more layer of security.
As a bonus, Apple has also included in OS X El Capitan a new security feature dubbed System Integrity Protection, designed to protect certain important files, folder and system processes from being modified. This way, malicious software that would be able to take control of your Mac by tampering with these system components will be completely ineffective.
The System Integrity Protection can be turned off if you have applications that can't run because they need access to low-level system components, but I will cover this subject in more detail in a future tutorial.
On the whole, even though Apple tries to do their best in blocking malware in OS X, there's only so much they can do.
Installing an anti-malware software on your Mac might provide a boost of security if the company moves fast enough to add signatures of zero-day malware, but unfortunately, most anti-malware solutions will only detect such malware after one or more days, depending on their teams' speed of reaction.
On the other hand, anti-malware software might also give you a false sense of security, making you reckless and not paying attention because he feels safe and protected.
Should you use an antivirus on a Mac? It remains to be decided by each and every OS X user, but there are a number of steps all OS X users can take to reduce their Mac's attack surface.
Step 1 - Use the Gatekeeper
Enabling Gatekeeper will protect you by blocking unsigned apps from being installed on your Mac, and allowing only apps downloaded from Apple's Mac App Store or signed by identified developers.
Unfortunately, you still have to face the danger of some malware authors using an Apple developer certificate to sign their malicious software and then throwing away their certificate, but such cases have been very few and the alternative of running all apps is not a better solution.
To make sure that you get the best possible protection from Gatekeeper, you should set it to allow only apps downloaded from the Mac App Store to take advantage of the team of people assigned by Apple to analyze all apps accepted within their App Store.
To modify the Gatekeeper settings, you have to open the System Preferences application, click on Security & Privacy, go to the General tab and choose one of the options under "Allow applications downloaded from."
Step 2 - No Java, no Adobe Reader, no Adobe Flash
A few years ago not having Java or Flash installed on your Mac would have severely limited the number of apps you could use and of websites you could visit. These days, however, the vast majority of apps for OS X are no longer developed using Java (if an app is still Java-based, I'm sure you can find a native alternative in no time), and almost all websites have migrated to HTML5.
Why is it so important that you don't install Java, Adobe Flash and Adobe Reader on your Mac? Because they are a proven security weakness for any computer that has them and is connected to the Internet.
Even though Apple now actively and automatically blocks outdated version of Flash, and most major web browsers will also block the Java and Reader plugins that are known to be vulnerable, until those versions are blocked your Mac will be at risk.
Therefore, learning to live without Java, Flash or Adobe's Reader is one of the few things you can do to make your Mac just a little safer.
Flash Player being blocked" alt="Adobe Flash Player being blocked" />Step 3 - Update everything
Yes, just update everything. When the Mac App Store tells you that a new Security Update for OS X is available, update.
When the Mac App Store tells you that a new version of an app is available, and you see anything in its changelog related to security issues being fixed, update.
If you decided to go ahead and install Flash or Java and you are notified that a new update is available for either of them, update.
It's important to keep both the operating system and all apps and plugins up to date because, most of the time, new versions will also come with new fixes for security issues.
And, I'm sure that you don't want your Mac to be vulnerable to attacks because you didn't make the time to click on an Update button.
Step 4 - Common sense and paying attention
Yes, common sense and being aware of what the operating system is asking you through those annoying dialog windows is one of your best friends in your fight against malware.
Your common sense will prevent you from browsing websites that are known to cause problems, like sites that provide free content that should otherwise cost money (e.g. software, music, and movies).
Paying attention will save you the trouble of allowing a malicious piece of software to run on your Mac even though it was detected by Apple's XProtect as malware.
All in all, if you have decided to use an anti-malware solution on your Mac or not, you now know what extra measures you can take to fight against attacks from malicious software.
If you have any ideas on how Mac users can protect their computers from malware besides using anti-malware software or you have an answer to the age-old question "Do Mac computers need antivirus," leave a comment below.