As the Mac becomes more popular, its OS could well start to attract the attention of malicious virus writers. Installing antivirus software now will not only protect your Mac but also prevent you from passing along Windows-only viruses to your Windows-using friends and colleagues via e-mail attachments or Office documents.
We’ve taken a close look at three major Mac antivirus programs: Intego’s VirusBarrier X4, the open-source ClamXav 1.0.3, and Symantec’s Norton AntiVirus 10.1 (see table for details). (Two other Mac antivirus apps,
are now aimed primarily at business buyers who need to protect fleets of Macs).
Defending the home front
Like security guards making their rounds, all three programs scan your Mac looking for anomalies. Each can scan built-in hard drives, of course. All three can also scan CDs, DVDs, FireWire hard drives, and other removable media as soon as they’re mounted. All but ClamXav will scan incoming e-mail attachments, and all but ClamXav will scan your memory to make sure a piece of malware isn’t already running.
To find out how well these programs perform, we loaded a test machine with the standard EICAR antivirus test file (
for more information), the Hacker Defender Trojan horse installer, and Leap-A; we then installed our three antivirus apps one at a time. All three successfully detected and quarantined the test files on our drive.
More-dramatic differences cropped up when we took out our stopwatches. We asked each program to scan an Applications folder containing 14GB of applications and compressed files, and a 900MB Documents folder holding a mix of Microsoft Office and Apple iWork files. VirusBarrier was by far the fastest, taking 13 minutes to scan the Applications folder and 2 minutes to scan Documents. Norton AntiVirus took roughly four times as long, and ClamXav roughly eight times as long.
When There’s a Virus
Finally, there’s the question of how each app reacts when it finds a virus. Ideally, the program should be able to repair the infected file. If that’s not possible, the program should be able to move the file to a quarantine folder or delete it altogether. Each of these programs gives you plenty of options for handling infected files. Norton AntiVirus gets extra points for offering by far the best information about the infections.
antivirus software compared
||Virus-Update Subscription (Annual)
Scanning time (minutes)
Scanning time (minutes)
||Amazingly fast; good OS X integration; easy to use.
||Expensive; some interface quirks.
||Frequent updates; free.
||Slow; doesn’t scan incoming e-mail or active memory; minimal information about viruses.
Norton AntiVirus 10.0
||Reasonably fast; excellent virus information; easy to use.
||Installs components all over your system.
Macworld’s buying advice
Although all of these programs will get the job done, we like Intego’s VirusBarrier best for its scanning speed and its well-integrated Mac features. It gives you a contextual menu in the Finder, and a Dashboard widget updates you on the progress of scans and virus updates. It integrates with iCal and has full drag-and-drop support.
Symantec’s Norton AntiVirus is a close second, thanks to its extensive virus information and its strong handling of Windows viruses. If price is a concern, ClamXav will get the job done for free, but you’ll have to deal with its nonstandard interface and some tricky operational issues.
Senior Editor Rob Griffiths writes the
Mac OS X Hints Weblog. For more of his work,
After years of quiet on the home front, Mac users have recently had to defend against a few security threats. The number is still so low as to make a Windows user laugh (or cry), but the attacks are a good reminder of modern computing’s risks.
Leap-A, or Oompa Loompa (February 2006)
Even the mainstream press talked about the first “real” Trojan horse for the Mac. Disguised as photos of the next Mac OS, Leap-A could, once clicked on, spread itself to other users through iChat. Leap-A was more a proof-of-concept than a serious risk (see
“Digging deeper into the Leap-A malware”
for more info). Still, it raised awareness about security gaps in OS X and demonstrated the need for Mac users to be skeptical of unexpected files.
Inqtana-A (February 2006)
Around the time that Leap-A arrived, the Inqtana-A worm appeared. Inqtana-A used a vulnerability in Bluetooth to
replicate from one Mac to another. However, Apple had already patched this vulnerability in May 2005, so only un-updated computers within 30 feet of infected computers were actually at risk.
Zaptastic (May 2005)
An anonymous author revealed security gaps in Tiger’s widgets with this proof-of-concept. By default, Web pages could automatically install widgets, with
potentially disastrous results. Apple patched this hole pretty quickly, and users now get an alert whenever a Web page attempts to install a widget.—