How often do you speak with friends about Internet security and wonder if you need to install an antivirus utility on your Mac? Your workplace might even require this of you.

There aren’t really any “viruses” on Macs as self-propagation requires administrative approval. However, there’s malware, which may seem more agreeable to folks, especially if it’s advertised as preventing security snafus.

Some users might equate malware as the same kind of infection as a virus. Regardless, malware is often (1) offered in the context of a blaring message on the screen when (2) one inadvertently visits a nefarious website that (3) flashes light and sound and complicates escape. Sound familiar?

In Switching to VirusBarrier, I recommended that users keep the free Malwarebytes and/or VirusBarrier Scanner utilities on hand and run them periodically to scan for malware.

In combination with user awareness, I found these better than premium versions from the same developers, which run continuously in the background and can degrade Mac performance. However, I’m now of a new opinion that none of these is necessary anymore.

A modern Mac no longer needs a third-party application to prevent such intrusions, because the capability is already built into macOS. In fact, Apple provides three layers of security to keep malware at bay: Gatekeeper, Notarization, and XProtect.

Client Notes

Last week, I helped Caroline make a plan to buy a new Mac at the best price as she transitions to a new career. I also hopefully resolved Gil’s longstanding email troubles once and for all by adopting Fastmail to host his massive archives.

Mac Automatic Updates for Security Responses

Updates for Antivirus

To ensure that your Mac’s “antivirus” capabilities remain up to date, make sure it is set to automatically Install Security Responses and system files. In macOS 13 and later, this toggle is in System Settings > General > Software Update > Automatic Updates Apple Info Button Blue.

In macOS 10.15, 11, and 12, look for System Preferences > Software Update > Advanced > Install system data files and security updates.

Mac Gatekeeper as Antivirus

Gatekeeper Blocks Illegitimate Apps

Gatekeeper is a security feature of macOS that operates in the background and ensures that you only install and open legitimate applications. Items delivered via the App Store already come with this level of protection, but things you download via websites may have nefarious intentions.

Before allowing you to open an application for the first time, Gatekeeper ensures it was signed by a registered developer and notarized by Apple.

Mac Notarization as Antivirus Prevents Opening Apps

Notarization Approves or Revokes Apps

As a second layer of antivirus-style security, Notarization scans for malware in applications that developers submit for Apple approval before distributing outside the App Store. If an app is clear, Apple notarizes it.

Developers generally include this “notarization ticket” with their app so Gatekeeper can verify it, even if the Mac is not connected to the Internet. As part of Notarization, Apple can also revoke apps if they newly discover malware present.

If Gatekeeper and Notarization prevent an app from opening, it may still be possible to open the app anyway. Users should consider the risk of this option and proceed with caution.

Mac XProtect as Antivirus Blocks and Trashes Malware

XProtect: Antivirus For All

The third layer of security, which is most akin to conventional antivirus utilities, is XProtect. This tool uses YARA signatures, an open-source threat detection tool used by dozens of antivirus and anti-malware providers. (In case you were curious, YARA stands for Yet Another Ridiculous Acronym.)

XProtect detects malware, prevents it from running, and immediately moves it to the trash, a protected location where nothing can open. This happens before even notifying the user of the intrusion, at which time you can report it to Apple and help improve XProtect.

It’s also possible for XProtect to remediate an infection, such as using updated information from Apple, as well as use behavior analysis to detect unknown malware.

Even though App Store items have been pre-approved and do not require Gatekeeper review, XProtect still checks for malware at first open of any software.

For all of these protections, it’s important to keep macOS up to date, at least in terms of security responses. These definitions help direct XProtect at what to block or remove.

Additionally, I recommend reviewing my article on Avoiding Scams. Your own vigilance is an important fourth layer of security.

It can prevent you from being sucked into a nefarious website, an advertisement that your computer is infected and you should call a support phone number, or an invitation to install a browser extension that will egregiously interrupt or wreak havoc on your computing experience.

Feel free to reach out if you want me to review a possible scam, malware intrusion, or anything else that has you convinced you need an antivirus.