User profile for user: sj67b
sj67b Author
User level: Level 1
9 points

anti virus Mac

Hi, Sophos has been installed on my Mac by an IT company I employed to set up a new backup for me (it's my work computer) I have noticed my computer is much slower and asked them to remove it but they insist I will be exposed without it. I am unable to upgrade to Big Sur atm because it is not compatible with Sophos. They also re-routed my emails through Microsoft to provide me more protection than iworks (mac mail) which I currently use. Is anti-virus software/additional screening required? Many thanks.

iMac Pro

Posted on Jan 6, 2021 8:24 AM

Reply
Question marked as Top-ranking reply
User profile for user: leroydouglas
leroydouglas
User level: Level 10
200,292 points

Posted on Jan 6, 2021 9:10 AM

sj67b wrote:

I thought I had hired someone who knew about Macs, I asked.
Thank you for your response. This gives me the confidence to go back to them and insist.



Third party AV is not recommended— it typically does nothing but add issues to the macOS and competes directly with Apples own built in security:


https://support.apple.com/guide/security/introduction-seccd5016d31/web


Apple uses its Software Update service (which also drives the system software updates that show in the App Store) as a mechanism for installing “background and critical” updates that are installed silently in the background with no notifications to the user.


The macOS uses these to combat malware:


Gatekeeper mechanism, central to security services, which tries to ensure that any code loaded is ‘safe’. Code signatures are only part of this.


XProtect checks the security and integrity of files, including in broader ways too, vulnerable document types, such as JPEG images, are also screened to ensure that they’re not malicious.


Apple’s Malware Removal Tool (MRT) an app which often complements XProtect’s signature-based screening, and can automatically remove all traces of many different species of malware.


System Integrity Protection (SIP) which ensures that nothing can tamper with key system files, or even Apple’s bundled apps.


ref: macOS - Security - Apple

https://www.apple.com/macos/security/


Apple Platform Security - Apple https://support.apple.com/guide/security/welcome/web


View in context

Similar questions

8 replies
Question marked as Top-ranking reply
User profile for user: leroydouglas
leroydouglas
User level: Level 10
200,292 points

Jan 6, 2021 9:10 AM in response to sj67b

sj67b wrote:

I thought I had hired someone who knew about Macs, I asked.
Thank you for your response. This gives me the confidence to go back to them and insist.



Third party AV is not recommended— it typically does nothing but add issues to the macOS and competes directly with Apples own built in security:


https://support.apple.com/guide/security/introduction-seccd5016d31/web


Apple uses its Software Update service (which also drives the system software updates that show in the App Store) as a mechanism for installing “background and critical” updates that are installed silently in the background with no notifications to the user.


The macOS uses these to combat malware:


Gatekeeper mechanism, central to security services, which tries to ensure that any code loaded is ‘safe’. Code signatures are only part of this.


XProtect checks the security and integrity of files, including in broader ways too, vulnerable document types, such as JPEG images, are also screened to ensure that they’re not malicious.


Apple’s Malware Removal Tool (MRT) an app which often complements XProtect’s signature-based screening, and can automatically remove all traces of many different species of malware.


System Integrity Protection (SIP) which ensures that nothing can tamper with key system files, or even Apple’s bundled apps.


ref: macOS - Security - Apple

https://www.apple.com/macos/security/


Apple Platform Security - Apple https://support.apple.com/guide/security/welcome/web


Reply
User profile for user: KiltedTim
KiltedTim
User level: Level 10
228,066 points

Jan 6, 2021 8:29 AM in response to sj67b

They are idiots.


Remove Sophos, and tell them they are fired.

If you're going to pay someone to take care of your Macs, then hire someone who has a clue about Macs.


There are no known viruses in the wild that can affect a Mac that is kept up to date.

macOS has virus and malware protection built into the OS. All any 3rd party software will do is cause problems.

Reply
User profile for user: Kurt Lang
Kurt Lang
User level: Level 9
69,264 points

Jan 6, 2021 9:43 AM in response to sj67b

100% agreement with KiltedTim. Get rid of Sophos and the so-called IT expert.


You are exposed to nothing. Or more specifically, nothing different than with, or without Sophos.


There are no Mac viruses. None. Haven't been since the release of OS X, 10.0 in 2001. A virus is self replicating malware that is virtually impossible to run in a Unix structured OS. Permissions are just one thing that prevent it.


Can your Mac get infected by anything? Yes, that type of malware is a Trojan or worm. Or, software that requires YOU to be the one to install it. It can't self replicate and it can't get on your computer on its own.


If you install any type of Trojan or worm, AV software will not lift a finger to stop it since it can't know what you're installing or running until after the fact. Often, they won't even tell you you've just installed malware. We've seen many such topics here where the user had up to four AV software titles running, and their Macs were still loaded down with adware or worse. That's how useless AV software is.


Avoiding malware is really this simple:


  1. Never, ever download or install anything from P2P, file sharing or pirate sites.
  2. Get your third party software only directly from the vendor who created it. If it's cost software, pay for it. Do not go the route of point 1. to try and get it for "free". That's a sure way to install much worse malware, like key loggers or back doors.
  3. Pay attention. Read up on new, actual threats as they're discovered so you know how to avoid them. So far, they have all either been Trojans, or direct attacks where someone else with access to your Mac gains deliberately infects it.
  4. Ignore the hype on the Internet of the many, many supposed security sites shouting "Mac viruses!!!!" I have yet to see one that screams they have a list of Mac viruses, and every single one is a Trojan.


Also, as has been noted, Catalina made it extremely difficult for malware to be installed since the System folder is read only. Big Sur ramps up that protection by a factor of 10. As a Signed System Volume (similar to iOS), it's now virtually impossible for anything to write, delete or modify any part of the OS other than Apple's own updates.

Reply
User profile for user: Kurt Lang
Kurt Lang
User level: Level 9
69,264 points

Jan 6, 2021 11:39 AM in response to MyApple8MyPC

You do, and you don't. There are some security updates the OS does in the background whenever you're online. You don't need to pay attention to it, and by default have no direct way to control it anyway. The other is when you get an update notice in the System Preference and there is a larger security update to apply.


For the first, here's part of a list the OS automatically applied as presented by Onyx. And almost all of them, such as FlashBack and Genieo are old. Really old and patched against years ago.



With Onyx, I could indeed "control" it somewhat by highlighting any item and clicking a Delete button to remove that protection from the list. But why would anyone do that?

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

anti virus Mac

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up