Does an older MacBook have different security needs?

I have done a deep dive into some of the articles and comments re use of third party software for virus and malware protection. (And read some heated conversations on the topic!!) I'm pretty persuaded I don't need extra protection; especially helpful is Effective defenses against malware and other threats - Apple Community.


But here's my question: about 12 years ago I hired a Mac-specialized computer consultant who recommended and installed the free versions of Sophos and Malwarebites on my then 2012 MacBook Pro. She said these were the only things needed for Mac and to run a scan once a month/occasionally. I've continued to do that with several subsequent Macs. Never caused any problems as far as I know.


The consultant was a former Apple employee which enhanced her credibility in my mind.


So, was that good advice? Is it still good advice? What do today's Apple experts say about Sophos and Malwarebites?


Asking now because I just got a new MacBook Air (M2, 2022). I'm also using an older 2015 MacBook Pro which is limited to OS Mojave. Does this older Mac have different security needs? (besides updating Mojave as long as Apple continues providing security updates).


Thanks!

Not a techie, just a psychologist/therapist :)


[Re-Titled by Moderator]


MacBook Air (M2, 2022)

Posted on Feb 7, 2024 4:14 PM

Reply
Question marked as Top-ranking reply

Posted on Feb 7, 2024 4:52 PM

There’s no panacea here.


I use the built-in security.


Twelve years go is an immense time in IT. Well before Apple XProtect, XProtect Remediator, gatekeeper and notariztion, the sealed read-only system volume, endemic app sandboxing, two-factor, and numerous other security and integrity updates, and long before the sorts of threats that are happening now.


In recent times, sources of problems include compromised cracked apps and phishing and spear-phishing and spoofed telephone numbers and such. Too much of what gets discussed around here are the “free” apps and the adware and related apps, and notification and calendar spam and ilk, as well as issues caused by add-on security apps. Some of the better-known add-on anti-malware for macOS turned out to be filled with surprises, too.


And then realize that the add-on anti-malware is itself an increasing target for exploits and vulnerabilities, as some of the add-on security apps have been atrociously poorly (insecurely) implemented.


More macOS-related security reading material:

Personal Safety User Guide - Apple Support

Apple Platform Security - Apple Support

… from that: Protecting against malware in macOS - Apple Support

https://tidbits.com/2022/09/02/macoss-new-xprotect-now-regularly-scans-for-malware/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

(biggest targets: down-rev apps and software)


Sophos security problems from around the same time (2012) as you were discussing it:

https://www.pcworld.com/article/455572/researcher-finds-critical-vulnerabilities-in-sophos-antivirus-product.html

https://lock.cmpxchg8b.com/Sophail.pdf

... https://lock.cmpxchg8b.com/sophailv2.pdf

Sophos has undoubtedly improved their product since then, of course.


Similar questions

3 replies
Question marked as Top-ranking reply

Feb 7, 2024 4:52 PM in response to sahtbs

There’s no panacea here.


I use the built-in security.


Twelve years go is an immense time in IT. Well before Apple XProtect, XProtect Remediator, gatekeeper and notariztion, the sealed read-only system volume, endemic app sandboxing, two-factor, and numerous other security and integrity updates, and long before the sorts of threats that are happening now.


In recent times, sources of problems include compromised cracked apps and phishing and spear-phishing and spoofed telephone numbers and such. Too much of what gets discussed around here are the “free” apps and the adware and related apps, and notification and calendar spam and ilk, as well as issues caused by add-on security apps. Some of the better-known add-on anti-malware for macOS turned out to be filled with surprises, too.


And then realize that the add-on anti-malware is itself an increasing target for exploits and vulnerabilities, as some of the add-on security apps have been atrociously poorly (insecurely) implemented.


More macOS-related security reading material:

Personal Safety User Guide - Apple Support

Apple Platform Security - Apple Support

… from that: Protecting against malware in macOS - Apple Support

https://tidbits.com/2022/09/02/macoss-new-xprotect-now-regularly-scans-for-malware/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

(biggest targets: down-rev apps and software)


Sophos security problems from around the same time (2012) as you were discussing it:

https://www.pcworld.com/article/455572/researcher-finds-critical-vulnerabilities-in-sophos-antivirus-product.html

https://lock.cmpxchg8b.com/Sophail.pdf

... https://lock.cmpxchg8b.com/sophailv2.pdf

Sophos has undoubtedly improved their product since then, of course.


Feb 8, 2024 6:06 AM in response to sahtbs

But here's my question: about 12 years ago I hired a Mac-specialized computer consultant who recommended and installed the free versions of Sophos and Malwarebites on my then 2012 MacBook Pro. She said these were the only things needed for Mac and to run a scan once a month/occasionally.


That would be sufficient for me to fire that Mac-specialized computer consultant.


Yes twelve years is an eternity in technological terms, but I wrote that User Tip about fifteen years ago, after practicing it for much longer than that. It has needed only minor updates since then.


The nature of threats today is to exploit human frailty and frighten people into taking actions that are inappropriate or even harmful. This phenomenon is not limited to computers; you can see it all around you. It's nothing new. People succumb to scams all the time. As a psychologist you probably encounter enough of it already.

Feb 8, 2024 3:22 PM in response to John Galt

Thanks to both of you (MrHoffman and John Galt) for your comments and additional resources. As for "nature of threats today is to exploit human frailty and frighten people into taking actions that are inappropriate or even harmful". Oh yeah, I see lots of human frailty in my line of work. For the kind of threats you're speaking to, I suspect anxiety management + impulse control , augmented with critical thinking skills and a healthy skepticism can go a long way toward protecting oneself, one's devices and financial accounts from scams, phishing, and other sneaky efforts :)

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Does an older MacBook have different security needs?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.