“Macs can’t get malware” is an obsolete idea. Macs aren’t safe from malware, and haven’t been for a long time.
This isn’t to say that macOS is an insecure operating system: it isn’t. But macOS is, like Windows and Linux, vulnerable to user error. On some level, ensuring your Mac is free from malware is up to you.
We’ve collected some tips for Mac users, but there are a lot of things you can do that aren’t specific to Macs, too—so be sure to check out our complete guide to basic security in addition to the following tips.
You know how macOS will notify you of new updates, and you always click “Remind Me Later”? Yeah, you should stop doing that.
The most important, and easiest, way to keep your Mac safe from malware is to keep macOS and all of your apps up to date. System updates patch known security vulnerabilities, so if you’re not up to date you’re leaving now-documented openings there for malware to potentially exploit. System updates also update X-Protect, your Mac’s hidden anti-malware software, giving you system-level protection against common malware.
Updates for your applications are also essential. Your browser is a huge potential vector for infection, so make sure that is up to date. Vulnerabilities in any application is a potential problem.
Happily, the Mac App Store makes managing updates pretty easy, by putting system updates and updates for a lot of your applications all in one place. And macOS is very good about notifying you about these updates, with banners that are impossible to miss and a number in the menu bar. You can even enable automatic updates in the background if you don’t want to deal with managing everything on your own.
As for applications that you didn’t get from the Mac App Store, that’s up to you. If you see a notification insisting that you install an update, do it. It’s annoying, sure, but it’s an important way to keep your Mac safe.
If you know where you look, you can find any Mac application for free. It’s called “piracy,” and I’m sure an upstanding citizen such as yourself has never heard of it.
Seriously, though: installing pirated Mac apps from sketchy sites is the most common way to end up with malware, followed closely by clicking ads suggesting something like “Your Adobe Flash software is out of date.” If you install software from untrustworthy sites, no anti-malware software can help you, and there’s no telling what kind of infection you might end up with.
So don’t do that. Always download software from the Mac App Store, or directly from the software’s official website. If you get a popup saying Adobe Flash is out of date, it’s probably a scam—but if you want to make sure, go to Adobe.com instead of clicking the popup and check for updates from the official source.
By default, your Mac will only run software from authorized developers, which is good. This is a vital security layer for you. So even though we’ve shown you how to open apps from “Unidentified Developers” on your Mac, you should only actually do this if you’re completely certain that the application you’re giving permission to run is from a trustworthy source. I try to limit this to projects with publicly available source code, but you’ll need to work out rules for yourself. Just make sure you’re only running applications you know for a fact that you can trust.
Two of the most common vectors for Mac malware are Java and Flash, browser plugins that powered the early web but are increasingly becoming obsolete. It’s essential that you keep these plugins up-to-date.
On the modern web Java and Flash are both largely avoidable. Safari, the default web browser on macOS, disables both of them by default, running the plugins only when you specifically re-enable them.
You can disable these plugins in other browsers as well, and it’s probably a good idea to disable Flash and Java in basically all circumstances. Enable them only on sites you trust, and only when necessary. The modern web doesn’t require Java or Flash that much anymore, so if you can avoid running them altogether that’s probably for the best.
System Identity Protection, called SIP for short by some and “rootless” by others, makes it basically impossible for anything but a macOS update bundle to change core aspects of the operating system. Whereas previously a user could open the Terminal and change anything about the system with enough knowledge, most of the system is completely off limits now.
This broke a lot of long-standing system tweaks, which is why some people look for ways to disable system identity protection. But disabling SIP is a very bad idea. If you have the ability to change the core of the operating system, so does any malware you run, which makes it harder to detect and remove such malware. For this reason, we recommend that you leave SIP alone.
We’ve shown you how to remove malware and adware from your Mac, and in that article we recommended Malwarebytes for Mac for the occasional malware scan. It’s a great program to have around when you suspect your Mac is infected, but even if you don’t have any suspicions it’s a good habit to run a scan from time to time. That way, if you are infected, you can at least find out quickly.
If you want an always-on malware scanner, we recommend Sophos, which is free for home users and has a very good reputation. It can be heavy on system resources, but is good if you want to catch potential infections in real time.