FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AES 128 encryption. And on Mac systems with an Apple T2 Security Chip, FileVault 2 keys are created and protected by the Secure Enclave for even more security. Safer browsing with Safari. Designed to protect your privacy. Jun 11, 2020 Mac Internet Security X9 provides top-notch antivirus protection against the latest threats, and is rated up there with the best (like Bitdefender and Kaspersky) when it comes to the independent. #1 Popular Shop for Best Price Check Point Endpoint Security Vpn For Mac Os X 10 14 And Cloud Vpn Free Download For Windows 10.
Those really wanting to be on the safe side with their Mac OS X use protection software. The market offers freeware suites or paid programs that come with a bunch of good extras. AV-TEST tested 13 applications for their security and performance, yet only certified 10 of them.
Detection rates under Mac OS XOf the 13 tested security suites, eight detected all of the threats 100 percent, and three products failed.
Mac pros repeatedly declare that Mac OS X is built so securely that no additional protection software is needed. But every year, experts discover new waves of attacks on Macs or safety gaps. In June 2015, for example, security researcher Stefan Esser discovered that just a few shell commands are sufficient to gain access to root-level privileges under OS X 10.10. In September 2015, it became known that an infected version of the development environment, Xcode, had been pawned off on app developers. This version, or the malware resulting from it, was then named XcodeGhost. The produced apps, including XcodeGhost malware, subsequently ended up in the App Store. Apple didn't realize they were infected, however. Furthermore, at the beginning of October 2015, an expert discovered how to defeat the security tool Gatekeeper embedded in OS X, thus installing an app that subsequently unloads malware into the system.
Only four solutions slow down Mac OS X by 10 percent, from Sophos onward, it is already 20 percent, SentinelOne slows the system down 80 percent more and Avast 170 percent due to immediate scanning of downloads.
' tabindex='0'>13 Security Suites for Mac OS XOnly four solutions slow down Mac OS X by 10 percent, from Sophos onward, it is already 20 percent, SentinelOne slows the system down 80 percent more and Avast 170 percent due to immediate scanning of downloads.
This very compact solution detected all the threats, works quickly, but only offers surfing protection as an extra feature.
' tabindex='0'>Bitdefender Antivirus for MacThis very compact solution detected all the threats, works quickly, but only offers surfing protection as an extra feature.
This security solution works quickly, safely and even throws in a Firewall.
' tabindex='0'>Symantec Norton SecurityThis security solution works quickly, safely and even throws in a Firewall.
The freeware security package for Mac OS X systems does indicate the highest security in the test, yet it slows down the system somewhat.
' tabindex='0'>Sophos Anti-Virus
The freeware security package for Mac OS X systems does indicate the highest security in the test, yet it slows down the system somewhat.
2
Bitdefender Antivirus for Mac
4
Sophos Anti-Virus
A lower number of malware threats doesn't make Mac OS X safer
While the number of known malware threats for Windows has already surpassed the 450 million mark, the number for Mac OS X malware is only around a few thousand. But afflicted users know that even one malware specimen is enough to ruin your whole day. Attackers are currently focusing on infiltrating systems with infected apps. Naturally, they are aware of the general security barriers of Mac OS X. That's why the above-mentioned attacks are successful. With a good security suite, Mac OS X users can raise their system to the greatest possible level of security.
13 programs put to the test – 3 fail
In the lab at AV-TEST, 13 products were tested in terms of their protection function, false positives and speed. In their protection function, the applications were required to identify and liquidate new, still unknown malware threats. Compared to the last tests, such as in April 2015, more products have now achieved an excellent detection rate. The solutions from Avast, Avira, Bitdefender, ESET, Kaspersky, SentinelOne, Sophos and Symantec identified all the threats in the test 100 percent. Of particular interest is the result from SentinelOne. As a product of the latest generation, it works without a signature database to identify malware. For analysis, it only uses the technology of behavior-based detection.
The additional security suites delivered lower results. Coming in last were the solutions from ClamXav, Webroot and F-Secure with detection rates of only 76.2 to 88.1 percent. That is why these three solutions did not receive a security certificate from AV-TEST. All the others did.
No significant false positives
It's always annoying for the user when security products falsely detect benign files or block the launch of apps. But in this test segment, the lab has nothing but praise. Only ClamXav falsely flagged a clean file. All other system watchdogs exhibited error-free friend-or-foe detection. In the subsequent test, apps were also installed and launched. In this case, the suites did not sound a single false alarm.
Although the test for potentially unwanted applications ('PUA' for short) does not yet play any role in this certification, the laboratory still performed it behind the scenes. Avira, Bitdefender, ESET, Intego, Symantec and SentinelOne already did a good job. All the other products could still use some improvement in this area. Some manufacturers have a very differentiated view of what is a PUA and what is not, and offer a wide latitude in their approach. They allow some disputable applications to continue to run undisturbed, whereas other manufacturers block these programs.
Lots of applications slowing down the system
Users repeatedly complain that an installed suite slows down their system. The laboratory found out in its speed test whether this is really true or only imagined. To do so, 26.6 GB of data were copied onto a reference system, MD5 hash values were calculated for files and a set of files was downloaded. In total, these tests took 146 seconds on the reference system. Afterwards, the tests were repeated; naturally with each of the installed security suites. The best performers in this category were the products from ClamXav, Panda, Bitdefender and Symantec. They slow down the system by about 10 percent. A value that is not really noticeable in daily use. For Sophos, this value increases to 20 percent, Avira already jumps to 40 percent, SentinelOne to 80 percent, and for F-Secure, it is already over 120 percent.
The application finishing last in this case is Avast, as it works differently for downloads: it already scans the downloaded file during the download. This may be secure, but it also takes a lot of time. The other products only scan the file once it has arrived and is executed.
Useful extras
Some paid programs offer extra features such as an anti-spam function, safe browsing, a firewall, parental control routines or a backup function. The freeware system watchdogs generally do not offer any additional functions.
None of the commercial products delivers all the above functions in one package. Rather, all the solutions offer one, two or three extra features. The security packages from Intego, Kaspersky and Symantec throw in the most additional features. Some also even offer a system cleaning tool or functions for secure payment on the Internet.
Conclusion: There are many secure products, and many put the brakes on the system in daily use
A total of eight of the products examined detected all the malware threats in the test by 100 percent. These even include three freeware products in the mix. But if you are seeking a solution with the best security performance at the lowest system load, the field narrows considerably. The ones that remain are Bitdefender Antivirus for Mac and Symantec Norton Security with 100 percent detection with roughly 10 percent additional system load. Both are paid products.
Those looking for a freeware solution can turn to Sophos Anti-Virus. It also detected 100 percent of the threats in the test, but it slowed down the system by 20 percent. The other freeware products from Avira and Avast do detect everything error-free, but a system slowdown of 40 or 170 percent is not acceptable.
Our tip: Some versions of security software offered via the App Store differ from the version on the manufacturer's website. The version offered directly from the manufacturer often includes more additional Features.
Protection for Mac OS X: All just a case of Chicken Little?
Many users are of the opinion that security experts exaggerate when stating the risks and attacks on Mac OS X. The experts counter that Apple's marketing is quick to play down too many serious issues.
At international conferences on the topic of IT security and anti-virus software, the topic of attacks and security gaps in Mac OS X is an increasing subject on the agenda. It was also addressed at the security conference AVAR 2015 in Vietnam. At that conference, there was a recent expert article 'Threat Intelligence behind XcodeGhost' – on the routine of how the infected programming environment for Mac apps was distributed, and who the author is.
Although the number of malware specimens for Mac OS X is only increasing slowly – it is growing continuously. The reports of detected security gaps in Mac OS X are also steadily growing. The Achilles heels are naturally not only found in the operating system. Most of the breaches in Mac OS X occur due to programs or drivers of other manufacturers. Already in 2014, OS X and iOS exhibited considerably more gaps than Linux or Windows systems. A brief look into the National Vulnerability Database (NVD) indicates a long list of entered CVEs – Common Vulnerabilities and Exposures. The search for CVEs under 'Apple' indicates more CVEs in the three months of September to November 2015 than for the search term 'Windows'.
The use of security software for Mac OS X should not fail due to false vanity.
OS X Lion v10.7.4 and Security Update 2012-002 can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see 'How to use the Apple Product Security PGP Key.'
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see 'Apple Security Updates'.
OS X Lion v10.7.4 and Security Update 2012-002
Login Window
Available for: OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: Remote admins and persons with physical access to the system may obtain account information
Description: An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. The sensitive information may persist in saved logs after installation of this update. This issue only affects systems running OS X Lion v10.7.3 with users of Legacy File Vault and/or networked home directories. See http://support.apple.com/kb/TS4272 for more information about how to securely remove any remaining records.
CVE-ID
CVE-2012-0652 : Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Räty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University, Paul Nelson
Bluetooth
Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A temporary file race condition issue existed in blued's initialization routine.
CVE-ID
CVE-2012-0649 : Aaron Sigel of vtty.com
curl
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments.
CVE-ID
CVE-2011-3389 : Apple
curl
Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Using curl or libcurl with a maliciously crafted URL may lead to protocol-specific data injection attacks
Description: A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2012-0036
Directory Service
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8
Impact: A remote attacker may obtain sensitive information
Description: Multiple issues existed in the directory server's handling of messages from the network. By sending a maliciously crafted message, a remote attacker could cause the directory server to disclose memory from its address space, potentially revealing account credentials or other sensitive information. This issue does not affect OS X Lion systems. The Directory Server is disabled by default in non-server installations of OS X.
CVE-ID
CVE-2012-0651 : Agustin Azubel
HFS
Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Mounting a maliciously crafted disk image may lead to a system shutdown or arbitrary code execution
Description: An integer underflow existed in the handling of HFS catalog files.
CVE-ID
CVE-2012-0642 : pod2g
ImageIO
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems.
CVE-ID
CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies
ImageIO
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8
Impact: Multiple vulnerabilities in libpng
Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to information disclosure. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html
CVE-ID
CVE-2011-2692
CVE-2011-3328
ImageIO
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is addressed by updating libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
Kernel
Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: When FileVault is used, the disk may contain unencrypted user data
Description: An issue in the kernel's handling of the sleep image used for hibernation left some data unencrypted on disk even when FileVault was enabled. This issue is addressed through improved handling of the sleep image, and by overwriting the existing sleep image when updating to OS X v10.7.4. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2011-3212 : Felix Groebert of Google Security Team
libarchive
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution
Description: Multiple buffer overflows existed in the handling of tar archives and iso9660 files.
CVE-ID
CVE-2011-1777
CVE-2011-1778
libsecurity
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Verifying a maliciously crafted X.509 certificate, such as when visiting a maliciously crafted website, may lead to an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue existed in the handling of X.509 certificates.
CVE-ID
CVE-2012-0654 : Dirk-Willem van Gulik of WebWeaving.org, Guilherme Prado of Conselho da Justiça Federal, Ryan Sleevi of Google
libsecurity
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Support for X.509 certificates with insecure-length RSA keys may expose users to spoofing and information disclosure
Description: Certificates signed using RSA keys with insecure key lengths were accepted by libsecurity. This issue is addressed by rejecting certificates containing RSA keys less than 1024 bits.
CVE-ID
CVE-2012-0655
libxml
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues are addressed by applying the relevant upstream patches.
CVE-ID
CVE-2011-1944 : Chris Evans of Google Chrome Security Team
CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences
CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences
CVE-2011-3919 : Jüri Aedla
LoginUIFramework
Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: If the Guest user is enabled, a user with physical access to the computer may be able to log in to a user other than the Guest user without entering a password
Description: A race condition existed in the handling of Guest user logins. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2012-0656 : Francisco Gómez (espectalll123)
PHP
Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Multiple vulnerabilities in PHP
Description: PHP is updated to version 5.3.10 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net
CVE-ID
CVE-2011-4566
CVE-2011-4885
CVE-2012-0830
Quartz Composer
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: A user with physical access to the computer may be able to cause Safari to launch if the screen is locked and the RSS Visualizer screen saver is used
Description: An access control issue existed in Quartz Composer's handling of screen savers. This issue is addressed through improved checking for whether or not the screen is locked.
CVE-ID
CVE-2012-0657 : Aaron Sigel of vtty.com
QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of audio sample tables.
CVE-ID
CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of MPEG files.
CVE-ID
CVE-2012-0659 : An anonymous researcher working with HP's Zero Day Initiative
QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer underflow existed in the handling of MPEG files.
CVE-ID
CVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability Research
QuickTime
Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. This issue does not affect systems prior to OS X Lion.
CVE-ID
CVE-2012-0661 : Damian Put working with HP's Zero Day Initiative
Ruby
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Multiple vulnerabilities in Ruby
Description: Ruby is updated to 1.8.7-p357 to address multiple vulnerabilities.
CVE-ID
CVE-2011-1004
CVE-2011-1005
CVE-2011-4815
Samba
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8
Impact: If SMB file sharing is enabled, an unauthenticated remote attacker may cause a denial of service or arbitrary code execution with system privileges
Description: Multiple buffer overflows existed in Samba's handling of remote procedure calls. By sending a maliciously crafted packet, an unauthenticated remote attacker could cause a denial of service or arbitrary code execution with system privileges. These issues do not affect OS X Lion systems.
CVE-ID
CVE-2012-0870 : Andy Davis of NGS Secure
CVE-2012-1182 : An anonymous researcher working with HP's Zero Day Initiative
Security Framework
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the Security framework. Processing untrusted input with the Security framework could result in memory corruption. This issue does not affect 32-bit processes.
CVE-ID
CVE-2012-0662 : aazubel working with HP's Zero Day Initiative
Time Machine
Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: A remote attacker may access a user's Time Machine backup credentials
Description: The user may designate a Time Capsule or remote AFP volume attached to an AirPort Base Station to be used for Time Machine backups. Beginning with AirPort Base Station and Time Capsule Firmware Update 7.6, Time Capsules and Base Stations support a secure SRP-based authentication mechanism over AFP. However, Time Machine did not require that the SRP-based authentication mechanism was used for subsequent backup operations, even if Time Machine was initially configured or had ever contacted a Time Capsule or Base Station that supported it. An attacker who is able to spoof the remote volume could gain access to user's Time Capsule credentials, although not backup data, sent by the user's system. This issue is addressed by requiring use of the SRP-based authentication mechanism if the backup destination has ever supported it.
CVE-ID
CVE-2012-0675 : Renaud Deraison of Tenable Network Security, Inc.
X11
Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
Impact: Applications that use libXfont to process LZW-compressed data may be vulnerable to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libXfont's handling of LZW-compressed data. This issue is addressed by updating libXfont to version 1.4.4.
CVE-ID
CVE-2011-2895 : Tomas Hoger of Red Hat
Security Mac Os X
Note: Additionally, this update filters dynamic linker environment variables from a customized environment property list in the user’s home directory, if present.