Malwarebytes real time protection

[JWMAC01]

I am inquiring about Malwarebytes real time protection.  I had another third party antivirus software on my MAC. 

The antivirus had an update which partially caused a Kernal Panic. 

 

I had to have my MAC wiped clean and then have a fresh reinstall of Mojave. 

 

The third party antivirus apparently clashed with the already built-in malware and antivirus in the OS. 

 

I have been reading and told due to the already built-in security, third party security can cause conflicts in the OS. 

 

Apple Technicians highly recommend Malwarebytes and told me using the free version and running an occasional scan will suffice. 

 

I am curious about if real time protection is really necessary and how this would be different from any other third party antivirus. 

 

[alvarnell]

I'm a bit surprised to hear that as I've experimented by installing several other anti-malware products while having some form of 3rd party real-time process running without causing any issue, so would be interested to know what that other product was.

I always recommend against having more than one real-time / on-access process running, but only because they tend to attempt to fight over which gets to scan first, slowing everything down unacceptably.

I don't accept that the macOS security processes could be conflicted with. The built-in processes only check do their thing when you double-click the installer and will prevent it from actually running if there are any issues with it's signature or content. They don't monitor the installation itself.

Real-Time protection has the advantage of catching currently known malware before it can be installed. If you rely solely on occasional scans, there is a good chance that installation will already have taken place and any malicious results have been implemented. If it's simple adware, that's just annoying, but if it were ransomware or spyware, you will already have been compromised.

[JWMAC01]

Thank you alvarnell for your reply. The other third party antivirus was Trend Micro. 

I know the other third party antivirus for MAC which is Intego but I don't know much about them.  Apple seems to highly recommend Malwarebytes over any other third party antivirus. 

[alvarnell]

Trend Micro did get into a bit of trouble and had all of their apps tossed from the App Store for several months, but it was about their gathering and use of personal information, not kernel panics. But any anti-virus/anti-malware app you find on the Mac App Store can’t do an effective job of protecting you in any case as they are prevented from many things by App Store rules. Also, Trend Micro is not a Mac only developer. They try to sell software for every platform and situation, both business and personal, so much of what they have for Macs has been recently ported from existing software on other platforms.

Intego is a Mac only developer, but not the only one. I think such apps have the advantage of being able to focus on only a single platform. Although Malwarebytes started out as Windows only, they bought Malwarebytes for Mac on board from a developer that was Mac only, so even though the code has been advanced, the principles behind it’s use are Mac focused. 

If you ask Apple Corporate directly, they will tell you they don’t recommend any specific Anti-Virus/Malware software, occasionally saying it’s unnecessary. What you experienced was the personal opinion of that technician, but it’s not an uncommon occurrence. It has an excellent reputation because it’s fast, doesn’t require excessive CPU or RAM use and is relatively trouble free. It’s not the only such Mac focused software available, but until valid comparative test results are made available, it’s impossible to pre-determine what’s best. So it’s basically up to users to make that determination for themselves.

[treed]

On 9/15/2019 at 8:33 PM, JWMAC01 said:

The third party antivirus apparently clashed with the already built-in malware and antivirus in the OS. 

I have been reading and told due to the already built-in security, third party security can cause conflicts in the OS. 

 

Al has got you covered here, but I just wanted to chime in and agree with him that this is not the way this works. Wherever you read that was not a trustworthy source.

Third-party antivirus often uses kernel extensions. (Malwarebytes for Mac does as well, although we're exploring some new technology Apple has provided as an alternative to kernel extensions.) Kernel extensions can spell trouble... if they're incompatible with the system for some reason, or if they conflict with another kernel extension, they can cause problems. However, this is very different from conflicting with the built-in security in macOS. That really doesn't happen.

The kernel panic you saw would have been caused by a bad kernel extension.