All Press ReleasesSE LABS Ⓡ, the cyber security testing authority, revealed today that macOS built-in protections and at least one popular free anti-malware solution failed completely against targeted attacks designed to mimic real-world threat actor behaviour. This raises significant concerns about the security of Mac devices in enterprise environments.
In its latest report, Security Evaluation Test: macOS Home Anti-Malware, SE Labs evaluated the effectiveness of macOS default security features, TotalAV Antivirus (Free) and Intego Mac Internet Security. The results show that neither macOS default security features nor TotalAV Antivirus (Free) prevented a single attack from achieving its objectives. Intego Mac Internet Security achieved a highly commendable 98% protection accuracy rating.
The findings are particularly concerning given the prevalence of Mac devices among C-suite executives and high-value targets within organizations. While Macs represent just under 10% of the computer market, users in this segment typically have elevated access privileges, handle sensitive information, and control financial authority—making them disproportionately valuable targets for attackers. See blog post: The Mac Myth: Why Your CEO’s Laptop Might Be the Weakest Link
“The concept that macOS is very secure and immune to malware is clearly incorrect, as our results show,” says Simon Edwards, Founder and CEO of SE Labs. “If you’ve got a Mac, you are potentially a more attractive target to a hacker. However, you can reduce the risks by using a reputable, well-tested anti-malware product. We recommend double-checking that real-time protection is included with whatever you choose, as it’s a crucial component of a good security system.”
The test also revealed a significant gap between marketing claims and actual protection in free security products. TotalAV’s website clearly states that its free antivirus includes “Real-Time Antivirus” protection and is “packed with all the essential features to keep you safe.”
However, testing showed that TotalAV Free only detected threats after attacks were completed, when manual scans were run. By that point, SE Labs testing team had already achieved remote access, elevated privileges, stolen data, and covered their tracks. The product failed to provide any real-time prevention of the attack chain.
Both macOS and TotalAV Free received protection ratings of -125%, indicating complete failure to protect against the threats.
The test used attacks based on real-world adversary behaviours, including spear phishing delivery, Unix shell commands, file and directory discovery, network sniffing, privilege escalation through Launch Agents and Launch Daemons, credential theft, and encrypted data exfiltration.
The full report, Security Evaluation Test Report: macOS Home Anti-Malware, provides detailed breakdowns of attack techniques, product responses, and technical methodology.
