If you're a new Mac user (or even if you're not), you might be confused about what kind of security software you do and don't need. The truth is, for most people, OS X is fairly secure out of the box. And there are a number of programs out there that potentially do more harm than good.

Which Mac security programs can be trusted? And do I really need them? Let's go over basic requirements for a Mac firewall, anti-virus, cleaning apps and password managers and learn about a few free apps that can be trusted — as well as some apps that probably shouldn't be.

Firewall: Stick With What's Built In, Or Buy Little Snitch

Does your Mac really need a firewall? Probably not. The built-in protection of OS X means any unused port is closed off, so most of the functionality people think of when they say "firewall" is already provided as part of the operating system.

For more control, you can enable the firewall in System Preferences > Security & Privacy to block a few specific apps from using the network. For most users, this is more than enough protection.

If you're the sort of user who wants precise control over which apps can and cannot access the Internet – and also the sort of user knowledgable enough to use an advanced firewall – look into Little Snitch.

little-snitch-firewall

This is probably the best firewall for Mac, giving you a fine level of control and access to all networking information while still managing to feel like a native Mac application.

Not everyone needs a dedicated Mac firewall, but if you want one check out Little Snitch first. Just be warned: a lot of programs on your Mac use the Internet, so you're going to see a lot of warnings when you first start using this. If you don't know what you're doing, you might end up disabling something you need, so only dive in if you've got some time on your hands to look things up and make a bunch of decisions.

Anti-Malware Software: Scan Occasionally With MalwareBytes

Mac malware consistently makes headlines in the tech world, mostly because of its novelty. Decades of arrogant Mac users talking up how they "can't get viruses" are probably a big part of this, but even without the fanboy factor the relative scarcity of malware on the platform means any bit of malware is going to make headlines.

Let's be clear: Macs can get malware. Some of it is pretty nasty.

Even so, Mac malware is not a terribly common problem for the average Mac user, especially if you're not the sort of person who seeks out pirated software. When you think you have malware, the problem is almost always something else entirely. And in many cases, Apple's updates will quietly disable malware on your system without even telling you.

For this reason, I think any kind of always-running anti-malware software is overkill. Paying for and installing something like Norton or Sophos to constantly run in the background and ask you to install updates isn't just overkill, it could slow down your Mac and potentially cause other problems.

malwarebyes-mac-malware

Instead, I recommend periodic scans. If you suspect malware, run though our list of ways to find out if your Mac has a virus, then run the free MalwareBytes for Mac just to make sure. If you're really paranoid, add BitDefender for Mac to the routine as well.

Windows users know that the best anti-malware tool is common sense – Mac users living in the current age of Mac malware would be wise to heed this advice. Don't pirate software, avoid downloading apps from sites like MacUpdate, and generally make sure you can trust a program before running it. If you're really paranoid, leave Gatekeeper enabled on your Mac to stop any unauthorized program from running. Walled gardens are maligned by power users, but they're pretty safe for everyone else.

One more note: Mac ransomeware sometimes pops up, but it's not actually a Mac-specific thing. It's just a bit of browser trickery, and the solution is always to restart your browser (use Activity Monitor if things get really tricky).

Cleanup Software: CCleaner or Onyx

Often when people suspect Mac malware the real problem is a buildup of non-malware issues that slow things down. For this reason it's a good idea to occasionally clean up your Mac.

But what tool should you use? We've recommended time and time again that you should avoid applications the MacKeeper, which make big promises before asking you for money to perform simple tasks that other apps do for free.

There are other far more helpful cleanup tools out there. CCleaner for Mac is a simple way to remove all the excess files built up by OS X and popular programs over time.

ccleaner

You can run it without worrying about messing up your system, but it doesn't give you access to advanced tuneup tools like permissions and maintenance scripts. If you want more control, and access to all sorts of hidden options, Onyx is your best bet. This free app is the Swiss army knife of Mac cleaning tools.

onyx-cleaner

If you want to clean out your Mac, don't pay for software like MacBooster or MacKeeper. Stick to the above free tools.

Password Manager: Built In, Or Bring Your Own

If your passwords are easy to crack, no amount of security software is going to protect you. Never use the same password twice for critical things like email, file storage, or banking.

It's a lot to remember, which is why password managers are so important. These let you keep track of long passwords without needing to memorize them yourself.

Apple has started bundling a pretty good one with OS X, and if you have two-factor authentication enabled with iCloud it's a pretty secure way to store all of your long passwords. It even syncs with your mobile devices, if you happen to have an iPhone or iPad.

keepassx

Some people will prefer a more active approach, which is why we came up with a comprehensive list of different password managers. I personally use KeePassX because I like manually keeping track of my passwords, but you might prefer something else (1Password and LastPass are great, premium options).

Whatever tool you prefer, make sure you're not using the same password for multiple critical applications. It will come back to bite you later.

What Mac Security Tools Do You Recommend?

This article reflects my experiences working in IT and writing about Mac software, and we think it's pretty much all you need to keep your Mac secure (along with a healthy dose of common sense). Of course, you may have your own favourites — and we'd love to hear what you think!

What are your favorite Mac security apps? What do you use them for, and why do you trust them?