©  2026 AV-TEST  | SITS Deutschland GmbH

Latest News

June 02, 2026 | Text: Markus Selinger | Antivirus for MacOS

Test: malware protection under MacOS Tahoe 26.3

There are multiple types of malware for MacOS that attempt to steal data or just infiltrate systems and attacks are growing in frequency. Infostealers in particular have been on the rise in recent months. This is due to the fact that there is a market for this stolen data on the darknet and other illicit platforms. Good security software should offer adequate protection in order to tackle all these dangers. In the first test of the quarter for 2026, the experts from AV-TEST evaluated a total of 14 security solutions for consumer users and corporate users running MacOS systems under Tahoe 26.3. With just a few exceptions, the majority of the products produced quite good results in the testing.

Malware protection for MacOS Tahoe 26.3: 14 products demonstrated their ability to protect a MacOS system and fend off malware in the 01/2026 quarterly test

Malware protection for MacOS Tahoe 26.3:

14 products demonstrated their ability to protect a MacOS system and fend off malware in the 01/2026 quarterly test

Numerous pieces of malware specifically targeting MacOS have been registered by the antivirus experts over the years. These are compiled in AV-ATLAS, the free, publicly accessible platform, as proof of the real threats out there. This figure surpassed one million specialized attackers just recently. The list includes several new infostealers, such as Atomic Stealer, MacSync Stealer, Odyssey Stealer, and Digit Stealer, that have made significant ripples in recent months. Many of the attacks are paired with a ClickFix deception – a scam by which users end up inadvertently copying and running malicious code on their MacOS device, often having been disguised as a fake error screen on a website.

There is no way for users to detect every threat on their own, much less react to it properly. That’s why it is important to have good protection software running in the background and engaging where necessary, and if need be, eliminate the attackers. But can the security tools really handle all of this? The latest test of the quarter (01/26) under MacOS Tahoe 26.3 shows how 14 MacOS security solutions for consumer users and corporate users can tackle this problem. The majority of the products provide reliable protection.

The current test involved 10 products for consumer users from Avast, AVG, Avira, Bitdefender, ESET, F-Secure, Intego, Kaspersky, Norton and Trend Micro. The 4 solutions for corporate users came from Crowdstrike, Sophos, Trellix and Trend Micro. The products need to identify and provide a line of defense against more than 400 specialized attackers of MacOS systems in the test. In addition, the protection tools have to distinguish between friend and foe, reliably singling out dangerous applications. Which is why the products are also expected to scan more than 40,000 files without raising the alarm once. And at the same time, the packages cannot put an undue strain on the MacOS systems while running these scans. The lab can award up to 6 points in the three test areas of protection, performance and usability. In the end, a product can receive up to 18 points.

MacOS malware: the level of protection offered by the solutions

Each package for consumer users and each solution for corporate users is subjected to more than 400 samples of the latest malware for MacOS systems. Not only do they need to detect the samples, they have to provide adequate defense as well. 8 of the 10 products for consumer users performed brilliantly: Avast, AVG, Bitdefender, ESET, F-Secure, Intego, Kaspersky and Norton. All of these solutions detected 100 percent of the malware attacks, scoring the full 6 points here.

14 packages put to the test under MacOS Tahoe

The lab experts examined 14 security solutions for consumer users and corporate users in the first test of the quarter for 2026

Here is how well security products detect MacOS malware

Each package needs to detect and fend off more than 400 samples of malware that specifically target MacOS systems

prev slider
next slider

Only 2 of the solutions for consumer users experienced a few problems with detecting the malware. For example, the package from Trend Micro identified 98.5 percent of the attackers and Avira only 97.5 percent, meaning both products lost several points. For this reason, the lab awarded Trend Micro with 4.5 out of 6 points and Avira with only 3.5 points.

As for both corporate solutions from Crowdstrike and Sophos, they encountered no problems whatsoever. For their high level of performance, they all received the full 6 points. Trellix and Trend Micro ran into a few issues, detecting 99.3 and 99.0 percent, respectively, of the attackers, which naturally led to point deductions. Trellix received 5.5 points and Trend Micro only 5.0 points.

Performance testing of the security solutions 

As part of testing, the lab experts examine the extent to which the MacOS systems are impacted by the various security solutions. To do so, several operations are executed on a system without a security solution. The amount of time required to execute these operations establishes the baseline for the tests, such as copying data locally and to the network, accessing hundreds of websites, downloading numerous files and installing and launching popular applications. Finally, the test experts activate the security packages and perform all operations again.

The test team awarded nothing but top scores in this test area. The outcome of the performance test was positive in all cases, leading to a score of 6 points for each of the 14 products examined.

Friend or foe, harmless or malicious?

A security solution needs to accurately detect dangerous malware and leave harmless files untouched. Unfortunately, false positives are a reality in testing and an otherwise harmless program gets flagged as an attacker. So the lab team also evaluates this aspect by copying more than 40,000 files onto each and every test system. They record everything that the security components report back. In addition, nearly 200 harmless applications are also installed and executed on the systems. The protection tools should not raise the alarm here either.

Fortunately, all 14 security solutions performed well, and none of the products produced false alarms. Thus, all products were able to receive the full 6 points.

Avast Security

The MacOS security package from Avast performed flawlessly throughout the test, earning the maximum score of 18 points

Intego One

The MacOS solution from Intego One breezed through all test categories with flying colors, which earned it a top score of 18 points

ESET Security Ultimate

Earning the full 18 points, the security package from ESET demonstrated a strong ability to protect MacOS systems in the first test of the quarter for 2026

Norton 360

The protection package from Norton identified all malware in the test without any problems and was awarded the maximum score of 18 points

Sophos Endpoint

Sophos’ solution for corporate users running MacOS systems passed all tests without flaw and earned the full 18 points

Crowdstrike Falcon Sensor

The endpoint solution for MacOS performed excellently in testing in the first quarter of 2026, earning 18 out of 18 points

prev slider
next slider

Extra test: is it possible to detect Windows malware and PUAs?

All of the MacOS security packages are put through an additional test that is not scored as part of the main testing. The test experts want to determine whether the products are also capable of handling Windows malware and PUAs (potentially unwanted applications), in addition to MacOS malware. The test is intended to establish whether the packages could detect Windows malware on a Mac device before it could infect a Windows computer over a mixed-use network.

In addition, the test experts checked how well the programs detected the pesky PUAs. They, in contrast, are not dangerous, but they can be a bother to many users.

The MacOS security packages for consumer users from Avast, AVG, Avira, Bitdefender, ESET, Kaspersky and Norton detected more than 99 percent of Windows malware and PUAs, whereas F-Secure managed just over 95 percent. The scores for Trend Micro and Intego were even lower yet in part.

Among the solutions for corporate users, Sophos und Trellix each detected over 95 percent of the Windows attackers. The rest of the values were lower. Crowdstrike only focused on malware for Mac systems.

Conclusion: excellent protection for MacOS based on the 01/2026 quarterly test

The majority of security solutions demonstrated an excellent ability to protect users’ systems in the first round of testing for 2026. Among the packages for consumer users, 8 of the 10 products completed the test with the highest score of 18 points: Avast, AVG, Bitdefender, ESET, F-Secure, Intego, Kaspersky and Norton. Trend Micro and Avira attained acceptable scores of 16.5 and 15.5 points, respectively.

The difference in the scores for the packages for corporate users is not as large. Crowdstrike and Sophos each scored the full 18 points. And Trellix followed hot on their heels with 17.5 points and Trend Micro with 17 points.

However, it stands to note that the point deductions were in the category of malware detection, which means that the vendors need to make some improvements in this area.

The best MacOS antivirus software for home users
MacOS Tahoe: March 2026

The best MacOS antivirus software for home users

Home User All results

The best MacOS antivirus software for business users
MacOS Tahoe: March 2026

The best MacOS antivirus software for business users

Business All results