Intego Mac Internet Security X9 full review
Intego's Mac Internet Security X9 is one of our favourite security packages for Mac, all of which can be found in our round-up of the best Mac antivirus. It consists of two components: VirusBarrier X9 and NetBarrier X9. NetBarrier is an incoming and outgoing firewall and it’s a nice bonus to have, but we’re here for the main star: VirusBarrier X9.
Intego Mac Internet Security X9 costs £39.99/USD$49.99 for a one-year subscription.
There is a free trial available for Intego Mac Internet Security X9, but it provides limited functionality in that you can only quarantine anything the app finds, rather than 'repair' it. This latter option attempts to delete the malware from the file concerned, and is present in the full version of the app.
Installation of Intego Mac Internet Security X9 went fairly smoothly, although we weren’t given instructions on how to authorise the necessary kernel module during installation.
In macOS High Sierra, the use of third-party kernel modules is blocked by default unless the user chooses to allow them. For beginners this can be quite alarming, so it's a shame Intego hasn't catered for those users here.
A full scan took round 30 minutes to complete on our virtual machine testbed, and VirusBarrier X9 caught all of our viruses: BadBunny, ClapZoq, Filecoder, Inqtana, Koobface, Macarena, Minesteal, Reneop, WeaponX and even XcodeGhost. This is quite an achievement and sadly rare among the other antivirus apps we've reviewed.
Our attempts to recreate the malware by extracting them from password-protected zip files didn’t even get as far as creating any files because VirusBarrier X9 wouldn’t let us unzip the files before popping up its warning dialog box.
Elsewhere in the app both scheduled scans and real-time protection are activated by default. There aren’t many settings to delve into but one we liked a lot is an option to turn off the identification of Windows, Linux and other non-Mac malware. This can avoid a lot of false alarms caused by virus scanners finding Windows viruses attached to emails you’ve received, for example.
Cleaning up viruses
Although VirusBarrier X9 is impressively speedy in its real-time detection, its warning dialog box has three options: Trust, Quarantine and Repair. We’re not sure if having Trust as such a frontline, clickable option is a good idea.
Yes, VirusBarrier X9 might get it wrong – in which case clicking Trust makes sense – but that’s not going to happen very often. The possibility of uneducated people clicking Trust just to clear the annoying dialog box that’s appeared, or clicking it accidentally, is a little too likely in our opinion.
Also a little odd is how VirusBarrier X9 quarantines malware, a process it refers to as putting it in the "Quarantine Zone". However, this is a misnomer. While most antivirus apps will move the file to an actual quarantine folder administered by the app itself (and therefore usually hidden), VirusBarrier X9 leaves the files where they are but makes a note of their location in the aforementioned Quarantine Zone, which is simply a list you can access within the app. Should you try and access the malware file using Finder or an app then you’re blocked via a pop-up notification pointing out the quarantine.
There doesn't seem to be any way to visually identify a quarantined file using Finder. There’s no icon overlay, for example, or tag when you examine the file’s properties. However, quarantining malware by leaving it in place is surely inviting trouble. What happens if VirusBarrier X9 doesn’t load properly one day, for whatever reason? The malware will then be entirely accessible.
The same will apply if you boot to safe mode, in which case VirusBarrier X9 won’t be running because its kernel module will be blocked from loading. Many people boot to safe mode to try and fix problems caused by malware infestations. What if VirusBarrier quarantines malware on a USB stick? You won’t be able to open that file on the Mac where VirusBarrier X9 is running – which is good – but slip the USB stick into any other Mac and the malware will then be accessible.
Rather worryingly, even if you opt to repair a file rather than quarantine it, it will still be quarantined should the repair process fail.
It took us a while to work out the reasoning behind this odd behaviour, but we think this is the explanation: Quarantining in this way allows VirusBarrier to block access to malware even on read-only volumes where it is unable to delete it. Seen in this light, this rather unusual quarantining method is almost quite clever.
However, surely a half-and-half approach might also work, in which quarantined malware is removed if possible, but the above approach of magically marking the file as dangerous is utilised if the malware can’t be deleted?