Tests compare Mac OS X anti-malware products

Tests compare Mac OS X anti-malware products

Summary: Correction. The Mac malware situation is a much lower-pressure one than that on Windows, so many products perform very well. But it's still worth comparing them, so AV-TEST.org tests 18 products, both free and paid.

SHARE:
TOPICS: Security, Apple
24

Every day, independent test lab AV-TEST.org captures more than 400,000 new malware samples for Windows and 5,000 new samples for Android. For the Mac they identify less than 100 per month. But there is malware out there for the Mac and it does hit users in the real world, if less often and less intensely than on the PC.

The existence of quite a few companies in the business of Mac anti-malware software shows that there's enough demand for it too. That's why AV-TEST just completed a test of 18 products in this space:

  • avast! Free Antivirus 9.0 (41877)
  • AVG AntiVirus 14.0 (4715)
  • Avira Free Antivirus 2.0.5.100
  • Bitdefender Antivirus for Mac 2.21.4959
  • Comodo Antivirus 1.1.214829.106
  • ESET Cyber Security Pro 6.0.9.1
  • F-Secure Anti-Virus for Mac 1.0.282 (13406)
  • G Data Antivirus for Mac 2.30.5095
  • Intego VirusBarrier 10.8.1
  • Kaspersky Internet Security 14.0.1.46c
  • McAfee Internet Security 3.1.0.0 (1702)
  • Microworld eScan for Mac 5.5-8
  • Norman Antivirus for Mac 3.0.7664
  • Panda Antivirus 10.7.8 (772)
  • Sophos Anti-Virus 8.0.23
  • Symantec Norton Internet Security 5.6 (25)
  • Trend Micro Titanium 3.0.1251
  • Webroot SecureAnywhere 8.0.6.105: 181

You can find complete results on their site. Five of the products (avast!, Sophos, AVG, Comodo and Avira) are free. The G Data and Norman products use the Bitdefender engine and the Panda product is based on the Intego product.

AV-TEST used "...the products which are offered at the AV vendor's websites as downloads. The versions available at the Mac App Store might be limited in functionality, as they cannot access all APIs."

AV-TEST provides test results for malware detection, both on-access and on-demand; false positives; impact on system performance; and ancillary features, specifically anti-spam, anti-phishing, personal firewall, safe browsing, parental control, backup and encryption.

The products from avast!, Bitdefender, G Data, Norman, ESET, Intego, Panda, Microworld, F-Secure, Sophos and Kaspersky detected a very high percentage of the malware on-access. AV-TEST also gives results for on-demand scanning, but their importance pales (in our opinoin) in comparison to those of on-access. Kaspersky detected 95.2% on-access, several others detected 97.6% and 98.8% and four products detected 100% of malware on-access. All of these numbers are excellent, but obviously it doesn't get better than 100%.

Several products, all with well-known brands, had disappointing results. Trend Micro (33.3%), Webroot (22.6%) and McAfee(21.4%) all stand out in a bad way.

protection_2014-08_macosx_avtest_en

None of the products had a single false positive. This may be possible because of the relatively low number of samples.

System performance impact has some interesting results. The test was to copy 7.4GB of files and the reference number (no anti-malware products) was 17.2 seconds. If you leave out the products from Microworld and Trend Micro, the average of the rest is 18.9 seconds and the high is 20.8, both perfectly acceptable. With Microworld eScan installed the operation took 40.4 seconds. With Trend Micro it took 470.3. Clearly something was very wrong with Trend Micro and this specific operation. AV-TEST says that they observed no meaningful performance degradation with any of the products in normal interaction.

Compared to PC products, the Mac products offer very few additional features. Eight of them add no extra features (as counted by AV-TEST). Only five offer more than one. The only real stand-out is ESET Cyber Security Pro, which offers anti-spam, personal firewall, safe browsing and parental control.

With all that data it's hard to pick a single product out, except to point out that avast! Free Antivirus and Sophos Anti-Virus are the only free products among those with good results both in detection and system performance and that ESET has several additional features missing in the others.

Corrected on September 5: The first version of this story did not mention avast! Free Antivirus as one of the top-performing free products. It was an oversight and we apologize.

This leaves plenty of good products. You may decide that there's no point in using anything other than the free avast! and Sophos products, but for a few bucks you might see something in one of the others that appeals to you. Looks like Mac anti-malware is a buyer's market.

Topics: Security, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion
  • Mac OS X anti-malware products. Completely unnecessary....

    I have been running OS X since 2006 without any security issues.

    OS X Mavericks and OS X Yosemite on a Mid 2011 iMac.

    Plus OS X Tiger and OS X Snow Leopard on an Early 2006 Mac Mini both of which are no longer supported.
    5735guy
    • i could say the same

      About my Windows boxes since 2007, doesn't mean it's something I'd recommend for businesses though.

      And by same I mean just the out of the box stuff MS has thrown in since Win7 and by the same I mean I have never had an issue.

      I also haven't been in a car accident in over 10 years - doesn't mean I don't where a seat belt

      And any one of the 600000+ Mac owners that got hit a year or so back wouldn't agree with your statement either.

      Best just to appreciate being one of the lucky ones and do the sensible thing of always advising to err on the side of caution when it comes to security. :)
      aesonaus
      • Running Windows without Anti-Malware....

        You have been very fortunate and if you don't mind me saying without disrespect 'Foolhardy'.
        5735guy
        • Foolhardy?

          5735Guy, you're the pot calling the kettle black. The fact that there is less Mac-specific malware in the wild does not mean there is no Mac-specific, or environment-agnostic, malware.

          There seems to be this religion among Apple enthusiasts that says "I'm on an Apple therefore I am safe". This is, to some extent, true for iOS users with the most recent version, but even there some risk exists. Mac users, without a walled garden, are at risk. The risk is not the same as that which exists for PC users, both because of Apple's approach to protecting the user from themselves and because the average attacker wants to hit the largest possible surface (i.e. Windows).

          Claiming that a Windows user is foolhardy for not protecting themselves against malware, while at the same time stating you do the same for OS X, is showing clear and simple ignorance of the dangers that you are accepting. Yes the dangers are lower, but they still exist. Yes, the sensible user can take sensible actions to mitigate those dangers without running anti-malware software, on either platform - but you only need to make one mistake.
          Postulator
      • I've been running

        DOS and Windows since 1982, with AV software most of that time, and I've never even seen a false positive, let alone malware on any of my machines... Does that mean I'd use one without? No. The same goes for my Mac.

        Better to be safe than sorry, as my mum used to say.

        On the other hand, my brother-in-law bought a new PC a couple of months back and I've already had to disinfect it twice! The first time it had over 40 different pieces of malware installed, even though it was running Avira...
        wright_is
        • Friends, in-laws and so on...

          *If* I find myself in the position of supporting someone who is clearly into going into 'risky' sites, and clicking on anything that pops up, I usually talk with them about the behavior and then move their account to a 'regular user' without admin rights and have them contact me when they get something that MUST be installed. I then log into the admin account, install, then log out and their systems don't get infected all the time.

          It is hard to believe how people will just click-and-install in spite of anti-malware and UAC prompts.

          Of course my method of protecting them means every time Oracle releases another java update I get contacted but I've limited the number of supported people and machines to short trips so it's minimally impacting on my time.

          Antimalware software can't protect people from doing risky things and even though there are many advisories for people to not use admin accounts for normal use, there's no 'forcing' it and so people use that admin account and get infections. It is up to us to help them protect themselves. And DON'T GIVE THEM THE ADMIN PASSWORD unless you are going hands off.
          Technocrat@...
    • How can ou be so sure?

      I guess that the vast majority of the reputed 900,000 Mac users that were infected by Flashback still insist that they have never been the victims of malware
      imaginarynumber
    • Same with W8.1u2

      Since Vista, if you ran as a non-Administrator (root/SU) access, you could get by without AV. W8.1u2 is even more secure with multiple layers of security and if the Metro/Modern app model can take off (hopefully with the addition of Modern Mix floating windows on the desktop) that will do even more to secure the OS from the apps.

      With that said, you really still should use an AV app. We have had just as many infections on our Macs per pop. as our Standard User Windows machines because both had their user space attacked. The OS was fine but the user data was compromised and malware running as user was installed (mostly phishing attacks).
      Rann Xeroxx
    • i also think that is Completely unnecessary....

      thank god that you dont use AV soluctions...
      "now run and tell your friends to un-install the AV product from is machines"
      Because its Completely unnecessary and if you use AV soluctions, dont worry
      that we will use 0day exploits...

      exploit database to apple systems:
      http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=apple&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=

      iphone list of Security Vulnerabilities:
      http://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html

      macexploits:
      http://www.macexploit.com/

      Mac Os X : Security Vulnerabilities (CVSS score between 2 and 2.99)
      http://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-156/cvssscoremin-2/cvssscoremax-2.99/Apple-Mac-Os-X.html


      just for you to know linux or even BSD are more secure than apple devices
      (you can check the latest tests made by the UK GOV [CESG] )
      http://www.omgubuntu.co.uk/2014/01/ubuntu-12-04-secure-os-uk-government-gchq
      pedro101
  • The only instances of which I run Anti-Virus software....

    The only instances of which I run Anti-Virus software are in Windows virtual environments on Parallels Desktop 9 and VMWare Fusion 6.

    Windows XP - Avast Free

    Windows 8.1 - Built in Windows Defender (Microsoft Security Essentials)

    I can report no problems on either OS X or in the Windows virtual environments.
    5735guy
    • The only instances of which I run Anti-Virus software....

      You mean you have no problems that you're aware of.
      Keep believing the myth "Mac's don't get viruses"
      bob3160_z
      • Well they don't

        because all UNIXes store the length of executable in the header and other operating system don't. The old cavitation virus. Yep, that's all it is.
        Tony Burzio
        • "because all UNIXes store the length of executable in the header"

          right, and no virus can update the header so that the length matches the modified executable
          vpupkin
        • Sorry

          There have been viruses attacking Macs the last time I looked a few weeks ago. SOPHOS keeps a list of them. So, I think you missed quite a few.
          hforman@...
  • Why would anyone want to poison their Mac with a Norton product ?

    .
    5735guy
    • I have avoided a certain vendor on Mac

      Because of the horrible experience that I have had with it on PCs. On Windows boxes, [famous PC antivirus brand] is the virus. It feels to me to be very intrusive always, nagging you to subscribe, and really seems to slow the machine down from what I can tell.

      On Mac, where there are very few viruses, I don't think I want yet another running process. Just something that is there when I need it.
      Mac_PC_FenceSitter
    • You say Norton...

      (and I agree, see my other post), but when I saw McAfee in the list, I was horrified. Worst piece of garbage ever, on all platforms.
      MikeR666
  • Things I tried...

    When I got my iMac two years ago, I installed Comodo Antivirus. In the first two weeks, I had to restore the system (either through Time Machine or a full recovery using the Internet installer) maybe 10 times. Eventually, as I got to know OS X, I found that every time Comodo had something to do with it. Removed it and never had to restore since.

    Eventually I got Norton Internet Security cheap. That worked relatively well, but there were times when I would lose network connectivity and the UI would even become unresponsive. If I recall correctly, I usually had to power down the iMac using the power button to get out of that mess. Further investigation revealed that every time I had this problem, Norton had something to do with it.

    Hell, even when I was running Windows I never got any malware, so... Then again I'm pretty careful about where I go and what I click on.
    MikeR666
    • My Boss Said That

      He said he was careful and didn't need an a/v product. It slowed down his computer. Then he brought his laptop into work and plugged it into the network and unleashed a new virus that caused over $10 million in damage.

      Remember that you don't have a lot of control over what websites you access. I'm running Ghostery" in Firefox and you wouldn't believe all of the sites that most web pages bring up. All it takes is one bad advertisement...

      Another manager at work had his kid load a "free" a/v. Turns out it infected him with w32.fakeantivirus. It took hours of my time to remove the ransomware.
      hforman@...
  • antivirus

    Antivirus is really only good when the vendor knows what to look for. The more invasive types that try to look for suspicious activity are usually the ones who get a bad rap for disrupting services or hogging resources. What's worse is that they rarely seem to actually catch anything.

    What needs to be a part of measuring how good an antivirus solution is would be to document how quickly the companies respond to new pieces of malware with a good solution.

    For what it's worth I've ran various antivirus software on my Macs and Windows systems over the years off and on and the only things I've ever seen them tag is spam email that comes in that I wouldn't read anyways. That's on my own systems and I do tend to play with a lot of freeware/shareware apps.

    Let's not kid ourselves...while the average joe can get himself in trouble by clicking on some elf attachment in an email which then could infect their system, I think most are getting viruses simply by messing with certain high volume sites that only care about hits like porn or religious sites which infect through the browser while another option is by people running pirated software. Pay attention to what you do and where you go and you're likely to be safer.
    Jim68