TweetFollow Us on Twitter

Real World Review: Sophos Anti-Virus for Mac, Home Edition

Volume Number: 27
Issue Number: 01
Column Tag: Real World Review

Real World Review: Sophos Anti-Virus for Mac, Home Edition

Enterprise-grade antivirus software, now free for home Macs

by Joshua Long

Introduction

Businesses are often required by laws and company policies to run antivirus software on all their computers, Macs included. In the home environment, however, there are no such requirements, and Mac users have debated for years about whether they should go to the trouble of running antivirus software. Is it really worthwhile to spend $40 every year to protect a Mac with commercial-grade antivirus software, or to endure the agonizing speed degradation commonly associated with AV? Thanks to Sophos, home users can now have quality protection without these frustrations.

Why Mac antivirus software?

Enterprise antivirus maker Sophos announced in November that they would begin offering a free Home Edition of Sophos Anti-Virus to all Mac users. The announcement came just one week after SecureMac and Intego had independently published information about new Java-based Mac malware spreading through Facebook and other sites, dubbed Boonana by SecureMac and identified as a variant of the Koobface malware by Intego.

Two weeks after the release of Sophos Anti-Virus for Mac Home Edition, Sophos released a report showing that a significant number of Macs running their software had been infected with malware. This malware included both Mac-native threats as well as plenty of Java-based malware, which Sophos pointed out "could easily be adapted to download Mac-based threats," as was the case with Boonana. Two Mac-specific threats, OSX/Jahlav-C and OSX/DNSCha-E, were each found on about 1 in every 100 Macs scanned. (For the full Sophos report, see http://macte.ch/sophos_stats).

Sophos vs the competition

Sophos' antivirus engine is one of the best on the market. In AV-Comparatives' (av-comparatives.org) November 2010 tests of proactive detection of new malware, Sophos Anti-Virus ranked in the top three PC antivirus products, earning the highest certification level (Advanced+). The tests also took into consideration the number of false positives, of which the Sophos engine had "few."

Let's take a look at how Sophos Anti-Virus Home Edition compares to other free alternatives for the Mac. The two most prominent freeware antivirus solutions are ClamXav (clamxav.com) and PC Tools iAntiVirus (iantivirus.com), and each is very different from Sophos.

ClamXav is free for anyone to use in any environment, from home computers to enterprise workstations. Although ClamXav does not provide on-access scanning of the whole computer, it can be manually configured to scan files that are downloaded or copied to specific folders, for example ~/Downloads and ~/Desktop. Like Sophos, ClamXav detects malware designed for any platform, as opposed to Mac-only malware.

PC Tools iAntiVirus is only free for home use, and although it does offer on-access scanning, it only detects Mac-specific malware. Neither ClamXav nor iAntiVirus is a comprehensive solution compared to Sophos. Of the three, only Sophos will detect infected Web pages and e-mail attachments as soon as they are downloaded, regardless of the threat's target platform.

I tested Sophos and ClamXav with several hundred samples that I've collected from infected computers, Web sites, and e-mails over the past couple years. ClamXav only detected about 75% as many files as Sophos, although ClamXav detected some files (particularly Windows adware) that Sophos did not detect. Neither one detected all the samples, which was expected; no antivirus solution detects 100% of infected or potentially dangerous files.


Figure 1 - Threat detected by Sophos Anti-Virus

Effectiveness

Unlike most full-featured antivirus solutions, the default settings of Sophos Anti-Virus do not automatically delete infected files or prompt users to do so. Instead, Sophos displays an alert informing the user that a threat has been detected, with options to open the Quarantine Manager or close the dialog box, and the latter is the default selection. Regardless of which option the user chooses, as long as Sophos' on-access scanner is enabled, the file is inaccessible and cannot be opened or even duplicated in the Finder or the Terminal (even using sudo).


Figure 2 - When a threat is found, Sophos denies access by default

If a malicious Mac application is detected by Sophos, attempting to open the application will result in two Mac OS X dialog boxes informing the user that they can't open the application because it is "not supported on this type of Mac." Thus, Sophos effectively quarantines the files in place.


Figure 3 - Malware is not supported on this type of Mac

Even trying to access quarantined files from another computer via a network share proves fruitless. I had Sophos running on an iMac and no antivirus software on a MacBook Pro. From the MacBook Pro I connected to an AFP share on the iMac and tried to copy a file from the iMac to the local hard drive. This resulted in a Mac OS X dialog box explaining that I did not have permission to access the file. I also tried to duplicate an infected file in-place on the network share, which caused the MacBook Pro's Finder to crash and relaunch (note to self: file a bug report). In any case, Sophos quarantines files on the local system in such a way that they cannot be accessed by remote systems.

Annoyances

One strange and annoying issue I've encountered is that Sophos Anti-Virus frequently grays out the Clean Up Threat button for items that should be easy for Sophos to delete on its own. For example, the action available for dealing with .zip files downloaded from parcel scam e-mails is Clean up manually, meaning that users must try to locate the infected files on their computer. This may or may not be easy, depending on whether the full path is shown in the Quarantine Manager; if the path or file name is too long, the path will be truncated, so you may have to use Spotlight or a third-party search utility to locate the file (refer to the screenshot of the Quarantine Manager). You cannot resize the window so there is no way to see the full path, and there is no Show in Finder option either.


Figure 4 - "Clean up manually"... okay, so what's the full path?

In other cases, instead of Clean up manually the available action will be Restart Mac instead, even when there's absolutely no reason why that should be necessary. I came across this after downloading fake ActiveX video codec malware, which consisted of nothing more than Windows .exe files. Why on earth would Sophos need to restart the computer to clean Windows executables that aren't in use? Worse still, restarting your Mac won't even clean up the threat; it will still be there in the Quarantine Manager after restarting.

Fortunately, Sophos did not gray out the Clean Up Threat button for the Mac OS X-specific threat I had it scan (a dangerous Space Invaders-style game called lose/lose which deletes files in the user's home directory when you destroy enemy spaceships); no manual deletion or restarting is required to clean that Mac-native threat.

Speed

Antivirus suites have a reputation of slowing down computers. In my testing, there was no noticeable decrease in system speed or usability after installing the Sophos software. I even tested it on a low-end Hackintosh netbook (a Dell Mini 10v with a 1.6 GHz Intel Atom processor and 1 GB RAM) and the system was still quite usable after installing Sophos.

Conclusion

For those who support Macs in a home environment, I recommend trying Sophos Anti-Virus for Mac Home Edition. Although there's currently only a small amount of Mac-specific malware in the wild, Sophos can protect Macs from other threats such as malicious JavaScript redirectors, Adobe Flash files that exploit known vulnerabilities (see Mike Hjörleifsson's CoreSec column in the MacTech November 2010 issue), multiplatform Java-based attacks like Boonana, and Windows-based malware that could accidentally be opened in a virtual environment like Parallels or VMware, and it can also discover infections on USB flash drives that you might have picked up from an infected PC unbeknownst to you.

It's time for us to put away our Smug Virus-Free Mac User shirts of yore and become more proactive at defending Macs from security threats. Three cheers to Sophos for lighting the way into battle.


Joshua Long has a master’s degree in IT concentrating in Internet Security, is a Security+ certified professional, and is currently earning a Ph.D. in Business Administration specializing in Computer and Information Security. Josh writes about malware and other information security topics at security.thejoshmeister.com. He is also the producer and host of MacTech Magazine’s official podcast, MacTech Live (www.mactech.com/live). You can follow him on Twitter @theJoshMeister or contact him via e-mail at jlong@mactech.com.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Duet 1.6.9.3 - Use your iPad as an exter...
Duet is the first app that allows you to use your iDevice as an extra display for your Mac using the Lightning or 30-pin cable. Note: This app requires a $14.99 iOS companion app. Version 1.6.9.3:... Read more
iExplorer 4.1.10 - View and transfer fil...
iExplorer is an iPhone browser for Mac lets you view the files on your iOS device. By using a drag and drop interface, you can quickly copy files and folders between your Mac and your iPhone or... Read more
iExplorer 4.1.10 - View and transfer fil...
iExplorer is an iPhone browser for Mac lets you view the files on your iOS device. By using a drag and drop interface, you can quickly copy files and folders between your Mac and your iPhone or... Read more
Adobe InCopy CC 2018 13.0.1.207 - Create...
InCopy CC 2018 is available as part of Adobe Creative Cloud for as little as $19.99/month (or $9.99/month if you're a previous InCopy customer). Adobe InCopy CC 2018, ideal for large team projects... Read more
Microsoft Office 2016 15.40 - Popular pr...
Microsoft Office 2016 - Unmistakably Office, designed for Mac. The new versions of Word, Excel, PowerPoint, Outlook and OneNote provide the best of both worlds for Mac users - the familiar Office... Read more
Adobe InDesign CC 2018 13.0.1.207 - Prof...
InDesign CC 2018 is available as part of Adobe Creative Cloud for as little as $19.99/month (or $9.99/month if you're a previous InDesign customer). Adobe InDesign CC 2018 is part of Creative Cloud.... Read more
Apple iOS 11.1.2 - The latest version of...
iOS 11 sets a new standard for what is already the world’s most advanced mobile operating system. It makes iPhone better than before. It makes iPad more capable than ever. And now it opens up both to... Read more
Slack 2.9.0 - Collaborative communicatio...
Slack is a collaborative communication app that simplifies real-time messaging, archiving, and search for modern working teams. Version 2.9.0: Slack now officially, and fully, supports Japanese.... Read more
iExplorer 4.1.9 - View and transfer file...
iExplorer is an iPhone browser for Mac lets you view the files on your iOS device. By using a drag and drop interface, you can quickly copy files and folders between your Mac and your iPhone or... Read more
PCalc 4.5.3 - Full-featured scientific c...
PCalc is a full-featured, scriptable scientific calculator with support for hexadecimal, octal, and binary calculations, as well as an RPN mode, programmable functions, and an extensive set of unit... Read more

Latest Forum Discussions

See All

Mighty Battles guide - how to build a so...
Mighty Battles, the latest title from Hothead Games, is set to take the App Store by storm. The game puts a welcome twist on lane battlers, adding FPS elements to spice things up a bit. You'll collect cards to put your own military unit to gether,... | Read more »
Rules of Survival guide - how to be the...
The PUBG craze makes its way to mobile, with more and more battle royale games debuting on iOS and Android. Rules of Survival joins the ranks of mobile PUBG-likes, offering a classic battle royale experiences that doesn't vary too much from its... | Read more »
The best new games we played this week -...
The weekend is upon us friends, and it's time to take a look back and reflect on all of the wonderful games we've played over the past few days. This week was jam packed with new releases. There were some big, long awaited launches, some fun... | Read more »
Lineage II: Revolution guide - tips and...
At long last, Lineage II: Revolution has now come to western shores, bring Netmarble's sweeping MMORPG to mobile devices. It's an addictive, epic experience, but some of the systems in the game can be a bit overwhelming. Here are a few tips to help... | Read more »
A Boy and His Blob (Games)
A Boy and His Blob 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: | Read more »
Fight terrible monsters and collect epic...
Released on Western markets early last month, Dragon Project, created by Japanese developer COLOPL, brings epic monster hunting action to mobile for the very first time. Collect a huge array of weapons and armor, and join up with friends to fight... | Read more »
I Am The Hero (Games)
I Am The Hero 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: I Am The Hero is a pixel art, beat 'em up, fighting game that tells the story of a "Hero" with a glorious but mysterious past.... | Read more »
Kauldron (Music)
Kauldron 1.0 Device: iOS Universal Category: Music Price: $3.99, Version: 1.0 (iTunes) Description: Kauldron is our warmest sounding, punchiest synth yet! A completely new modeling technology, combined with carefully designed... | Read more »
Lineage II: Revolution is mobile’s bigge...
NCSoft’s hit fantasy MMORPG series has just made the leap to mobile with the help of Netmarble in Lineage II: Revolution. With over 1.5 million players having already pre-registered ahead of the game’s launch, Revolution hit the app stores... | Read more »
Swing skilfully in new physics-based pla...
Sometimes it’s the most difficult of obstacles that can be the most rewarding. One game hoping to prove this is OCMO, the new tough but fair platformer from developers Team Ocmo. Primed to set every speedrunner’s pulse racing, as an otherworldly... | Read more »

Price Scanner via MacPrices.net

Black Friday pricing on Macs and iPads now av...
B&H Photo has lowered prices on many Macs, iPads, and iPad Pros as part of their Black Friday week sale. Save up to $200 on MacBooks and iMacs and up to $150 on iPads. B&H charges sales tax... Read more
Best Apple iPad deals this weekend, up to $80...
Apple resellers are offering 9.7″ iPads and 10.5″ iPad Pros for up to $80 off MSRP this weekend as part of their early Holiday and Black Friday sales: Adorama is offering new 2017 9.7″ 32GB WiFi... Read more
Early Black Friday sale: Apple iMacs for up t...
B&H Photo has 27-inch iMacs in stock and on sale for up $130-$150 off MSRP including free shipping. B&H charges sales tax in NY & NJ only: – 27″ 3.8GHz iMac (MNED2LL/A): $2149 $150 off... Read more
Apple restocks refurbished Mac minis starting...
Apple has restocked Certified Refurbished Mac minis starting at $419. Apple’s one-year warranty is included with each mini, and shipping is free: – 1.4GHz Mac mini: $419 $80 off MSRP – 2.6GHz Mac... Read more
Save on 12″ MacBooks, Apple refurbished model...
Apple has Certified Refurbished 2017 12″ Retina MacBooks available for $200-$240 off the cost of new models. Apple will include a standard one-year warranty with each MacBook, and shipping is free.... Read more
Early Holiday sale: 12″ iPad Pros for up to $...
B&H Photo has 12″ iPad Pros on sale today for up to $130 off MSRP. Shipping is free, and B&H collects no sales tax outside NY & NJ: – 12″ 64GB WiFi iPad Pro: $749, save $50 – 12″ 256GB... Read more
Holiday sale prices on Apple 13″ MacBook Pros...
B&H Photo has 2017 13″ MacBook Pros in stock today and on sale for $100-$150 off MSRP, each including free shipping plus NY & NJ sales tax only: – 13-inch 2.3GHz/128GB Space Gray MacBook Pro... Read more
Sale: 13″ MacBook Airs starting at $899, $100...
B&H Photo has 2017 13″ MacBook Airs on sale today for $100 off MSRP including free shipping. B&H charges NY & NJ sales tax only: – 13″ 1.8GHz/128GB MacBook Air (MQD32LL/A): $899, $100 off... Read more
Week’s Best Deal on 13″ MacBook Pros: Apple r...
Apple has a full line of Apple Certified Refurbished 2017 13″ MacBook Pros available for $200-$300 off MSRP. A standard Apple one-year warranty is included with each MacBook, and shipping is free.... Read more
Deal: 15″ 2.6GHz MacBook Pro for $1799 w/free...
B&H Photo has clearance 2016 15″ 2.6GHz Touch Bar MacBook Pros in stock today and available for $600 off original MSRP. Shipping is free, and B&H charges NY & NJ sales tax only: – 15″ 2.... Read more

Jobs Board

Product Manager - *Apple* Pay on the *Appl...
Job Summary Apple is looking for a talented product manager to drive the expansion of Apple Pay on the Apple Online Store. This position includes a unique Read more
*Apple* Pro/Consumer Apps Support Engineer -...
…exemplify AppleCare's expert technical support paired with exceptional customer service for Apple 's software apps. This person is a problem solver, who understands Read more
Partner Marketing Manager, *Apple* Pay - Ap...
Job Summary The Apple Pay partner marketing team is looking for a Marketing Manager to develop and drive US programs. The right candidate will be passionate about Read more
*Apple* Solution Consultant - Apple (United...
# Apple Solution Consultant - Rochester, MN Job Number: 113037950 Rochester, MN, Minnesota, United States Posted: 19-Sep-2017 Weekly Hours: 40.00 **Job Summary** Are Read more
Sr. Experience Producer, Today at *Apple* -...
# Sr. Experience Producer, Today at Apple Job Number: 56495251 Santa Clara Valley, California, United States Posted: 23-Jun-2017 Weekly Hours: 40.00 **Job Summary** Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.