TweetFollow Us on Twitter

Real World Review: Sophos Anti-Virus for Mac, Home Edition

Volume Number: 27
Issue Number: 01
Column Tag: Real World Review

Real World Review: Sophos Anti-Virus for Mac, Home Edition

Enterprise-grade antivirus software, now free for home Macs

by Joshua Long

Introduction

Businesses are often required by laws and company policies to run antivirus software on all their computers, Macs included. In the home environment, however, there are no such requirements, and Mac users have debated for years about whether they should go to the trouble of running antivirus software. Is it really worthwhile to spend $40 every year to protect a Mac with commercial-grade antivirus software, or to endure the agonizing speed degradation commonly associated with AV? Thanks to Sophos, home users can now have quality protection without these frustrations.

Why Mac antivirus software?

Enterprise antivirus maker Sophos announced in November that they would begin offering a free Home Edition of Sophos Anti-Virus to all Mac users. The announcement came just one week after SecureMac and Intego had independently published information about new Java-based Mac malware spreading through Facebook and other sites, dubbed Boonana by SecureMac and identified as a variant of the Koobface malware by Intego.

Two weeks after the release of Sophos Anti-Virus for Mac Home Edition, Sophos released a report showing that a significant number of Macs running their software had been infected with malware. This malware included both Mac-native threats as well as plenty of Java-based malware, which Sophos pointed out "could easily be adapted to download Mac-based threats," as was the case with Boonana. Two Mac-specific threats, OSX/Jahlav-C and OSX/DNSCha-E, were each found on about 1 in every 100 Macs scanned. (For the full Sophos report, see http://macte.ch/sophos_stats).

Sophos vs the competition

Sophos' antivirus engine is one of the best on the market. In AV-Comparatives' (av-comparatives.org) November 2010 tests of proactive detection of new malware, Sophos Anti-Virus ranked in the top three PC antivirus products, earning the highest certification level (Advanced+). The tests also took into consideration the number of false positives, of which the Sophos engine had "few."

Let's take a look at how Sophos Anti-Virus Home Edition compares to other free alternatives for the Mac. The two most prominent freeware antivirus solutions are ClamXav (clamxav.com) and PC Tools iAntiVirus (iantivirus.com), and each is very different from Sophos.

ClamXav is free for anyone to use in any environment, from home computers to enterprise workstations. Although ClamXav does not provide on-access scanning of the whole computer, it can be manually configured to scan files that are downloaded or copied to specific folders, for example ~/Downloads and ~/Desktop. Like Sophos, ClamXav detects malware designed for any platform, as opposed to Mac-only malware.

PC Tools iAntiVirus is only free for home use, and although it does offer on-access scanning, it only detects Mac-specific malware. Neither ClamXav nor iAntiVirus is a comprehensive solution compared to Sophos. Of the three, only Sophos will detect infected Web pages and e-mail attachments as soon as they are downloaded, regardless of the threat's target platform.

I tested Sophos and ClamXav with several hundred samples that I've collected from infected computers, Web sites, and e-mails over the past couple years. ClamXav only detected about 75% as many files as Sophos, although ClamXav detected some files (particularly Windows adware) that Sophos did not detect. Neither one detected all the samples, which was expected; no antivirus solution detects 100% of infected or potentially dangerous files.


Figure 1 - Threat detected by Sophos Anti-Virus

Effectiveness

Unlike most full-featured antivirus solutions, the default settings of Sophos Anti-Virus do not automatically delete infected files or prompt users to do so. Instead, Sophos displays an alert informing the user that a threat has been detected, with options to open the Quarantine Manager or close the dialog box, and the latter is the default selection. Regardless of which option the user chooses, as long as Sophos' on-access scanner is enabled, the file is inaccessible and cannot be opened or even duplicated in the Finder or the Terminal (even using sudo).


Figure 2 - When a threat is found, Sophos denies access by default

If a malicious Mac application is detected by Sophos, attempting to open the application will result in two Mac OS X dialog boxes informing the user that they can't open the application because it is "not supported on this type of Mac." Thus, Sophos effectively quarantines the files in place.


Figure 3 - Malware is not supported on this type of Mac

Even trying to access quarantined files from another computer via a network share proves fruitless. I had Sophos running on an iMac and no antivirus software on a MacBook Pro. From the MacBook Pro I connected to an AFP share on the iMac and tried to copy a file from the iMac to the local hard drive. This resulted in a Mac OS X dialog box explaining that I did not have permission to access the file. I also tried to duplicate an infected file in-place on the network share, which caused the MacBook Pro's Finder to crash and relaunch (note to self: file a bug report). In any case, Sophos quarantines files on the local system in such a way that they cannot be accessed by remote systems.

Annoyances

One strange and annoying issue I've encountered is that Sophos Anti-Virus frequently grays out the Clean Up Threat button for items that should be easy for Sophos to delete on its own. For example, the action available for dealing with .zip files downloaded from parcel scam e-mails is Clean up manually, meaning that users must try to locate the infected files on their computer. This may or may not be easy, depending on whether the full path is shown in the Quarantine Manager; if the path or file name is too long, the path will be truncated, so you may have to use Spotlight or a third-party search utility to locate the file (refer to the screenshot of the Quarantine Manager). You cannot resize the window so there is no way to see the full path, and there is no Show in Finder option either.


Figure 4 - "Clean up manually"... okay, so what's the full path?

In other cases, instead of Clean up manually the available action will be Restart Mac instead, even when there's absolutely no reason why that should be necessary. I came across this after downloading fake ActiveX video codec malware, which consisted of nothing more than Windows .exe files. Why on earth would Sophos need to restart the computer to clean Windows executables that aren't in use? Worse still, restarting your Mac won't even clean up the threat; it will still be there in the Quarantine Manager after restarting.

Fortunately, Sophos did not gray out the Clean Up Threat button for the Mac OS X-specific threat I had it scan (a dangerous Space Invaders-style game called lose/lose which deletes files in the user's home directory when you destroy enemy spaceships); no manual deletion or restarting is required to clean that Mac-native threat.

Speed

Antivirus suites have a reputation of slowing down computers. In my testing, there was no noticeable decrease in system speed or usability after installing the Sophos software. I even tested it on a low-end Hackintosh netbook (a Dell Mini 10v with a 1.6 GHz Intel Atom processor and 1 GB RAM) and the system was still quite usable after installing Sophos.

Conclusion

For those who support Macs in a home environment, I recommend trying Sophos Anti-Virus for Mac Home Edition. Although there's currently only a small amount of Mac-specific malware in the wild, Sophos can protect Macs from other threats such as malicious JavaScript redirectors, Adobe Flash files that exploit known vulnerabilities (see Mike Hjörleifsson's CoreSec column in the MacTech November 2010 issue), multiplatform Java-based attacks like Boonana, and Windows-based malware that could accidentally be opened in a virtual environment like Parallels or VMware, and it can also discover infections on USB flash drives that you might have picked up from an infected PC unbeknownst to you.

It's time for us to put away our Smug Virus-Free Mac User shirts of yore and become more proactive at defending Macs from security threats. Three cheers to Sophos for lighting the way into battle.


Joshua Long has a master’s degree in IT concentrating in Internet Security, is a Security+ certified professional, and is currently earning a Ph.D. in Business Administration specializing in Computer and Information Security. Josh writes about malware and other information security topics at security.thejoshmeister.com. He is also the producer and host of MacTech Magazine’s official podcast, MacTech Live (www.mactech.com/live). You can follow him on Twitter @theJoshMeister or contact him via e-mail at jlong@mactech.com.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Bookends 12.8.3 - Reference management a...
Bookends is a full-featured bibliography/reference and information-management system for students and professionals. Bookends uses the cloud to sync reference libraries on all the Macs you use.... Read more
Mellel 3.5.5 - The word processor for sc...
Mellel is the leading word processor for OS X and has been widely considered the industry standard since its inception. Mellel focuses on writers and scholars for technical writing and multilingual... Read more
Mellel 3.5.5 - The word processor for sc...
Mellel is the leading word processor for OS X and has been widely considered the industry standard since its inception. Mellel focuses on writers and scholars for technical writing and multilingual... Read more
Bookends 12.8.3 - Reference management a...
Bookends is a full-featured bibliography/reference and information-management system for students and professionals. Bookends uses the cloud to sync reference libraries on all the Macs you use.... Read more
Carbon Copy Cloner 4.1.18 - Easy-to-use...
Carbon Copy Cloner backups are better than ordinary backups. Suppose the unthinkable happens while you're under deadline to finish a project: your Mac is unresponsive and all you hear is an ominous,... Read more
Hopper Disassembler 4.2.14- - Binary dis...
Hopper Disassembler is a binary disassembler, decompiler, and debugger for 32- and 64-bit executables. It will let you disassemble any binary you want, and provide you all the information about its... Read more
BetterTouchTool 2.291 - Customize Multi-...
BetterTouchTool adds many new, fully customizable gestures to the Magic Mouse, Multi-Touch MacBook trackpad, and Magic Trackpad. These gestures are customizable: Magic Mouse: Pinch in / out (zoom... Read more
Sound Studio 4.8.11 - Robust audio recor...
Sound Studio lets you easily record and professionally edit audio on your Mac. Easily rip vinyls and digitize cassette tapes, or record lectures and voice memos. Prepare for live shows with live... Read more
Sound Studio 4.8.11 - Robust audio recor...
Sound Studio lets you easily record and professionally edit audio on your Mac. Easily rip vinyls and digitize cassette tapes, or record lectures and voice memos. Prepare for live shows with live... Read more
BetterTouchTool 2.291 - Customize Multi-...
BetterTouchTool adds many new, fully customizable gestures to the Magic Mouse, Multi-Touch MacBook trackpad, and Magic Trackpad. These gestures are customizable: Magic Mouse: Pinch in / out (zoom... Read more

The best 2v2 card combos in Clash Royale
2v2 is making it's grand return toClash Royalequite soon. 2v2 has quickly become one of the game's most popular gameplay modes, though they still have yet to make it a permanent fixture in the game. 2v2 is exciting and adds some new flavor to... | Read more »
The best games we played this week - Aug...
Another busy week has come to a close. We played a lot of excellent games this week and now it's time to look back and reflect on some our favorites. Here are our picks for the week of August 18. [Read more] | Read more »
War Wings beginner's guide - how to...
War Wings is the newest project from well-established game maker Miniclip. It's a World War II aerial dogfighting game with loads of different airplane models to unlock and battle. The game offers plenty of single player and multiplayer action. We... | Read more »
How to win every 2v2 battle in Clash Roy...
2v2 is coming back to Clash Royale in a big way. Although it's only been available for temporary periods of time, 2v2 has seen a hugely positive fan response, with players clamoring for more team-based gameplay. Soon we'll get yet another taste of... | Read more »
Roll to Win with Game of Dice’s new upda...
Joycity’s hit Game of Dice gets a big new update this week, introducing new maps, mechanics, and even costumes. The update sets players loose on an exciting new map, The Cursed Tower, that allows folks to use special Runes mid-match. If you feel... | Read more »
Bottom of the 9th (Games)
Bottom of the 9th 1.0.1 Device: iOS iPhone Category: Games Price: $4.99, Version: 1.0.1 (iTunes) Description: Play the most exciting moment of baseball in this fast-paced dice and card game! | Read more »
The best apps for viewing the solar ecli...
If you somehow missed the news, many parts of the United States will be witness to a total solar eclipse on August 21 for the first time in over 90 years. It'll be possible to see the eclipse in at least some capacity throughout the continental U... | Read more »
The 5 best mobile survival games
Games like ARK: Survival Evolved and Conan Exiles have taken the world of gaming by storm. The market is now flooded with hardcore survival games that send players off into the game's world with nothing but maybe the clothes on their back. Never... | Read more »
Portal Walk (Games)
Portal Walk 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: Portal Walk is adventure and relaxing platform game about Eugene. Eugene stuck between worlds and trying to find way back home.... | Read more »
Technobabylon (Games)
Technobabylon 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: City of Newton, 2087. Genetic engineering is the norm, the addictive Trance has replaced almost any need for human interaction,... | Read more »

Price Scanner via MacPrices.net

15-inch 2.2GHz Retina MacBook Pro, Apple refu...
Apple has Certified Refurbished 2015 15″ 2.2GHz Retina MacBook Pros available for $1699. That’s $300 off MSRP, and it’s the lowest price available for a 15″ MacBook Pro. An Apple one-year warranty is... Read more
Apple refurbished Mac minis available startin...
Apple has Certified Refurbished Mac minis available starting at $419. Apple’s one-year warranty is included with each mini, and shipping is free: – 1.4GHz Mac mini: $419 $80 off MSRP – 2.6GHz Mac... Read more
Apple refurbished iPad Pros available startin...
Apple has Certified Refurbished 2016 12″ WiFi iPad Pros available starting at $589. An Apple one-year warranty is included with each model, and shipping is free: – 32GB 12″ iPad Pro WiFi: $589... Read more
Weekend sale: 13-inch MacBook Pros for up to...
Amazon has new 2017 13″ MacBook Pros on sale today for up to $200 off MSRP, each including free shipping: – 13″ 3.1GHz/256GB Space Gray MacBook Pro (MPXV2LL/A): $1599.99 $200 off MSRP – 13″ 3.1GHz/... Read more
Back To School With The Edge Desk All-in-one...
Back to school is just around the corner, and the ergonomically correct Edge Desk all-in-one portable kneeling desk is ideal for students living in dorms and small apartments, Edge Desk features:... Read more
Norton Core Secure Wi-Fi Router Now Available...
First introduced at the 2017 Consumer Electronics Show (CES), Norton Core, a secure, high-performance Wi-Fi router, fundamentally changed the concept of Wi-Fi routers by making security the primary... Read more
ViewSonic Adds New 27-inch 4K UHD Monitor to...
ViewSonic Corp. has introduced the VP2785-4K, a 27-inch 4K UHD (3840×2160) monitor that delivers precise and consistent color representation and performance to ensure incredible image quality. Built... Read more
Apple now offering Certified Refurbished 2017...
Apple is now offering Certified Refurbished 2017 27″ iMacs for up to $350 off original MSRP. Apple’s one-year warranty is standard, and shipping is free. The following models are available: – 27″ 3.... Read more
13-inch 2.3GHz MacBook Pros on sale for $100...
Amazon has the new 2017 13″ 2.3GHz MacBook Pros on sale today for $100 off MSRP, each including free shipping: – 13″ 2.3GHz/128GB Space Gray MacBook Pro (MPXQ2LL/A): $1199.99 $100 off MSRP – 13″ 2.... Read more
Clearance 2016 13-inch MacBook Airs available...
B&H Photo has clearance 2016 13″ MacBook Airs available for up to $200 off original MSRP. Shipping is free, and B&H charges NY & NJ sales tax only: – 13″ 1.6GHz/128GB MacBook Air (MMGF2LL... Read more

Jobs Board

*Apple* Solutions Consultant - Apple Inc. (U...
…about helping others on a team while also delighting customers? As an Apple Solutions Consultant (ASC), you will discover customers needs and help connect them Read more
*Apple* Solutions Consultant - Apple Inc. (U...
Job Summary As an Apple Solutions Consultant, you'll be the link between our future customers and our products. You'll showcase your entrepreneurial spirit as you Read more
*Apple* Solutions Consultant (ASC) - Stockho...
Job Summary The ASC is an Apple employee who serves as the Apple business manager and influencer in a Reseller's store. The ASC's role is to grow Apple Read more
*Apple* Solutions Consultant - Apple Inc. (U...
…about helping others on a team while also delighting customers? As an Apple Solutions Consultant (ASC), you will discover customers needs and help connect them Read more
*Apple* Solutions Consultant - Apple Inc. (U...
…about helping others on a team while also delighting customers? As an Apple Solutions Consultant (ASC), you will discover customers needs and help connect them Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.