TweetFollow Us on Twitter

Real World Review: Sophos Anti-Virus for Mac, Home Edition

Volume Number: 27
Issue Number: 01
Column Tag: Real World Review

Real World Review: Sophos Anti-Virus for Mac, Home Edition

Enterprise-grade antivirus software, now free for home Macs

by Joshua Long

Introduction

Businesses are often required by laws and company policies to run antivirus software on all their computers, Macs included. In the home environment, however, there are no such requirements, and Mac users have debated for years about whether they should go to the trouble of running antivirus software. Is it really worthwhile to spend $40 every year to protect a Mac with commercial-grade antivirus software, or to endure the agonizing speed degradation commonly associated with AV? Thanks to Sophos, home users can now have quality protection without these frustrations.

Why Mac antivirus software?

Enterprise antivirus maker Sophos announced in November that they would begin offering a free Home Edition of Sophos Anti-Virus to all Mac users. The announcement came just one week after SecureMac and Intego had independently published information about new Java-based Mac malware spreading through Facebook and other sites, dubbed Boonana by SecureMac and identified as a variant of the Koobface malware by Intego.

Two weeks after the release of Sophos Anti-Virus for Mac Home Edition, Sophos released a report showing that a significant number of Macs running their software had been infected with malware. This malware included both Mac-native threats as well as plenty of Java-based malware, which Sophos pointed out "could easily be adapted to download Mac-based threats," as was the case with Boonana. Two Mac-specific threats, OSX/Jahlav-C and OSX/DNSCha-E, were each found on about 1 in every 100 Macs scanned. (For the full Sophos report, see http://macte.ch/sophos_stats).

Sophos vs the competition

Sophos' antivirus engine is one of the best on the market. In AV-Comparatives' (av-comparatives.org) November 2010 tests of proactive detection of new malware, Sophos Anti-Virus ranked in the top three PC antivirus products, earning the highest certification level (Advanced+). The tests also took into consideration the number of false positives, of which the Sophos engine had "few."

Let's take a look at how Sophos Anti-Virus Home Edition compares to other free alternatives for the Mac. The two most prominent freeware antivirus solutions are ClamXav (clamxav.com) and PC Tools iAntiVirus (iantivirus.com), and each is very different from Sophos.

ClamXav is free for anyone to use in any environment, from home computers to enterprise workstations. Although ClamXav does not provide on-access scanning of the whole computer, it can be manually configured to scan files that are downloaded or copied to specific folders, for example ~/Downloads and ~/Desktop. Like Sophos, ClamXav detects malware designed for any platform, as opposed to Mac-only malware.

PC Tools iAntiVirus is only free for home use, and although it does offer on-access scanning, it only detects Mac-specific malware. Neither ClamXav nor iAntiVirus is a comprehensive solution compared to Sophos. Of the three, only Sophos will detect infected Web pages and e-mail attachments as soon as they are downloaded, regardless of the threat's target platform.

I tested Sophos and ClamXav with several hundred samples that I've collected from infected computers, Web sites, and e-mails over the past couple years. ClamXav only detected about 75% as many files as Sophos, although ClamXav detected some files (particularly Windows adware) that Sophos did not detect. Neither one detected all the samples, which was expected; no antivirus solution detects 100% of infected or potentially dangerous files.


Figure 1 - Threat detected by Sophos Anti-Virus

Effectiveness

Unlike most full-featured antivirus solutions, the default settings of Sophos Anti-Virus do not automatically delete infected files or prompt users to do so. Instead, Sophos displays an alert informing the user that a threat has been detected, with options to open the Quarantine Manager or close the dialog box, and the latter is the default selection. Regardless of which option the user chooses, as long as Sophos' on-access scanner is enabled, the file is inaccessible and cannot be opened or even duplicated in the Finder or the Terminal (even using sudo).


Figure 2 - When a threat is found, Sophos denies access by default

If a malicious Mac application is detected by Sophos, attempting to open the application will result in two Mac OS X dialog boxes informing the user that they can't open the application because it is "not supported on this type of Mac." Thus, Sophos effectively quarantines the files in place.


Figure 3 - Malware is not supported on this type of Mac

Even trying to access quarantined files from another computer via a network share proves fruitless. I had Sophos running on an iMac and no antivirus software on a MacBook Pro. From the MacBook Pro I connected to an AFP share on the iMac and tried to copy a file from the iMac to the local hard drive. This resulted in a Mac OS X dialog box explaining that I did not have permission to access the file. I also tried to duplicate an infected file in-place on the network share, which caused the MacBook Pro's Finder to crash and relaunch (note to self: file a bug report). In any case, Sophos quarantines files on the local system in such a way that they cannot be accessed by remote systems.

Annoyances

One strange and annoying issue I've encountered is that Sophos Anti-Virus frequently grays out the Clean Up Threat button for items that should be easy for Sophos to delete on its own. For example, the action available for dealing with .zip files downloaded from parcel scam e-mails is Clean up manually, meaning that users must try to locate the infected files on their computer. This may or may not be easy, depending on whether the full path is shown in the Quarantine Manager; if the path or file name is too long, the path will be truncated, so you may have to use Spotlight or a third-party search utility to locate the file (refer to the screenshot of the Quarantine Manager). You cannot resize the window so there is no way to see the full path, and there is no Show in Finder option either.


Figure 4 - "Clean up manually"... okay, so what's the full path?

In other cases, instead of Clean up manually the available action will be Restart Mac instead, even when there's absolutely no reason why that should be necessary. I came across this after downloading fake ActiveX video codec malware, which consisted of nothing more than Windows .exe files. Why on earth would Sophos need to restart the computer to clean Windows executables that aren't in use? Worse still, restarting your Mac won't even clean up the threat; it will still be there in the Quarantine Manager after restarting.

Fortunately, Sophos did not gray out the Clean Up Threat button for the Mac OS X-specific threat I had it scan (a dangerous Space Invaders-style game called lose/lose which deletes files in the user's home directory when you destroy enemy spaceships); no manual deletion or restarting is required to clean that Mac-native threat.

Speed

Antivirus suites have a reputation of slowing down computers. In my testing, there was no noticeable decrease in system speed or usability after installing the Sophos software. I even tested it on a low-end Hackintosh netbook (a Dell Mini 10v with a 1.6 GHz Intel Atom processor and 1 GB RAM) and the system was still quite usable after installing Sophos.

Conclusion

For those who support Macs in a home environment, I recommend trying Sophos Anti-Virus for Mac Home Edition. Although there's currently only a small amount of Mac-specific malware in the wild, Sophos can protect Macs from other threats such as malicious JavaScript redirectors, Adobe Flash files that exploit known vulnerabilities (see Mike Hjörleifsson's CoreSec column in the MacTech November 2010 issue), multiplatform Java-based attacks like Boonana, and Windows-based malware that could accidentally be opened in a virtual environment like Parallels or VMware, and it can also discover infections on USB flash drives that you might have picked up from an infected PC unbeknownst to you.

It's time for us to put away our Smug Virus-Free Mac User shirts of yore and become more proactive at defending Macs from security threats. Three cheers to Sophos for lighting the way into battle.


Joshua Long has a master’s degree in IT concentrating in Internet Security, is a Security+ certified professional, and is currently earning a Ph.D. in Business Administration specializing in Computer and Information Security. Josh writes about malware and other information security topics at security.thejoshmeister.com. He is also the producer and host of MacTech Magazine’s official podcast, MacTech Live (www.mactech.com/live). You can follow him on Twitter @theJoshMeister or contact him via e-mail at jlong@mactech.com.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Apple GarageBand 10.1 - Complete recordi...
The new GarageBand is a whole music creation studio right inside your Mac -- complete with keyboard, synths, orchestral and percussion instruments, presets for guitar and voice, an entirely... Read more
Duplicate Annihilator 5.7.7 - Find and d...
Duplicate Annihilator takes on the time-consuming task of comparing the images in your iPhoto library using effective algorithms to make sure that no duplicate escapes. Duplicate Annihilator... Read more
OS X Server 4.1.3 - For OS X 10.10 Yosem...
Designed for OS X and iOS devices, OS X Server makes it easy to share files, schedule meetings, synchronize contacts, develop software, host your own website, publish wikis, configure Mac, iPhone,... Read more
pwSafe 4.1 - Secure password management...
pwSafe provides simple and secure password management across devices and computers. pwSafe uses iCloud to keep your password databases backed-up and synced between Macs and iOS devices. It is... Read more
Kodi 15.0.rc1 - Powerful media center to...
Kodi (was XBMC) is an award-winning free and open-source (GPL) software media player and entertainment hub that can be installed on Linux, OS X, Windows, iOS, and Android, featuring a 10-foot user... Read more
Coda 2.5.11 - One-window Web development...
Coda is a powerful Web editor that puts everything in one place. An editor. Terminal. CSS. Files. With Coda 2, we went beyond expectations. With loads of new, much-requested features, a few surprises... Read more
Bookends 12.5.7 - Reference management a...
Bookends is a full-featured bibliography/reference and information-management system for students and professionals. Access the power of Bookends directly from Mellel, Nisus Writer Pro, or MS Word (... Read more
Maya 2016 - Professional 3D modeling and...
Maya is an award-winning software and powerful, integrated 3D modeling, animation, visual effects, and rendering solution. Because Maya is based on an open architecture, all your work can be scripted... Read more
RapidWeaver 6.2.3 - Create template-base...
RapidWeaver is a next-generation Web design application to help you easily create professional-looking Web sites in minutes. No knowledge of complex code is required, RapidWeaver will take care of... Read more
MacFamilyTree 7.5.2 - Create and explore...
MacFamilyTree gives genealogy a facelift: it's modern, interactive, incredibly fast, and easy to use. We're convinced that generations of chroniclers would have loved to trade in their genealogy... Read more

Rage of Bahamut is Giving Almost All of...
The App Store isn't what it used to be back in 2012, so it's not unexpected to see some games changing their structures with the times. Now we can add Rage of Bahamut to that list with the recent announcement that the game is severely cutting back... | Read more »
Adventures of Pip (Games)
Adventures of Pip 1.0 Device: iOS iPhone Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: ** ONE WEEK ONLY — 66% OFF! *** “Adventures of Pip is a delightful little platformer full of charm, challenge and impeccable... | Read more »
Divide By Sheep - Tips, Tricks, and Stre...
Who would have thought splitting up sheep could be so involved? Anyone who’s played Divide by Sheep, that’s who! While we’re not about to give you complete solutions to everything (because that’s just cheating), we will happily give you some... | Read more »
NaturalMotion and Zynga Have Started Tea...
An official sequel to 2012's CSR Racing is officially on the way, with Zynga and NaturalMotion releasing a short teaser trailer to get everyone excited. Well, as excited as one can get from a trailer with no gameplay footage, anyway. [Read more] | Read more »
Grab a Friend and Pick up Overkill 3, Be...
Overkill 3 is a pretty enjoyable third-person shooter that was sort of begging for some online multiplayer. Fortunately the begging can stop, because its newest update has added an online co-op mode. [Read more] | Read more »
Scanner Pro's Newest Update Adds Au...
Scanner Pro is one of the most popular document scanning apps on iOS, thanks in no small part to its near-constant updates, I'm sure. Now we're up to update number six, and it adds some pretty handy new features. [Read more] | Read more »
Heroki (Games)
Heroki 1.0 Device: iOS Universal Category: Games Price: $7.99, Version: 1.0 (iTunes) Description: CLEAR THE SKIES FOR A NEW HERO!The peaceful sky village of Levantia is in danger! The dastardly Dr. N. Forchin and his accomplice,... | Read more »
Wars of the Roses (Games)
Wars of the Roses 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: | Read more »
TapMon Battle (Games)
TapMon Battle 1.0 Device: iOS Universal Category: Games Price: $.99, Version: 1.0 (iTunes) Description: It's time to battle!Tap! Tap! Tap! Try tap a egg to hatch a Tapmon!Do a battle with another tapmons using your hatched tapmons! *... | Read more »
Alchemic Dungeons (Games)
Alchemic Dungeons 1.0 Device: iOS Universal Category: Games Price: $.99, Version: 1.0 (iTunes) Description: ### Release Event! ### 2.99$->0.99$ for limited time! ### Roguelike Role Playing Game! ### Alchemic Dungeons is roguelike... | Read more »

Price Scanner via MacPrices.net

13-inch 1.6GHz MacBook Air on sale for $849,...
Best Buy has the 2015 13″ 1.6GHz/128GB MacBook Air on sale for $849.99 on their online store this weekend. Choose free shipping or free local store pickup (if available). Sale price for online orders... Read more
Apple Refurbished iMacs available for up to $...
The Apple Store has Apple Certified Refurbished iMacs available for up to $380 off the cost of new models. Apple’s one-year warranty is standard, and shipping is free: - 27″ 3.5GHz 5K iMac – $1949 $... Read more
Apple refurbished 2014 13-inch Retina MacBook...
The Apple Store has Apple Certified Refurbished 2014 13″ Retina MacBook Pros available for up to $400 off original MSRP, starting at $979. An Apple one-year warranty is included with each model, and... Read more
Seagate Backup Plus Drives Feature 200GB of C...
Seagate Technology plc has announced that its Backup Plus family of external storage offerings will now include 200GB of OneDrive cloud storage, a major added value, and the addition of Lyve’s photo... Read more
Canon PIXMA MG3620 Wireless Inkjet All-in-One...
Canon U.S.A., Inc. has announced the PIXMA MG3620 Wireless (1) Inkjet All-in-One (AIO) printer for high-quality photo and document printing. Built with convenience in mind for the everyday home user... Read more
July 4th Holiday Weekend 13-inch MacBook Pro...
Save up to $150 on the purchase of a new 2015 13″ Retina MacBook Pro at the following resellers this weekend. Shipping is free with each model: 2.7GHz/128GB MSRP $1299 2.7GHz/... Read more
27-inch 3.5GHz 5K iMac on sale for $2149, sav...
Best Buy has the 27″ 3.5GHz 5K iMac on sale for $2149.99. Choose free shipping or free local store pickup (if available). Sale price for online orders only, in-store prices may vary. Their price is $... Read more
Apple now offering refurbished 2015 11-inch...
The Apple Store is now offering Apple Certified Refurbished 2015 11″ MacBook Airs as well as 13″ MacBook Airs (the latest models), available for up to $180 off the cost of new models. An Apple one-... Read more
15-inch 2.5GHz Retina MacBook Pro on sale for...
Amazon.com has the 15″ 2.5GHz Retina MacBook Pro on sale for $2274 including free shipping. Their price is $225 off MSRP, and it’s the lowest price available for this model. Read more
Finally Safe To Upgrade To Yosemite’?
The reason I’ve held back from upgrading my MacBook Air from OS X 10.9 Mavericks to 10.10 Yosemite for nearly a year isn’t just procrastination. Among other bugs reported, there have been persistent... Read more

Jobs Board

*Apple* Music Producer - Apple (United State...
**Job Summary** Apple Music seeks a Producer to help shepherd some of the most important content and editorial initiatives within the music app, with a particular focus Read more
Editor, *Apple* News - Apple (United States...
**Job Summary** Editor, Apple News The Apple News team is looking for passionate, knowledgeable editors to help identify and deliver the best in breaking national, Read more
*Apple* Watch SW Application Project Manager...
**Job Summary** The Apple Watch software team is looking for an Application Engineering Project Manager to work on new projects for Apple . The successful candidate Read more
Engineering Project Manager - *Apple* Searc...
**Job Summary** Apple 's new Spotlight Suggestions service provides fast, relevant search results from the Inte et in Spotlight and Safari on iOS and OS X. We are looking Read more
Business Development Manager - *Apple* Pay...
**Job Summary** Apple Pay is seeking an experienced relationship manager to support the ongoing management of partners for the Apple Pay platform. This position will Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.