TweetFollow Us on Twitter

Real World Review: Sophos Anti-Virus for Mac, Home Edition

Volume Number: 27
Issue Number: 01
Column Tag: Real World Review

Real World Review: Sophos Anti-Virus for Mac, Home Edition

Enterprise-grade antivirus software, now free for home Macs

by Joshua Long


Businesses are often required by laws and company policies to run antivirus software on all their computers, Macs included. In the home environment, however, there are no such requirements, and Mac users have debated for years about whether they should go to the trouble of running antivirus software. Is it really worthwhile to spend $40 every year to protect a Mac with commercial-grade antivirus software, or to endure the agonizing speed degradation commonly associated with AV? Thanks to Sophos, home users can now have quality protection without these frustrations.

Why Mac antivirus software?

Enterprise antivirus maker Sophos announced in November that they would begin offering a free Home Edition of Sophos Anti-Virus to all Mac users. The announcement came just one week after SecureMac and Intego had independently published information about new Java-based Mac malware spreading through Facebook and other sites, dubbed Boonana by SecureMac and identified as a variant of the Koobface malware by Intego.

Two weeks after the release of Sophos Anti-Virus for Mac Home Edition, Sophos released a report showing that a significant number of Macs running their software had been infected with malware. This malware included both Mac-native threats as well as plenty of Java-based malware, which Sophos pointed out "could easily be adapted to download Mac-based threats," as was the case with Boonana. Two Mac-specific threats, OSX/Jahlav-C and OSX/DNSCha-E, were each found on about 1 in every 100 Macs scanned. (For the full Sophos report, see

Sophos vs the competition

Sophos' antivirus engine is one of the best on the market. In AV-Comparatives' ( November 2010 tests of proactive detection of new malware, Sophos Anti-Virus ranked in the top three PC antivirus products, earning the highest certification level (Advanced+). The tests also took into consideration the number of false positives, of which the Sophos engine had "few."

Let's take a look at how Sophos Anti-Virus Home Edition compares to other free alternatives for the Mac. The two most prominent freeware antivirus solutions are ClamXav ( and PC Tools iAntiVirus (, and each is very different from Sophos.

ClamXav is free for anyone to use in any environment, from home computers to enterprise workstations. Although ClamXav does not provide on-access scanning of the whole computer, it can be manually configured to scan files that are downloaded or copied to specific folders, for example ~/Downloads and ~/Desktop. Like Sophos, ClamXav detects malware designed for any platform, as opposed to Mac-only malware.

PC Tools iAntiVirus is only free for home use, and although it does offer on-access scanning, it only detects Mac-specific malware. Neither ClamXav nor iAntiVirus is a comprehensive solution compared to Sophos. Of the three, only Sophos will detect infected Web pages and e-mail attachments as soon as they are downloaded, regardless of the threat's target platform.

I tested Sophos and ClamXav with several hundred samples that I've collected from infected computers, Web sites, and e-mails over the past couple years. ClamXav only detected about 75% as many files as Sophos, although ClamXav detected some files (particularly Windows adware) that Sophos did not detect. Neither one detected all the samples, which was expected; no antivirus solution detects 100% of infected or potentially dangerous files.

Figure 1 - Threat detected by Sophos Anti-Virus


Unlike most full-featured antivirus solutions, the default settings of Sophos Anti-Virus do not automatically delete infected files or prompt users to do so. Instead, Sophos displays an alert informing the user that a threat has been detected, with options to open the Quarantine Manager or close the dialog box, and the latter is the default selection. Regardless of which option the user chooses, as long as Sophos' on-access scanner is enabled, the file is inaccessible and cannot be opened or even duplicated in the Finder or the Terminal (even using sudo).

Figure 2 - When a threat is found, Sophos denies access by default

If a malicious Mac application is detected by Sophos, attempting to open the application will result in two Mac OS X dialog boxes informing the user that they can't open the application because it is "not supported on this type of Mac." Thus, Sophos effectively quarantines the files in place.

Figure 3 - Malware is not supported on this type of Mac

Even trying to access quarantined files from another computer via a network share proves fruitless. I had Sophos running on an iMac and no antivirus software on a MacBook Pro. From the MacBook Pro I connected to an AFP share on the iMac and tried to copy a file from the iMac to the local hard drive. This resulted in a Mac OS X dialog box explaining that I did not have permission to access the file. I also tried to duplicate an infected file in-place on the network share, which caused the MacBook Pro's Finder to crash and relaunch (note to self: file a bug report). In any case, Sophos quarantines files on the local system in such a way that they cannot be accessed by remote systems.


One strange and annoying issue I've encountered is that Sophos Anti-Virus frequently grays out the Clean Up Threat button for items that should be easy for Sophos to delete on its own. For example, the action available for dealing with .zip files downloaded from parcel scam e-mails is Clean up manually, meaning that users must try to locate the infected files on their computer. This may or may not be easy, depending on whether the full path is shown in the Quarantine Manager; if the path or file name is too long, the path will be truncated, so you may have to use Spotlight or a third-party search utility to locate the file (refer to the screenshot of the Quarantine Manager). You cannot resize the window so there is no way to see the full path, and there is no Show in Finder option either.

Figure 4 - "Clean up manually"... okay, so what's the full path?

In other cases, instead of Clean up manually the available action will be Restart Mac instead, even when there's absolutely no reason why that should be necessary. I came across this after downloading fake ActiveX video codec malware, which consisted of nothing more than Windows .exe files. Why on earth would Sophos need to restart the computer to clean Windows executables that aren't in use? Worse still, restarting your Mac won't even clean up the threat; it will still be there in the Quarantine Manager after restarting.

Fortunately, Sophos did not gray out the Clean Up Threat button for the Mac OS X-specific threat I had it scan (a dangerous Space Invaders-style game called lose/lose which deletes files in the user's home directory when you destroy enemy spaceships); no manual deletion or restarting is required to clean that Mac-native threat.


Antivirus suites have a reputation of slowing down computers. In my testing, there was no noticeable decrease in system speed or usability after installing the Sophos software. I even tested it on a low-end Hackintosh netbook (a Dell Mini 10v with a 1.6 GHz Intel Atom processor and 1 GB RAM) and the system was still quite usable after installing Sophos.


For those who support Macs in a home environment, I recommend trying Sophos Anti-Virus for Mac Home Edition. Although there's currently only a small amount of Mac-specific malware in the wild, Sophos can protect Macs from other threats such as malicious JavaScript redirectors, Adobe Flash files that exploit known vulnerabilities (see Mike Hjörleifsson's CoreSec column in the MacTech November 2010 issue), multiplatform Java-based attacks like Boonana, and Windows-based malware that could accidentally be opened in a virtual environment like Parallels or VMware, and it can also discover infections on USB flash drives that you might have picked up from an infected PC unbeknownst to you.

It's time for us to put away our Smug Virus-Free Mac User shirts of yore and become more proactive at defending Macs from security threats. Three cheers to Sophos for lighting the way into battle.

Joshua Long has a master’s degree in IT concentrating in Internet Security, is a Security+ certified professional, and is currently earning a Ph.D. in Business Administration specializing in Computer and Information Security. Josh writes about malware and other information security topics at He is also the producer and host of MacTech Magazine’s official podcast, MacTech Live ( You can follow him on Twitter @theJoshMeister or contact him via e-mail at


Community Search:
MacTech Search:

Software Updates via MacUpdate

Tweetbot 2.1 - Popular Twitter client. (...
Tweetbot is a full-featured OS X Twitter client with a lot of personality. Whether it's the meticulously-crafted interface, sounds and animation, or features like multiple timelines and column views... Read more
MacPilot 8.0 - Enable over 1,200 hidden...
MacPilot gives you the power of UNIX and the simplicity of Macintosh, which means a phenomenal amount of untapped power in your hands! Use MacPilot to unlock over 1,200 features, and access them all... Read more
Typinator 6.7 - Speedy and reliable text...
Typinator turbo-charges your typing productivity. Type a little. Typinator does the rest. We've all faced projects that require repetitive typing tasks. With Typinator, you can store commonly used... Read more
Adobe Lightroom 6.2 - Import, develop, a...
Adobe Lightroom is available as part of Adobe Creative Cloud for as little as $9.99/month bundled with Photoshop CC as part of the photography package. Lightroom 6 is also available for purchase as a... Read more
ForeverSave 2.1.4 - Universal auto-save...
ForeverSave auto-saves all documents you're working on while simultaneously doing backup versioning in the background. Lost data can be quickly restored at any time. Losing data, caused by... Read more
VueScan 9.5.27 - Scanner software with a...
VueScan is a scanning program that works with most high-quality flatbed and film scanners to produce scans that have excellent color fidelity and color balance. VueScan is easy to use, and has... Read more
AirPort Utility 6.3.6 - Set up and manag...
Note: Most recent release available only within OS X 10.11 El Capitan update. Use AirPort Utility to set up and manage your Wi-Fi network and AirPort base stations, including AirPort Express, AirPort... Read more
Quicksilver 1.3.1 - Application launcher...
Quicksilver is a light, fast and free Mac application that gives you the power to control your Mac with keystrokes alone. Quicksilver allows you to find what you need quickly and easily, then act... Read more
Tidy Up (Five Users) 4.1.5 - Find duplic...
Tidy Up is a complete duplicate finder and disk-tidiness utility. With Tidy Up you can search for duplicate files and packages by the owner application, content, type, creator, extension, time... Read more
Mellel 3.4.3 - The word processor of cho...
Mellel is the leading word processor for OS X and has been widely considered the industry standard since its inception. Mellel focuses on writers and scholars for technical writing and multilingual... Read more

Royal Bounty HD (Games)
Royal Bounty HD 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: New World Computing Approved "Hi Guys! looks good so far! keep up the good work. I worked on HoMM 3 and 4 creating all of the... | Read more »
Swords & Crossbones: An Epic Pirate...
Swords & Crossbones: An Epic Pirate Story 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: | Read more »
Camel Up (Games)
Camel Up 1.0.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0.0 (iTunes) Description: | Read more »
The Martian: Bring Him Home (Games)
The Martian: Bring Him Home 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: Based on the best selling novel and critically acclaimed film, THE MARTIAN tells the story of Astronaut Mark... | Read more »
This Week at 148Apps: September 21-30, 2...
Leap Into Fall With 148Apps How do you know what apps are worth your time and money? Just look to the review team at 148Apps. We sort through the chaos and find the apps you're looking for. The ones we love become Editor’s Choice, standing out above... | Read more »
Tweetbot 4 for Twitter (Social Networki...
Tweetbot 4 for Twitter 4.0 Device: iOS Universal Category: Social Networking Price: $4.99, Version: 4.0 (iTunes) Description: *** 50% off for a limited time. *** | Read more »
Mori (Games)
Mori 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: Stop, rewind and unwind with Mori. Time is always running, take a moment to take control. Mori is an action puzzle game about infinitely... | Read more »
100 Years' War (Games)
100 Years' War 1.0 Device: iOS Universal Category: Games Price: $3.99, Version: 1.0 (iTunes) Description: | Read more »
Tower in the Sky (Games)
Tower in the Sky 0.0.60 Device: iOS Universal Category: Games Price: $1.99, Version: 0.0.60 (iTunes) Description: | Read more »
hocus. (Games)
hocus. 1.0.0 Device: iOS Universal Category: Games Price: $.99, Version: 1.0.0 (iTunes) Description: New, polished, mind-bending, minimal puzzle game with dozens of levels and extra-ordinary design Features:- Beautifully crafted... | Read more »

Price Scanner via

Is The iPad Pro Really A Serious Laptop Repla...
Probably not, at least for productive professionals and other power users. Steve Jobs declared that we’d entered the “post-PC Era” with the advent of the original iPad in 2010, a phrase we don’t hear... Read more
Wednesday Deal: 13-inch Retina MacBook Pros f...
Adorama has 13″ Retina MacBook Pros on sale for up to $130 off MSRP. Shipping is free, and Adorama charges sales tax for NY & NJ residents only: - 13″ 2.7GHz/128GB Retina MacBook Pro: $1199.99 $... Read more
uBar 3.0 for Mac OS X – Custom Dock Replaceme...
Brawer Software has announced the release of uBar 3.0, an important update to their popular app and window manager for Mac OS X. uBar allows users to position it whichever side of the screen they... Read more
13-inch 2.5GHz MacBook Pro (refurbished) avai...
Apple has Certified Refurbished 13″ 2.5GHz MacBook Pros available for $829, or $270 off the cost of new models. Apple’s one-year warranty is standard, and shipping is free: - 13″ 2.5GHz MacBook Pros... Read more
27-inch 3.2GHz iMac on sale for $1689, save $...
Adorama has the 27″ 3.2GHz iMac on sale for $1689 including free shipping plus NY & NJ sales tax only. Their price is $110 off MSRP. Read more
12-inch Retina MacBooks on sale for up to $12...
B&H Photo has 12″ Retina MacBooks in stock today and on sale for up to $120 off MSRP. B&H will include free shipping, and there is NY sales tax only: - 12″ 1.1GHz Gray Retina MacBook: $1224 $... Read more
Tablets Shaping Up for Growth in 2016 – Strat...
Observing that Apple, Samsung, and Microsoft have refocused what tablet computers can do, market analysis firm Strategy Analytics believes there is immense opportunity for new and replacement sales... Read more
Apple Interbrand’s Number One Most Valuable G...
Apple and Google hold aced #1 and #2 spots respectively in Interbrand’s 2015 Best Global Brands Report, leading all tech brands that now comprise more than a third of the entire rankings value.... Read more
Apple offering refurbished 2015 13-inch Retin...
Apple is offering Certified Refurbished 2015 13″ Retina MacBook Pros for up to $270 (15%) off the cost of new models. An Apple one-year warranty is included with each model, and shipping is free: -... Read more
Apple refurbished 2015 MacBook Airs available...
Apple has Certified Refurbished 2015 11″ and 13″ MacBook Airs (the latest models), available for up to $180 off the cost of new models. An Apple one-year warranty is included with each MacBook, and... Read more

Jobs Board

Touch Validation Design (EE) - *Apple* Watc...
**Job Summary** Help launch next-generation Touch Technologies in Apple products. The Touch Technology team develops cutting-edge Touch solutions and technologies that Read more
WW Sales Strategy & Program Manager, *Ap...
**Job Summary** Imagine what you could do here. At Apple , great ideas have a way of becoming great products, services, and customer experiences very quickly. Bring Read more
*Apple* TV Product Design Internship (Spring...
…the mechanical design effort associated with creating world-class products with the Apple TV PD Group. Responsibilities will include working closely with manufacturing, Read more
Product Design Engineer - *Apple* Watch - A...
**Job Summary** Product Design Engineer - WATCH ( Apple Watch) Be an integral part of a small and visible team of world-class Mechanical Engineers making Apple 's Read more
Senior Software System App Engineer, *Apple*...
**Job Summary** The Apple Watch system application team is looking for great software engineers who are comfortable working across all levels of the software stack. From Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.