9/7/2019 Sophos Antivirus For Mac Rating
. Pros Certified by one independent antivirus lab. Webcam protection. Very good phishing protection. Ransomware protection.
Sophos Antivirus for Mac. Rating: Reviewed on: 13 February 18; Viruses detected: 10/10. If you’re a home or non-commercial user then Sophos Home has one huge appealing factor compared to others.
Remote management. Simple parental control. Cons Parental content filter foiled by secure anonymizing proxy. Lacks exploit protection, malware deep-clean, download reputation check, keylogger protection, and other advanced features found in the Windows edition. Bottom Line Sophos Home Premium offers Mac antivirus protection at a very reasonable price, but the absence of many advanced features found in the Windows edition is disappointing. Sophos is a big name in enterprise-level security. With Sophos Home Premium on the Mac and the corresponding Windows product, the developers have brought a good dollop of that high-powered to ordinary users.
Even the free products (on both platforms) offer convenient and powerful protection. Paying for Premium gets you a boatload of advanced features on Windows. Alas, most of these don't make it over to the macOS edition. Sophos Home Premium still provides good protection for Mac users at a reasonable price, however.
Big businesses don't leave antivirus protection to their untrained employees. Rather, the IT Security department manages everything remotely. Sophos Home works the same way. You sign up for an online account, then either download the product to the device you're using or send an email link to install it elsewhere.
All configuration occurs in the online console. Are you the go-to tech support agent for your family? With Sophos, instead of having to drive across town to help Cousin Mel with her antivirus, you can handle it all remotely. Pricing and OS Support Mac users often justify skipping antivirus protection on the basis that there just isn't a lot of Mac malware.
Why spend money on something you might not need? Mac malware is on the rise, however, so you really should install protection. The most common price point for Mac antivirus is just under $40 per year for a single license. Half of the current products fit that model, and most of those give you three licenses for $59.99 per year. With, that $59.99 subscription price gets you not three licenses but unlimited licenses. You can install it on all the macOS, Windows, Android, and iOS devices in your household.
Compared to these commercial products (well, perhaps all but McAfee), Sophos is a bargain. For $50 you can install Sophos Home Premium on up to 10 devices, Mac or PC, and manage them remotely. At $5 per device per year, it isn't free, but it sure isn't expensive. My experience has been that Mac users are more likely to keep their operating systems fully updated than their Windows-loving counterparts. Even so, not everyone has the very latest macOS installed.
Like McAfee, Sophos supports older versions back to Yosemite (10.10). That's a change since the previous edition, which went all the way back to Mountain Lion (10.8)., Norton, and Trend Micro require at least El Capitan (10.11), the toughest OS requirement of my current collection of Mac antivirus products. Online Dashboard Differences As with the free edition, clicking Manage Devices or Preferences from the Sophos widget's menu takes you to the online dashboard.
You can also just log in directly from any browser. The main page lists your protected devices. If you haven't used up all 10 licenses, you can click Add Device to either install on the device you're using or send a link by email.
If you've replaced one of your computers, you can remove it from the dashboard, freeing up that license for reuse. The difference between the Windows and macOS editions are more pronounced in the premium edition. You just get more with on Windows. The Status page looks the same, with panels for Antivirus Protection, Web Protection, Ransomware Protection, Privacy Protection, and Malicious Traffic Detection, but when you dig deeper the differences become evident. The General sub-page, below Protection, looks the same on both platforms.
Clicking Ransomware gets you a simple on/off switch for Ransomware Protection, but the Master Boot Record Protection component, available for Windows devices, isn't there. The Exploits sub-page, home to the most advanced features, doesn't appear at all for Macs. That means you don't get protection against known attacks on vulnerable applications. You don't get the somewhat-arcane Risk Reduction features. Since there are no protected applications, you also don't get the glowing green border and see-through tags that identify such applications in Windows. On the Web sub-page, all you get is protection against known dangerous websites plus the list of any sites you've exempted from that filter.
Windows users get Download Reputation checking, a feature that proved useful in my testing. And Safe Online Banking in the Windows edition includes keystroke encryption, to protect your browsers from keyloggers. Features Shared With the Free Edition The basic antivirus protection in this product is the same as you get with.
If you want more detail than my summary below, please read that article. Antivirus testing lab certifies Sophos for Mac malware protection. Like and several others, Sophos scored 100 percent on this test. Sophos also eliminated 100 percent of Windows malware, which means your Mac won't become an uninfected carrier for those. A full scan of the I use for testing took 20 minutes, a bit faster than average. Unlike the Windows edition, Sophos for Mac defaults to a fast scan that just looks at the most common places for malware.
I still suggest running a full scan upon installation. Afterward, the real-time protection component should protect against any new threats. Note that the Premium edition on Windows includes a deep-digging cleanup tool called Sophos Home Cleaner, designed to root out the last traces of malware. I'm not equipped to test Mac antivirus with active malware, but I did challenge Sophos with my current Windows malware collection. It eliminated all of the actual malware samples, and waited for my decision before removing PUAs. That makes sense; they are only potentially unwanted, after all.
![]()
From the online console, you can configure parental control content filtering for each of your devices. There's no option to impose filtering on a per-user basis. The content filter correctly blocked all the raunchy sites I tried. However, like the similar feature in it can't filter HTTPS traffic.
Using a secure anonymizing proxy (and don't assume your child doesn't know what that is!) totally defeats the content filter. Phishing sites don't contain any malware. They just masquerade as secure sites and troll for victims foolish enough to enter their login credentials.
Phishing trends and techniques change all the time, so I score my phishing test as a comparison against other products. Sophos came in with a detection rate 7 percent lower than that of under Windows. That's lower than when I last tested it, but Sophos retained its position in the chart. Do note that while phishing is platform-independent, phishing protection need not be so. Tested simultaneously with its Windows cousin, came in 14 percentage points lower.
Ransomware Protection On Windows boxes, a typical ransomware attack surreptitiously encrypts important files and demands ransom in untraceable currency before it will decrypt them. A few completely lock your system by encrypting the hard drive. Android ransomware attacks tend to be the system-lock type. Ransomware exists for macOS, too, mostly the file-encryption type. Upgrading from the free edition to premium adds, a big benefit.
Tested on Windows, Sophos detected and prevented attack by all but one of my ransomware samples. That includes the nasty that attempts to encrypt the entire hard drive. Missing one ransomware attack is no big deal, because my Windows test systems are virtual machines. I just roll the VM back to a state before the infection. Sophos also protected against 9 of 10 attacks simulated by KnowBe4's RanSim.
I can't test behavior-based ransomware protection on Mac for several reasons. My Mac test system is a physical laptop, not a virtual machine, so one missed sample could wreak havoc. And is strictly a Windows tool. But the component that handles detecting and thwarting encrypting malware is CryptoGuard, the same as in the Windows edition.
Avast Security, and Trend Micro also offer ransomware protection, but they attack the problem very differently. Rather than looking for ransomware behavior, they prevent modification of sensitive files by unauthorized programs. This technique can be effective, but it only works on the contents of folders that you've flagged for protection. Webcam and Mic Spyware Protection One of the creepier kinds of spyware triggers your webcam without turning the light on, so some creeper can spy on you.
Not many Mac security products offer webcam protection, and it's not always as sophisticated as in Windows equivalents. For example, on Windows, Kaspersky's component warns you when an unknown program tries to peek at you through the webcam, with the option to blacklist it. The Mac edition tones this down to a simple on/off switch for the webcam; leave it off when you're not actively using it.
With Sophos, it's the other way around. Webcam protection in the Windows edition of Sophos Home Premium is even more rudimentary than Kaspersky's on macOS. When a program starts using the webcam, Sophos slides in a transient notification. There's no blacklist or whitelist, and if you're not looking, you might miss the notification. The Mac edition is more sophisticated. It always allows webcam access by known programs such as FaceTime and PhotoBooth.
When it detects an unknown program attempting to use the camera, it slides in a notification, with buttons to Allow or Stop access. To whitelist a program, so it's always allowed, you open the main window and click Allow Always. When the whitelist has at least one item, the main window's menu gets a new choice, Webcam/Microphone Exceptions.
Clicking this gets a list of whitelisted programs, and clicking one of them removes it from the list. My Sophos contacts tell me that the Windows edition will upgrade to this more sophisticated system soon.
Better on Windows Your subscription to Sophos Home Premium lets you install and remotely manage antivirus protection on up to 10 PCs or Macs. However, a large contingent of advanced security features found in the Window edition don't show up for Macs. Among these Windows-only features are exploit protection, advanced malware cleaning, defense against whole-disk encrypting ransomware, and banking protection. Sure, the product is inexpensive, but you get a lot more bang for your buck on a PC. Our Editors' Choice products for Mac antivirus are Bitdefender Antivirus for Mac and Kaspersky Internet Security for Mac. Both get high marks from two independent labs.
Bitdefender offers ransomware protection. Kaspersky watches for webcam spyware, and includes a parental control system markedly better than what you get with Sophos. If your focus is Mac protection, one of these two should do the job.
Excellent score in phishing protection test. Very good score in malicious URL blocking test. Very good independent lab results. Remote management for up to three PCs or Macs. Download protection. Cons Poor score in hands-on malware protection test. Lab test results not current.
Bottom Line Sophos Home Free gives home users much of the antivirus protection found in business security tools from Sophos, including remote management of up to three installations. Most major companies cater to both the consumer and business markets. Sophos is no exception. This company's main focus is on the business side, but consumers can get much of the same business-grade antivirus protection in the form of Sophos Home Free.
It earns a great score in our antiphishing test, but doesn't do so well in our hands-on malware protection test, and its independent lab results, while good, aren't current. Still, it's worth consideration, especially if you need to manage free antivirus protection for others. In a business setting, employees don't manage their own security tools. Rather, the IT department handles that task remotely. It's not surprising, then, that configuration for Sophos Home is an online affair. With a free subscription you can install the product on three systems, Windows or macOS, and manage them online.
So, for example, you could install the product on an aging relative's computer, and remotely view and manage security events. A paid subscription to lets you manage up to 10 installations. Lab Results Hiatus For an evidence-based check on each antivirus utility's protective abilities, I turn to four independent testing labs: AV-Test Institute, SE Labs, and MRG-Effitas. Researchers at these labs put products through grueling tests and report their effectiveness. These are big operations, with more resources than I can bring to bear on a product, so I pay great attention to their findings.
In the past, Sophos has exhibited good ratings. Last year it earned AAA certification from, the best of five certification levels. When last tested by AV-Test, it took 17.5 of 18 possible points. However, Sophos doesn't appear in the latest reports from any of the labs that I follow. My Sophos contact noted that recently tested the business-facing product, Sophos Endpoint Protection.
With six points possible in each of three categories, it earned 5.5 for protection against malware, 5.0 for low performance impact, and 6.0 for few false positive reports. My contact noted that 'we plan to participate in tests starting in 2018.' I look forward to having more lab reports including Sophos. Bitdefender and Kaspersky both earn top marks in almost every test from all four labs. I created an algorithm to map all the tests on to a scale from 0 to 10 and derive an aggregate score.
That algorithm gives Kaspersky a perfect 10, but there's an asterisk. Doesn't include all features of the paid product, so it might not have done as well in testing.
In my own hands-on testing, the free edition didn't do quite as well. Until recently, Bitdefender has cruised along with a 9.9 aggregate score, but a recent lower score brought that down to a still-good 9.0, the same as Avast. Here, too, it's possible that might not have earned the same score. I mentioned that you can install Sophos on both Windows boxes and Macs. Recently earned certification from AV-Test, with 100 percent protection against Mac malware. It also eliminated more than 99 percent of Windows malware, and more than 95 percent of Mac PUAs (Potentially Unwanted Applications). Hands-On Malware Protection Testing.
Sophos doesn't bother with multiple scan types. When you click Scan My Computer, it simply runs a full scan. You should definitely run a scan right after installation. Going forward, the real-time protection should handle any new malware attacks. On my standard clean test system, the scan seemed to go quickly at first, but it slowed way down at 92 percent, finishing in 43 minutes.
The current average is 52 minutes, so this is a decent time. Some antivirus utilities use the initial scan to mark known safe files, so they don't have to scan them again. That can drastically reduce the time for subsequent scans. For example, Norton's initial scan took an hour and 50 minutes, while a repeat scan finished in just 15 minutes.
By observation, Sophos doesn't attempt this kind of optimization. A repeat scan took just as long. When I opened a folder containing my current malware collection, Sophos started deleting those it recognized. For each detection, it slid in a transient popup at the top right corner of the screen. These popups didn't stay visible for long.
I noted that some of the detected samples vanished from the folder on detection while others did not. Checking the account online, I found a lengthy list of PUAs whose fate awaited my decision.
I clicked to clean them all, then clicked History to view the list of all removed threats. Sophos removed 74 percent of the samples on sight. That's decent, but got 96 percent at this point.
I maintain a second set of samples, modified versions of the original collection. For each sample, I change the name, append zeroes to change the file size, and tweak some non-executable bytes. Sophos wiped out some of these as well, but not many. More than half of the tweaked samples whose originals Sophos whacked got past this initial inspection. Of course, the antivirus would have another chance to detect them at launch.
And the missed modified samples didn't include any ransomware. To finish the test, I launched each sample that survived the initial antivirus purge. Sophos did manage to strip the bundled malware from a couple samples rather than deleting the whole package, which is good. It also missed a few.
In one case, it reported that it blocked installation of a PUA over and over, so clearly another malware component was actively running, attempting that installation repeatedly. When I totaled the results, I found that Sophos detected 89 percent of the samples and earned 8.4 of 10 possible points, the same as Trend Micro and barely above. That's not great, and I don't have recent lab reports to fall back on. Still, previous success and good scores from the related business product somewhat offset this score. Tested with the same set of samples, Norton and Webroot both managed 100 percent protection. The free achieved the same feat against my previous malware collection. Tested with that previous collection, Avast scored 9.7 points and AVG took 9.5.
Like most antivirus utilities, Sophos Home includes a component that keeps your browser from connecting to malware-hosting websites. I test this feature using a feed of recently discovered malware-hosting URLs supplied. Even though these are typically just a day old, some have already vanished, or no longer include malware. I work through the feed, launching URL after URL. For those that are still dangerous, I record whether the antivirus kept the browser from visiting the URL, eliminated the malware during download, or totally whiffed the detection. I found that Sophos blocked these dangerous downloads in five distinct ways.
For URLs already on the blacklist, it displayed High Risk Website Blocked in the browser, along with an identifier for the malware that got the URL blacklisted. It also slid in a transient popup warning. For new discoveries, it reported Malicious Content Blocked, also identifying the detected malware. For the rare HTTPS site, the browser displayed an error message; the only indication that Sophos did anything was the transient popup. In a few cases, the reputation-based Download Protection displayed a big desktop overlay warning, with buttons to go ahead or (recommended) abort the download. I always chose the latter.
Finally, if none of those protections kicked in, real-time protection scanned the payload for malware. Out of 100 test URLs, Sophos blocked 92 percent, 84 percent by steering the browser away from the URL and 8 percent by wiping out the malware payload. That's better than most.
However, Norton managed 98 percent protection, and Trend Micro came close with 97 percent. Came in third, with 95 percent. When I repeated this test using Sophos Home Premium, the total protection rate came out the same. However, some of the samples that previously made it to the download phase were now blacklisted.
My contact at Sophos confirmed that this makes sense. My previous test could well have been the tipping point to earn the site a spot on the blacklist. Impressive Phishing Protection Where a malware attack attempts to subvert your device, a phishing attack aims squarely at you, the user. Phishing fraudsters construct websites that look exactly like PayPal, or your bank, or even a gaming site, and hope you'll foolishly enter your username and password.
If you bite, the fraudster owns your account. These fraudulent sites quickly get blacklisted, but the perpetrators simply put up new ones. The most dangerous phishing sites are those that are too new to have hit the blacklist. For testing, I scrape phishing-related websites for the newest reported fraudulent URLs. I launch each one in five browsers simultaneously. The product under test protects one browser, naturally, and another uses Norton, which consistently scores high against phishing. The other three rely on the protection built into Chrome, Firefox, and Internet Explorer.
The same Sophos component that detects malware-hosting URLs also protects you from phishing websites. In testing, I found that just about all of the detections used the High Risk Website warning, meaning the URL showed up on a blacklist. Just a handful reported new detections, identifying the threat as Malware/Phish-A. I did run into quite a few HTTPS sites. When Sophos blocked those, the browser displayed an error, and the transient slide-in notification was the only sign of its activity. I discarded results for any URLs that weren't true examples of phishing, and for any that couldn't be reached by one of the browsers. Running the numbers for the rest, I found that Sophos did very well.
More than half of recent products couldn't beat the phishing protection in one or more of the browsers; nearly one in five scored lower than all three. Sophos beat them all, and its detection rate was just 2 percentage points behind Norton's.
Kaspersky's free antivirus only lagged Norton by 1 percentage point. ZoneAlarm tied Norton, but that was the paid product. Doesn't offer phishing protection. A few products have done even better in this test. Bitdefender Free and Trend Micro actually beat Norton's detection rate, by 5 points and 3 points respectively.
And the full-scale came in a full 12 percentage points better than Norton's score. On the other hand, took a serious tumble the last time I tested its phishing protection.
In previous tests it typically lagged Norton by 20 to30 percent. I'm not sure what happened, but it came in fully 70 percent behind Norton in the latest test. The developers promised better results next time; I'll hold them to that promise.
Limited Parental Content Filter Like the Mac antivirus from Sophos, this product includes a simple content filter. You can apply a measure of parental control to any of your managed devices using this filter. There are 28 content categories, divided into three groups: Adult & Potentially Inappropriate, Social Networking & Computing, and General Interest. You can configure Sophos to block any category or an entire group.
There's also an option to have warn against accessing a category without actively blocking it. However, Sophos has significant limitations.
Unlike most other content filters, it's not independent. It supports Chrome, Edge, Firefox, Internet Explorer, and Opera, but did nothing when I tried with Vivaldi. Because it can't filter HTTPS traffic, a clever teen can totally evade both filtering and monitoring by using a secure anonymizing proxy.
Sophos doesn't attempt to force Safe Search or cover up naughty pictures. If your teenager just wants to view naked girls (or guys), a simple image search will do the job. This component won't prevent a determined youth from ogling nudes or watching violent content.
It could work to buffer a younger child against accidentally running into something nasty. Note, though, that you configure it on a per-device basis, not for each user account, so whatever filters you set up affect all users. At least it's a bonus, not a central feature of this product. Well Worth a Look. Sophos Home Free earns a very good score in our hands-on malicious URL protection test and an even better score in our antiphishing test.
It doesn't fare well in the test, but it has managed very good scores with the independent labs in the past. However, Sophos doesn't appear in the latest reports from the labs that we follow; it should return in 2018. AVG AntiVirus Free and appear in test results from all four of the independent labs that we follow, and routinely earn scores from very good to excellent. These two are our Editors' Choice free antivirus utilities. Since Avast's acquisition of AVG, both use the same underlying antivirus engine, but they retain other distinguishing qualities.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |