Mac Security Test & Review 2014
|Test Period||July 2014|
|Number of Testcases||65 Mac, 500 Windows|
|Online with cloud connectivity|
|False Alarm Test included|
In January 2014, ZDNet and other sourcres reported the existence of cross-platform botnet software that installs by exploiting a vulnerability in Java SE 7 Update 21 and earlier. It can infect Windows, Linux and Mac OS X computers running the affected Java versions. At about the same time, ZDNet also reported that the Flashback botnet, which it claims had infected over 600,000 Macs in 2012, was still in existence, albeit with a much-reduced number of infected machines (22,000). Reports such as these should serve as a warning to anyone who believes that the Mac OS is immune to malware attacks and that Mac users do not need to consider security issues.
For a sensible discussion of the subject, it is necessary to understand that a computer virus is only one of a number of different types of malware (malicious software). These days, viruses make up a small percentage of all known malware; Trojans (e.g. malicious programs disguised as games or music files) are much more common. Whilst the number of actual viruses affecting Mac OS X may be negligible or even zero, Mac systems clearly can be infected by Trojans, if users are fooled into installing them. Please note that nearly all manufacturers still call their products “antivirus”, although in reality they protect against all types of malware, including Trojans.
Experienced and responsible Mac users who are careful about which programs they install, and which sources they obtain them from, may well argue – very reasonably – that they are not at risk from Mac malware. However, we feel that non-expert users, children, and users who frequently like to experiment with new software, could definitely benefit from having security software on their Mac systems.
As with Windows computers, Macs can be made safer by employing good security practices. We recommend the following:
- Do not use an administrator account for day-to-day computing
- Use a sandboxed browser such as Google Chrome
- Uninstall/disable the standalone Flash Player
- Uninstall/disable Java unless it is essential for you
- Keep your Mac operating system and third-party software up-to-date with the latest patches
- Use secure passwords (the Mac includes the KeyChain password manager)
- Deactivate any services such as Airport, Bluetooth or IPv6 that you don’t use
- Be careful about which programs you install and where you download them from
We have reviewed and tested the following products for this report, using the newest version available in July 2014:
The test was conducted on the 14th July 2014. All participating vendors have by now updated their definitions so that they recognise all the Mac malware samples used in our test. We congratulate those manufacturers who took part in the public test, as we feel their commitment is a valuable contribution to improving their products and thus preventing the spread of cybercrime.
A more complete list of available antivirus programs for the Mac can be seen here.
Malware Protection Test
In addition to the interface review described above, we have also conducted malware protection tests to see how effectively the Mac security products protect the system against malware. For this test, we used 65 recent and prevalent samples of Mac malware that are not blocked by Mac OS X Mavericks itself. All are distinctly malicious, functioning programs and were seen in-the-field in 2014. As usual, we did not include any potentially unwanted or grey samples (adware, hacking tools, etc.) in the set. We also excluded component files (which could be in the thousands) as these cannot run and do not pose a risk by themselves; certain magazine tests tend to use such files just because they are detected by various products, but we consider inactive components to be irrelevant. We ended up with a test set consisting of 65 malicious Mac apps found in-the-field that pose a risk to users, and should be covered by Mac Security products. In our opinion, these 65 malicious Mac apps represent a substantial part of all in-the-field Mac malware from the first half of 2014.
The number of malicious programs that can currently attack Mac OS X Mavericks is very limited. However, as most Mac systems do not run any third-party security software, even these few threats could cause widespread damage. Precisely because a Mac security product only has to identify a small number of samples, we would expect it to protect the system against all threats that have not yet been blocked by OS X itself.
Before the test, the Mac OS X was updated and an image created; no further OS X updates were then applied. Each program was installed on the freshly imaged machine and the definitions updated to the 14th July 2014. The Mac remained connected to the Internet during the tests, so that cloud services could be used. A USB flash drive containing the malware samples was then plugged in to the test computer. At this stage, some antivirus programs recognised some of the samples. We then ran an-on demand scan of the flash drive, either from the context menu if available, or from the main program window if not. Samples found were quarantined or deleted. After this, we copied the remaining samples to the Mac’s hard disk. Any samples not detected or deactivated by the scan or real-time protection were then installed and executed, providing the security product with a final chance to detect the malware.
False Positives Test
There was also a false-positives test, in which 100 common, safe Mac programs were obtained from a popular download site and scanned by the antivirus program.
Most of the Mac security products in our review claim to detect Windows malware as well as Mac malware, thus ensuring that the user’s computer does not inadvertently act as a conduit for programs that could attack Windows PCs. For this reason, we also checked if the Mac antivirus products in our review detect Windows malware. We used 500 very prevalent Windows malware samples; the procedure was identical to that for Mac malware, except that we did not make any attempt to run any of the samples that were not detected in the scan, as Windows programs cannot be executed under Mac OS. With the exception of Intego, all the programs detected all the Windows malware samples.
The chart and table below show the protection results for the products in the review. The figures for Mac malware protection indicate the number of samples blocked at any stage of the testing procedure, i.e. regardless of whether the malware was detected/blocked in one of the on-demand scans, by real-time protection, or on-execution.
|Mac Malware Protection
65 recent samples
|Windows Malware Detection
500 most-prevalent samples
100 popular Mac apps
|avast! Free Antivirus for Mac||100%||100%||0|
|AVIRA Free Antivirus for Mac||91%||100%||0|
|Bitdefender Antivirus for Mac||98%||100%||0|
|ESET Cyber Security Pro||100%||100%||0|
|Intego Mac Premium Bundle||100%||49%||0|
|Kaspersky Internet Security for Mac||97%||100%||0|
|Sophos Anti-Virus for Mac||100%||100%||0|
Award levels reached in this Mac Security Review
Seven of the products we have reviewed receive our Approved Security Product award. Unfortunately, we were unable to give Kromtech MacKeeper an award, due to limited Mac malware protection and puzzling system analysis.
The test covers protection against Mac malware and detection of Windows malware, while the review looks at ease of use and help functions. Potential users should also consider additional features and price before choosing a product. We always recommend installing a trial version of any paid-for product before making a purchase.
|avast! Free Antivirus for Mac identified 100% of samples in our Mac malware test. The user interface is modern and largely very straightforward to use, albeit with a couple of quirks.|
|Avira Free Antivirus for Mac combines fair protection against Mac malware (91% detected) with a very well-designed interface.|
|Bitdefender Antivirus for Mac provides very good Mac malware detection (98%), but may have difficulty removing the malware detected. The program is mostly very easy to use.|
|ESET Cyber Security Pro has a very clearly laid-out user interface and identified 100% of our Mac malware samples.|
|Intego Mac Premium Bundle X8 identified 100% of our Mac malware samples, and the interface would be fine for experienced Mac users. Detection of Windows malware was weak, however.|
|Kaspersky Internet Security for Mac combines excellent protection against Mac malware (97% detected) with a very usable interface.|
|Sophos Antivirus for Mac is a free program that is extremely effective at protecting against Mac malware (100% detected). Its minimalist interface would be fine for experienced Mac users.|
|Kromtech MacKeeper has a usable interface and good Windows malware detection, but is not very effective at detecting Mac malware (80% detected). Not everyone may agree with the program’s initial analysis of their system.|
Copyright and Disclaimer
This publication is Copyright © 2014 by AV-Comparatives ®. Any use of the results, etc. in whole or in part, is ONLY permitted after the explicit written agreement of the management board of AV-Comparatives prior to any publication. AV-Comparatives and its testers cannot be held liable for any damage or loss, which might occur as result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but a liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use or inability to use, the services provided by the website, test documents or any related data.
For more information about AV-Comparatives and the testing methodologies, please visit our website.