Mac Security Test & Review 2015
|Test Period||July 2015|
|Number of Testcases||105 Mac, 1000 Windows|
|Online with cloud connectivity|
|False Alarm Test included|
In October 2014, the existence of Mac malware called iWorm was widely reported, e.g. https://grahamcluley.com/2014/10/mac-malware-botnet-reddit/. This is believed to have infected about 18,000 Mac OS X systems, which were harnessed into a botnet. Although Apple is reported to have updated OS X protection to prevent the iWorm from installing, it once again illustrates that Mac systems are not immune to infection by malware, and that it is necessary to take precautions to protect them.
For a sensible discussion of the subject, it is necessary to understand that a computer virus is only one of a number of different types of malware (malicious software). These days, viruses make up a small percentage of all known malware; Trojans (malicious programs disguised as e.g. games or music files) are much more common. Whilst the number of actual viruses affecting Mac OS X may be negligible or even zero, Mac systems clearly can be infected by Trojans, if users are fooled into installing them. Please note that nearly all manufacturers still call their products “antivirus”, although in reality they protect against all types of malware, including Trojans.
Experienced and responsible Mac users who are careful about which programs they install, and which sources they obtain them from, may well argue – very reasonably – that they are not at risk from Mac malware. However, we feel that non-expert users, children, and users who frequently like to experiment with new software, could definitely benefit from having security software on their Mac systems.
As with Windows computers, Macs can be made safer by employing good security practices. We recommend the following:
- Do not use an administrator account for day-to-day computing
- Use a sandboxed browser such as Google Chrome
- Uninstall/disable the standalone Flash Player
- Uninstall/disable Java unless it is essential for you
- Keep your Mac operating system and third-party software up-to-date with the latest patches
- Use secure passwords (the Mac includes the KeyChain password manager)
- Deactivate any services such as Airport, Bluetooth or IPv6 that you don’t use
- Be careful about which programs you install and where you download them from
We have reviewed and tested the following products for this report, using the newest version available in July 2015:
The test was conducted on the 1st July 2015. After the test, the participating vendors received the malicious files they missed. By now (18th July 2015), they have updated their definitions so that they recognise all the malware samples used in our test. We congratulate those manufacturers who took part in the public test, as we feel their commitment is a valuable contribution to improving their products and thus preventing the spread of cybercrime.
A more complete list of available antivirus programs for the Mac can be seen here.
Malware Protection Test
In addition to the interface review described above, we have also conducted malware protection tests to see how effectively the Mac security products protect the system against malware. For this test, we used 105 recent and prevalent samples of Mac malware that are not blocked by Mac OS X Yosemite itself. All are distinctly malicious, functioning programs and were seen in-the-field in 2015. As usual, we did not include any potentially unwanted or grey samples (adware, hacking tools, etc.) in the set. We also excluded component files (which could be in the thousands) as these cannot run and do not pose a risk by themselves; certain magazine tests tend to use such files just because they are detected by various products, but we consider inactive components to be irrelevant. We ended up with a test set consisting of 105 malicious Mac apps found in-the-field that pose a risk to users, and should be covered by Mac Security products. In our opinion, these 105 malicious Mac apps represent a substantial part of all in-the-field Mac malware from the first half of 2015.
The number of malicious programs that can currently attack Mac OS X Yosemite is limited. However, as most Mac systems do not run any third-party security software, even these few threats could cause widespread damage. Precisely because a Mac security product only has to identify a small number of samples, we would expect it to protect the system against all threats that have not yet been blocked by OS X itself.
Before the test, the Mac OS X was updated and an image created; no further OS X updates were then applied. Each program was installed on the freshly imaged machine and the definitions updated to the 1st July 2015. The Mac remained connected to the Internet during the tests, so that cloud services could be used. A USB flash drive containing the malware samples was then plugged in to the test computer. At this stage, some antivirus programs recognised some of the samples. We then ran an-on demand scan of the flash drive, either from the context menu if available, or from the main program window if not. Samples found were quarantined or deleted. After this, we copied the remaining samples to the Mac’s hard disk. Any samples not detected or deactivated by the scan or real-time protection were then installed and executed, providing the security product with a final chance to detect the malware.
Most of the Mac security products in our review claim to detect Windows malware as well as Mac malware, thus ensuring that the user’s computer does not inadvertently act as a conduit for programs that could attack Windows PCs. For this reason, we also checked if the Mac antivirus products in our review detect Windows malware. We used 1,000 very prevalent Windows malware samples; the procedure was identical to that for Mac malware, except that we did not make any attempt to run any of the samples that were not detected in the scan, as Windows programs cannot be executed under Mac OS.
The chart and table below show the protection results for the products in the review. The figures for Mac malware protection indicate the number of samples blocked at any stage of the testing procedure, i.e. regardless of whether the malware was detected/blocked in one of the on-demand scans, by real-time protection, or on-execution.
|Product||Mac Malware Protection
105 recent samples
|Windows Malware Detection
1,000 most-prevalent samples
|Avast Free Mac Security||100%||100%|
|AVG AntiVirus for Mac||100%||100%|
|AVIRA Free Antivirus for Mac||99%||100%|
|Bitdefender Antivirus for Mac||99%||100%|
|ESET Cyber Security Pro||100%||100%|
|F-Secure SAFE for Mac||100%||28%|
|Intego Mac Premium Bundle X8||100%||50%|
|Kaspersky Internet Security for Mac||100%||100%|
|Sophos Anti-Virus for Mac||100%||100%|
Award levels reached in this Mac Security Review
Nine of the products we have reviewed receive our Approved Security Product award. Unfortunately, we were unable to give Kromtech MacKeeper an award, due to a number of issues relating to the initial system analysis.
The test covers protection against Mac malware and detection of Windows malware, while the review looks at ease of use and help functions. Potential users should also consider additional features and price before choosing a product. We always recommend installing a trial version of any paid-for product before making a purchase.
|Avast Free Antivirus for Mac identified 100% of samples in our Mac malware test. The user interface is modern and largely very straightforward to use.|
|AVG AntiVirus for Mac is a simple, easy-to-use antivirus program for Mac, with all essential features. Its detection of Mac malware was perfect.|
|Avira Free Antivirus for Mac combines excellent protection against Mac malware (99% detected) with a new, well-designed interface.|
|Bitdefender Antivirus for Mac provides very good Mac malware detection (99%), but may have difficulty removing some of the malware detected. The program is mostly very easy to use.|
|ESET Cyber Security Pro is a fully featured security program with a very clearly laid-out user interface. It identified 100% of our Mac malware samples.|
|F-Secure SAFE for Mac is a very simple, easy-to-use antivirus program, albeit with minimal features. It detected 100% of Mac malware in our test, but provides very little detection of Windows malware.|
|Intego Mac Premium Bundle X8 identified 100% of our Mac malware samples, and the interface would be fine for experienced Mac users. Detection of Windows malware was limited, however.|
|Kaspersky Internet Security for Mac combines perfect protection against Mac malware (100% detected) with a very usable interface.|
|Sophos Antivirus for Mac is a free program that is extremely effective at protecting against Mac malware (100% detected). It also detected 100% of Windows malware, but could not remove all of it. Its minimalist interface would be fine for experienced Mac users.|
|Kromtech MacKeeper has a usable interface and good detection of Mac malware (98%). However, we feel that some users may find the program’s initial analysis of the Mac to be misleading.|
Copyright and Disclaimer
This publication is Copyright © 2015 by AV-Comparatives ®. Any use of the results, etc. in whole or in part, is ONLY permitted after the explicit written agreement of the management board of AV-Comparatives prior to any publication. AV-Comparatives and its testers cannot be held liable for any damage or loss, which might occur as result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but a liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use or inability to use, the services provided by the website, test documents or any related data.
For more information about AV-Comparatives and the testing methodologies, please visit our website.