For a long time, Mac OS users believed they were safe, that there was no malware for their system. As recent as April 2012 and the flashback attack on over 700,000 Apple PCs, it is clear that attackers also have the Macintosh in their crosshairs. AV-TEST has tested 18 antivirus products for Mac and finds some of them truly superb – others are really horrible.
The universe of known threats for the Mac OS is still not terribly large. This easily leads to the assumption that Mac users don’t have to worry about the topic of security software. What’s more, tests published on the Web with 1 to 20 known Mac intruders, all of which were naturally detected, don’t make the situation any better. In the meantime, however, there are already a few hundred current threats specially targeting the Mac that in particular seek to exploit the security gaps of software add-ons.
Everyone says: Mac OS X can protect itself
To be sure, since OS X 10.7 or 10.8 there are some good internal security systems such as Gatekeeper, Sandbox and Xprotect. Xprotect, for example, checks the mail and browser downloads. USB sticks, CDs or DVDs, however, are not inspected.
The Flashback attack of 2012 caught many users flat-footed, and over 700,000 Macs were infected in a flash. Up to that time, there was a consensus that an antivirus application for a Mac was merely ballast. An opinion that persists to this day, except probably among the some 700,000 Flashback victims.
18 Security suites for Mac put to the test
For the maximum protection under OS X 10.9, the AV-TEST lab inspected 18 currently available Internet security suites in terms of their protection function, system load and false positives. In addition, the features of the protection packages were listed.
In the first part of the test, 117 specimens of malware targeting the Mac were inspected in the so-called on-demand test. This is the normal scanning routine of security tools for malware. In the second part, the on-access test, the quality of the background antivirus watchdog was inspected. In doing so, an additional 84 infected files in the system were copied into another folder. In this case, the watchdog must respond and block access to the infected file.
Partially very weak malware detection
Only the packages from Bitdefender, G Data and Norman were able to complete both parts each with 100 percent detection. This is followed by a wide midfield with 10 products that achieved between 82.1 and 100 percent in the on-demand test. In the on-access test, the scores were only between 70.2 and 100 percent.
The last four products from Symantec, Trend Micro, McAfee and Webroot exhibited very poor results. In the on-demand test, detection was only between 19.7 and 54.7 percent. Also in the on-access test, the four products only achieved 21.4 to 50 percent. The weakest product from Webroot thus only caught every fifth intruder.
If you’re a drag, you’re out
The biggest problem with antivirus applications on the Mac is that they are a drag on the system. In order to measure the burden posed by system watchdogs, the laboratory measured the time it took to copy over 7 GB of data on the reference system: 17.2 seconds. Afterwards, all the products were installed, the copy routine was repeated and the time was clocked.
Half the tested products only slowed down the system by a factor between 1.5 and 10 percent. Regardless of their flawless detection performance, Bitdefender and Norman hardly slowed down the system at all: 17.5 and 18.1 seconds respectively were measured during copying. The strong detection package from G Data slowed down the system slightly more: 19.1 seconds.
Of the initial 16 solutions, with 20.8 seconds the package from Intego marked the threshold to the programs that slowed down the system. Prior to that, a security solution thus slowed down the copying routine by a maximum of 3.6 seconds – that’s not anything the user would notice in everyday use.
Far above this threshold were the packages from Microworld with 40.4 seconds and Trend Micro tested multiple times at 470.3 seconds instead of 17.2 – that is a 27-fold time lag.
Identification friend or foe
All the system watchdogs were tested for false positives. While protection was active, 100 popular software packages from the Mac App Store were each installed. Among them, for example, were tools such as the VLC Media Player, Open Office or Java, for instance. None of the security packages sounded a false alarm here.
For this test, the security software had a somewhat easier job under Mac than under Windows, as the volume of available software is considerably smaller.
Often bare-bones features
In addition to the normal security functions, the packages offer only selective additional functions. Avast offers an anti-spam function. ESET, G Data and Trend Micro an anti-phishing tool. Not even half the packages throw in a safe-browsing function for the user.
There are only additional protection modules, such as a personal firewall, child protection, a backup function or encryption tools on selective products. And this despite the fact that most of the protection packages require payment of an annual license.
Conclusion: More protection is possible
Private Mac users can depend on the internal security systems of the current OS X. But in case a Trojan such as Flashback should ever manage to penetrate the system again, then it will be all over but the shouting. Companies in particular should not incur this risk for corporate and customer data. Because the firm’s existence could easily be at stake.
In the test, the solution of Bitdefender found all malware specimens error-free and did not measurably slow down the system in its routines. G Data and Norman are also reliable security partners. In doing their job, they put an undiscernible additional burden on the system.
The solution from avast! offered the best freeware product in the test. While the system watchdog did not work completely without a glitch, it still performed well, and it was quite economical with resources.
Here’s another tip: Users should definitely have the appropriate security software factory-installed or buy an off-the-shelf version. Because the versions from the Mac App Store have restrictions in their functions!