Two free Mac antivirus apps compared

The donationware ClamXav and the free Sophos Anti-Virus for Mac combine real-time protection, automatic updates, and on-demand malware scanners to help prevent infections.

Recent malware attacks targeting Macs haven't tarnished the machine's reputation as the safer alternative to a Windows PC. But for many Mac users, the Flashback Trojan has dispelled the myth of Mac invulnerability.

The most recent Java-based iteration of Flashback appears to be easy to catch: just visit the wrong Web page and your machine's infected, as Josh Lowensohn describes in his Flashback FAQ .

The FAQ explains that Flashback's creators may have exploited Apple's go-it-alone strategy. Apple refuses to preinstall Adobe's Flash player, so Mac users are prompted to download and install the plug-in when they encounter a Web site that uses Flash. The initial release of Flashback mimicked Adobe's Flash installer.

Likewise, the company's decision to release its own Java patches rather than rely on Oracle's public release may have helped spread the later Java-based version of Flashback: by last February Oracle had patched the Java vulnerability leveraged by Flashback, but Apple didn't get around to plugging the hole until this month.

Tools for detecting and removing Flashback
Apple's Flashback malware removal tool is recommended for Mac OS X Lion without the Java runtime environment installed. Alternatively, F-Secure's free Flashback Removal Tool works with earlier versions of Mac OS X and alerts you to the results of its scan; Apple's tool does nothing unless its scan finds Flashback.

F-Secure Flashback Removal Tool alert
F-Secure's Flashback Removal Tool gives you the all-clear after it scans your Mac for the Flashback Trojan. Screenshot by Dennis O'Reilly/CNET

Topher Kessler explains on the MacFixIt blog how to disable Java on a Mac . Since Java isn't installed by default with OS X Lion, you may be prompted to install the Java runtime when you attempt to open Java Preferences in the Applications/Utilities folder.

To disable Java in the Safari browser, go to Safari > Preferences > Security and uncheck Enable Java.

Safari Preferences dialog Security options
Disable Java in the Safari browser by opening the Preferences dialog and unchecking Enable Java under the Security tab. Screenshot by Dennis O'Reilly/CNET

In Firefox, disable Java by going to Tools > Add-ons > Plug-ins and choosing the Disable button for the Java plug-in. To do the same in Chrome, enter chrome://plugins in the browser's address bar and press Enter. Click Disable under the entry for the Java plug-in.

Prepare for the next Mac malware attack by installing free AV software
The silver lining of the Flashback outbreak is the realization, finally, that Macs need real-time virus protection, too. Two popular antivirus programs for OS X are Mark Allan's ClamXav donationware and the free Sophos Anti-Virus for Mac Home Edition.

Both programs feature automatic updates of their malware definitions, real-time virus protection, and scheduled scans. They can be set to quarantine or remove the threats they detect, and they add a scan-this-file option to the Mac's contextual menu.

Either of the two antivirus apps will provide all the malware protection a Mac user needs, although Sophos Anti-Virus' clean and polished interface gives it an edge over ClamXav.

To start ClamXav, click its icon in the menu bar. Before your first scan, choose the Updated Definitions button. (The program's Preferences options let you update the definition database automatically when the app opens.)

Click the plus button at the bottom of the source pane on the left and choose the item you want to scan, or simply drag the file or folder you want to scan into the source pane. Click the Start Scan button in the top-left corner of the window. The scan progress is shown in the bottom pane, and detected items are listed in the top window.

ClamXav main scan window
The ClamXav scanner shows detected items in the main window, a scan summary in the bottom window, and the scanned items in the left pane. Screenshot by Dennis O'Reilly/CNET

The 27 suspicious items ClamXav identified on my test Mac were all from Gmail's spam folder, which I had inadvertently imported to the Mac mail app. ClamXav will only quarantine the items after you have selected the option under Quarantine in the Preferences dialog.

ClamXav Preferences dialog quarantine options
Set the Quarantine folder for the suspicious items identified by ClamXav via the program's Preferences dialog. Screenshot by Dennis O'Reilly/CNET

Other options in Preferences let you exclude files from scans, schedule scans, and set the program's real-time Sentry feature to scan inserted discs automatically.

Sophos Anti-Virus also places an icon in the menu bar; start by clicking the icon, choosing either Scan Local Drives or Open Sophos Anti-Virus and then the Scan Now button. Select either "Scan with current privileges" or "Scan all" and enter your password.

When the scan completes the results are shown in the small Sophos window. Click the Quarantine Manager button to view more details.

Sophos Anti-Virus for the Mac scan-results window
The simple Sophos scan-results window shows the number of items detected by the scan. Screenshot by Dennis O'Reilly/CNET

Access Sophos Anit-Virus's settings by clicking the menu bar icon and choosing Open Preferences, or go to Sophos Anti-Virus > Preferences on the main menu. You can clean up, move, or delete detected items via the options under Scan Local Drives. Other settings let you activate the on-access scanner, enable the Live Protection feature, and view or clear the log file.

Sophos Anti-Virus for the Mac Preferences dialog
View a detailed log of the Sophos scan by clicking the View Log button in the program's Preferences dialog. Screenshot by Dennis O'Reilly/CNET

ClamXav and Sophos Anti-Virus for the Mac have similar features and worked about the same when I tested the programs, although ClamXav crashed midscan on a couple of occasions. I also found the Sophos design easier to use, but either program will help you lock down your Mac without getting in the way of your work.

About the author

    Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Love heavy and clunky tablets?

    Said no one ever. CNET brings you the lightest and thinnest tablets on the market.