Even though the prevalence of threats for the Mac remains relatively minimal, malware on OS X has raised its ugly head a bit in the past few years. Some in the Mac community have been affected by threats such as the Flashback malware, DNSChanger, and the MacDefender Trojan, among others. As a result, while the most effective way of keeping a Mac secure is to follow safe browsing and computing practices, you may also be considering using anti-malware utilities. But which ones perform best?
Recently, Mac security analyst Thomas Reed attempted to tackle this question in part by putting a number of popular antivirus utilities to the test. To do so, Reed took a collection of 128 malware samples that included both recent active malware threats and extinct threats, and ran a number of popular antivirus utilities to see how they managed this collection. Arguably, the sample size of 128 might not be enough to give a complete assessment of these programs' capabilities, but it should be adequate enough for comparative purposes.
The antivirus tools used in the tests included a number of free and paid scanner packages from Avast, VirusBarrier, Sophos, Dr. Web, ESET, Kaspersky, F-Secure, ClamXav, Norton, MacKeeper, and its included Avira engine, among others. How did each of these do?
While most utilities were able to detect many of the threats run past them in the tests, the difference in what was detected is a bit surprising. Only about half of those tested were able to detect over 90 percent of the threats, and about a third were only able to detect up to 75 percent of the threats. Thomas offered a passing grade to those that were able to detect 79 percent of threats or more, which included about three fourths of the programs, but the determination of what constitutes acceptable performance is up to the end user.
Those at the top of the list were Avast, VirusBarrier, Sophos, and Dr. Web Light; however, not far behind were ESET, Avira (and MacKeeper, which uses the Avira engine), F-Secure, and Kaspersky.
The anti-malware tools that did not fare as well included the popular ClamXav, Norton's Antivirus and iAntivirus (the latter of which has no auto-updates and therefore had out-of-date definitions) and McAfee, which detected between 50 to 80 percent of threats. Two utilities tested, WebRoot SecureAnywhere and SecureMac's MacScan, both detected under 30 percent of the threats.
While performance is likely the primary criterion people use to choose a specific anti-malware program, keep in mind there are other factors to consider beyond such test results. Despite being thorough, some security software packages include a number of additional features that can be a bit intrusive in the system and have at times caused stability and performance problems for some users. Others still might not include all of the features that one wants in a security package; for example, Norton's iAntivirus lacks an auto-update feature, so its definitions database is up to a few months out of date. Therefore, before installing a security package, be sure to read reviews and user experiences about the latest versions of each and see how they have behaved in different setups.
For a full look at his results and analysis, head over to Thomas Reed's Mac antivirus testing to see the methods, results, objections, and special cases considered for these tests.