12 Security Packages for MacOS Monterey Put to the Test
It is a sad fact that MacOS users are just as popular among cybercriminals as Windows users are. Admittedly, there is more malware for Windows, but the numbers for MacOS have been growing rapidly in recent years. However, not only the overall number of existing MacOS malware samples is dangerous – after all, even one dangerous attacker is sufficient. They very often involve so-called zero-day attacks with new, even unknown malware. It is precisely these and other very dangerous attackers that the lab at AV-TEST fishes out of the Internet and from e-mails prior to the test. Afterwards, the security solutions are called upon to show what they can do.
12 MacOS protectors put to the test
In the current test, 7 security packages for consumer users show how well they protect the MacOS test systems. They came from Avast, AVG, Avira, Bitdefender, F-Secure, Norton and Trend Micro. So that corporate users can find the right protection for their workstation PCs, 5 solutions from Acronis, Bitdefender, CrowdStrike, Sophos and Trellix were evaluated. All products were tested under the platform of MacOS Monterey 12.6.
Each product is thoroughly examined in the categories of protection, performance, and usability. For each of these categories, a product can earn up to 6 points, depending on how well it performs. In the end, a product can receive up to 18 points – or not.
In this test, 9 out of the 12 security programs examined achieved the top score of 18 points. Among the products for consumer users were Avast, AVG, Avira, Bitdefender, Norton and Trend Micro. Among corporate user products, Acronis, Bitdefender and Trellix achieved the 18 points. CrowdStrike und Sophos followed very close behind with 17.5 points.
MacOS protection software in the test focus
Here is how well MacOS security packages detect malware
Protection: scanning, detection, deletion
The protection function is determined in the lab, based on a detection test. In doing so, each security package or each corporate solution is required to detect and fend off a new and extremely dangerous selection of malware samples for MacOS.
Among the packages for consumer users, the products Avast Security, AVG AntiVirus, Bitdefender Antivirus for Mac, Norton with Norton 360 and Trend Micro Antivirus each achieved 100 percent. The Avira Security package committed minor errors: 99.3 percent. The protection application F-Secure Safe failed to identify a few attackers: 97.4 percent success rate.
This is the result for corporate solutions: Acronis Cyber Protect, Bitdefender Endpoint Security for Mac and Trellix Endpoint Security detected all attackers 100 percent. Sophos Endpoint detected almost everything, reaching 99.3 percent. CrowdStrike Falcon Sensor committed minor errors: 98.7 percent goal achievement.
A low system load is good – no system load is even better
There is no user who gladly works on a slow PC only because the security software slows everything down. That is why the lab put to the test how heavily the protection function influences the system load. In an ideal scenario, a user won't even notice that the system protection is working in the background.
For the test, the testers carry out numerous operations on a Mac: they copy files locally and in a network. Afterwards, they download, install and launch many applications. The times required for this are then used as reference values for the test. Afterwards, the lab repeats all the work steps, but this time with an installed security solution. The result was nearly perfect: The consumer user products from Avast, AVG, Avira, Bitdefender, Norton and Trend Micro received the full 6 points – F-Secure received 5.5.
The corporate user solutions also had similar good results: The products from Acronis, Bitdefender, CrowdStrike and Trellix racked up the full 6 points. Sophos exhibited a minor irregularity and still received 5.5 points.
False alarms: an annoyance for everyone
As soon as a security solution sounds an alarm, indicating that a program or a file is suspected to be malware, panic quickly ensues. The consumer user then finds dubious suggestions on the Internet, such as deleting and re-installing their operating system. In a company, the support department may have to shut down an entire department, in order to prevent proliferation of the suspected malware. As necessary as all these steps may be in case of an emergency, a false alarm can really be nerve-jangling. That is why in each test, the lab examines security solutions to see whether they do indeed recognize harmless software as such. As part of the drill, each security product was required to scan over 20,000 harmless programs, in addition to monitoring the installation and execution nearly 100 hundred applications.
The result was perfect! All protection tools, whether for consumer users or corporate users, completed this test involving many files without committing a single error. Thus, all products were able to receive the full 6 points.
MacOS and Windows: harmless collaboration
In many corporate networks, but also in the case of some consumer users, Macs also run alongside Windows PCs. If Windows malware ends up on a Mac, naturally it cannot harm the Mac. If data is copied or moved between the two systems, however, the Windows PC can quickly become infected with the malware sample.
As the capability of detecting Windows malware is not mandatory, the lab does examine it, but this test phase is not scored. All security packages for consumer users detected over 90 percent of the well over 2,000 Windows malware samples – many even achieved over 99 percent.
Among the corporate user solutions, the result was also excellent with over 99 percent, only CrowdStrike did not implement Windows malware detection in the Mac version.
Trend Micro Antivirus
Acronis Cyber Protect
Trellix Endpoint Security
Bitdefender Endpoint Security for Mac
Annoying or dangerous applications after all?
During all Mac tests, the experts at the AV-TEST Institute carry out an additional unrated test: they have all the security packages scan a few thousand "potentially unwanted applications" – PUA for short. The programs may not be directly dangerous, but most users consider them extremely annoying and would like to be warned about them.
Among the consumer user products, almost all of them detected the over 1,200 PUAs at a rate of more than 95 or 99 percent. Only F-Secure came in lower. The corporate packages also detected the PUAs at a rate of more than 95 or 99 percent; only CrowdStrike did not.
Good Mac protection for all classes
The latest test result is a testimony for all products that they do a good job protecting MacOS. This is manifest not only in the points achieved but also in the AV-TEST certificate for tested security, which all products received in the test. The products for consumer users receive the certificate AV-TEST CERTIFIED, and the solutions for corporate users receive the certificate AV-TEST APPROVED.
Among the protection packages for consumer users, the overall points tell a clear story: 6 out of the 7 products examined achieved the top score of 18 points. Avast, AVG, Avira, Bitdefender, Norton and Trend Micro. Only F-Secure committed small errors, otherwise completing the test with very good 16 out of 18 points.
In terms of corporate user solutions, the final result turned out even better: Acronis, Bitdefender and Trellix each garnered the top score of 18 points. CrowdStrike and Sophos, with 17.5 points, followed almost neck-and-neck behind.