MacOS Catalina: Security Packages for Consumer and Corporate Users Put to the Test
Long gone are the days when there were only a few thousand MacOS attackers. As of June 2020, the database at AV-TEST numbered over 240,000 MacOS malware variants. AV-TEST tested 14 current products for their protection, performance and usability, and is pleased to report favorable results.
Older Mac users somewhat tend to shrug off the topic of malware protection for MacOS. One of the first counterarguments: "Yes, but only a small number of viruses, Trojans and other threats are specially targeted to MacOS." Perhaps that argument held water from 2008 to 2014, as up until that time, the AV-TEST database only counted 7,300 Mac malware samples. However: By 2016, there were already over 40,000, by 2018 over 80,000, and in 2020 there are now over 240,000 attackers for MacOS; time to beef up the defense.
14 protection packages put to the test
The latest test of the 14 products was conducted in the lab from May to June 2020 under the new MacOS Catalina operating system. All products were first tested in terms of protection using new MacOS malware samples. The lab then evaluated the performance, i.e. the load the respective security products placed on the system. Finally, usability was examined, in terms of how many false alarms were triggered by the software.
Included in the test for consumers were 9 products from Avast, AVG, Avira, Bitdefender, Canimaan Software, F-Secure, Kaspersky, NortonLifeLock and Trend Micro. The product solutions for corporate users from Bitdefender, FireEye, Fortinet, Sophos and Symantec were also in the test.
Each product was able to score a maximum of 6 points in each of the three test phases. Thus, the highest possible score achievable was 18. Among the packages for consumer users, 7 of the 9 products scored the 18 points. Only Avast and AVG had to make do with 17.5 points.
Among the solutions for corporate users, the products from Bitdefender, Sophos and Symantec received 18 points each. The packages from FireEye and Fortinet followed with an excellent score of 17.5 points.
Protection: which product is fit to fight the foe
In the test phase involving protection, all participants were required to detect the AV-TEST reference package containing new, select MacOS malware. The outcome for most packages was outstanding, with 100% detection. Among the packages for home users, only the tool from Bitdefender exhibited minor weaknesses: 98.8 percent. Among the solutions for business users, only Sophos and Symantec achieved the 100 percent. The other solutions from Bitdefender, FireEye and Fortinet were at 98.8 percent. All products earned the full 6 points in this test phase.
Performance: which product uses too many resources?
Regardless of whether the Mac is being used at home or in the office, a protection solution is not allowed to place an excessive load on the system. That is why the lab evaluates the load behavior of each product. For the performance test, a large number of files are copied onto a Mac without protection software, downloads are performed, applications launched or apps installed. The time required is clocked and used as a reference. Later, the lab installs each individual protection solution, repeating all the work steps, thereby measuring the time required. In the past, this test was a huge problem for many products. Luckily, that is no longer the case.
Among the products for consumers, nearly all packages receive the full 6 points for a very low system load. Only the security packages from Avast and AVG are somewhat more noticeable when copying files: earning just 5.5 points. Among the solutions for corporate users, the testers witnessed no irregularities at all in Bitdefender, Fortinet, Sophos and Symantec: full 6 points. Only FireEye slightly slowed down the installation of new programs: 5.5 points.
Usability: which product tends to trigger false alarms?
A protection solution is naturally required to differentiate between malware and normal applications. Using over 390,000 normal files, the lab tested how well the protection packages were able to do this. Each solution was required to scan the files, and in an ideal scenario, not trigger any alarm. Moreover, the testers also installed new programs and evaluated whether the relevant protection software blocked anything in the process. The result was outstanding: Nearly all protection solutions earned the full 6 points in this test. Only the Fortinet solution for corporate users was wrong once: 5.5 points.
Additional special tests without a rating
Especially in companies, Mac and Windows PCs often collaborate in a single network. If a Mac is attacked by Windows malware, nothing really happens. But in such a case, the Mac can be harnessed as a vector to spread the malware. That is why the lab – in a test without any rating – evaluates whether the protection packages for the Mac also detect Windows malware. What's more, the lab also examines the detection of PUAs – potentially unwanted applications. While PUAs do not pose any direct threat, they can annoy users and usually put a load on the network and devices.
For the additional tests, the lab used over 3,000 Windows malware samples and just under 4,000 collected Windows PUAs. The results speak for themselves. In terms of malware, the products, with the exception of Canimaan Software and Fortinet, showed detection rates from 95 to 99 percent. There was a similar positive outcome with respect to PUAs: Nearly all the packages achieved detection rates around 95 to 99 percent. Only Fortinet and Sophos allow PUAs quite free rein.
Improved protection can't hurt
Admittedly, there is a vast difference in the number of malware samples for MacOS compared to Windows. But the lower number does nothing to diminish the risk of the MacOS malware samples. Because Macs have been able to boost their market share in recent years, they are increasingly coming into the gun sights of cyber attacks. Even traditional Mac magazines report that the impenetrable protective shell on the Mac is now only a myth. No myth are the good results of the evaluated security packages for consumer and corporate users. Many solutions achieved the full 18 points – the packages showing slightly weaker results still achieved an excellent 17.5 points. With this high level of security, when choosing the right package, consumer and corporate users alike can even focus more on the convenience of the solutions.