More Protection for MacOS Monterey: 14 Security Packages Put to the Test
Unfortunately, the invulnerability of MacOS towards malware, such as ransomware and other threats, is and will remain a myth. The laboratory of AV-TEST examined 10 protection packages for consumer users and 4 security solutions for corporate users against new and nefarious malware. It is quickly apparent how effective the protection packages are when dealing with digital attackers. That is why a Mac without an installed protection package is potentially at risk.
News of malware incidents have been making headlines for quite some time, confirming that malware can also inflict considerable damage on Macs. In doing so, the attackers elude the browser, for example, find a way through an application update or make it to the Mac via e-mail. It is interesting to note that the AV-ATLAS.org statistics platform already has just under 1 million different attackers for Mac on file!
The market offers many products to protect consumer Macs or workstations in corporate environments. In its current laboratory test, AV-TEST examined 10 products for consumers and 4 solutions for corporate users. The test was carried out in March 2022 under the MacOS version Monterey 12.2. Included in the test for consumers were 10 products for consumer users from Avast, AVG, Avira, Bitdefender, Clario, F-Secure, Kaspersky, Norton, Protected.net and Trend Micro. In addition, 4 solutions for corporate users from Bitdefender, Crowdstrike, Sophos and Trellix were examined.
The results in the table indicate how well the security packages and solutions protect against a wave of attackers. But not only the protection of each product was checked. Performance and usability were also put to the test. The last category mainly involves the test for false alarms due to falsely identified software. In each test category, a product can collect up to 6 points. The top score achievable in the test is thus 18 points.
Several products earned the full 18 points. Among the Mac products for consumer users, 8 out of 10 achieved the top score and an additional 2 products an excellent 17.5 points.
The Mac corporate solutions also had similar good results. The provider Crowdstrike garnered the full 18 points, and the other 3 solutions an excellent score of 17.5 points.
The malware defense is what counts
The rating in terms of protection is naturally the highlight of the test. Each product and each solution for corporate users is required to detect, quarantine, and delete hundreds of malware samples.
Among the packages for consumer users, 8 out of 10 packages did so error-free for all attackers: Avast, AVG, Avira, Bitdefender, Clario, Kaspersky, Norton and Protected.net. Only Trend Micro had minor problems in detection, achieving an excellent 99 percent, whereas F-Secure detected 98 percent. Thus, 9 out of the 10 packages received the full 6 points, and F-Secure still earned 5.5 points.
Among the solutions for corporate users, Bitdefender and Trellix fended off all attackers 100 percent. Crowdstrike and Sophos had miniscule problems – each achieving 99.5 percent. All 4 packages received the full 6 points.
Don't be a drag, or you're out
Every security solution ought to act reliably from behind the scenes and place hardly any load on a Mac system. To find out if this is the case, the lab examines the test category of performance. The test is totally adapted to the daily routine of a Mac: files are copied, downloads performed, programs launched and apps installed. The testers keep track of the times required for this as reference times. For the test, the laboratory repeated all the tasks with an installed security solution and compared the results with the reference values.
Among the packages for consumer users, the performance indicated a very low system load. For this, the testers awarded the full 6 points to 9 out of the 10 packages. Only Bitdefender indicated a slightly higher load than the other participants. This resulted in a small point deduction: 5.5 points for Bitdefender.
Among the solutions for corporate users, Crowdstrike earned the full 6 points for its very low system load on a Mac client. The other solutions from Bitdefender, Sophos and Trellix put a slightly higher system load on the office PCs in the test, and thus each had half a point taken off. All three received 5.5 points.
False alarms have a negative impact on usability
In the subsequent test, the laboratory examined whether the security solutions were also able to make a clear distinction between friend and foe. The products already detected the actual foes in the first test phase. In the usability test, each security package is required to scan and classify as harmless over 20,000 innocuous files. In addition, the experts installed a few dozen harmless applications. The monitored installations naturally were not allowed to be blocked or aborted by the system protectors.
The result was perfect for all consumer products and all solutions for corporate users. There were no false alarms or cases of blocking in the test. Thus, all products received the full 6 points.
Additional tests for the Windows world
At this point, the testers already awarded all the points and the test table was final. The experts were also interested, however, in learning how the security solutions behave in a network in which Windows PCs are also running. After all, Windows malware can end up on a Mac undetected. It does not pose any threat there. But if it finds a Windows PC via the network, the malware has a basis to proliferate. That is why in unrated tests, the lab tested how well the Mac security packages were also able to detect Windows malware.
Among the products for consumer users, the packages from Avast, AVG, Avira, Bitdefender, Clario, F-Secure, Kaspersky, Protected.net and Trend Micro achieved between 90 and 99 percent in the detection of the nearly 2,700 Windows malware samples. Only Norton was slightly less effective. Among the solutions for corporate users, Bitdefender, Sophos und Trellix each detected over 99 percent of the Windows attackers. Crowdstrike registered nothing in this test.
Moreover, the laboratory examined so-called Windows PUAs, an abbreviation for "potentially unwanted applications". Those are applications that are harmless, but which the users may find annoying due to advertising or strange behavior.
Here as well, most of the packages for consumer users achieved around 95 to 99 percent detection of the nearly 1,500 PUA samples. Only F-Secure and Protected.net were somewhat less effective. The result among solutions for corporate users was very similar: most of them detect 95 to 99 percent of PUAs. Only Crowdstrike registered nothing here either.
The best MacOS security software
The test indicates outstanding performance of the security products under MacOS Monterey. This goes for both the packages for consumer users and the solutions for corporate users. The tables show that the level of excellence among the competitors could hardly be higher.
Among the security packages for consumer users, 8 of the 10 candidates evaluated garnered the maximum 18 points: Avast, AVG, Avira, Clario, Kaspersky, Norton, Protected.net and Trend Micro. Following close behind at 17.5 points were the packages from Bitdefender and F-Secure.
Among the solutions for corporate users, the situation was very similar. Crowdstrike was one of four products achieving the full 18 points. The solutions from Bitdefender, Sophos and Trellix followed with excellent 17.5 points.
For a successful security evaluation, AV-TEST awards each product a security certificate. Products for consumer users receive the certificate AV-TEST CERTIFIED. Solutions for corporate users receive the certificate AV-TEST APPROVED.