Skip navigation

More Security for Mac OS X: 13 Security Packages Put to the Test

Those really wanting to be on the safe side with their Mac OS X use protection software. The market offers freeware suites or paid programs that come with a bunch of good extras. AV-TEST tested 13 applications for their security and performance, yet only certified 10 of them.

Detection rates under Mac OS X: Of the 13 tested security suites, eight detected all of the threats 100 percent, and three products failed.

13 Security Suites for Mac OS X: Only four solutions slow down Mac OS X by 10 percent, from Sophos onward, it is already 20 percent, SentinelOne slows the system down 80 percent more and Avast 170 percent due to immediate scanning of downloads.

Bitdefender Antivirus for Mac: This very compact solution detected all the threats, works quickly, but only offers surfing protection as an extra feature.

Symantec Norton Security: This security solution works quickly, safely and even throws in a Firewall.

Sophos Anti-Virus: The freeware security package for Mac OS X systems does indicate the highest security in the test, yet it slows down the system somewhat.

Mac pros repeatedly declare that Mac OS X is built so securely that no additional protection software is needed. But every year, experts discover new waves of attacks on Macs or safety gaps. In June 2015, for example, security researcher Stefan Esser discovered that just a few shell commands are sufficient to gain access to root-level privileges under OS X 10.10. In September 2015, it became known that an infected version of the development environment, Xcode, had been pawned off on app developers. This version, or the malware resulting from it, was then named XcodeGhost. The produced apps, including XcodeGhost malware, subsequently ended up in the App Store. Apple didn't realize they were infected, however. Furthermore, at the beginning of October 2015, an expert discovered how to defeat the security tool Gatekeeper embedded in OS X, thus installing an app that subsequently unloads malware into the system.

A lower number of malware threats doesn't make Mac OS X safer

While the number of known malware threats for Windows has already surpassed the 450 million mark, the number for Mac OS X malware is only around a few thousand. But afflicted users know that even one malware specimen is enough to ruin your whole day. Attackers are currently focusing on infiltrating systems with infected apps. Naturally, they are aware of the general security barriers of Mac OS X. That's why the above-mentioned attacks are successful. With a good security suite, Mac OS X users can raise their system to the greatest possible level of security.

13 programs put to the test – 3 fail

In the lab at AV-TEST, 13 products were tested in terms of their protection function, false positives and speed. In their protection function, the applications were required to identify and liquidate new, still unknown malware threats. Compared to the last tests, such as in April 2015, more products have now achieved an excellent detection rate. The solutions from Avast, Avira, Bitdefender, ESET, Kaspersky, SentinelOne, Sophos and Symantec identified all the threats in the test 100 percent. Of particular interest is the result from SentinelOne. As a product of the latest generation, it works without a signature database to identify malware. For analysis, it only uses the technology of behavior-based detection.

The additional security suites delivered lower results. Coming in last were the solutions from ClamXav, Webroot and F-Secure with detection rates of only 76.2 to 88.1 percent. That is why these three solutions did not receive a security certificate from AV-TEST. All the others did.

No significant false positives

It's always annoying for the user when security products falsely detect benign files or block the launch of apps. But in this test segment, the lab has nothing but praise. Only ClamXav falsely flagged a clean file. All other system watchdogs exhibited error-free friend-or-foe detection. In the subsequent test, apps were also installed and launched. In this case, the suites did not sound a single false alarm.

Although the test for potentially unwanted applications ("PUA" for short) does not yet play any role in this certification, the laboratory still performed it behind the scenes. Avira, Bitdefender, ESET, Intego, Symantec and SentinelOne already did a good job. All the other products could still use some improvement in this area. Some manufacturers have a very differentiated view of what is a PUA and what is not, and offer a wide latitude in their approach. They allow some disputable applications to continue to run undisturbed, whereas other manufacturers block these programs.

Lots of applications slowing down the system

Users repeatedly complain that an installed suite slows down their system. The laboratory found out in its speed test whether this is really true or only imagined. To do so, 26.6 GB of data were copied onto a reference system, MD5 hash values were calculated for files and a set of files was downloaded. In total, these tests took 146 seconds on the reference system. Afterwards, the tests were repeated; naturally with each of the installed security suites. The best performers in this category were the products from ClamXav, Panda, Bitdefender and Symantec. They slow down the system by about 10 percent. A value that is not really noticeable in daily use. For Sophos, this value increases to 20 percent, Avira already jumps to 40 percent, SentinelOne to 80 percent, and for F-Secure, it is already over 120 percent.

The application finishing last in this case is Avast, as it works differently for downloads: it already scans the downloaded file during the download. This may be secure, but it also takes a lot of time. The other products only scan the file once it has arrived and is executed.

Useful extras

Some paid programs offer extra features such as an anti-spam function, safe browsing, a firewall, parental control routines or a backup function. The freeware system watchdogs generally do not offer any additional functions.

None of the commercial products delivers all the above functions in one package. Rather, all the solutions offer one, two or three extra features. The security packages from Intego, Kaspersky and Symantec throw in the most additional features. Some also even offer a system cleaning tool or functions for secure payment on the Internet.

Conclusion: There are many secure products, and many put the brakes on the system in daily use

A total of eight of the products examined detected all the malware threats in the test by 100 percent. These even include three freeware products in the mix. But if you are seeking a solution with the best security performance at the lowest system load, the field narrows considerably. The ones that remain are Bitdefender Antivirus for Mac and Symantec Norton Security with 100 percent detection with roughly 10 percent additional system load. Both are paid products.

Those looking for a freeware solution can turn to Sophos Anti-Virus. It also detected 100 percent of the threats in the test, but it slowed down the system by 20 percent. The other freeware products from Avira and Avast do detect everything error-free, but a system slowdown of 40 or 170 percent is not acceptable.

Our tip: Some versions of security software offered via the App Store differ from the version on the manufacturer's website. The version offered directly from the manufacturer often includes more additional Features.

Protection for Mac OS X: All just a case of Chicken Little?

Andreas Marx,
CEO AV-TEST GmbH

Many users are of the opinion that security experts exaggerate when stating the risks and attacks on Mac OS X. The experts counter that Apple's marketing is quick to play down too many serious issues.

At international conferences on the topic of IT security and anti-virus software, the topic of attacks and security gaps in Mac OS X is an increasing subject on the agenda. It was also addressed at the security conference AVAR 2015 in Vietnam. At that conference, there was a recent expert article "Threat Intelligence behind XcodeGhost" – on the routine of how the infected programming environment for Mac apps was distributed, and who the author is.

Although the number of malware specimens for Mac OS X is only increasing slowly – it is growing continuously. The reports of detected security gaps in Mac OS X are also steadily growing. The Achilles heels are naturally not only found in the operating system. Most of the breaches in Mac OS X occur due to programs or drivers of other manufacturers. Already in 2014, OS X and iOS exhibited considerably more gaps than Linux or Windows systems. A brief look into the National Vulnerability Database (NVD) indicates a long list of entered CVEs – Common Vulnerabilities and Exposures. The search for CVEs under "Apple" indicates more CVEs in the three months of September to November 2015 than for the search term "Windows".

The use of security software for Mac OS X should not fail due to false vanity.

Share this: