January 31, 2018 | Antivirus for macOS
  • Share:

Put to the Test: Antivirus Solutions for MacOS Sierra

Any Mac user seeking to put safety first ought to use a security solution. AV-TEST examined 13 solutions for home and business users in terms of their protection and potential loss in performance on the Mac. Several packages are highly recommended.

MacOS product test – the detection rates

In terms of packages for home users, 6 out of 9 products detect all attackers 100 percent; in packages for business users, the figure was 3 out of 4.


And even if many Mac users will not readily admit it: they are ever more frequently on the target list of malware authors. In 2016, Kaspersky Lab already tallied 12 million attacks only on its Mac users. The malware threats for MacOS registered by AV-TEST grew by nearly 38,000 samples in 2017 alone. It is just fine with ransomware thieves if, in addition to holding up Windows users, they can also rip off Mac users.

Protection for MacOS Sierra

Even the best packages in the test require hardly any additional system resources for their performance.

zoom ico
Malware for MacOS

The Top 10 is still led by Flashback, but new malware is surging to the front of the list.

zoom ico
Malware Trend

In no previous year was there such an increase in newly-registered malware samples than in the year 2017.

zoom ico
Symantec Norton Security

 The security package for home users stood out due to error-free detection and a hardly measurable system load.

zoom ico
SentinelOne Next Generation Endpoint Security

The solution for business users detected the malware in the test 100 percent and caused an additional system load of merely 0.5 percent.

zoom ico


Protection for MacOS Sierra


Malware for MacOS


Malware Trend


Symantec Norton Security


SentinelOne Next Generation Endpoint Security

Put to the test: 9 products for home users, 4 solutions for business users

The laboratory of AV-TEST examined a total of 13 products under MacOS Sierra. The first 9 on the list are for home users:

Avast Security 12.9
Bitdefender Antivirus for Mac 6.1
Comodo Antivirus 2.2
F-Secure Safe 17.0
Intego Mac Internet Security X9 10.9
Kaspersky Lab Internet Security for Mac 18.0
Sophos Home 1.2
Symantec Norton Security 7.5
Trend Micro Antivirus 8.0

4 solutions for business users

ESET Endpoint Security 6.5
McAfee Endpoint Security for Mac 10.2
SentinelOne Next Generation Endpoint Security Software 2.0
Sophos Central Endpoint 9.6

All versions were evaluated under identical iMacs running on MacOS Sierra 10.12.6. The solutions were installed in the test as additional protection for MacOS Sierra. None of the security packages switched off the internal protection functions of MacOS Sierra.

High detection rates for many security packages

In the test involving packages for home users, a total of 6 out of 9 packages detected the 514 selected MacOS attackers: Avast, Bitdefender, Kaspersky Lab, Sophos, Symantec and Trend Micro. Intego overlooked a few malware samples, yet still attained a good 99.4 percent. F-Secure delivered a somewhat weaker performance with 93.8 percent. The security package from Comodo only detected an unacceptable 38.1 percent.

Among the solutions for corporate users, the products from ESET, SentinelOne and Sophos detected all attackers 100 percent. Endpoint Security from McAfee experienced a minor detection error: 99.6 percent.

In an additional test, the detection performance of Windows files was also evaluated. While these are innocuous on a Mac, in a mixed network, malware could thus hide on a Mac – especially when it is used as a server. For consumer users, the packages from Bitdefender, Kaspersky Lab and Trend Micro demonstrated superb detection rates between 99 and 100 percent. Likewise, high detection rates among corporate solutions were reached by ESET, McAfee and Sophos.

Lots of protection with a low system load

In the past, many Mac security packages demonstrated a conspicuously high system load. The fact that those days are now over can be seen in the test segment on speed. In evaluating this criterion, the testers copied a selection of files on a reference system encompassing a volume of 27.28 GB, clocking the time necessary for the operation. In addition, various downloads were performed, and these times were also recorded. On the reference system, the copying took 147 seconds, and the downloads lasted 56 seconds.

The exactly identical copying procedure and the same downloads were then repeated with each security solution installed, and the times were measured. Using this method, it quickly becomes apparent which antivirus solution requires too many resources in everyday use, thereby slowing down a Mac system.

System load on products for home users

The security packages for consumer users from Kaspersky Lab, Trend Micro and Symantec added a load of a mere 1 to 2 additional seconds when copying and downloading. Those levels are actually unnoticeable in everyday use. All these packages also achieved the 100 percent mark in detection. Bitdefender and Sophos Home did just as good a job at detection, but required as much as 6 to 13 seconds more time. F-Secure and Intego delayed the test procedure by 21 to 35 seconds. Avast Security did indeed deliver error-free detection, but it slowed down the system in the test procedure by 73 seconds – that is too much. In response to a query, the manufacturer stated that in the tested version the standard default configuration was still set to immediate validation during download and not after download as is the case with other products. In the new subsequent version, they changed the default setting to validate the download afterwards, which saves lots of time. If the so-called web shield is activated by the user, then the download is once again validated immediately, but more slowly.

Corporate solutions with a low system load on the client

Two of the four solutions for business users consistently demonstrated a very low system load on the client. The products from SentinelOne and McAfee increase the time factor when copying and downloading in the test by 1 to 2 seconds. For the solution from ESET, it is already up to 7 seconds, and for Sophos it is 10 seconds. That sounds like a lot of time, but it represents merely a 3 to 5 percent heavier load due to the security solution compared to the reference system.

No false positives when scanning perfectly clean programs

In an additional segment, the testers evaluated whether the packages detect standard software as perfectly clean, as opposed to falsely classifying it as a threat and blocking it. For the test, the security packages were required to scan hundreds of applications and monitor the installation of a few dozen programs. The result was excellent on the packages for home and business users.

In this segment, there was also an additional test: It was evaluated how the security solutions behave towards "potentially unwanted applications" – or PUAs in short. While the applications do not inflict any damage, they do exhibit questionable behavior. This includes software with excessive advertising, messages or ambiguous privacy policies. Some manufacturers see no direct threat in PUAs, which is why they also do not classify them as dangerous. Products from Avast, Bitdefender, ESET, SentinelOne, Trend Micro, Intego, Sophos (both products) and Symantec filtered out nearly 700 PUAs between 98 and 100 percent.

Protection sacrificing hardly any performance, yet saving the day when disaster strikes

A statistic was already mentioned at the beginning of the article: In 2016, Kaspersky Lab already tallied 12 million attacks only on its Mac users. With numbers like these, it is recommended to have a reliable helper alongside the security mechanisms of MacOS Sierra. The test demonstrates that good protection does not even have to put a load on the system. The most impressive examples in this respect are the products for consumer users from Symantec, Kaspersky and Trend Micro. Also recommended is the package from Bitdefender, even though it requires nearly 3 percent of resources.

In the category of corporate solutions, the best products are practically a photo finish. SentinelOne was able to fend off all attackers 100 percent, resulting only in an additional system load of one second. The protection provided by ESET and Sophos is impeccable as well, but it requires 3 to 5 percent more resources. This load is also considered minor, however. The solution from McAfee only slowed down the test system slightly by an additional 2 seconds, but experienced tiny errors in malware detection.

Social Media

We want to stay in touch with you! Now there is an easy way to receive regular updates on the latest news and test releases.