Test: 16 Security Packages under MacOS Mojave for Consumer and Corporate Users
It was only a few years ago that online and print media specialized in Mac computing played down the dangers posed to the Mac by malware. In the meantime, people have developed a new awareness there as well, reporting more and more often about dangerous malware for MacOS and calling attention to the constant increase in attackers. Anyone who still remains skeptical about these warnings would do well to consider the reports of Kaspersky: Already in the first six months of 2019, Kaspersky (alone) registered six million phishing attacks on Apple users. In order to gear up decisively against these attacks, the experts recommend good protection software. The laboratory of AV-TEST evaluated 11 packages for private users and 5 solutions for corporate users in terms of their protection, performance and usability.
Security solutions for MacOS
Detection of special MacOS malware
The right security packages for consumer and corporate users
Included in the test for consumers are the packages from Airo, Avast, AVG, Avira, Bitdefender, Canimaan Software, Cyber Intell Solutions, F-Secure, Kaspersky, NortonLifeLock and Trend Micro. In the category of corporate solutions, the products from Bitdefender, Crowdstrike, ESET, McAfee and Sophos were examined.
In order for the test to be easily understood for all users and readers, it is divided up into three test areas. Initially, all security solutions are examined in terms of their protection. To do so, they are required to detect and remove current MacOS malware samples. Moreover, tests are conducted as to how heavily a protection solution puts a load on the Mac, possibly even slowing down performance. In the area of usability, all programs are checked in terms of friend or foe detection and whether they trigger false positives.
In each of the three areas tested, a product can earn up to 6 points. Thus, the best overall score is 18 points. This score was achieved by a total of 8 packages for consumers: Airo, Avast, AVG, Bitdefender, Canimaan Software, Kaspersky, NortonLifeLock and Trend Micro.
Among corporate products, the 3 products from Crowdstrike, McAfee and Sophos achieved the top score of 18 points. Bitdefender and ESET came in close behind, however, with an excellent score of 17.5 points.
Who does a good job of protecting against malware?
In the protection test, all products are required to detect a reference set with current and especially dangerous malware samples for MacOS. In the process, each malware program is downloaded to a newly-installed MacOS system and launched, in order to check the virus defense. Eight out of 11 packages for consumers achieve this task 100 percent. Three packages do manage to detect many, but not all, attackers. The detection rates of F-Secure, Avira and Cyber Intell Solutions range between 96.6 and 93.8 percent.
Things look better when it comes to corporate solutions. Four out of the five solutions there always detect the malware 100 percent. Only McAfee stumbled slightly and committed minor errors: 99.3 percent.
Most of the products earn the full 6 points in this test phase. Just a few lose valuable points here, as they do not detect all malware samples.
Which solution puts an excessive load on the system?
Protection software is naturally not allowed to prevent the system from working. AV-TEST checks to see whether this is the case in the performance phase. For the test, the lab carries out everyday operations on a reference Mac without a security solution: files are copied, downloads performed, applications launched or apps installed. The times measured during the test are used as a reference. The measurements are then repeated and compared with each installed protection solution.
The result is excellent among products throughout both user categories. Nearly all solutions earn the full 6 points here. Only three packages exhibit such minor irregularities that they still receive 5.5 points for this. All in all, that is very good news for all users.
Who has trouble distinguishing friend from foe?
In the area of usability, the lab checks whether the protection packages are good at not only identifying the bad guys but also recognizing and not hindering the good guys in routine conditions. In concrete terms, this means that each product installed on the test Mac is required to scan and detect as harmless more than 70,000 normal user applications. Moreover, the lab installs a few dozen popular programs and launches them. The scans and procedures are not allowed to trigger any alarms. The result is perfect in every respect: None of the products triggered a false positive.
Bitdefender Antivirus for Mac
Kaspersky Internet Security
McAfee Endpoint Security for Mac
Extra test without a rating: scan for Windows malware samples and PUAs
Heterogeneous networks, in which MacOS communicates with Windows, are quite common. Many Mac users also interact with Windows PCs. Attackers repeatedly try to exploit this scenario: they send Mac users files infected with Windows malware. While the attackers cannot do any damage there, the Mac users will often unwittingly forward the files to a Windows user, and disaster strikes. As this scenario is a sad reality, the lab evaluates in a non-rated additional test whether the Mac protection packages also detect Windows threats.
In an on-demand search procedure, each solution is required to detect and delete nearly 2,500 selected attackers. Eight of the 11 packages for private users also detect 95 to 99 percent of the Windows malware. NortonLifeLock does in fact delete 90 percent. The detection rates of the products from Cyber Intell Solutions and Canimaan Software are around 65 to 70 percent. The corporate products from Bitdefender, ESET, McAfee and Sophos detect the Windows malware samples at above 99 percent.
A second, also non-rated, test evaluates whether potentially unwanted applications, or PUAs for short, are identified. However, the software manufacturers use different criteria as to whether software is a PUA or not. Some manufacturers see no direct threat in PUAs, which is why they do not classify them as malware samples. Nearly all consumer packages in a scanning routine filtered out 90 to 99 percent of the 700 PUAs. Only the package from Cyber Intell Solutions is more lenient here, filtering only 60 percent. The corporate solutions are also not particularly thrilled by PUAs, reporting 90 to 99 percent of the solutions in the test.
In security software for corporate users, Crowdstrike has an interesting wrinkle: due to the missing on-demand scanner, no results from additional tests for Windows malware and PUAs can be determined.
Conclusion: Why you should go for it.
The attack statistics, especially with regard to Mac users, are growing daily. That is why experts recommend using a security solution. Old arguments, e.g. there aren't that many Mac malware samples out there, or extra software will only slow the Mac down, no longer apply. The test shows that most of the security solutions can thwart malware samples and cause virtually no system load on the Mac.
Eight of the 11 consumer packages tested completed the test with a maximum result of 18 points. They come from: Airo, Avast, AVG, Bitdefender, Canimaan Software, Kaspersky and NortonLifeLock and Trend Micro. Thus, private users have 8 excellent security packages to choose from.
In the area of corporate products, 3 out of 5 solutions achieved the full point score with 18 points: Crowdstrike, McAfee and Sophos. The solutions from Bitdefender and ESET had half a point taken off merely due to a somewhat higher system load measured and thus achieved an excellent score of 17.5 points. As a result, corporate users can focus on the features of the solution and its field of application. The protection test demonstrates that clients are perfectly protected in all solutions.