Test: Malware protection on MacOS Sonoma 14.6
Our test lab subjected 14 protection products for consumers and corporate users to hundreds of extremely dangerous MacOS malware attacks on systems running Sonoma 14.6. The lab put all the security packages through tests in the categories of protection, performance and usability. And it was no easy task, as the various malware samples used in the test are some of the most malicious ones when it comes to current cyber threats. The products evaluated by the lab achieved top scores, with only a few exceptions, which leads to a noticeable increase in the security of MacOS systems.
The IT security of Windows and Linux systems, and even the cloud itself, are exposed to a constantly increasing level of cyber threats. And systems running MacOS are no exception here either. Which is why we strongly recommend that all consumer and corporate users working with MacOS on their systems put good protection software in place. The current test with 10 products for consumer users and 4 company solutions clearly shows which solutions have proven their worth. The test on MacOS Sonoma 14.6 was conducted by the AV-TEST lab during the third quarter of 2024, from July to September. The results clearly demonstrate how well the security solutions performed in the areas of protection, performance and usability. A product can earn up to six points in each area, meaning that the best score is 18 points. The majority of products in the test scored this level.
The current evaluation involved products for consumer users from Avast, AVG, Avira, Bitdefender, ClamXAV, F-Secure, Intego, Kaspersky, Norton and Protected.net. Four manufacturers took part in the testing of endpoint solutions for corporate users: Bitdefender, Sophos, Symantec and Trellix.
Malware designed to target the Mac
The AV-TEST team scoured the Internet for all the malware samples used in the test or they had been found as harmful email attachments at some point. These samples are currently the most malicious malware when it comes to Trojans, ransomware, info stealers, and more. The test saw nearly 400 of them attacking the security packages installed under MacOS Sonoma 14.6.
9 of the 10 products tested, acting as system watchdogs for consumer users, fended off all malware attacks 100 percent of the times, earning them six points each. Only Intego made minor mistakes, only detecting 99.5 percent of the attackers. It cost the product one point, meaning it only earned five of the six points possible in this area.
For the endpoint solutions for companies, none of the 4 products made any mistakes. All solutions detected 100 percent of the attackers in the test without exception. This earned the products a full six points each in the test segment of protection.
An eye on performance
Whenever software is actively running under MacOS, it causes a certain system load. However, this load must not be so high that users are prevented from continuing their work. This is why the AV-TEST lab investigated how much the use of a security package affects the system. The lab team copied data locally and onto the network, visited websites, downloaded files, and installed applications and other software. The time required for all these actions was then used as a reference. The lab then performed all actions again with the installed protection solutions.
And the result was very good: None of the tested security packages strained too many system resources under MacOS. For this, the testers were able to award six points to each of the products, both for consumer and corporate users – the maximum possible in the test run.
A false alarm: friend turned foe
It can be very annoying when false positives crop up with files and programs. It usually unsettles users and they don’t know whether they can still trust their system. In a corporate environment, it might mean that a computer has to be isolated from the others and the employee can no longer work effectively.
The score for handling false positives is nearly perfect for all products in the test. Only Protected.net with Total AV got it wrong once, incorrectly blocking the installation of an application. Half a point was deducted for this, earning the solution only 5.5 points in the usability category. All other products tested – both for consumer and corporate users – were each awarded the full six points.
Additional test: Windows malware and unwanted programs
Just to clear one thing up: The lab does not award a score for the additional test for the detection of Windows malware and PUA (potentially unwanted applications)! Nevertheless, this test is interesting, as Macs often work hand-in-hand with Windows computers. It’s true that the malware cannot harm the Mac, but it can also remain there as dangerous cargo. PUA can also be annoying and occasionally even dangerous. For this reason, the test experts sent more than 2,000 samples of malware and PUA to each of the Macs with the security software installed.
The end-user packages from Avast, AVG, Bitdefender, Kaspersky, Norton and Protected.net each detected over 99 percent of the Windows malware and PUA in the additional test. All of the other products achieved rates of between 90 and 99 percent. The company solutions also filtered out the malware and PUA, scoring a solid 99 percent or higher. Only Sophos performed at a somewhat lower level.
Best protection for MacOS
The third-quarter results of the current test from AV-TEST under MacOS Sonoma 14.6 show that the market offers a wide selection of good security solutions for the Mac. Among the solutions for consumer users, 8 of the 10 products tested earned 18 points – the maximum possible: Avast, AVG, Avira, Bitdefender, ClamXAV, F-Secure, Kaspersky and Norton. The packages from Protected.net and Intego were close behind with 17.5 points and 17 points, respectively.
When it comes to endpoint solutions for corporate users, 4 out of 4 products scored favorably. This is because all four products completed the test with the maximum score possible: 18 points – making the choice even easier here. But no matter which product is selected, essentially all of them will provide users with a strong means of defense for their MacOS system.