Since the testing of Mac antivirus (AV) applications began in April 2013, Sophos and Avast have been consistently taking up the number one and two places in a list of 35 applications. (NOTE: The AV field changes quick, check the latest test results PDF to see if the previous statement still applies) After updating the malware sample pool a few days ago and re-testing several applications I noticed that Avast overtook Sophos again, a battle for the best position that has been going on for a while now. I am asked which AV is the best and I will usually recommend the one with the best detection rate as this is the most important feature, detect malware and quarantine/remove it or at the very least notify of it’s detection. So which one is the best?
As of this moment Avast ranks number one in detection tests with a 97% score, Sophos follows very closely with a 96% score. This is by no means definitive as it may change again next time I add samples to the pool (currently 300 with over 250 still being analyzed and tested to make sure they are valid samples). With detection rate being pretty much the same for both products, we’ll have to start comparing other features.
Both Sophos and Avast are free. The AV is offered for free because both companies feel if their free product makes people happy they will (hopefully) spend money on other products and services they offer. Also because they are free there is no support in the form of an online or phone support service, user forums are available though where users just like you help eachother out.
Who? – Tie
How an AV impacts system performance is very important. Norton and McAffee gave AV for Mac in general a bad reputation back in the day because they simply crippled even the most powerful Mac. This reputation is very hard to shake, not just for them but all those that offer AV products for Mac. (Norton’s current version (12 at the time of writing) is actually a very well written application that performs beautifully, McAffee is unfortunately still garbage.) Sophos has less of an impact on the system than Avast, possibly because Avast has more features or maybe because Sophos is written better, I don’t know. In the latest test Sophos impacted system performance by 8.86 – 12.53% on various Intel Macs and 18.25% on a PowerPC G5 when performing a full system scan. Avast had an impact of 5.16 – 20.39% on various Intel Macs, no PowerPC version available. Depending on what you use your Mac for these numbers may or may not be a big deal to you. If your system runs a scan at a set interval as some companies require, even while you are working, a few percent can matter.
Who? – Sophos
As scanning impacts performance you want it to be over as soon as possible unless you run your scans at night or while you are at lunch. In this aspect Avast outperforms Sophos but again the difference is small. Overall we’re just talking a few minutes faster but on an old Core 2 Duo Mac mini Avast beat Sophos by a good hour.
Who? – Avast
Sophos offers both an Intel and a PowerPC version and supports OS X 10.4 – 10.8 (works on 10.9 Mavericks too). Avast offers only an Intel version and supports OS X 10.5 – 10.8 (works on 10.9 Mavericks too). While most won’t care about legacy support it is important to a lot of people out there still. PowerPC Macs may be old but are not obsolete (even thou Apple labels them as such). They are still used as servers, family computers and test machines. A few people I know still use G5’s with an old version of Photoshop as it simply does what they need it to do, they have no need for an Intel Mac or the latest Creative Suite.
Who? – Sophos
Unless you have a truly advanced AV with proper heuristics, you need the AV company to push out frequent updates to it’s definitions database. More often is better. Sophos and Avast rely on these updates to protect you from malware as they do not have heuristics (actually none of the applications that are available for OS X use true heuristics). Let’s say a new piece of malware hits the internet on a large scale like MacDefender or FlashBack did, you want your AV to be able to detect these things asap. A few hours can mean the difference between becoming infected or blocking the threat. Sophos checks for updates every hour and the company releases a new database file every 6 hours so you’ll be sure to have the latest version at least within one hour after it becomes available. Avast checks for updates right after your Mac starts and every 6 hours after that, the company releases updated database files usually twice a day.
Who? – Sophos
While Avast has separate features for Mal and Web scanning Sophos’ on-access scanner does an equally fine job of detecting malware that tries to sneak in through email or web. They both offer quarantine but only Sophos offers the ability to schedule scans. Avast offers an account option that can come in handy if you want to check the status of multiple computers at a glance. The ability to schedule scans is more important though.
Who? – Sophos
Update [December 2013]: This article remains very popular so I want to point out that the AV industry is changing all the time and detection results along with it. While Avast and Sophos tested really well in August 2013, they are no longer in the top 3 or top 6 for that matter at the time of this update (December 19, 2013). Since this post was written I have learned not to srite posts like this again because the information can be outdated and inaccurate a week later. Avast and Sophos still perform well but always check the latest version of the Detection rate Results PDF for the most up-to-date information.