Sophos and Avast – The two best antivirus apps for OS X

28. August 2013 Security 6

logosSince the testing of Mac antivirus (AV) applications began in April 2013, Sophos and Avast have been consistently taking up the number one and two places in a list of 35 applications. (NOTE: The AV field changes quick, check the latest test results PDF to see if the previous statement still applies) After updating the malware sample pool a few days ago and re-testing several applications I noticed that Avast overtook Sophos again, a battle for the best position that has been going on for a while now. I am asked which AV is the best and I will usually recommend the one with the best detection rate as this is the most important feature, detect malware and quarantine/remove it or at the very least notify of it’s detection. So which one is the best?
As of this moment Avast ranks number one in detection tests with a 97% score, Sophos follows very closely with a 96% score. This is by no means definitive as it may change again next time I add samples to the pool (currently 300 with over 250 still being analyzed and tested to make sure they are valid samples). With detection rate being pretty much the same for both products, we’ll have to start comparing other features.

Both Sophos and Avast are free. The AV is offered for free because both companies feel if their free product makes people happy they will (hopefully) spend money on other products and services they offer. Also because they are free there is no support in the form of an online or phone support service, user forums are available though where users just like you help eachother out.
Who? – Tie

Resource usage:
How an AV impacts system performance is very important. Norton and McAffee gave AV for Mac in general a bad reputation back in the day because they simply crippled even the most powerful Mac. This reputation is very hard to shake, not just for them but all those that offer AV products for Mac. (Norton’s current version (12 at the time of writing) is actually a very well written application that performs beautifully, McAffee is unfortunately still garbage.) Sophos has less of an impact on the system than Avast, possibly because Avast has more features or maybe because Sophos is written better, I don’t know. In the latest test Sophos impacted system performance by 8.86 – 12.53% on various Intel Macs and 18.25% on a PowerPC G5 when performing a full system scan. Avast had an impact of 5.16 – 20.39% on various Intel Macs, no PowerPC version available. Depending on what you use your Mac for these numbers may or may not be a big deal to you. If your system runs a scan at a set interval as some companies require, even while you are working, a few percent can matter.
Who? – Sophos

Scan time:
As scanning impacts performance you want it to be over as soon as possible unless you run your scans at night or while you are at lunch. In this aspect Avast outperforms Sophos but again the difference is small. Overall we’re just talking a few minutes faster but on an old Core 2 Duo Mac mini Avast beat Sophos by a good hour.
Who? – Avast

Sophos offers both an Intel and a PowerPC version and supports OS X 10.4 – 10.8 (works on 10.9 Mavericks too). Avast offers only an Intel version and supports OS X 10.5 – 10.8 (works on 10.9 Mavericks too). While most won’t care about legacy support it is important to a lot of people out there still. PowerPC Macs may be old but are not obsolete (even thou Apple labels them as such). They are still used as servers, family computers and test machines. A few people I know still use G5’s with an old version of Photoshop as it simply does what they need it to do, they have no need for an Intel Mac or the latest Creative Suite.
Who? – Sophos

Update frequency:
Unless you have a truly advanced AV with proper heuristics, you need the AV company to push out frequent updates to it’s definitions database. More often is better. Sophos and Avast rely on these updates to protect you from malware as they do not have heuristics (actually none of the applications that are available for OS X use true heuristics). Let’s say a new piece of malware hits the internet on a large scale like MacDefender or FlashBack did, you want your AV to be able to detect these things asap. A few hours can mean the difference between becoming infected or blocking the threat. Sophos checks for updates every hour and the company releases a new database file every 6 hours so you’ll be sure to have the latest version at least within one hour after it becomes available. Avast checks for updates right after your Mac starts and every 6 hours after that, the company releases updated database files usually twice a day.
Who? – Sophos

While Avast has separate features for Mal and Web scanning Sophos’ on-access scanner does an equally fine job of detecting malware that tries to sneak in through email or web. They both offer quarantine but only Sophos offers the ability to schedule scans. Avast offers an account option that can come in handy if you want to check the status of multiple computers at a glance. The ability to schedule scans is more important though.
Who? – Sophos

Update [December 2013]: This article remains very popular so I want to point out that the AV industry is changing all the time and detection results along with it. While Avast and Sophos tested really well in August 2013, they are no longer in the top 3 or top 6 for that matter at the time of this update (December 19, 2013). Since this post was written I have learned not to srite posts like this again because the information can be outdated and inaccurate a week later. Avast and Sophos still perform well but always check the latest version of the Detection rate Results PDF for the most up-to-date information.

6 thoughts on “Sophos and Avast – The two best antivirus apps for OS X”

  • 1
    M on January 25, 2014 Reply

    Thank you so, so, soooo much for this website!!! I’m really glad I came upon it. I wanted to find a good comparison between Avast and Sophos, and this article answered every question I had………… But your Detection Rate Results is unparalleled and invaluable. Now I’m certain of which free AV to download. Your constant dedication to provide users with the latest information regarding security is deeply appreciated. Thank you, thank you, thank you!!!!

  • 2
    Leslie on April 6, 2014 Reply

    How do you read that virus detection PDF? My copy of Adobe Acrobat Pro v9 or the latest Acrobat reader won’t blow it up to where I can read it.

  • 3
    Pieter on August 12, 2014 Reply

    Another thing that might have changed is the performance impact. I’m running Sophos on OSX 10.9, and it really bogs the system down to almost unusable: beach ball for about every action taken, loading a webpage takes up to 20 sec). I didn’t uninstall it yet (so it is still taking about 400 MB of system memory…), but did disable the on-access scanning. All of a sudden, my Mac is back to normal… blindingly fast.

    Probably Sophos has a conflict with 10.9 or another app (although nothing special in use here). Someone with the same issues? Known issues with 10.9?

  • 4
    mohamad dehghani on September 17, 2014 Reply

    thank you

  • 5
    CJ on July 26, 2015 Reply

    I have an older Mac and I tried both of these and found Sophos to work with less resources. It seems to be a very good antivirus.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.