Microsoft operating systems may soon have competition as the most popular malware targets, because the bad guys are making serious inroads with Apple products. Just yesterday, my friend's Apple notebook caught some new form of ransomware and is completely locked up.
Seeing an emerging trend, AV-TEST GmbH, an independent IT security and antivirus research house, started testing antimalware products for Apple in 2014, Mac OS X in the Crosshairs - 18 Malware Scanners Put to the Test. AV-TEST just released its 2015 survey, Mac OS X under attack - 10 security packages put to the test. The 2015 report starts out with good news, "While the first test of OS X security solutions in 2014 revealed that many products had massive problems in malware detection, the results in the 2015 test were significantly better."
The 10 systems tested are:
- Avast Mac Security - free
- Avira Free Antivirus
- Bitdefender Antivirus for Mac
- Kaspersky Internet Security
- Symantec Norton Security
- Intel Security/McAfee Internet Security
- Intego VirusBarrier
- Sophos Anti-Virus - free
- Webroot SecureAnywhere
- ClamXav - free
One reason to pay attention to AV-TEST reports is the willingness of company management to publish, in detail, the procedures used during the testing. This test report was no different.
- All products were installed on identical iMacs with a 2.7 GHz Core i5 CPU, 16 GB memory, and a 500 GB SSD hard disk running OS X 10.10 (Yosemite) with recent updates.
- All test systems were connected to the internet, so the products could reach their respective cloud and reputation services.
- Each product was installed and ran on the test system individually.
- All product versions were cross-checked with the developer's website (when available) to ensure that we had the latest product version and updates installed (before the start of each test).
Maik Morgenstern, one of the company's CEOs and technical director, mentioned, "We only tested downloadable products offered at the AV vendors' websites. The versions available at the Mac App Store appeared to be limited in functionality."
Testing for malware detection
To be realistic, care was taken in creating the test set of more than 160 malware threats. "All samples are confirmed to include malicious functionality," explained Morgenstern. "During the creation of the test set, we selected the most recent samples from several different malware families."
Morgenstern added, "There may be archive files included in the test set, as long as the specific malware is distributed that way (e.g. DMG or PKG)."
As for the actual tests, engineers performed on-demand scans of "native" malware, Potentially Unwanted Applications (PUA), and Potentially Unwanted Programs (PUP) samples, including scripts.
When the initial test run was finished, the engineers checked for application updates; if any were available, they were installed and the application was tested again to see if the updated version detected samples missed earlier. On-access tests were also run twice. Morgenstern said, "However, we excluded archives as such formats are not scanned by all products."
The report stated that Avast, Avira, Bitdefender, Kaspersky, and Symantec had 100% malware detection. The only antimalware that had detection rates less than 88% was the security package from ClamXav, detecting 39.6% of the malware threats.
No false positives
Engineers at AV-TEST understand that false positives are the bane of the antimalware industry. If false positives appear regularly, users will ignore both false positives and real warnings. The 2015 report explains how AV-TEST engineers check for false positives:
"We perform an on-demand scan while installing and using the top 100 products for the Mac OS X platform. This includes, but is not limited to Adobe Reader XI, Apache OpenOffice, CCleaner, Firefox, GIMP, Google Chrome, iTunes, Java Runtime Environment, Libre Office, Opera, Picasa, Raw Therapee, Safari, Skype, Thunderbird, Virtualbox, and VLC media player."
Morgenstern added, "Only Webroot sounded a warning twice in the test when launching programs. The other security solutions passed this test category without a glitch."
Almost as bad as false positives are system slowdowns due to inefficient antimalware programs. To test for slowdowns, AV-TEST engineers first created a reference baseline by timing how long a Mac OS X reference machine without antimalware took to copy 20 - 30 GB of files (documents, media files, presentations, and programs). That averaged out to 66.1 seconds. The adjacent slide lists the results, with Symantec Norton Utility ending up on top.
Free vs. paid versions
The free versions of antimalware held their own. As for features, Morgenstern told me the free versions were spartan. He added, "Most paid versions were not much better feature-wise, but were better equipped than the freeware solutions." For example:
- Intel Security (McAfee) and Norton include a firewall
- Kaspersky offers parental control
What I took away from the tests and Morgenstern's explanations was that, except for ClamXav, the OS X security package you choose from this list of 10 appears to be a matter of personal preference.
It might be best to reiterate something Morgenstern mentioned earlier: make sure to download the antimalware program from the manufacturer's website or purchase the boxed version from a retail store.
- 10 best antimalware products of 2014, according to AV-TEST
- Researchers take a bite out of malware
- Free ebook: Executive's guide to the next wave of security challenges
- Security and Privacy: New Challenges (ZDNet/TechRepublic special feature)
Disclaimer: TechRepublic and ZDNet are CBS Interactive properties.
Information is my field...Writing is my passion...Coupling the two is my mission.