Selecting a MAC Anti-Virus Solution

I am what most would consider to be a new adopter of Apple machines, less than 6 months, other than the obvious iPhone that is. It’s important to note though that this hasn’t been my first try, I attempted the conversion about 14 months ago and failed miserably. I found myself secretly getting my Windows fix without letting my colleagues know and that eventually led me into withdrawals and finally back on a Windows box, but I digress…

Then came the day I went full-time as an entrepreneur and my partners, being the security freaks that they are, banned me from using Window’s products on our network. My option was a distro of Linux, and as fun of an experience as that was, cough, I found the need for what I would consider a more robust UNIX based products – in enters Apple again.

It just so happens that I made the conversion just as the Flashback / Flashfake outbreak hit the streets. Oh you know, that little outbreak that got every one up in arms over Apple’s security policies and rumored to have over 600,000 MAC’s infected world-wide.

So naturally, my obvious reaction was, “WTF!!!!”

In Enters the Need for an Anti-Virus Product

Like most, up to the point of the Flashfake / Flashback outbreak, I was under the general impression that the MAC was inherently a safer product. Well, I think its fair to say that it’s not longer the case and the need for an Anti-Virus product is a must-have.

The obvious question I found myself asking was, “well which product is the ideal solution for a MAC?” I asked a number of people and each time I got a number of different responses and so the need to research and test became a necessity.

The Hunt Begins

The issue with the MAC, in my opinion, is that unlike Windows, malware on the OS is not something many have concerned themselves with, to include the AV companies. As such there was a huge resurgence of local MAC AV’s coming out of the wood-work.

The first place I checked was the App Store and behold, I found a growing list of available products:

  • VirusBarrier Express
  • ClamXav
  • Dr.Web Light
  • VirusBarrier Plus
  • Kaspersky Virus Scanner
  • OptimUS
  • iGuard
  • Web Security – Monitoring
  • iSecure
  • Egis
  • OptimApps

Woah, how the heck am I going to choose!!!! This doesn’t even include the regular guys – Symantec, Norton, Trend, McAfee.

Making a Decision

As you might expect, as is often the case, it came down to reputation and personal preference. I knew off the bat I wasn’t going to go with anyone that I did not recognize and I obviously had my personal preferences. For my Windows PC, I have been placing my trust in Kaspersky, and F-Secure, as such figured I would give them a try. I have also been following Sophos for a while and was eager to test their new MAC product.

The Review

And so the experience begins…

1. Kaspersky

Of the three I tried, Kaspersky was the one I felt offered the most complete solution with the least amount of impact on my system resources. It seemed to have a comprehensive suite of tools that I felt most comfortable with. Not only was the scan good, it did not kill my machine and that is always a plus. The quarantine and kill features were great, and were complimented nicely by their logging features.

I was specifically fond of its ability to actively detect malicious websites. It even did a good job of detecting backdoors on website files. I would say that its biggest weakness was its inability to detect mail SPAM and what appeared to be lack of integration with mail clients.

I do think that it fell a bit short when compared to its counterpart on Windows, but for MAC, it was a win I think.

2. Sophos

The biggest upside to Sophos for me was the fact that it was Free. It did not appear to be as complete a product as the one offered at Kaspersky or even F-Secure. It seemed like it was quickly put together in an attempt to fill a perceived need and capture the market as it was obviously growing and demand was there.

What I did like was that it seemed to be particularly good at email SPAM, better than the other two, but that was perhaps the only part I enjoyed.

It failed miserably at identifying web-based malware and while the system scan seemed to be complete, it was a serious resource hog. It came to a point where I had to restore the box to get it back in working order. There also seemed to be some issues with using the quarantene and repair and lack of logs to explain why one would or would not work, didn’t like that too much.

2. F-Secure

I was perhaps most disappointed by the F-Secure product. I have been playing with its Window’s counter-part and it has quickly become one of my top two favorite products for Windows, but what I found with the MAC version was less than appealing.

It retained a lot of the aesthetics you would come to find on the Window’s product, but not many of its features. I was specifically keen on its Rootkit scanner that didn’t appear to make it in the version I was playing with.

It didn’t seem to require to many resources when running, which was nice. It also had a nice feature where you can define the directory you want to specifically scan, but for some reason failed to give me the option to scan the entire computer. Again, might have been operator error, but as important as a task as that is I’d expect that to be default or easier to find.

Like Sophos though it was not very good at identifying malicious websites.

My Decision

As if it was not clear, I decided on the Kaspersky solution. It was the most complete product in my opinion and its ability to effectively identify websites with malicious payloads was of special interest to me, for obvious and not so obvious reasons. If you’re asking why, its simple.

Web based malware is on the rise and its the easiest and preferred delivery mechanism for desktop malware. Most of the desktop infections we see today are coming from websites carrying malicious payloads and as such its perhaps one of the most important features we should all be looking for in any desktop Anti-Virus product.

Its important to note that I would not say that my review of the aforementioned products were by any means exhaustive and should not undermine the work these companies are doing. I still hold them in high regard and greatly respect the work they do. I am sure as they shift their focus to straddle both the Windows and MAC worlds their products will only improve and we will all benefit from it.

For now though, I will stick to my Kaspersky install.