Mac Antivirus Products Prove Effective in Whole-Product Test

Yesterday I commented on how rarely we see Mac antivirus products put to the test, compared to the widespread lab testing of PC antivirus. Wouldn't you know it, another major testing lab has just released Mac antivirus test results today. AV-Comparatives performed a multi-faceted evaluation of nine Mac antivirus products and found most of them to be effective.

Different Testing Style
The previous test report included 18 products. Researchers at AV-Test Institute exposed each product to 117 Mac-specific malicious program, scripts, and archives, noting how many were detected in a full scan. They also checked on-access detection using all but the archived samples.

A number of products scored 100 percent detection in both tests, but scores ranged downward from there, all the way to less than 20 percent. Mac antivirus products from Trend Micro, McAfee, and Webroot all came in below 40 percent, and Norton's detection rate wasn't much above 50 percent.

These vendors argue, reasonably, that simple signature-based file detection is just one part of an antivirus, and that a proper test should take into account all layers of protection provided by the antivirus. Well, that's exactly what AV-Comparatives aimed to do. Too bad this test didn't include the particular products that scored poorly under AV-Test.

Whole-Product Testing
For testing the AV-Comparatives researchers selected 65 of the most prevalent in-the-wild Mac malware samples, in particular choosing ones not blocked by the operating system itself. They didn't use any scripts or archived files. The report notes, "Precisely because a Mac security product only has to identify a small number of samples, we would expect it to protect the system against all threats that have not yet been blocked by OS X itself."

For testing, the researchers plugged in a USB drive containing the samples. The report notes that some products started quarantining samples right away. Next they ran a full scan on the drive. Finally, any samples that made it past real-time and on-demand scanning were launched, giving behavior-based detection components a chance to spring into action. While this scheme didn't take into account products whose malicious URL blocking would have prevented downloading malware in the first place, it did exercise more capabilities than a simple detection test.

Many Mac antivirus programs try to detect Windows malware too, in case you might infect your PC-using friends. The researchers ran an identical test using 500 prevalent Windows samples, omitting only the stage where they would execute surviving samples. Finally, they checked for false positives. As with the false positive test by AV-Test, none of the tested products erroneously identified any of the top 100 Mac apps as malicious.

Features and Reviews
Malware detection testing was just one part of the evaluation process. The full report offers a detailed review of the features each product offers, as well as an informative comparison chart. Some features were found in all products, among them real-time protection, on-demand scanning, and quarantine of found malware.

The chart becomes especially useful if you're looking for a product with a specific feature set. Five of the products use "cloud scanning," meaning they need an Internet connection to work properly. All but two block malicious and phishing URLs, and all but two let you whitelist specific files or folders. If you require scheduled on-demand scanning, you won't choose the two products that omit this feature.

Features above and beyond basic antivirus protection also show up in the chart. These include parental control, firewall, and mail protection. The chart also details what types of help are available (forum, email, live chat) and what languages the product supports.

But wait! There's more! The AV-Comparatives team actually wrote a full review for each of the nine products, presenting their features in great detail. If you don't want to read nine reviews, you should at least read the "Verdict" section that summarizes each.

Good Results
In Windows-based tests by this lab, products that pass the test receive Standard certification while those that go above and beyond can receive Advanced or Advanced+ certification. For the Mac-based test, it was more pass/fail. Eight of the nine products received certification from AV-Comparatives. These included Bitdefender,  Kaspersky, and ESET, among others. Only Kromtech MacKeeper didn't make the cut. I definitely look forward to more independent lab testing of Mac antivirus software.