The major test of security software for consumer users and corporate users for MacOS took place in the AV-TEST lab for the first time under MacOS version Sonoma 14.3. The 12 products examined were required to show how they held up in the categories of protection, performance and usability. The results are impressive: many products achieved the highest scores in the test, thus standing out as good choices. Only one product, which for years had completed almost every test in flying colors, surprisingly experienced a glitch.
Security software put to the test under MacOS Sonoma 14.3
The best security packages for consumer and corporate users put to the test under MacOS Sonoma
Escalating conflicts around the world, the increase in ransomware or info stealers, along with dangerous phishing attacks, are not leaving the Mac world unaffected. On the contrary: the attacks are mounting, as cybercriminals see vast potential in the Mac user group. Attacks via info stealers in particular are currently very much a part of the Mac universe. Add to this the vulnerabilities in popular software with cloud connectivity, which attackers exploit immediately. That is why perfect protection for MacOS is indispensable.
MacOS Sonoma: 12 security packages in the test
In their Q1 quarterly test from January to March 2024, the lab experts from AV-TEST examined 8 products for consumer users and 4 endpoint solutions for corporate users. For the first time, the new MacOS Sonoma 14.3 version was used as a test platform. All products were evaluated in the test areas of their protection, performance and usability. The lab experts can award up to 6 points for each area. Thus, the top score in the test is 18 points.
Included in the test were products for consumer users from Avast, AVG, Avira, Bitdefender, Clario, Kaspersky, Norton and Trend Micro. The products for corporate users in the test were from Bitdefender, Crowdstrike, Sophos and Trellix.
The final result of the test indicates that most of the products achieved the highest possible point score of 18. Only a few of them came in close behind at 17.5 points. Only one product bafflingly exhibited very unusually low performance, achieving just 16 points.
Fending off special MacOS malware
The MacOS malware samples circulating on the web are especially designed for the system. Shortly before the test, the lab experts fish the latest Mac malware out of the Internet or from e-mails. In the test for protection, each product in the test was required to detect and eliminate just under 700 malware samples.
7 out of 8 of the products for consumer users demonstrated 100-percent detection of all digital Mac attackers: Avast, AVG, Bitdefender, Clario, Kaspersky, Norton and Trend Micro. Only Avira had minor detection problems and completed the test with a 99.6 percent detection rate. Whereas all other products in this test category received 6 points, Avira achieved only 5.5 points.
Among the products for corporate users, the situation is similar: Bitdefender, Crowdstrike and Trellix achieved a perfect rate of success with 100-percent detection of the MacOS malware. Only Sophos delivered a surprising outcome in this test, with a weaker result and a detection rate of just 98.0 percent. That was atypical, considering the past test years, where there were virtually never any detection errors.
Nearly all test participants of the corporate products earned 6 points for their performance. Only Sophos conceded important points here: it scored only 4 out of the 6 possible points.
The greater the security, the lower the performance?
In the category of performance, the testers examined to what extent the security products impacted system resources of the test platform. To find this out, the lab used a reference Mac, installing and launching dozens of apps that were downloaded from the Internet. Afterwards, more than 4,000 files were copied, first locally and then onto the network. These values recorded were then used as a reference.
Among the products for consumer users, nearly all products cause hardly any additional system load and thus received the full 6 points for this. Only the package from Clario was a bit more conspicuous and suffered a point deduction: 5.5 points.
With respect to solutions for corporate users, Crowdstrike, Trellix and Sophos achieved the maximum 6 points for their hardly discernible system load. Only Bitdefender slowed down the system slightly more, and for this it received only 5.5 points.
Do the products generate false alarms?
In the test category of usability, the test lab at AV-TEST evaluates all products in terms of their usability, i.e. whether they wrongly flag harmless files and trigger false positives. In order to evaluate this, the testers ran over 27,000 harmless files through the scanner, installing dozens of popular applications and launching them.
The findings for consumer user packages turned out to be as perfect as those for corporate user solutions: All the products functioned error-free and did not trigger any false alarms. For this, they each earned the 6 possible points in the category of usability.
Additional unrated tests with Windows malware and PUA
The lab does not rate or score the two additional tests. But it does seek to determine whether MacOS security software also detects Windows malware and stops potentially unwanted applications – or PUAs for short. In the process, it feeds over 3,200 Windows malware samples and just under 1,800 PUA files onto the MacOS systems.
The findings are sure to be of interest to many users: Among the 8 products for consumer users, the packages under MacOS also each exhibited an over 99-percent detection in both cases.
There was the same outcome among the products for corporate users from Bitdefender and Trellix: each filtering over 99 percent of the Windows malware samples and PUAs. The detection rates of Sophos were only that high with PUAs. The Windows malware was detected at over 90 percent. The product form Crowdstrike only handles MacOS malware – ignoring the Windows or PUA realm.
Good protection for MacOS Sonoma 14.3
The test for security software on MacOS in the first quarter of 2024 revealed many good results under the new MacOS Sonoma 14.3 test platform. The evaluated products for consumer users made a strong finish, with 6 products earning 18 points and 2 receiving 17.5 points. In the key area of malware detection, all the products except Avira filtered out the attackers 100 percent.
There were stellar outcomes for the solutions for corporate endpoints as well. Crowdstrike and Trellix garnered the maximum 18 points in the test. Coming in just behind them was Bitdefender with 17.5 points, whereby the half a point was lost due to a minimally excessive system load. The Sophos result was clearly an outlier compared to tests in recent years. The product committed errors in detection and thus landed at 16 points.
