Sophos Anti-Virus For Mac [Review]



A few days ago, computer company Sophos released a free anti-virus application for OS X.

According to the experts at Sophos, your Mac is vulnerable to malware – it’s just that there isn’t very much of it around. Yet.

But as Macs and OS X get more popular, that might change. So Sophos thinks it’s time you protected your computer.

So what does Sophos Anti-Virus for OS X do, exactly?

The install requires that you use an installer, rather than a simple drag-and-drop to the Applications folder. On first run you’re presented with a very minimal interface: a new icon will appear in the Menu Bar and Sophos tells you “As long as the icon stays black, you’re safe.” Right. OK then.

If you like to keep your Menu Bar clean (minimalists, raise your hands!) you can remove this icon from the Menu Bar. The basic anti-virus functions will still be running in the background. I’ve left them running there for a day or so and not noticed any difference – there was no apparent severe impact on system resources, and Activity Monitor showed the Sophos processes weren’t making significant demands on CPU.

You can ask the application to scan your local drives, or you can right- or control-click on any file or folder, and ask it just to scan that item (the installer puts a Sophos scanner in your Services menu). I scanned my entire hard disk, which took about three hours.

The question which remains, and which will always divide opinion (feel free to share yours in the comments) is whether you need virus protection on your Mac.

Sophos goes to great lengths to convince you that you do, with videos like this…

…but the examples they’re giving in that video don’t look to me like viruses; they look like trojans and dodgy scripts embedded in web pages. But Sophos is using the word “viruses” to mean “malware”, because for many non-computer-literate people, that is what it means.

This, I think, is where the arguments about Mac security can get heated. People who know about security know that officially speaking, a virus makes copies of itself and infects more computers without human intervention. But the vast majority of ordinary people don’t make that fine distinction – if it’s bad for their computers, they’ll call it a “virus” even if, technically speaking, it’s a trojan.

Sophos is using that same language shorthand to talk to those same people. It’s using “virus” to mean “malware” because that’s what ordinary people do.

There’s no doubt that OS X has security vulnerabilities, whatever name we use for them. I asked Sophos security expert Graham Cluley if he could identify an actual documented virus, in the traditional sense of the word, seen in the last year or so.

He said: “Not viruses, no. The main threat for Macs is trojans, and that’s the same for Windows computers as well.

“Too many people can get taken in by a tweet or a link they see somewhere. A little social engineering is all it takes to persuade someone to click something.”

He confirmed that Sophos uses the word “virus” to mean “malware,” for the simple reason that, in Cluley’s words, “My Aunt Hilda has only ever heard of ‘viruses’, so that’s the language we use.”

By releasing this software, Sophos is not trying to say that Macs are prone to viruses, even though it uses that word throughout its marketing for the product. What it really means is that Mac users are just as likely to fall for the social engineering tricks used to spread malware via the internet as Windows users are, and that its product is one way of protecting yourself from that danger.

Cluley summed up: “I use Macs myself at home. There’s no doubt that they are exposed to less of a threat than Windows PCs. We just want to keep it that way.”

  • Dan Anos

    Is this article sponsored by Sophos?, please give some assurance that this is not an advertisement…

  • Lipbalm

    Clearly not. Or are you being sarcastic? I can’t tell.

  • snap

    Don’t get Sophos. The free trial for the anti-virus has encrypted my hard drive, and the password Sophos provided does not work. My lovely MAC now consists of a gray screen with a Sophos login space and that’s all! There is not even data that is retreivable on my hard drive. Everything is lost and my hard drive has to be replaced. I’m kind of wishing I’d stuck with the nice little virus I’d gotten as opposed to this computer hard drive eating monster!

  • Doc

    I tried the Sophos AV. Would recommend avoiding it.
    Once it was installed, I could no longer use my network drive for Time Machine (it would lose connection after 1-2GB, so to back up a 200GB drive was … impossible). In investigating, I found that it was cutting off the network connection periodically, for no reason that I could identify. This continued after I turned off the real-time scanner and all other functions that I could. 
    As it stands now, I can’t get it uninstalled…ugh.

  • James Hicks

    Computers, like people, avoid getting sick by preventing bugs from entering the system.  We do so by avoiding the presence of sick folks (read: sketchy web sites), and washing our hands (read: don’t download uknown objects). 

    Anti-virus software is like a prescription drug in this analogy.  It’s one object that isn’t good for you but intentionally put into your system to hopefully defeat another object that isn’t good for you. 

    If you were to load up on aspirin every day as a preemptive measure against a possible headache, you’d eventually cause even bigger problems;  like ulcers or even cancer. 

    Why, then, do people assume that anti-virus software is a preemptive defense against trojans with no negative consequences? 

    The simple fact is this… nobody NEEDS anti-virus software.  Nobody.  Your system will be just fine as long as you don’t invite problems. 

    Buy… if you’re among the less intelligent, anti-virus *might* protect you if you have no desire to protect yourself at the expense of system performance.

    Finally; with all computer losses, the only real solution is restoring from a backup. If you don’t keep backups, you’re just plain dumb.


  • ItsFixed

    Security essentials is the best free antivirus, software available real time
    security with super-fast scans you can’t beat it Microsoft Rocks. software
    security online security is a must for today computers without any antivirus
    software your computer system is already compromised. Cyber attacks, keep the
    hackers out of you system with top of the range antivirus software for your
    pc repairs sydney


  • jescott418

    Well I think their is two ways to look at AV on a Mac. The safest way to look at it is too install a Anti virus program to verify that you have no Malware on your Mac. The other way is to trust that Apple will update and improve OS X enough to prevent any malware from installing or creating problems. In my own opinion I would install something like Sophos and do a scan. If you find nothing then I think its safe to do this scan about once a month. Since it really does not affect you Mac as in slowing it down. Why not have the security of a AV check. I use Sophos and it works well with Lion. I can’t say it has ever detected anything malware or even suspicious. So I can’t say I would tell someone they are wrong not to run a Anti Virus program. At this point Malware for the OS X systems is few and ineffective for most users.

  • jescott418

    You can remove Sophos buy going into your applications. The Sophos unistall program is there.

  • hamb

    I installed Sophus Free for Mac on my iMac.  It did not cause any problems and seems to run properly.  Strangely, when I did the initial scan, Sophus found two files on my Windows XP partition that it deemed contaminated.  One, I believe, was a false positive because the suspect  file was part of a Microchip development suite that had been installed from a Microchip CD.

    In something over six months, no further suspect files have been found.  The interface is a bit clunky, but Sophus works and the price was right.  

  • hhhobbit

    Disclaimer: I have never worked for Sophos nor do I represent them.  I am an independent security researcher.

    Why are you using Sophos FDE (Full Disk Encryption) product when all you
    needed was their free Sophos AV for Mac Home Ediition?  Do you really not know the difference between
    the two products?  A default install of free Sophos AV (it is completely free, not a trial like eSet) encrypts nothing other than perhaps a few of their own files.  Here is where you can get Sophos free AV (2011-10-24):
    The only complaint that I have read here that I know is valid also exists for other AV packages. Many are notorious for not indicating where the problem is at.  There are more problems caused by them not indicating where the offending files or registry entries are at than by them telling you where they are at.  Just don’t activate what they indicate is bad without doing some thorough checking first.

    Their pay SafeGuard Disk Encryption does full disk encryption. They also provide it on a trial basis.  Here is where you can get it (2011-10-24):

    My only statements on FDE (Full Disk Encryption) are: First, do you really need it?  If you don’t need it don’t install it.  Second, don’t mess around with trial versions. Either install or don’t install. Third, if you really need FDE check all of the FDE packages you can use thoroughly and pick the one you think best meets your needs.  Make sure others don’t have problems with that FDE.  Be careful here – some people need protection from themselves. Fourth, backup everything you don’t want to lose before you install any FDE.  Fifth, once you have it working, write the password to unlock the disk drive down and store it and the backups you made some place safe.

  • Nick Du Temple

    I agree with this review as its not really a matter of viruses to worry about, but the trojans. I didn’t think they were that easy to find, but my sister managed to find one. As responsible as she is when browsing, she came across one on her mac that was a false application. It downloaded itself from a seemingly legit picture of a person that she was doing a report on that was linked from google images, installed itself, and continuously prompted about infections that didn’t exist and to buy the software. Which it was in fact an obvious false software. It took a bit to remove it too. A tricky application it was. If this program prevents that and it’s light weight, which it is, and I’m running it now. I think it’s worth it knowing you won’t click on something from google images or another legit source and have to go through the pain of removing one and not even being sure if it’s actually gone. I mean this stuff is real. Is that something you will see often though? Probably not. That google image search that came across that website was probably a fluke. But hey, it doesn’t effect my system speed wise, and it works. I think this is something Mac users should really consider, unlike the resource hogging subscription mongrels like Norton. Norton was a major slow down on my mac, completely ridiculous. I think this is still an excellent and shockingly free solution that is almost seamless, and gives you a peace of mind when browsing around continuously and sometimes mindlessly looking for things and not noticing links that safari’s/googles malware filter doesn’t catch.

  • Sulimeth

    I have to disagree. Running with the medical analogy, I’d equate it with a vaccine instead of a prescription drug.

    You can try to avoid viruses all you like, and maybe you’ll succeed. But given the options of getting one anyway and not knowing, or downloading a program I forget is there 90% of the time that’ll get rid of it, I’m going with the anti-virus software.

    I get flu vaccines too – does that make me one of “the less intelligent”?

  • DoctorMac

    As a person who has spent my career in medical research, I have to strongly disagree with Hicks on his nonsensical medical analogy —  clearly he hasn’t the foggiest idea of what he’s talking about but is trying to convince us he does.  Protecting yourself with immunizations against disease is an act of wisdom — nearly wiping out smallpox and polio for example.  Aspirin has NEVER caused cancer.  Never.  Taking Vitamin C to prevent teeth loss (result of scurvy) is something we all do (without knowing the historical basis).  Protecting your computer from malware — by using appropriate software —  is not unlike this, and can be an act of wisdom AND intelligence.  To say it is stupid is like saying medicine is only for wimps.  I’ve been working with computers (and writing computer programs) since the 1960s so I know what I’m talking about.  It would appear that you do not.

  • danu22

    Simple and nice review…Maybe Sophos is one of the best security software to teep my computer from malicious files attack. Many fake antivirus, malware, spyware and hacker that any time could threaten our computer, and therefore antiviral necessary that really can keep your PC in real-time.

  • Joey Joel

    Sophos is not what they want you to believe. It is ruining my business, screwing up my MAC. I downloaded it from their server two days ago, and did not like the user interface, and aspects of the program. I uninstalled it, and was downloading ClamAv. Suddenly a message came from Sophos, and I thought what? To make a long story short, I tried to delete it using, ‘Clean My Mac, App Zapper, App Delete, to no avail, it kept coming back. I used Snow Leopard Cache Cleaner, and even that powerful program could not purge Sophos. I then put it in the trash, went to all my lib files, user caches, and FORCED EMPTY TRASH. Sophos came back. I then went to my terminal logs, and found SOPHOS WAS NOT ON MY DRIVE, BUT OPERATING FROM THEIR SERVER. I CAN’T CLOSE THE DOOR ON THIS, AND IT IS RUINING MY TIME AND TAKING OVER MY MACHINE. DON’T BE FOOLED BY A NICE FRONT END PROMO. I am a professional, and not a newbie. This app is written with a BACK DOOR into your unit.

  • Joey Joel

    I think I have gotten it off my system. Interestingly, here is how it followed.

    First of all, I’m not a newbie. I’ve worked as project manager on some very well known sites. I have spoken with some very high level senior programmers who have agreed some programs are built to ‘entrench’ themselves, and efforts to delete, are met with their rebuilding their presence. So, we think some new discovery is going to be a ‘panacea’ of perfection, and take care of our problems while we peacefully slumber, may just not be so. When you try to get rid of them, as I have experienced, they become part of the problem. Some programs are set up to make it very difficult to uninstall or delete.

    In the case of Sophos, I do NOT believe I got rid of it. I do believe the guy at Sophos, (name escapes me), saw my very aggressive letters, and had me taken off their server. Why do I think so? I have system logs, which speak of Sophos talking to my machine long after I ‘personally’ attempted to delete it. Sophos was running on my machine for more than a day and a half, AFTER I could not find any trace of it. When I went to my console activity, and studied the logs, and the active servers, Sophos was active. This is after all my attempts, including commands from the console, and single user mode, and resetting pram, and numorous restarts. I am not confused about this.

    Sophos showed up in my dock, my menu bar, and NOT a trace was on my machine. When I attempted to install ClamAv, it stopped my installation, and began a asking me if I wanted it to scan any other devices. I was blown away – this, after it was apparently gone. When Sophos was running, (after my deletion if it), it showed in the menu bar, and dock. In the dock, I used the command, ‘Show in finder.’ As you may have guessed, it did NOT show. Only the server connection showed, and that, I had to look for in the network settings.

    So, I am glad it works for many. Personally, I don’t want anything in my computer which has a back door. I am sure they will say this is not so… the people who work there may not even know. But my experiences tells me otherwise.

    Most people may not make as heavy demands on their machine as others, so would not encounter the problems a person as myself might. If you turn a virus program on, and you are happy, so be it. What alerted me, was Sophos said it found a threat. It said a ‘world clock,’ I had on my drive was infected. Not being happy with a simple, isolate it, I asked for details. It had none to give about any type of virus, worm, infection, or Trojan. I asked it to be put in isolation, so I could look at it, and research it later, then it disappeared. I looked it up in the log files Sophos was supposed to maintain, and nothing was there. The prefs don’t give many choices, so I just decided to find a program with which I had more control. On my pc, I used Avast, and loved the user interface, and the control it gave. That is when I decided to delete Sophos.

    The rest, you know.

    Best to all.


  • photoglyph

    I had to ‘force quit’ Sophos and drag it to the trash -NO uninstall and I downloaded it yesterday, 7/6/12