Skip navigation

Sophos Anti-Virus vs. ClamXav

44170 Views 50 Replies Latest reply: Sep 21, 2013 2:06 PM by thomas_r. RSS
1 2 3 4 Previous Next
OrangeChickenist Calculating status...
Currently Being Moderated
Feb 6, 2011 12:39 PM
Just moved from pc to mac and it has been GREAT Just wondering which anti-virus you guys preferred?
MacBook Pro, Mac OS X (10.6.6)
  • thomas_r. Level 7 Level 7 (26,960 points)
    Currently Being Moderated
    Feb 6, 2011 12:40 PM (in response to OrangeChickenist)
    Most people will tell you none. You probably don't need one at all, but for the full scoop, see my [Mac Virus guide|http://www.reedcorner.net/guides/macvirus>.

    If, after reading that, you want AV software, either [ClamXav|http://www.clamxav.com> or [Sophos Anti-Virus for Mac Home Edition|http://www.sophos.com/products/free-tools/free-mac-anti-virus> are good, and free.
    17" MacBook Pro, Mac OS X (10.6.6)
  • Charles Dyer Level 4 Level 4 (2,610 points)
    Currently Being Moderated
    Feb 6, 2011 12:55 PM (in response to OrangeChickenist)
    You don't NEED AV on a Mac, as there are no significant threats. If you _WANT TO USE_ AV, I'd recommend Sophos. It's free, and while not exactly fast, is certainly faster than the other main free AV, ClamXAV.

    I would not use pay AV. Especially I'd not use pay AV from Norton or McAfee. YMMV.
    iMac 2.66 GHz Core 2 Duo 4 GB., Mac OS X (10.6.6), eMac 1.25 GHz 2 GB, eMac 700, beige G3, assorted Windows boxes
  • j.v. Level 5 Level 5 (4,150 points)
    Currently Being Moderated
    Feb 6, 2011 10:26 PM (in response to OrangeChickenist)
    I run Sophos on one computer and ClamXav on another.

    On the one hand, Sophos is a commercial outfit, who makes their money in the enterprise server AV domain, so maybe they might be more responsive to when a threat emerges?

    And without any corroborating evidence to backup my following assertion, it seems like sometimes clamav (not clamXav GUI) could be slow about getting threats (those few trojans that are out there) on the signature list -- but I guess somebody has to report it to them first as I doubt they are out there actively seeking out OS X threats. But clamXav turned out to be easier (for me, anyways) to create a unix-based automated unattended weekly scan of the entire hard drive using clamXav's underlying clamav scanning engine (clamXav interface won't let you get into hidden system directories like /usr, /etc, /var, etc., so using clamXav's scheduler wasn't a help for me). I think that Sophos can look at everything, but I don't know for certain.

    My employer makes its employees, Windows and Apples alike, use McAfee. While I haven't had any problems with it, I doubt that it is any better than clam or sophos, and those two are free, McAfee isn't.

    So really, I suspect that one is just as good as the other and vice versa. Just choose one or the other if you feel the need to use a malware scanner. Like I said, since I run some internet-accessible services, I do; doing so helps me sleep better at night:)
    2008 Mac Pro, 2008 MacBook aluminum, 2007 iMac, Mac OS X (10.6.6)
  • powerbook1701 Level 3 Level 3 (545 points)
    Currently Being Moderated
    Feb 7, 2011 5:17 PM (in response to thomas_r.)
    What are your thoughts on Sophos? It's relatively new on the scene. I would like an alternative for ClamXav....
    MBP 15-inch 2.66 GHz Intel Core i7 / 4GB SDRAM / AG Screen (Mid 2010), Mac OS X (10.6.6), iPhone 3GS (32GB), AEBS DB II (Late 2009), Apple Wired Keyboard/Mouse, ClamXav
  • thomas_r. Level 7 Level 7 (26,960 points)
    Currently Being Moderated
    Feb 7, 2011 6:21 PM (in response to powerbook1701)
    AFAIK it's fine. I've heard good reports from some folks here, but have no personal experience with it.
    17" MacBook Pro, Mac OS X (10.6.6)
  • powerbook1701 Level 3 Level 3 (545 points)
    Currently Being Moderated
    Feb 8, 2011 6:18 AM (in response to thomas_r.)
    Thanks, I really like ClamXav, as it is simple and easy to use, but it's always good to have a backup if I would ever need one.
    I highly recommend ClamXav to anyone who wants something basic, but very useful.
    MBP 15-inch 2.66 GHz Intel Core i7 / 4GB SDRAM / AG Screen (Mid 2010), Mac OS X (10.6.6), iPhone 3GS (32GB), AEBS DB II (Late 2009), Apple Wired Keyboard/Mouse, ClamXav
  • thomas_r. Level 7 Level 7 (26,960 points)
    Currently Being Moderated
    Feb 8, 2011 7:12 AM (in response to powerbook1701)
    Just don't try to run both at the same time. Running more than one AV program is a recipe for conflicts.
    17" MacBook Pro, Mac OS X (10.6.6)
  • powerbook1701 Level 3 Level 3 (545 points)
    Currently Being Moderated
    Feb 8, 2011 6:19 PM (in response to thomas_r.)
    thanks, that is true. Only one AV is needed at a time. It's just good to monitor alternatives in case you ever need it. I see that VirusBarrier now has a "free" basic version listed in the app store (but it is NOT listed or even referenced on the VBX website oddly).
    MBP 15-inch 2.66 GHz Intel Core i7 / 4GB SDRAM / AG Screen (Mid 2010), Mac OS X (10.6.6), iPhone 3GS (32GB), AEBS DB II (Late 2009), Apple Wired Keyboard/Mouse, ClamXav
  • powerbook1701 Level 3 Level 3 (545 points)
    Currently Being Moderated
    Feb 9, 2011 7:40 AM (in response to powerbook1701)
    http://www.intego.com/manuals/en/vbe/virusbarrier-express-user-manual.html

    This is somewhat of a joke, read the part about virus defintion updates.
    I guess this would be good if you always wanted to really be behind.

    I would say that ClamXav and Sophos would be the best 2 free apps out there that seem current in their protection.
    MBP 15-inch 2.66 GHz Intel Core i7 / 4GB SDRAM / AG Screen (Mid 2010), Mac OS X (10.6.6), iPhone 3GS (32GB), AEBS DB II (Late 2009), Apple Wired Keyboard/Mouse, ClamXav
  • curly41 Calculating status...
    Currently Being Moderated
    Feb 13, 2011 10:14 AM (in response to OrangeChickenist)
    My experience is the following:

    Norton AV (Norton System Works for MAc Vers. 3) used to be THE tool before 2000 or so. Than I got more and more suspicious because each and every time when my subscription for updating virus definition would end I got all of a sudden much more alerts. As soon as I paid again for one year subscription almost no alert came up anymore. For a while it I had the impression that Symantec would not really care anymore about Macintosh's community. In addition I had the feel that the rest of Symantec's suite for Macintosh had been deteriorating also i.a. not much interest by Symantec. Now those guys did wake up and offer new software to care for Macintosh. But I remain skeptical. Even for maintenance issues there are good and mostly free or shareware programs available which install much less hidden stuff.

    As to sophos I had only one experiment with their customer service who seems to focus on rich companies. So I had the feel if I am not a big guy I should not waste their time … so I walked away. I still don't like their attitude for example when I met people from the at the German CeBit.

    With VirusBarrier I had only problems because this software did get in-between so many "good" processes from professional programs (like Adobe Photoshop, Microsoft Office) and made them slow, freeze or crash that I just removed all software. I still have the feel, that the VirusBarrier programers focus on showing off how well the can interrupt my workflow instead of remaining in the background AND avoid to block so much of my processor power.

    I must agree to what has been said before. You actually do not need an AV … but I like to add: If you communicate with others who have a PC it would be fair to avoid spreading viruses to them even if it does not hurt me. A virus or trojan may be in a picture or (latest news) in pdf-files. So - my biggest requirement is that a AV can be turned off when I want it to stop ALL activity (especially those in the background). So I have installed clam and clamX on an external drive which I also use to test new software. Whenever I know that I will not use my computer for 1 or 2 days I turn on ALL external drives starting via my MacBook from my external test-drive. Then I start a detailed scan of everything. Same applies when I exchange pictures or other files. Then I start from my test-drive and scan the folder with the respective files.

    By the way - Kaspersky is also offering Mac-Software. I use their PC-Version with my Windows-XP in ParallelsDesktop. Works great and is free via a German Computer Magazin (Computer Bild). But they seem to have the same approach as Symantec used to have … shortly before the annual subscription expires the messages get more and more dramatic. But since the subscription for the PC (not the Mac!) is free - you just have to go through a certain routine i.e. its not so bad.

    My proposal for protecting a Mac-computer:

    Using the internet via a router with a firewall built in protects quite a bit already. Within the router configuration I have blocked access for ANY new device i.e. only the 2 MacBooks, our web-radio and the iPad are allowed access the internet. Any other device requires the input of the admin-password as well as the router-password and in case of WLAN that respective password. I learnt that passwords up to 15 character are at danger if attacked by brute force. So I have a much much longer (theoretically it could have up to 64 characters).
    I have not activated the MacBook firewall to avoid similar mess a with running 2 AV at one time..

    For formal stuff like online banking and other addresses which are for sure not "criminal"web-links like contacting public services at the cityhall or my public library I use Safari.
    For the rest I use Firefox with the plug-ins NoScript, WOT (including community-exchange), Flagfox. Whatever alerts I get from those plug-ins I obey.

    As permanently active software I only have installed LittleSnitch. That software is worth its 30 Euro (about 40-45 USD). It has shown many alerts on programs try to "call home". I am confident that LittleSnitch would show an alert the moment a a trojan would want to contact its home-server. But I am optimistic that I will not see such an alert in years to come.


    Based on the comments in this threat I will now test nmap from http://nmap.org/
    This should hopefully allow me to block ports in case of them being accidentally open allowing illegal access.

    If someone can provide information or links which ports should have which open/close-status especially those ports mostly used by hackers for "viruses-action" I would appreciate it
    MacBook_4_1, Mac OS X (10.6.4)
  • g_wolfman Level 4 Level 4 (1,110 points)
    Currently Being Moderated
    Feb 16, 2011 7:05 PM (in response to curly41)

    I learnt that passwords up to 15 character are at danger if attacked by brute force.
    So I have a much much longer (theoretically it could have up to 64 characters).

    That's basically a problem for Windows. Not Mac OS X (or any other OS for that matter).


    Based on the comments in this threat I will now test nmap from http://nmap.org/
    This should hopefully allow me to block ports in case of them being accidentally
    open allowing illegal access.

    If you're in Germany, I'd think twice about that. I'm not sure how nmap is considered under StGB Section 202c.
    MacBook Pro (Early 2008), Mac OS X (10.6.5)
  • curly41 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 17, 2011 4:00 AM (in response to OrangeChickenist)
    Hi. G.Wolfman thank you very much for your warning ...
    I was not aware of that fact. Even for IT-professionals it can be regarded by law enforcement that they prepare for a crime if they ONLY have the software nmap on their computer. The question if it would be a crime if you use it for "good" work like repairing your own computer problems is still open. The highes German court in Karlsruhe (Bundesverfassungsgericht) has already rejected a complaint that this law would be unconstitutional.

    For the German readers here are interesting links:
    http://www.tschlotfeldt.de/elearning-wiki/Folgendes_Hackerparagraphen_StGB202c
    http://de.wikipedia.org/wiki/Hackerparagraf
    If you have problems with these links search for 202c StGB hacker


    By the way ... also Swiss computer users should be careful §143-144StGB


    <Edited by Host>
    MacBook_4_1, Mac OS X (10.6.4)
  • futuristlimited Calculating status...
    Currently Being Moderated
    Nov 4, 2011 12:22 AM (in response to powerbook1701)

    SOPHOS HAS STOPPED TWO TROJANS ALREADY.  JUST SAYING.  GREAT JOB FOR AN OP SYSTEM THAT DOES "NOT GET VIRUSES" It's not avoidable.  It can happen.  So grab this easy to use prog.

1 2 3 4 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.