Sophos vs ClamXav

You don't need either, but if you are going to install one anyway, then install ClamXAV.

Which is better depends on what you're looking for. ClamXav will definitely be the less obtrusive option, as you can set it to simply watch specific folders (like your Downloads folder or Mail folder), or can even use it purely for manual scans. I have it installed at all times for testing purposes, and it causes absolutely no problems at all.

Sophos, however, takes a more active role. It includes what is called "on-access" scanning, which means that it examines every file when the system tries to use it in some way. That can potentially help to protect you against things that might slip past ClamXav, but has the potential to cause more problems as well. It's generally pretty well-behaved, though.

Note that neither is infallible, and neither is any other AV package. So don't just install AV software and then behave as you like, believing yourself to be safe. Last year, I saw people get infected during the MacDefender outbreak despite having anti-virus software installed. So be sure to take appropriate safety precautions. See my Mac Malware Guide for details.

joshblacher wrote:

Ok, so i have downloaded both Sophos and ClamXav and would like to know which is the better software.

Neither is more important than keeping your OS X fully up-to-date, but if, after reading Thomas' malware guide you feel you still need something, then use both. Just make certain that no more than one is being used in real-time scan mode (Sophos "On-access" and ClamXav "Sentry").

Full disclosure: I do uncompensated tech support on the ClamXav Forum.

Kappy wrote:

You don't need either, but if you are going to install one anyway, then install ClamXAV.

This is certainly not true anymore. See the following article: http://news.cnet.com/8301-1009_3-57409619-83/more-than-600000-macs-infected-with -flashback-botnet/

ascaris wrote:

Kappy wrote:

You don't need either, but if you are going to install one anyway, then install ClamXAV.

This is certainly not true anymore. See the following article: http://news.cnet.com/8301-1009_3-57409619-83/more-than-600000-macs-infected-with -flashback-botnet/

No anti-malware software caught Flashback, not ClamXav, not Sopho's, not Norton, not anyone.

Some Dr Web caught it and then tried to promote their new anti-malware we never heard of and a removal tool, but just a week later Apple issued theirs and fixed the issue with a Software Update, then later rolled the patch and repair all the way back to 10.5 on Intel processors.

Mac malware is rare, the Mac market share is small, not much attention is being paid to warrant a always on solution at this time when Apple has got our backs.

Make sure that Google's Safe Browsing feature is enabled in your web browsers, and if something warns you "This site may harm your computer" don't click to go there thinking your Mac will be safe, because it isn't against new and unknown exploits, just like any computer is.

ClamXav is mostly used for cleaning the Windows malware off their files before transferring them to other Windows users.

Let's pretend Mac marketshare isn't growing. Let's pretend it's not becoming more worthwhile for malware distributors to target Macs. Let's pretend that this hasn't happened:

"Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012.^[7] However, Apple maintains the Mac OS X version of Java and did not release an update containing the fix until April 3, 2012,^[11] after the flaw had already been exploited to install Flashback on 600,000 Macs." http://en.wikipedia.org/wiki/Trojan_BackDoor.Flashback#Resolution

Irrespective of the efficacy of current anti-malware options, arguing that malware is not a problem on the Mac is increasingly Panglossian. Or, perhaps, Macglossian.

This is not a debate that is productive to engage in on an old, already-solved topic. Especially when the information you keep quoting refers to old malware that has been extinct for at least nine months now.

There is Mac malware. That malware is extremely rare, most the active stuff is targeted specifically at Tibetan activists and none of it can infect a properly-updated Mac running 10.6.8, 10.7.5 or 10.8.2 at this time. For more information than that, see my Mac Malware Guide.

ascaris wrote:

"Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012.^[7] However, Apple maintains the Mac OS X version of Java and did not release an update containing the fix until April 3, 2012,^[11] after the flaw had already been exploited to install Flashback on 600,000 Macs."

All true, but it was certainly a wake-up call at Apple. Apple pushed the last major Java 6 issue patch out the door six hours after Oracle posted theirs.

Perhaps this is indeed not the forum, but I'm not sure we agree about what constitutes "rare". And when part of the problem is that people don't bother updating their macs or paying attention to good practices (such as those you outline on your website) precisely because of the notion that there's essentially no risk to Macs posed by malware, emphasizing that it's "extrememly rare" doesn't seem particularly productive.

MadMacs0 wrote:

ascaris wrote:

"Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012.^[7] However, Apple maintains the Mac OS X version of Java and did not release an update containing the fix until April 3, 2012,^[11] after the flaw had already been exploited to install Flashback on 600,000 Macs."

All true, but it was certainly a wake-up call at Apple. Apple pushed the last major Java 6 issue patch out the door six hours after Oracle posted theirs.

Agreed. It's too bad they needed the wake-up call, but it's encouraging to see that they've responded.

I had never used an A-V since 1993, and had never had a virus that I knew of. Last year I became concerned about Mac viruses and got free Sophos, which takes an hour to scan my drive, and never finds anything.

Yesterday, out of further abundance of caution, I bought ClamXav, which took 9 hours to scan my drive.

It found 4 applications infected with Trojans. They were little free programs bundled with hardware and I had never run them.

And it found 2 Trojan files buried in Library/Application Support/SpamSieve/False Negatives, a folder with hundreds of files of which it found these two:

CdWI0Xnmje7uhmJI44+Zzg==: Email.Trojan-277 FOUND

VZsmqdCxbaDez9owmrWtxA==: Email.Trojan-290 FOUND

So, if I had to use one application, it would be ClamXav. But since Sophos is free, I will continue to use it, too.