Yes, you need anti-virus on your Mac.. and now it's free

Filed Under: Apple, Malware, Video

Love your Mac
Sophos has today announced the world's first free business-strength anti-virus program for Macs.

In a pretty exciting move, we're making a version of our Mac anti-virus product (used by big companies around the world) available for free download to home consumers.

That means your home Macs can be protected automatically in-the-background with the latest anti-virus protection, checking every program you run, every file you download, every USB stick you insert, completely free. Is there a catch you're wondering? Well, nope! There isn't!

I'm really pleased about this, because I love Macs. Back at Cluley Towers we only use Macs at home - they're great for messing around with family photographs, making movies, storing music, the list goes on..

But just like I make regular backups of my valuable data (some of which is irreplaceable and is priceless in sentimental terms to me and my wife), I also run Sophos Anti-Virus on my Macs.

Sophos Anti-Virus for Mac Home Edition

And it's not just to protect my movies and music collection. I'm also aware that there are a growing number of bad guys out there who might consider Mac users a "soft target" and deliberately set out to infect Apple Macs, in the hope of stealing login details to banks and social networks, commandeer your MacBook to send spam or install irritating pop-ups, or simply commit identity theft.

The cybercriminals aren't kids messing around in back bedrooms any longer, they're organised and professional. And - unfortunately - many Mac users may have been too blasé about securing their computers, making the growing Apple userbase an attractive one to target.

Don't believe me? Well, it's already started. Past threats to Mac users have included:

– Websites that pose as legitimate-looking software vendor's sites, but whose downloads are really Mac malicious code.

– Malware disguised as pirated software available for download from P2P file-sharing networks.

Pirate version of iWorks carries Trojan horse

– Sexy online video links that urge you to install a plug-in to view the content, but really infect your computer with a Mac Trojan horse.

– Popular Twitter accounts, such as that belonging to former Apple evangelist Guy Kawasaki, who have tweeted out links to websites designed to infect Mac computers.

(Enjoy these videos? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

– Windows viruses and other malware, which can come in via email, web or USB drive, either being passed on to Windows-using friends or colleagues, or infecting virtual installations of Windows installed on a Mac.

Sophos Anti-Virus Home Edition for Mac stopping Windows malware

Most people don't know that Apple acknowledged the malware problem by integrating rudimentary protection against a handful of Mac Trojans in Snow Leopard. But 95% of those Mac users we surveyed recently are convinced that more attacks are on the way.

Mac malware survey, October 2010

Wise Mac users will secure their computers now, outwitting malware authors – if we make their jobs of infecting Macs damn difficult, they will go elsewhere to make a quick buck.

Sophos Anti-Virus for Mac Home Edition intercepting Mac malware. Click for a larger version

So, what are you waiting for?

This time you really do have nothing to lose as we've made it free :-) Download Sophos Anti-Virus Home Edition for Mac.

Do you agree that Mac users need to protect their computers? Do you believe that actually they don't need to take any extra precautions to look after their data? Whatever your view, leave a message in the comments below.

, ,

You might like

52 Responses to Yes, you need anti-virus on your Mac.. and now it's free

  1. Andreas Heilwagen · 1764 days ago

    Does not harm yet, but does not advertise that e-mail is protected automagically. My SSD-MacBook Pro does not look slower after installation and updates should work better than with ClamXav. My MacMini servers is also still serves on blissfully.

  2. David N. · 1764 days ago

    Thanks so much for releasing this. I've got it scanning all four of my Macs now and just shared it with my Fight Identity Theft readers:

    You have to love Sophos!

  3. Erik Postma · 1764 days ago

    I love how the chart showing the responses to your poll is already made to be as sensational as possible by making the maximum value, 59%, occupy the whole width of the chart; but also you mis-cite the 59% as 95% in the text. Good work!

    • 59% who say "There will be more Mac malware, but not as bad as Windows" plus the 36% who say "There will be more Mac malware" equals 95% who say there will be more Mac malware.


      • newmac · 1764 days ago

        is sophos any better than intego?

        • pducklin · 1764 days ago

          Hmm. That's hard for me to be entirely objective about. Why not try them both and see?

          I can see two advantages of our product here. Firstly, price. Secondly, completeness of coverage.

          We treat Windows/Mac/Linux as a "threat spectrum". So our products for all those platforms detect all the malware for all those platforms, if only to prevent each platform from being a "Typhoid Mary" to the others. Intego detects only Mac malware on the Mac platform. It's not wrong to do that, but it seems to me to be missing a trick - most Mac users share files with their Windows-using friends. If you can get your Windows buddies to buy you a drink every time you rescue them from danger (and Graham has a funny-but-not-funny article about how this happened to him at a major conference in California!) by pointing out that they're infected, you'll run a tidy profit over the purchase price of Sophos :-)

          (Ah. For completeness - Intego can offer you Windows protection too, for an additional fee. But it's a bundle of somebody else's Windows product. It doesn't add general malware identification to the Mac product.)

          • newmac · 1764 days ago

            is sophos any better than intego?

            Thanks - Intego seem to also have a Firewall in their product but not sure if that is any better than the one in OS X. Just trying to evaluate whether the Sophos free AV plus OS X Firewall would be enough or to go with a paid version of Intego coveering both.

            Bit concerned that there is only the Forum for support (I realise the product is free!)

            As Sophos point out, it's difficult to decide on MAC AV as you are normally told it's not required whereas with Windows it's a no brainer to do without.

          • Andrew Ludgate · 1764 days ago

            The Sophos antimalware engine even detects Apple ][ malware, should you have some old infected ProDOS floppy images floating around on your Mac.

  4. Excellent post Graham. No computer user can afford to be complacent anymore, it is best to take preventative action by installing AV software on all computers. Who knows what tomorrow's technology will spawn. As Mac attract more positive attention, they will also attract the negative.

  5. T.Anne · 1764 days ago

    I don't know that I'd say, "many Mac users may have been too blasé about securing their computers...". I don't know about others, but when I purchased mine - the sales representative actually told me NOT to install anti-virus on it because they had stuff built into the system and that many downloads for it would actually create bigger issues for infection and compromise the system. Needless to say, I was very surprised to hear that - and didn't make it more than a month before adding it. Although I did get it from Apple hoping that if what he said was true - it was the safer option.

    My point being, if others were told that as well - they may be more worried about adding that type of software vs doing nothing.

    • Yeah, it would be better if the staff in Apple stores were a little more educated about the malware problem on Macs. I was in a store recently with a friend who asked (mischievously I might add) the guy in the store if they needed to run anti-virus on their Mac. The store guy said that wasn't necessary as Mac OS X was invulnerable.

      She went on, and said "But what about this XProtect anti-malware thing you built into Snow Leopard? Doesn't that mean that there is a malware problem on Macs?"

      "No," said the store guy, "XProtect is for stopping Windows malware" (!)

      Bzztt... wrong answer Mr Apple Genius.

  6. This is awesome news! I use Sophos SBE because it seems to be the only AV product for Mac OS X that does not impact system performance. My main criticism had been that it was next to impossible for consumers to buy Sophos for Mac. Making a version free for home users solved that problem!

    Is there a list of significant feature deltas between the enterprise version and this new home version?

    Thanks Sophos!

    • There's no difference in protection capabilities. The difference is that our enterprise/business version includes greater administration and reporting facilities (as you would expect in a business product).

      Oh, and of course the business version includes email and phone technical support should you need it. :)

    • CatSoft · 1756 days ago

      Yeah,great idea Sophos,all you need now is maybe Sophos Anti-Virus Free for Windows.Keep up the good work!

  7. Magnus Trouw · 1764 days ago

    Great stuff guys. What will your competitors do? Recently I did a seminar for Apple Benelux BV in the Netherlands about Security and threats on Apple platforms. The seminar was packed. People are really getting more and more interested in this subject. I will try to tweet every interesting move you guys make on the Mac @magnustrouw

  8. Peter J Taylor · 1764 days ago

    That's great news! I've occasionally downloaded a free Sophos Anti-Virus evaluation for a month onto my home iMac, and would have been happy to pay for a single licence. But until recently licences were only available in batches of five or more, which are too costly for home use on a single computer.

  9. This post is a bit disingenuous.

    How did you arrive at this 95% result? How computer savvy were those who responded?
    How large was your survey size?
    Just wondering.

    P.S. Its ironic you guys chose to release this today. Im uninstalling Norton 11 for Mac because it made my computer glacially slow after my recent Snow Leopard update.

    • pducklin · 1764 days ago

      The sample size is in the graphic above - 640. Our on-line surveys can, of course, never be scientific, not least because they're on our site, and will therefore be clicked on by the sort of people who are interested in our site. I don't think we ever act as though they were scientific - but in this case it's probably fair to suggest that the average survey taker was of above-average computer savviness. (If that is a word, and, if so, whatever it means.)

      As for being a disingenuous post...the title and topic is strictly accurate IMO! You _ought_ to run anti-virus on your Mac, and it _is_ free.

      By the way - as a long-serving Sophos researcher/techie/blogger/bottle-washer, I claim suitable qualification to say this - we build and ship a product for Mac precisely because we think you ought to have one. We do not think you ought to have a Mac product because we happen to have created one.

    • Bastion · 1762 days ago

      You meant to say it's "coincidental", not "ironic". There is nothing unexpectedly contrary about your action vis-à-vis Sophos' action. They did occur in close proximity to one another, and both concern Mac security software -- that makes them "coincidental".

      Sorry, just been annoyed with the misuse of "ironic" ever since Alanis Morisette immortalized it in the likewise-named song. :)

  10. frank · 1764 days ago

    Works good so far on my iMac, two suggestions for improvement:
    1) growl support
    2) beside the exclude list for on-access scan, offer also a include list: I just want on-access scan for my download folder.

    • pducklin · 1764 days ago

      An include list is a bad idea (trust me, I am not a doctor), especially if applied to your download folder only. Problem is that when software installs out of any sort of package (dmg, pkg, zip, or whatnot) it typically distributes items in many other parts of your disk - almost anywhere, in fact, except the download folder. Any of these dropped items might be malicious, but might not be visibly in malicious form inside the downloaded package - the malware parts might be unscrambled only at install time. Cybercrooks tend to take the OS vendor's coding and software distribution guidelines with a pinch of salt.

      Ideally, of course, we'd detect the downloaded package as infectious, without even needing to look inside. Or we'd detect the dodgy installer program in the package, without even needing to descramble its nefariously obfuscated contents. But defence in depth says to keep your eye not just on everything you download, but on everything which might later emerge from that downloaded object, as well as stuff which might enter your computer via other means than download, including directly from USB.

      An include list makes it far too easy to limit your protection to a tiny and unrepresentative part of your disk - which is why we offer exclusion lists only. And please be careful with those. Don't lock all the doors only to open a great big window (no pun intended) by mistake.

      Sounds like you might be concerned about the run-time overhead of an always-on on-access scanner. I think you may be pleasantly surprised at how unobtrusive it is.

      • frank · 1763 days ago

        I see your point, please don't think me petty, but if you let me define exludes or disable on-access scanning completely, why not also offer includes. :)
        Anyway, I'll see how on-access scanning works for me. Thanks for the answer!

  11. Casper · 1764 days ago

    I don't have access to a Mac but know some non-profit organisations that do. What does the license say about use. Is it just for home users, or can it be used in education?

    • pducklin · 1764 days ago

      Just for home users, I'm afraid. We have great deals for education customers, though. That's a market sector in which we are strong and very well-respected for a number of reasons, including: fair price, platform agnosticism, and top-notch 24/7 support by email or phone included in that fair price.

  12. I know almost nothing about computer, but managed to load and run the program. It now tells me I need to 'clean up manually' the 8 threats detected,... any suggested link for simplified instructions of how to do this??

    • Hi Aurum. I would recommend visiting the support forum for the Sophos Anti-Virus for Mac Home Edition for assistance. You can find it at

      • jessi · 1764 days ago

        it's worth just deleting the files. provided that these are likely windows-based malware (you can check that on that are kickin around your machine just waiting to be executed on windows.. delete 'em if you don't need 'em.

  13. Manuel · 1764 days ago

    I'm a bit concerned about performance. AV software is notorious for being a hog to the system. How hard is Sophos AV on the system?

    • pducklin · 1764 days ago

      We only re-scan files on-access if either the file has changed or the anti-virus has updated since it was last accessed. (We know when the product updates, because we're in charge of that. And we know when a file changes, because our kernel driver monitors file system access, read and write, and we know how to identify each file system object uniquely.)

      This minimises overhead, and has helped our products - on all platforms - avoid the "notorious hog" label since we first started real-time scanning in, ahhhh, the early 1990s. How time flies when you are having fun!

      As I said in an earlier reply, I think you will be pleasantly surprised at how lightweight Sophos Anti-Virus is. I've had it on my Mac since the moment I returned from from the shop and I have to keep looking at the shield to remind myself it's there.

      Why not try it and see? You can have your money back if you don't like it :-)

      • Graham Perrin · 1759 days ago

        I created a topic,

        Second and subsequent launches of applications, a sense of hogging

        PS the intensedebate commenting system here fails to work with OpenID.

        • Thanks for telling me about the OpenID login issue. We've had a few different problems with using IntenseDebate as the comments system on the Naked Security blog which are being investigated. I'm going to disable OpenID login for commenters until I'm confident that it's working properly.


  14. Ted · 1764 days ago

    As for Macs not needing anti-malware, I totally disagree. I got pwned at Zyxel's
    site with a Unix arc bomb Trojan that Intego warned me about and tried to repair, but obviously couldn't. I think the heuristic engine found it but it got through. Every 5 mins it wanted to download a file and the only way I could stop it was wipe and re-image a clone from a week before. I sent my logs to Zyxel webmaster and their US site went down from Friday afternoon to Monday mid morning. $$$$$$$$$$$ This happened two to three years ago when search box injection/ redirect was just started hitting sites.

    I have also been pwned by a bad iTunes security podcast from a gray hat podcaster. Two different Mac AV and Clam were disabled. AV on a Mac is a must, at least for me.

  15. John · 1764 days ago

    Thanks for making this available for our Macs... free is really appreciated. Wish it was available for (don't tell anyone)... the 1 PC we have at home.


    • Don · 1744 days ago

      AVG is a good free AV for PC. AVAST is another.

    • Lauren · 1698 days ago

      For Windows, Microsoft Security Essentials (MSE) is another very good, and free anti-virus program.

  16. Kiwiiano · 1763 days ago

    What advantages does it offer over ClamXav? I run the latter and haven't noted any conspicuous slowdowns or had any problems with updating definitions. It certainly picks up malware, usually manky attachments on emails or phishing attempts.
    I do welcome Sophos to the fray. With Mac numbers climbing, it's only a matter of time before the blackhats turn their spotlights on us.

    • Paul Ducklin · 1763 days ago

      ClamXav - fairly sure I am right here - is just a graphical front-end for using the ClamAV engine for on-demand scans. When you want to scan something, you can.

      That can be useful, but it only _detects_ malware. It can't prevent it. To deal with malware properly, you need an on-access, or real-time scanner. And to do that properly, you need a kernel driver. And you'd better do _that_ part properly, because it becomes, well, part of the OS kernel itself.

      Imagine you install some new software, which may unravel all sorts of other components out of its package (which needn't follow Apple's rules, of course), and download a whole load of stuff directly off the web, and generally litter your Mac with new items. With an on-demand scanner, you can then scan your computer - which generally takes quite a while - to see if anything dodgy was installed as part of the process. If it was, congratulations! You're already infected. Aaargh!

      An on-access scanner examines each file system object as it is accessed (hence the name on-access), and can block access to dodgy files before they are used. This not only detects, but also _prevents_ infection.

      Sophos Anti-Virus has an on-access scanner. To me (but let me mention my lack of objectivity again), that's not an's a must.

      For another reason, see #10 in the ClamXav FAQ :-)

      "Should I get rid of my other virus scanner and just use ClamXav from now on?" Have you paid good money for it? If so, and you have no pressing reason to dump your other scanner, then I would honestly have to say "no". You've paid, so you may as well get your money's worth from it!

  17. TXMAC · 1763 days ago

    I agree there's a need of AV software for Mac, however, I've heard that a good security solution should offer strong 2-way firewall protection. How concerned should I be about relying on this Sophos AV and just the built in firewall of OS X? I currently use Norton Internet Security for Mac, and have been questioning its reliability on phishing protection and detection of MAC malware. I chose to install it last year mainly for having 2-way firewall protection. I ask since my subscription to continue with Norton is due soon, so I'm looking at other options (including Sophos).

  18. demagog · 1763 days ago

    They sound like the republican fear mongering.
    Asking if people if the think in the future the Mac will be targeted by more male-ware is like asking people if they think gays should have the right to marry. It's not a matter of opinion in either cases. Pure BS.

  19. appletech1 · 1763 days ago

    Thanks for this great piece of software. As a Mac Tech of many years, I can honestly say that this is by far the most unobtrusive, seamless A/V software I've used and I will recommend it to all of my clients. Very well done, Sophos. We've been waiting for a long time for something like this to come out. And for those nay-sayers who think Mac users are immune, just wait. One of these days, real soon, we're going to be hit with something serious. We've been far too lucky for far too long. It's just a matter of time. I've tried every A/V on the market and this one wins hands down. Just one request. Please don't go changing anything. It's perfect just the way it is.

  20. DjFIL · 1762 days ago

    It's good that there's more options for Mac AV now, it could be good for the average user trying to help them with their poor choices. I still decline to run one. All viruses at this time for the Mac come through forms of Social Engineering, making you think you need to install this for one reason or another. Until I start seeing viruses on the Mac that do not require me to type in my Root password, I personally will not be concerned. Not saying that couldn't happen in the future, but I'll wait until there is a real need.

  21. guest · 1758 days ago

    I get a kick out of you Mac users that think as long as your Root pwd is not compromised then you are ok. Did you not read the post from Ted about the Trojan on his system? I dont know about you but having to wipe and reinstall is not something I want to have to do because of a stupid Trojan! The potential to have lost a single file is not a risk I want to take. Just because the car thief didnt steal your car doesnt mean that slashing your tires and breaking your windows doesnt have an impact. I dont want to have the hassle of endless popups or hidden ftp or emailers or anything else slowing down or wreaking annoying havoc on my system.
    Just because they dont get your Root pwd doesnt mean they cant make your life miserable...hence the beauty of AV products as deterrents.

    • Paul Ducklin · 1757 days ago

      There's a slight irony here. The majority of Mac users who install software never type in the root password. Indeed, they couldn't if they wanted to, because they don't know what it is, since they didn't set it. (Unless they have an iPhone. Then, the root password is pre-set to "alpine" :-)

      So the whole "root password" thing is a bit of a furphy.

      Installation is done via sudo-style privilege escalation, where you enter your _own_ password (if you are an admin) to bump up a sub-process (and all its sub-processes) to root power.

      Even though typing in your own password to the "let this software do that" box is a great security measure, it is IMO a sufficiently common activity (for example, when using System Preferences) as to become unexceptional to many people.

    • spookie · 1700 days ago

      Root is disabled by default on OSX. There is no password to
      get, unless you've hacked the system and enabled it. As to
      your analogy, AV is like one of those steering-wheel locks. They
      just pi$$-off the thief so he breaks your windows and slashes your
      tires. I don't actually prefer that to stealing it. Before
      I moved out to the country, I had six car stereos stolen in five
      months. With the first two, the thief broke the window to get in.
      And these weren't nice stereos, they were $29 cheapos from
      WalMart. After that, I left the door unlocked. The stereos were far
      cheaper than the windows were. So much cheaper that all six stereos
      were worth slightly more than half of just one window. Similarly,
      since there are no Mac viruses in the wild (there is some malware,
      but no viruses) I see the disadvantages of AV exceeding the

  22. ralpherus · 1758 days ago

    would this be for an old IBM chip running 10.4.11 ???

  23. Eugene · 1758 days ago

    AV vendors should actually pay end-users for accessing (and reselling) their data.

  24. Just curious what Antivirus comes default with macs?

    • There's some very limited malware protection built into Snow Leopard (see ) but it's not really comparable to an anti-virus program.

    • spookie · 1700 days ago

      None. And this story and my respect for Sophos not withstanding, no AV is needed on a Mac that does not run Windows. Care is needed on any system, and AV is not a replacement for care. It is not "security by obscurity" that protects the Linuxes and UNIXs (of which OSX is one), but an inherently more securable system.

  25. Catsoft · 1639 days ago

    Great,Sophos.All you need to make now is a Sophos Anti-Virus for Windows Home Edition.

  26. Mark Serlin · 1097 days ago

    I've been using this for a while now. Works silently and seamlessly - hasn't caught anything yet I (think) I'm pleased to say...
    I recommend this to all my mac-using friends.

  27. Thanks so much for releasing this. I've got it scanning all four of my Macs now and just shared it with my

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley