Deutsch
English
Français
Español
- Share:
Powerful protection for MacOS: test under Sequoia 15.6
Recently, many Mac users have been seeing articles in the media about current malware using stolen signatures and even being able to bypass the standard protection offered by Gatekeeper. These dangers can be thwarted more effectively by leveraging the power of high-performance protection software. The current test with 13 protection products for consumer users and corporate users shows which products have proven their worth. The packages need to fend off hundreds of MacOS malware samples and, at the same time, they need to make sure that no harmless applications and files are blocked. In addition, the test checks the extent to which the protection tools place a strain on the MacOS test systems. Many products are able to shine, scoring the highest points in the test.
The MacOS test for the quarter (03/2025) shows how well 13 products for MacOS protect against malware without slowing down the operating system and triggering false positives
Cybercriminals have been attacking MacOS systems more and more frequently. For example, Atomic macOS Stealer (AMOS) made a big impression only a few months ago. The malware installs a persistent backdoor on compromised MacOS devices, enabling remote access and making it difficult to detect. Odyssey Stealer, a more advanced variant of AMOS malware, features a code signature that uses a valid Apple Developer ID. This signed infostealer variant managed to evade detection by MacOS’s own integrated security tools such as Gatekeeper and XProtect for quite some time. Other solutions offer more reliable protection because they expose the attacker, in particular by leveraging behavior-based detection measures and more in-depth analyses.
The current test from this September shows how well other security packages for MacOS can detect and defend against a variety of attackers under MacOS Sequoia 15.6 using 13 products. The solutions for consumer users and corporate users need to detect more than 1,000 specialized samples of MacOS malware and identify 80,000 applications as harmless, without overly taxing the operating system. The table lists the test results in the categories of protection, performance and usability. The lab awards up to 6 points for each test category. Thus, the top score in the test is 18 points.
In the current evaluation, 11 packages for consumer users from the following vendors were put to the test: Avast, AVG, Avira, Bitdefender, ClamXAV, ESET, F-Secure, Kaspersky, MacPaw, Norton and TotalAV. The solutions from Crowdstrike and Sophos were used to test the solutions for corporate users.
Attack with specialized MacOS malware
The category of protection examined how well the products could detect and defend against nearly 1,200 samples of special MacOS malware. Avast, AVG, Bitdefender, ClamXAV, F-Secure, Kaspersky and Norton – 7 of the protection packages for consumer users – performed very well in this category. All of these solutions detected 100 percent of the malware attacks, scoring the full 6 points here. Although ESET made a minor mistake, achieving a detection rate of 99.9 percent, it still earned full points.
In the test lab, 11 packages for consumer users and 2 solutions for corporate users demonstrated how well they protect MacOS Sequoia 15.6 against malware
Many of the protection products in the test for MacOS perform flawlessly when it comes to their detection rates of malware attacks
The situation looked different with MacPaw, Avira and TotalAV. Their detection rates ranged from 99.2 to 98.5 percent, which naturally led to point deductions. MacPaw earned 5.5 points, and Avira and TotalAV only scored 4.5 points.
When it comes to the solutions for corporate users, the two security products demonstrated a solid performance in the testing. The product from Crowdstrike fended off 100 percent of the attackers, while Sophos made a minor mistake and achieved a detection rate of 99.9 percent. However both solutions were able to receive the full 6 points.
Keep those Macs running strong
The security solutions need to constantly work in the background, monitoring all processes and scanning files where necessary. This feat places a certain load on the operating system, but it should be kept to a minimum. For this reason, the lab experts examined each product in the test area of performance to determine the extent to which the system resources were taxed. In order to quantify this, the test experts performed a number of routine tasks on a system without any protection software: They copied data locally and to the network, accessed hundreds of websites, downloaded files, and installed and ran popular applications. The times required for all tasks were then used as reference values when the same routine tasks was repeated on a system with the protection software installed.
The test ran smoothly for 9 of the 11 protection packages for consumer users, and they were rewarded with the full 6 points in this category. However, F-Secure and MacPaw stood out because they caused the system to slow down. Both solutions placed a measurable load on the system when installing software and launching applications. For this reason, the lab only awarded them with 4.5 out of 6 points.
The results for the corporate solutions looked much better. Crowdstrike did its job properly and earned 6 points. Sophos slowed down the system when installing new software, which led to a slight deduction: 5.5 points.
Distinguishing friend from foe
It can happen that a protection program makes a mistake or two when detecting files or applications infected by malware; however, this should not be the case. After all, these false alarms, also referred to in the industry as false positives, are annoying and they can cause users to become wary. For this reason, the lab performed a second check of the detection capabilities of the protection packages, but this time using 80,000 clean files. In addition, the lab experts installed nearly 200 harmless applications. The protection tools should not be raising the alarm for these.
The products for consumer users and solutions for corporate users delivered perfect results in this part of testing. The products did not trigger any false alarms, enabling each of them to achieve the maximum 6 points in the test.
The MacOS security package from Kaspersky performed flawlessly throughout the test, earning the maximum score of 18 points
The ESET package for MacOS systems sailed through all test categories and harvested all 6 points in each one – a tremendous feat
The security package from Bitdefender proved its ability to perform well and earned the full 18 points possible
The protection package from Avast detected all sorts of malware in the test, achieving the highest score of 18 points
The MacOS security solution for corporate users attained only perfect results in the test, achieving the highest score of 18 points
The Sophos Endpoint security solution for corporate users struggled slightly in the test when it came to performance, meaning it earned 17.5 out of 18 points
Extra test with Windows malware and PUAs
In a further test section, the testers seek to determine whether MacOS security software also detects Windows malware and potentially unwanted applications – or PUAs for short. However, the lab does not rate the results of this evaluation. The testers want to determine whether the security packages are capable of detecting Windows malware on a heterogeneous network where Windows computers are also connected. This malware cannot infect a system running a MacOS, but it could infect the Windows computers over and over again with the malware. PUAs are also just as annoying. Do the security packages detect these dangers and bothersome tools?
The security packages for Mac systems from Avast, AVG, Bitdefender, F-Secure, Kaspersky and Norton performed nicely. They each detected and blocked more than 99 percent of the Windows malware and PUAs. ESET and Total AV performed equally well for malware, although their performance faltered somewhat when it came to PUAs. Whereas ClamXAV noticed many of the Windows malware, for MacPaw this task was not within its sphere of responsibility.
When it comes to the solutions for corporate users, Sophos detected more than 99 percent of the instances of Windows malware as well as the majority of the PUAs. The solution from Crowdstrike focused on malware for Mac systems exclusively.
The best security products for the third quarter of 2025 in the MacOS test
The AV-TEST lab evaluates a wide range of MacOS protection solutions each quarter. In this quarter, the test based its evaluation on Apple’s improved version of MacOS Sequoia 15.6.
The results of the 11 packages in the evaluation for consumer users of MacOS showed a strong performance. After all, 7 protection packages completed the test with the maximum point score of 18. The 4 additional watchdogs attained a score of 16 to 16.5 points. The results are nothing to scoff at, but they also serve as a guide for vendors indicating where they have room for improvement.
The corporate solutions Crowdstrike Falcon Sensor and Sophos Endpoint both delivered excellent results. Crowdstrike scored a full 18 points in the test. Following close behind it was Sophos with 17.5 points, whereby the half a point was lost due to a minimally excessive system load. Otherwise, the level of protection is excellent.
