Sophos free anti-malware... one user's review

Discussion in 'Community Discussion' started by sjinsjca, Nov 15, 2010.

  1. sjinsjca, Nov 15, 2010
    Last edited: Nov 17, 2010

    sjinsjca macrumors 68020


    Oct 30, 2008
    I installed Sophos' free anti-virus/anti-malware utility for individual use ( on my Mac last week after my fully-updated ClamXAV failed to find two Windows trojans on my son's memory stick. He apparently picked those up on a school computer.

    In contrast to Clam, Sophos found the trojans (which fortunately were of a breed which posed no threat to any Mac but were nasty for Windows). It allowed me to cleanse the stick of the trojans, too.

    Throughout, it has seemed to run with a small footprint on my early 2010 MacBook Pro (2.66GHz, 8GB RAM, OS X 10.6.5). I have detected no performance degradation from its presence.

    (I did whitelist my virtual machine directories right off the bat. Just seemed prudent since those files are so big, and any reduction in access speed would impact VM responsiveness.)


    With the exception of whitelisting my VM directories, Sophos is running using its standard on-access scanning preferences. Last night I set up a blank Time Machine USB hard disk and started the process of backing up my internal and external FireWire hard disk. This process usually takes about eight hours for the amount of data on my disks.

    This morning, however, I found the process was only about one-quarter complete after running all night. Something had slowed the process down considerably. My suspicion is that it's Sophos, doing its on-access scanning... which by definition would mean scanning every file on both my disks as they were "accessed" for backup. It also found some malware attached to archived emails I'd received from my PC-using friends; it is possible the alert had stalled the Time Machine process.

    I'll try again tonight with the scanner temporarily disabled.

    For now, my verdict is:


    o Much more effective detection than ClamXAV

    o More useful than ClamXAV, as it scans on-access. Thus it should guard against trojans which might be lurking in files I download and install, should any present themselves. (I am careful, but stuff happens, and even trusted sources might someday be compromised.)

    o Lightweight performance. I've noticed no degradation, no CPU runup, no battery life hit, no impact on stability.

    o WAY less troublesome than Norton's antivirus for the Mac, which caused me some horrors a few years ago.

    o Hourly updates give confidence that the latest threats and heuristics are at work.

    o Doesn't natter and interrupt like too many Windows anti-malware utilities do. Even my preferred Windows antivirus, Avast, likes to pop up balloons to pat itself on the back for updating its virus database. I haven't noticed Sophos doing that.

    o Great price! :D


    o Possible impact on big Time Machine backup jobs, either from the on-access scanning or because alerts pause the process.

    o No apparent way of whitelisting files by wildcard (e.g., *.vm* to globally whitelist all the important VMWare Fusion files).

    o No way to test its notification-email capability to see if it's working.


    Recommended. I'll be uninstalling ClamXAV.

    One can argue whether "it's time" or not for Macs to run antivirus/anti-malware. Bad stuff that spreads from machine to machine just doesn't happen with Macs, and there are architectural reasons for that. But trojans can be a threat to any platform, and even careful people can green-light the installation of software that turns out to be compromised. As trojan threats increase, more folks will see their Macs infected even if they take ordinary care. A lightweight on-access scanner like Sophos' makes sense, then. If not today, then soon... and I'd argue for today. In addition, Macs are increasingly important in the enterprise, and corporate IT policies often (and wisely) require antivirus utilities to be running on all connected computers, no exceptions. While the free version of Sophos is marketed for individual use only, the availability of it and its (paid) enterprise-class companion is a signal that high-quality, non-intrusive protection is now available from a vendor known and respected by IT professionals.


    Time Machine proceeded just fine with the scanner turned off. So, either the scan-on-access process was bogging things down, or the old Windows bugs attached to two archived emails caused the backup to pause for acknowledgment of the warning pop-up. I've since deleted the two infected emails and will do another backup to a fresh disk when I have some time in the coming days.

    No other complaints. I do not notice Sophos at all... which is exactly how it should be.
  2. slipper macrumors 68000


    Nov 19, 2003
    I have also been using the free Sophos. I don't notice it at all and it hasn't detected anything during the couple weeks since i downloaded it. It runs completely unnoticeable in the background. I have yet to do a Time Machine backup, it's been a few weeks since my last backup... i know, i know. I'll do it soon and report any slow downs.
  3. SOLLERBOY macrumors 6502a

    Aug 8, 2008
    I started university in September and use my imac for most of my work. I get send files from both macs and pcs that I have to open on my imac and I don't like to open them as I don't trust the people who sent them. I suppose this could be useful.

Share This Page