In the distant past, as a Mac user, I’ve been somewhat ambivalent to using anti-virus/anti-malware due to MacOS’ methods of supposedly going above and beyond to stop the user from running potentially harmful programs by accident. But as time has gone on, these methods haven’t been terribly effective and, as we have also seen, due to bugs within MacOS, it would be fairly trivial to do extensive damage to a Mac system. So it’s essential that all MacOS users have some form of anti-virus/anti-malware protection in place.
For the past few years, I’ve been running a mix of ESET Cybersecurity Pro, Bitdefender, and most recently, Sophos Home Premium. I found ESET to be painfully slow when accessing files via WebDAV or network file stores, and BitDefender’s main window keeps popping up whenever the Mac is started – which is very annoying. That said, performance wise, Bitdefender has been excellent across the network and local filesystems.
I’ve put my dad on my personal Bitdefender license (he runs Windows) because I have an unlimited device license which expires in two years time. He can manage everything easily within the application, or if I am ever needed, I can log into a central cloud based interface and take a look from there.
At work, I was tasked at finding a replacement for ESET which at the time was managed through a server application that was hosted on the Active Domain controller. I find ESET’s user interface to be a bit of a pain in the arse. So I explored a number of options, one of them being Bitdefender’s enterprise product. But I settled for Sophos Intercept-X Advanced with EDR because of its ability to drill down processes on endpoints to determine how malware gets into the network. We can enforce a number of policies relating to threat assessment, web browsing, device encryption, and along with how external devices are used. My only complaint with this system is that:
- Device encryption is limited to OS support – so this includes Windows 10 Pro or better for BitLocker, and MacOS for FileVault. On the other hand, Sophos Central makes the management of BitLocker massively easier – including managing recovery keys and letting users set their own BitLocker passwords.
- Firewall management is limited to Windows Group Policies. There is no support for the Mac. The system does not include any kind of third-party Sophos firewall which I feel would make it much easier to unify firewall policies across estates like ours which utilise Mac and Windows machines.
Sophos Central, the cloud based management system, makes managing all this very easy – and to keep an eye on who uses each machine and to identify any potential dodgy program or file. The endpoint client tends to keep itself maintained pretty well.
And all this has lead to Sophos Home Premium. Thanks to two beta programs I have been using a free license (which expires in February 2020) and it’s generally been pretty good. For the longest time that I can remember, Sophos never had a consumer product. Now we have something that shares a common core with its commercial brethren, including advanced ransomware protection.
There are a number of issues, however:
- The Mac version of Sophos Home Premium is lacking some features from the Windows version. It’s also behind a number of point version releases.
- The entire user interface is almost entirely controlled from a web front-end in which you’ll need internet access. You cannot add additional users to the account to allow them to manage their own machine (unlike Bitdefender).
- Web filtering does not let you see the sites that it’ll filter – only by category. Neither can you add sites to be blocked, only exceptions.
- Lack of options for Ransomware, along with other related functions – you can only provide exceptions to volumes and paths. Microphone and webcam blocking doesn’t allow for exceptions.
- New activity is difficult to clear away. It gets a bit overly zealous whenever anything happens – good or bad.
Sophos Home Premium is quite pricey given the lack of control and everything being handled through the cloud (unlike the commercial version we use which has a number of offline options). While I appreciate the average consumer isn’t going to need a tonne of bells and whistles to tinker about with, having an advanced mode (online or offline) would be highly beneficial if anything needed to be whitelisted.
I’m sticking with Sophos Home Premium on my own Mac for now, and come February next year I’ll decide whether to remain with it, or move back to Bitdefender which has been my go-to anti-virus/anti-malware for the past year.