Sophos is a big name in corporate security, enabling one IT security expert to remotely manage local Sophos installations across a company’s fleet of computers without employee aid or interference. Sophos Home Premium delivers the same level of remote management for consumer security. With Sophos, you remotely view status and take action on up to 10 Windows or macOS antivirus installations for yourself or your family and friends, and its pricing is impressively low. The Mac edition lacks many high-end features available in Windows, however, and doesn’t have any recent test lab scores. If you can afford to spend a little more, consider Bitdefender Antivirus Plus or Norton AntiVirus Plus. These two are our Editors’ Choice picks for Mac antivirus, with top lab scores and a wider feature set than Sophos.

How Much Does Sophos Home Premium Cost?

Prices for macOS antiviruses vary wildly. With Norton, you pay $59.99 per year to protect a single device. That same price gets you a three-license subscription for Bitdefender, Malwarebytes Premium, or Total Defense Essential Anti-Virus.

ESET Cyber Security is a bit more generous. With ESET, that same $59.99 per year covers five Macs. But Sophos outdoes all those mentioned here, offering to protect 10 devices, PC or Mac, for the very same $59.99.

Apple makes macOS updates smooth and simple, so most Mac users migrate to the latest version as soon as it's available or when they’re confident in the new release. For those lagging just a little, Sophos supports macOS versions from Monterey to the latest, as does F-Secure Internet Security.

If you're stuck using an old Mac that can't handle the latest updates, you still have options. Intego Mac Internet Security is compatible with versions back to Mavericks (10.9). Bitdefender, ClamXAV, and K7 go back almost as far, supporting anything from Yosemite (10.10) to the present.

Managing Sophos Home Premium Using Its Online Dashboard

With Sophos Home, you supervise configuration settings and view activity logs in an online dashboard. From the dashboard, you can see all your protected devices (up to 10) and easily extend protection to a new Mac or PC. If you find yourself handling security for your whole extended family, this can be a blessing. Now, you can remotely take care of their security problems without ever leaving your desk—or your beach chair.

(Credit: Sophos/PCMag)

The Dashboard displays your protected devices and offers two ways to extend your protection. You can share a link via email or install Sophos on the current device. Easy enough. And if you send that email link to kinfolk or compadres, the new installation is automatically linked to your management account.

When you select a device, you get a page with four tabs: Status, History, Protection, and Web Filtering. The Status page features four large panels representing protective components: Antivirus Protection, Web Protection, Ransomware Protection, and Malicious Traffic Detection. If all the panels are green, you’re good to go. Clicking any panel opens the appropriate page in the Protection tab.

The History page displays a list of everything Sophos has done to protect you, with an option to filter by event type. Finally, Web Filtering lets you configure the parental control system, which I’ll discuss later.

(Credit: Sophos/PCMag)

That leaves the Protection tab, the place where everything happens. This tab has three sub-tabs: General, Ransomware, and Web. You can also reach the General tab by clicking Antivirus Protection on the Status tab. Most users shouldn’t touch the controls on this page, as doing so would turn off various protective features. The one exception is the scheduler—if you like, you can set Sophos to run a full antivirus scan on selected days of the week. The Web tab (also reached by clicking Web Protection on the Status tab) similarly contains settings that you shouldn’t turn off.

I’ll discuss Ransomware Protection below. Windows users see another page called Exploits, but all features on that page are Windows-only. A few other scattered features, such as AMSI Protection, are specific to the Windows edition.

One interesting feature missing on the Mac is Download Reputation. On Windows devices, this feature works to double-check files that the regular real-time protection system doesn't identify as malware. It looks up each download in an online reputation database that considers the source website, content, and feedback from other protected computers. If the reputation is bad, Sophos offers to kill the download. That feature doesn't appear in the macOS edition. Likewise, Safe Online Banking is strictly for Windows users.

(Credit: Sophos/PCMag)

Since all configuration happens in this online dashboard, your friends and family members can’t mess up their antivirus installation. They can’t turn off the antivirus just because they suspect it slows down game performance or makes their videos laggy. They simply don’t have access to the controls. You can even launch a scan of the remote computer if necessary. It’s quite a different setup from most antivirus utilities.

A Lightweight Local Client

I installed Sophos in a flash on the MacBook Air I use for testing. The antivirus was ready to use, including all the latest signature updates, within a minute or so.

(Credit: Sophos/PCMag)

With Sophos Home Premium on Windows, you see the local antivirus agent as a separate program, but all logging and configuration happen online. The Mac takes miniaturization to a whole new level. It has no main window; instead, it opens a tiny pop-up when you click its icon in the menu bar at the top. The pop-up reports the security status, lists recent activity, and displays progress while you're running a scan. From its menu, you can choose to manage your devices, view all activity, or configure preferences; selecting any of these three sends you to the online dashboard.

No Test Results From Independent Labs

When you're looking for a new laptop or smartphone, you probably look to PCMag's reviews to find out which one scores best in your desired feature areas. I do something similar when reviewing antivirus utilities, checking the results from independent antivirus testing labs around the world. I follow five labs that regularly publish test results for Windows antivirus utilities, and two of those also cover Mac antivirus utilities.

I first evaluated this product almost 10 years ago. At that time, Sophos held macOS certification from AV-Comparatives. In fact, all the antivirus apps in my initial round of Mac antivirus reviews earned at least one lab certification.

Unfortunately, Sophos doesn't appear in current reports from either AV-Comparatives or AV-Test Institute. As you can see from the chart, that's now true for two-thirds of the Mac-centric antiviruses I cover. It's not necessarily a reflection on the apps that don't appear. The test labs regularly shuffle the sample sets for their reports, and companies can choose whether to participate.

The absence of independent certification makes it harder for me to determine whether a Mac antivirus utility is effective. For Windows evaluations, I have my own tests, malware samples, and hand-coded analysis utilities, so the lack of lab results isn’t quite as much of a blow.

Avast One Gold, AVG, and Norton earned certification with perfect scores from both labs. Bitdefender Antivirus and Avira Free Antivirus came close, each with one perfect score and one nearly perfect score.

Recommended by Our Editors

Bitdefender Antivirus Plus for Mac - Review

Kaspersky Internet Security for Mac - Review

Norton 360 Deluxe for Mac - Review

Scanning and Scheduling

I always advise running a full scan after installing any antivirus utility to ensure the system is free of preexisting malware. After that initial full scan, you can probably rely on real-time protection to handle any new attacks. If you're at all worried, Sophos lets you schedule a regular scan for any day of the week.

(Credit: Sophos/PCMag)

You can click for a scan at any time. A quick scan is the default, though you can request a full scan. Even the full scan took just 15 minutes, well below the current Mac antivirus average of 45 minutes. The quick scan was very quick, done in 15 seconds.

Malware written to attack Windows machines can't affect Macs, and vice versa. Even so, most Mac antivirus tools do their best to wipe out any Windows malware they find. That eliminates the faint possibility that your Mac might act as a carrier, passing malware along to Windows boxes on your network. Sophos is among those that kill off any Windows malware they recognize.

To test this feature, I copied my Windows malware samples to a thumb drive and mounted it on the Mac. Nothing happened at first, but then Sophos silently sniped away a couple of samples. Just to make sure it got a thorough look, I Ctrl+Clicked the folder and chose Scan with Sophos Home from the menu.

Sophos found only a few files that it recognized as undeniably dangerous. It identified most as lower-risk PUAs (Potentially Unwanted Applications). For those, it blocked execution and listed the found threat. I clicked every single found PUA and clicked Clean to remove them.

(Credit: Sophos/PCMag)

Once I worked through the numerous PUAs, I found that Sophos had eliminated 91% of Windows malware samples, beating almost four out of five competitors. Webroot Essentials and Avast top the list of Windows malware killers, with 99% and 97% respectively.

Phishing Protection

It's possible to craft a website that infects every visitor with malware, but it’s not easy and requires OS-specific coding skills. Writing the malware itself is even harder. It's a lot easier to build a phishing website and just wait for naïve netizens to hand you their security credentials. When (not if) the authorities take down the fraudulent site, the fraudsters just pack up their loot and create another.

A phishing site duplicates the appearance of a secure site, such as a bank, a financial site, or even an online dating site. It might look totally legit, and unless you notice the wrong URL in the address bar or some other sign, recognizing a phishing scam can be tough. Note, too, that phishing is completely platform-agnostic. If you browse to such a site and enter your username and password, it doesn’t matter what device you're using. Once the scammers get your credentials, they own your account.

(Credit: Sophos/PCMag)

Unlike most Mac antivirus solutions, Sophos doesn't rely on a browser add-on to filter out malicious and fraudulent URLs. It does its protective work below the browser level.

There's one awkward side effect of this browser-independent technology. If the fraudulent site uses HTTPS (as the most convincing phishing frauds do), Sophos can't replace the page with a warning. The Windows edition handles HTTPS fraud just like any other, but on the Mac, you just see an error message. I had to check the activity log each time to distinguish web filtering activity from actual errors.

The last time I ran this test on Sophos for Mac, it only detected 86% of the verified frauds. That’s not great, but it’s better than the previous score of 77%. This time around, the Mac edition seems to be in sync with its Windows counterpart. Both scored 100%, and you can’t do better than that. Also at the 100% mark are AVG, Avira, Bitdefender, ESET, McAfee, Norton, and Webroot.

Parental Content Filtering

As with the Windows edition, Sophos offers a simple parental control web content filter managed from the online console. Filter settings affect the whole device, with no option to use different configurations for different user accounts. And you configure each device separately. For each of the 28 content categories, you can choose to block or allow all access.

(Credit: Sophos/PCMag)

As with the phishing frauds, Sophos only displayed a clear warning for non-secure HTTP sites. Inappropriate sites, along with the rest of the internet, are moving to secure HTTPS connections. Trying to connect with those just got browser errors in testing, though the blocking event did show up in the dashboard’s History page.

If you use this system at all, you must ensure you block the Proxies & Translators category. Otherwise, a tech-savvy youngster could connect through a secure anonymizing proxy and completely evade all parental control and monitoring. The limited parental control system offered by Trend Micro Antivirus is also foiled by anonymizing proxies.

(Credit: Sophos/PCMag)

In Windows, content filtering only works in supported browsers. I demonstrated that by finding a few uncommon browsers that connected without a filter. Checking on the Mac with the same browsers (and a few others), I found the content filter worked with all of them.

These days, we at PCMag don’t recommend third-party parental control systems. Instead, we suggest you look to the parental features built into your operating system. Certainly, you shouldn’t rely on the web filtering built into this antivirus.

Behavior-Based Ransomware Protection

Ransomware is like other malware in that your antivirus software should detect and eliminate it on sight. With most types of malware, even if the antivirus flubs its job, it's likely to fix the problem after an update. But with ransomware, the damage is done. Your files are encrypted, and you may never get them back. That's the rationale behind Sophos adding an extra layer of behavior-based ransomware protection.

(Credit: Sophos/PCMag)

Tested with a dozen real-world Windows ransomware samples, Sophos proved very successful. Note that this test required disabling regular antivirus protection. With Sophos firing on all cylinders, it wiped out every single ransomware sample before it could even launch.

On the Mac, Sophos uses the same CryptoGuard technology to identify file-encrypting ransomware based on behavior, but it doesn't offer the Master Boot Record protection needed to foil ransomware that encrypts the entire disk. I’m not equipped to test real-world ransomware on macOS, so all I can say is that Sophos performed well on Windows.

Avast, Bitdefender, and Trend Micro also protect your Mac data against ransomware attacks, but each takes a different approach. Rather than looking for ransomware behavior, they ban all unauthorized programs from modifying files in protected folders. This technique only works on the folders and file types that you've flagged for protection. In testing this type of protection on Windows, I’ve seen ransomware encrypt as many as 10,000 files outside protected areas.