Deutsch
English
Français
Español
- Share:
16 security solutions for MacOS put to the test under Sequoia 15.3
Many of the cybercrime campaigns in 2024 and 2025 have shown that hackers are just as interested in Mac systems as they are in Windows computers. The AV-TEST laboratory has evaluated 16 protection products that offer both consumer and corporate users the best protection under MacOS Sequoia 15.3. These solutions needed to pass very extensive testing using hundreds of samples of malware that specifically target systems running MacOS. In addition to the important security check, the test lab also checked the extent to which the security solutions place a strain on a MacOS system and how often they trigger false alarms. The results of the tests show that there are many good protection products available for the Mac.
The team of experts in the AV-TEST lab examined a total of 16 MacOS protection products for consumer and corporate users from January to March 2025
MacOS systems have been largely unaffected by malware attacks for many years, but in the meantime, large-scale cyber attacks have been occurring several times a year. For example, there were some major attacks in 2024 such as SpectralBlur, a backdoor malware that appears to be linked to hacker groups from North Korea. And then there was the NotLockBit ransomware, a dangerous evolution of the LockBit ransomware that not only encrypts files but also exfiltrates data. This year is no different. Major attacks are already underway: for example, Cuckoo malware, which is a new variant of AMOS (or Atomic macOS Stealer) that masquerades as legitimate software.
The current test of protection software for MacOS systems examines 16 products for consumer users and corporate users, evaluating the level of protection they offer against specific malware designed to target the Mac. The solutions were tested in the AV-TEST labs on MacOS Sequoia version 15.3 from January to March 2025.
The current evaluation involved 11 products for consumer users from Avast, AVG, Avira, Bitdefender, Clario, ESET, F-Secure, Kaspersky, Norton, TotalAV and Trend Micro. Solutions for Mac enterprise endpoints involved a line-up of products from the following vendors: Crowdstrike, Qualys, Sophos, Trellix and Trend Micro.
The team put all products through tests in the categories of protection, performance and usability. The lab experts awarded a maximum of 6 points in each category, which means a total of 18 points.
Attacks from hundreds of Mac malware samples
The current AV-TEST test on the MacOS is a very extensive evaluation using a set of more than 800 samples of malware specifically targeting Mac computers. The AV-TEST team scoured the Internet and e-mail attachments in order to collect the malware samples. The malware samples used in the test are among the most dangerous in circulation in the world of Mac.
16 security solutions for consumer and corporate users were tested on MacOS Sequoia 15.3
The MacOS security packages demonstrated excellent performance when it comes to detecting malware, with only a few exceptions
When it comes to the level of protection offered by the products, the test experts came to the following conclusion: 7 of the 11 products in the testing for consumer users using MacOS fended off all malware attacks 100 percent of the time without exception, ensuring that the system stayed secure: Avast, AVG, Bitdefender, Clario, F-Secure, Kaspersky and Norton.
ESET made a minor mistake and achieved a detection rate of 99.9 percent, while Trend Micro only detected 99.6 percent of the attacks. All of these products received the full total of 6 points.
TotalAV achieved a malware detection score of 99.2 percent, which earned it only 5 out of 6 points for the category. Avira was docked a full 1.5 out of 6 points due to the software’s weak detection rate of 98.2 percent.
For the 5 MacOS products for endpoint solutions for companies, 3 of the solutions detected 100 percent of the attacks without exception: Crowdstrike, Qualys and Trellix. Trend Micro achieved a rate of 99.6 percent and managed to hold its position in the group with 6 points. However, Sophos only detected the attacks 99.5 percent of the time and lost half a point in the evaluation, scoring 5.5 points in the category of protection.
Performance on the job
The team of experts in the lab investigates, in the category of performance, how much the cyber protection solution affects system resources. To do so, the lab performs many tasks on a reference device before the protection software is installed, such as copying data on the local system and over the network, visiting websites, as well as downloading and installing applications. Then the testers repeat all of these steps on a system with an installed protection package, where they subsequently measure any time delays.
10 of the 11 packages for consumer users evaluated in the testing performed perfectly, earning the full 6 points in the process. F-Secure was the only exception as its security package slowed down the installation and launch of applications. As a consequence, 1.5 points were deducted from F-Secure and the solution only scored 4.5 points in this category.
The 5 solutions for corporate users offered an outstanding result in the testing, and none of the products exhibited excessive system load on the endpoint. As a result, all the security products for companies received the maximum 6 points here.
Clario delivered an impeccable result on MacOS in all test categories in the first test of the quarter in 2025, earning the maximum score of 18 points
The ESET protection package for consumer users scored the full 18 points under MacOS for its spotless performance in the test
Norton’s system watchdog for consumer users of MacOS performed excellently and scored a full 18 points in the test
The endpoint protection solution for companies defended the MacOS systems with an unblemished record, achieving the highest score of 18 points
The endpoint protection solution from Qualys achieved top scores in all test categories, earning a full 18 points
The Trend Micro endpoint security solution for corporate users stood out in the test, earning a top score of 18 points
A prime example: false alarms
There needs to be absolute certainty when a protection package raises the alarm after it detects an attack. But what happens if it is not an attack? Experts refer to this as a false positive. So their focus in this test category is the usability of the solution. The lab sends over 45,000 malware-free applications to the systems, installs dozens of applications, and runs them. Ideally, a protection product should detect these processes as harmless and not alert the user.
None of the tested products for consumer users and none for the endpoint products for companies detected a false positive, meaning that all evaluated solutions received the full 6 points as their final score.
Additional tests with Windows malware and PUAs
In a network environment, Macs often work hand-in-hand with Windows computers. Naturally, Windows malware cannot harm the Mac if it by chance ends up on a Mac. However, the Mac can repeatedly infect a Windows computer via the network connection. That is why it would be a good idea if the protection software under MacOS also detects these attacks. This also applies to potentially unwanted applications, so-called PUA, which are annoying and occasionally can even be slightly dangerous.
The test lab does not rate the software or tally points in this additional test. It is purely informative; nevertheless, the results here were interesting.
Almost all of the products for consumer users identified more than 99 percent of the 3,000 or so samples of Windows malware and over 400 PUAs. There was one product that only detected more than 95 percent of PUA and one that only detected more than 95 percent of malware samples.
The company solutions also showed their strong performance in detecting malware and PUAs, scoring a solid 99 percent or higher. Sophos performed at a somewhat lower level, and Crowdstrike had no interest in filtering out PUAs.
Final MacOS test results of the first quarter of 2025
The protection products in the test performed quite well, even under the new MacOS version, Sequoia 15.3. Among the solutions for consumer users, 8 out of 11 products earned 18 points, achieving the maximum score possible for the test. F-Secure only scored 16.5 points in total; however, it performed excellently in terms of protection.
The result was even better for company solutions when it comes to protection solutions. 4 of the 5 endpoint solutions evaluated under MacOS earned the highest score of 18. Only Sophos ceded half a point due to a minor mistake, earning it only 17.5 points.
