Sophos

Talk to our experts

Find your local press contact

Resources

Sophos blogs

Info feeds

What are info feeds?

29 November 2007

McAfee, Sophos, Symantec: Who is the best at stopping zero-day attacks? Independent comparative review by Cascadia Labs confirms quality of Sophos's solution for enterprises

Read more and download the Cascadia Labs review of Symantec, McAfee and Sophos
Read more and download the Cascadia Labs review of Symantec, McAfee and Sophos

IT security and control firm Sophos has been found in an independent test to be superior to Symantec and McAfee at protecting proactively against zero-day malware attacks, vulnerabilities and exploits.

In an independent review conducted by Cascadia Labs, Sophos clearly outperformed Symantec and McAfee in detection of new, unknown viruses, spyware and Trojan horses. Sophos successfully intercepted 86% of the malware tested against prior to execution, compared to 43% for McAfee and 51% for Symantec. In addition, Sophos's run-time HIPS protection detected further malware samples at execution raising proactive detection of zero-day threats to an "impressive" 97% in Cascadia Labs' anti-virus tests.

Sophos is better than Symantec and McAfee at stopping new zero day attacks

The Cascadia Labs test identified Sophos's pre-execution detection including Behavioral Genotype® Protection - which guards against viruses, spyware, adware and malicious code before they execute - as delivering better protection from new and unknown malware than McAfee or Symantec's products.

Sophos better than Symantec and McAfee at detecting zero-day attacks

According to Cascadia Labs, McAfee's overall effectiveness was disappointing and Symantec's protection against zero-day attacks was found to often come too late in the infection cycle.

"While Sophos's HIPS protection significantly increased detection rates, we were unable to identify any significant impact of Symantec's behavioral or HIPS-based protection component," said the Cascadia Labs report. "[Symantec] doesn't match Sophos in terms of day-zero effectiveness, usability, or scanning performance... [Sophos is] a natural choice for enterprises looking for a well integrated endpoint security suite that is effective against day-zero threats."

Symantec 11 upgrade "painful and time-consuming"

The independent study also reported that Symantec users may face difficulties upgrading to Symantec Endpoint Protection 11.0, confirming Sophos's view that it is easy to switch from Symantec to Sophos.

"Users of previous Symantec products will face a painful and time consuming migration process moving to Symantec Endpoint Protection 11.0," said the Cascadia Labs report. "Given the workload involved in migrating to SEP 11, because of the extensive architecture changes, administrators will have difficulty choosing whether to migrate or perform a fresh install"

Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

See also: