McAfee, Sophos, Symantec: Who is the best at stopping zero-day attacks?

Sophos Press Release

Independent comparative review by Cascadia Labs confirms quality of Sophos's solution for enterprises

IT security and control firm Sophos has been found in an independent test to be superior to Symantec and McAfee at protecting proactively against zero-day malware attacks, vulnerabilities and exploits.

In an independent review conducted by Cascadia Labs, Sophos clearly outperformed Symantec and McAfee in detection of new, unknown viruses, spyware and Trojan horses. Sophos successfully intercepted 86% of the malware tested against prior to execution, compared to 43% for McAfee and 51% for Symantec. In addition, Sophos's run-time HIPS protection detected further malware samples at execution raising proactive detection of zero-day threats to an "impressive" 97% in Cascadia Labs' anti-virus tests.

Sophos's pre-execution detection including Behavioral Genotype® Protection - which guards against viruses, spyware, adware and malicious code before they execute - as delivering better protection from new and unknown malware than McAfee or Symantec's products.

Sophos better than Symantec and McAfee at detecting zero-day attacks

According to Cascadia Labs, McAfee's overall effectiveness was disappointing and Symantec's protection against zero-day attacks was found to often come too late in the infection cycle.

"While Sophos's HIPS protection significantly increased detection rates, we were unable to identify any significant impact of Symantec's behavioral or HIPS-based protection component," said the Cascadia Labs report. "[Symantec] doesn't match Sophos in terms of day-zero effectiveness, usability, or scanning performance... [Sophos is] a natural choice for enterprises looking for a well integrated endpoint security suite that is effective against day-zero threats."

Symantec 11 upgrade "painful and time-consuming"

The independent study also reported that Symantec users may face difficulties upgrading to Symantec Endpoint Protection 11.0, confirming Sophos's view that it is easy to switch from Symantec to Sophos.

"Users of previous Symantec products will face a painful and time consuming migration process moving to Symantec Endpoint Protection 11.0," said the Cascadia Labs report. "Given the workload involved in migrating to SEP 11, because of the extensive architecture changes, administrators will have difficulty choosing whether to migrate or perform a fresh install"

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at