ESET Cyber Security for Mac full review
ESET is one of the oldest antivirus companies around, with the Slovakian company’s first antivirus software hitting the market in the late 1980s. In fact, for several years in the early part of this century ESET was one of Slovakia’s biggest companies (thanks Wikipedia!). Here, we take a look at its latest antivirus offering in our ESET Cyber Security review.
ESET's Mac product comes in three varieties, with the antivirus app at the core of each. Cyber Security is the base package that’s available for an honest £29.99/USD$39.99 yearly subscription. You can sign up for it on the ESET website here. (You might also like to read our round-up of the best antivirus for Mac 2018).
During installation you’re asked if you want to use ESET LiveGrid, which means "faster scanning using the latest intelligence collected from millions of ESET customers from all over the world". We can see how this could be useful for identifying the latest threats but it’s not clear how it can make scans faster.
Following this choice, you have to select whether you want the app to catch "potentially unwanted applications" that "might not pose any security risk". The choice is to enable detection of these, or disable it. We’re guessing this means ESET guards against dubious apps that perform a hard sell on certain shady websites, and that appear to exist mainly to part people of money.
Once installed and running for the first time the app told us how to authorise its kernel security module, which was a nice touch (although we’d actually already done it). After a quick reboot we commenced our first scan, choosing the In-Depth Scan option.
The scan took an impressively brief 13 minutes to complete but the results were odd. A dialog box appeared saying threats had been found and "could not be cleaned automatically". These were listed as BadBunny, Inqtana, Macarena, and MineSteal – so only four of the 10 in total.
The dropdown options alongside each offered the chance to delete each, and we selected to do so. Following the deletion a summary dialog box appeared saying six infected objects had been found, of which five had been cleaned. What these were or where they resided in the file system wasn’t shown, and there was no option to find out.
We therefore used the Tools section to open the scan log file. This claimed that 11 threats had been found, which is odd because we’d only put 10 on the disk (although the confusion might come from one of the viruses being identified twice, which can happen if the virus is inside an archive). Further examination of the log file showed that ESET had also found and deleted Clapzok, Filecoder, KoobFace, Reneop, and WeaponX. XcodeGhost had been missed.
Therefore, the end result is that ESET did in fact catch and remove nearly all of the viruses in its scan, with the exception of XcodeGhost. This is very good. What’s clearly less good is the confusing way the app reports the results of the scan.
When we recreated each individual malware by extracting them from their password-protected archives, ESET caught all except MineSteal and Inqtana. For some reason it didn’t even flash up a warning about these.
Similarly, mounting the XcodeGhost DMG didn’t cause any kind of warning to appear although choosing to specifically scan the archive contents in ESET resulted in positive identifications of the threats.
We were impressed by the fact ESET picked-up on the fact that macOS wasn’t entirely up-to-date (an iTunes update was available). We also liked the concept behind the email scanning functionality, which supposedly works by intercepting POP3 and IMAP communications in the background so that no configuration of email clients is unnecessary. This approach also means that ESET should work with all email clients. Alas, we’re not sure it actually works.
In our cursory test of emailing Clapzok to an email account setup within Mail on the virtual machine testbed, all that happened was that ESET flashed-up a message that the virus had been deleted. The file appeared to be still attached but attempting to drag it anywhere, such as to a Finder window, showed the no-entry icon.
However, whenever we clicked to view that email again, we again were shown a message saying the virus had been detected and then deleted. If we closed down the Mail app and opened it, we again saw the message. Opening the same email in Microsoft Outlook caused a similar problem. After some thought we realised this issue might be caused by the fact we were using an IMAP email account.
We suspect each time we viewed the email, the attachment was downloaded afresh from the server because, thanks to ESET deleting it, the attachment appeared to be missing. So Mail attempted to fix the situation and re-download the attachment. But this caused ESET to delete it all over again too. Repeat ad infinitum.
But surely the boffins at ESET would know that this happens – and have implemented a better solution? This problem probably wouldn’t happen with POP3, where email is removed from the server upon download, but most of us use IMAP nowadays for email.
IMAP means the email stays on the server until deleted, so will be downloaded afresh if required. Rather worryingly, the ESET help file claims POP3 is "the most widespread protocol used to receive email". We’re just not sure this is true.
Web access protection and phishing protection work in a similar way to the email scanning by intercepting traffic in the background, making configuration simply not required and meaning ESET should provide protection for virtually any browser.
A scheduler is automatically setup in the app to scan quickly after you login, and after each update is applied to the app, including virus definitions. You can add your own scheduled scans too.