Bitdefender Antivirus for Mac review
If you look at the lab ratings for Bitdefender Antivirus for Mac, you could easily assume that the software package nails its focus on malware protection. It received the highest possible detection scores from AV-TEST and AV Comparatives: 100 percent from AV-TEST for detection of macos potentially unwanted applications (PUA), and above 99 percent for identifying Windows malware.
But those scores don’t tell the whole story. When I tested version 6.1 of this software ( go.macworld.com/bd61), Bitdefender fared poorly against downloaded and decompressed macos malware. However, after that review, Bitdefender released version 6.2, which
adds 200MB of free VPN service as part of the subscription price. An update fixes one of the bugs we found, the company says, and I confirmed that. Accordingly, we’ve opted to review this updated version due to timing and the fix for a bug we found significant.
Bitdefender also provided more detail and a testing script for two file-protection features which are poorly explained within the app, and which were disabled by default at installation. While the app’s main screen warns about some security features being turned off, it still doesn’t for these.
In our previous review of version 6.1, Bitdefender’s anti-malware monitoring didn’t stop me when I decompressed macos malware from the Objective See archive, nor when I tried to launch it. A manual “Custom Scan” operation had to be performed to recognize the malware.
With version 6.2, however, as soon as I expanded the encrypted archive, Bitdefender instantly recognized the malware, moved it into quarantine, and displayed a notification about what had happened. Disabling its protection, expanding the archive, and then re-enabling it also resulted in an immediate quarantine of malware files.
This behavior is what I’d expect and marks a substantial improvement.
In both versions 6.1 and 6.2, the default setup doesn’t activate the Safe Files feature, which provides passive ransomware protection. You must dig into the software’s preferences and turn it on manually. The company says an installation wizard should offer both Safe Files and the Time Machine protection option (which we’ll discuss next) as optional features a
user can enable.
When Safe Files is turned on, it prevents apps from creating, modifying, or deleting anything within protected folders; the starting set encompasses Desktop, Documents, Downloads, and Pictures. You can add others, but ransomware typically targets only files created by users, as those require fewer permissions to modify.
Apple’s apps are all exempted from Safe Files automatic blocking, and there’s no way (or, really, reason) to block them. I tested an Apple-signed third-party app, Bare Bones’s Bbedit, and it was automatically approved and shown in the Safe Files apps list. That approval behavior also can’t be modified, but you can set Bitdefender to block third-party signed apps after their first attempt to access a protected folder. You can also manually add and remove apps from the list and set them to approved or blocked. All unsigned third-party apps are blocked by default.
To test this feature, I ran a piece of known ransomware from the Objective
See archive with Bitdefender’s real-time scanning feature disabled (as that would prevent its expansion and launch) but Safe Files turned on. Safe Files correctly blocked the app. However, I also tested a simple Terminal-based “bash” shell script, which uses a command-line ZIP compression tool, and the script and the ZIP compression and encryption weren’t stopped: macos’s Unix tools are signed by Apple. Because the script wasn’t known malware, it also wasn’t blocked by the anti-virus database in Bitdefender.
This kind of passive ransomware protection differs from that provided by our top paid pick, Sophos Home Premium, ( go.macworld.com/shpm) which actively looks for patterns of encryption that ransomware apps follow. Still, even passive protection is better than none, since most ransomware threats involve downloaded apps, not freestanding scripts. The company could improve this passive feature by blacklisting all Applesigned Unix apps from acting on the Safe Files folders, too.
Bitdefender separately hides a powerful feature for preventing files from
being modified in Time Machine backups. (You can turn it on by clicking a checkbox in the program’s Protection preferences.) If and when effective ransomware spreads among macos users, Time Machine backups will be prime targets: the malware would want to encrypt not just active files in a user’s home directory, but also any backups of those files that are on connected volumes.
With this protection option turned on, Time Machine backups can only be modified by Apple’s backup software. No other apps can modify the volume. In testing, this proved out. Trying to remove and modify files from the Finder, Terminal, and other apps was consistently blocked by Bitdefender, while Time Machine operations worked as expected.
A FEW DOWNSIDES
The app’s main interface is minimal with a refreshingly crisp appearance, but that’s because Bitdefender stashed almost every function and view in the preferences dialog. That makes sense for tweaky settings about scanning, technical logs, and interface controls—but preferences also includes the quarantine area, which isn’t a preference and should be easier for a user to access, as well as the Safe Files interface, which may need to be consulted frequently when using new apps in a protected folder.
Also, files held in quarantine show just a malware ID, file path, and buttons for Restore and Delete. You get nothing to click for more information, no repair option, and no other detail. It doesn’t note, for instance, that selecting a quarantined file and clicking Restore returns a defanged piece of malware to a location you select—the nasty guts are removed, which would be helpful information for a user clicking on it.
Bitdefender doesn’t install its native web browser plug-ins automatically. Instead, you have to click a link in the app,
then click on another link on a web page, and install it. (The company says it’s working to streamline this in future versions.) The plug-ins adds friendly green checkmarks to links that aren’t in databases of malicious pages, and affirm the links are safe when you hover over the marks. Trying to visit pages laden with malware (in our test, via the WICAR archive) blocked the page loading with a message and displayed a notification. All of this functions just as it did in version 6.1.
Bitdefender does offers cloud support for certain remote-access operations but it’s a relatively small set compared to what you can do in the app. You can see the status of protected computers and their most recent scans, but you can’t perform remote configuration changes. You can trigger an abbreviated scan or a full scan, though.
I also tested the included parental controls in passing. The web filtering worked so well that it couldn’t be turned off. After using the cloud-based interface to configure a profile and enable it on the test Mac, I then disabled it—but despite reboots and other attempts, and contacting the company’s representative, it didn’t actually disengage. Before attempting an uninstall and reinstall, I tried re-enabling parental controls again on the Mac with a new child’s profile and then disabling it again. That process did the trick.
An included VPN service installed easily and protected a connection with a single click, but only includes 200MB of VPN usage per day. With such a low cap, the feature doesn’t do much to bolster Bitdefender’s appeal against cheaper (and higher rated) competitors—you’ll pay $60 a year for protection on up to 3 Macs, whereas our top pick is $50 per year for up to 10 computers (Mac or PC). You can opt to upgrade to a paid annual subscription with unlimited bandwidth usage, but that is an additional cost.
THE BOTTOM LINE
Bitdefender’s sterling marks from security labs for malware detection is now matched by its performance—this new release properly detects and quarantines downloaded macos malware instantly. However, the software needs a better-organized app interface, as well as improvements in browserextension installation and its parental-controls feature. Bitdefender also remains expensive compared to our top pick and other competitors with a similar set of features. ■
The Safe Files feature passively protects selected folders against unsigned and blocked apps modifying anything within them.
When an unsigned app first tries to modify files in a folder protected by Safe Files, Bitdefender warns and offers options.
The Bitdefender browser extensions mark links as safe or otherwise.