Sophos began production of its first antivirus software in 1985, in the tiny UK town of Abingdon. Founders Jan Hruska and Peter Lammer created the software initially as a small-scale encryption and cybersecurity tool. It began to branch out into further private and business security functionalities in the late 1980s.
Today, Sophos has grown to include over 3,000 employees across the globe. But what does its longevity mean for consumers and how does this antivirus software compare with the competition?
In this Sophos antivirus review I wanted to find out:
- Is Sophos effective against malware?
- Does Sophos stack up against competitors based on independent lab testing results?
- How does this antivirus impact PC speed?
- Is it easy to install and use?
- Which version is best for the average user?
I’ll also examine pricing and review the additional features included with the software.
If you only have time for the short version, here’s what I found. Sophos is a well-priced service and performed very well in my own malware tests. Unfortunately, it falls short when compared to offerings from its top-rated peers. Sophos is rated relatively poorly by well-regarded independent AV comparison websites. Sophos also has some confusing elements, such as a very short full scan that provides little information to the user.
If you are interested in how I reached this conclusion, then read on to find out what I discovered in my review of the Sophos Home antivirus range.
See also: Best antivirus providers
- Remote security management
- Low-cost multi-device coverage
- The free version covers three devices
- No encrypted storage for consumer-grade software
- No webcam protection
- No quick scan and lack of information for consumers
- Low scores from independent AV test labs
Plans and pricing
Sophos Home (Free)
Sophos Home is the freeware software offered by Sophos. It has a decent selection of tools included in this free feature list, including the following:
- AI threat detection
- Real-time antivirus
- Parental filtering of websites
- Web protection
- Remote management
- Advanced real-time threat protection
There are other features from the Sophos Home Premium package that are also available as a free trial within the basic Sophos Home download.
A major positive for this free entry into the Sophos range is that it offers multi-device coverage. Most free software like this cover a single device only. They also normally only cover Windows OS. Sophos’ free program is available for three different devices, and also provides protection for Windows, MacOS, and some mobile operating systems.
Sophos Home Premium
Sophos Home Premium is the company’s paid consumer-level product. Alongside the benefits that come with the previous freeware entry, Home Premium also offers the following:
- Advanced real-time threat prevention
- Ransomware security
- Advanced web security (blocks phishing sites and compromised websites)
- Banking protection
- Identity protection
- Malware scan and clean (retroactively removing previous viruses, malware, and other infections)
- Live premium support
- Coverage of up to 10 devices
This is a fairly large selection of features for the price of $60 per year. This price is currently available with a 25 percent discount for the first year making it $45.
You can see even steeper discounts by purchasing a longer-term. For example, a two-year subscription is offered at a 35 percent discount, costing $78. A three-year subscription gets a 45 percent discount and costs $99.
These are undoubtedly good deals, but it is worth noting that these offers are subject to change, so always check the AV provider’s website directly to make the most of any potential discounts.
Effectiveness against malware
In this section, I will test the performance of Sophos’ Home Premium against malware. The first test is one constructed by the European Institute for Computer Antivirus Research (EICAR). I will also put Sophos up against live samples of malware, including adware and trojans. Finally, we will consider the perspective of two leading antivirus testing labs, AV-Comparatives and AV-Test.
EICAR sample tests
The point of the EICAR tests is to check how the antivirus suite performs at various stages of malware protection. I examined if it blocks suspicious files from downloading, detects or blocks the files in real-time on the computer, and can see that the files are suspicious before opening. I also wanted to observe if either the quick scan or the full scan detects any of the files.
The files are not inherently harmful but are supposed to simulate the conditions and form of malicious software exe. files. These files should be picked up upon by a decent antivirus. The table below shows Sophos’ performance against this first test.
|Test File||EICAR Sample 1||EICAR Sample 2||EICAR Sample 3||EICAR Sample 4|
As you can see, I observed promising results from Sophos here. Its real-time scanning feature caught all of the EICAR files as I attempted to download them from both HTTPS and HTTP connections.
Adware works by presenting pop-up advertisements, usually within a web browser. These ads generate passive income for the hacker, and some lead you to malicious websites.
A trojan horse has a similar principle but different execution. These viruses infect your machine by hiding as genuine software. Lying in wait on your machine, they are able to run all sorts of sinister processes. Ransomware that locks you out of your machine until you submit payment is a common example.
The table below shows how the Sophos Home program dealt with the live samples:
|Test File||Live Sample 1 (Adware)||Live Sample 2 (Trojan)||Live Sample 3 (Trojan)|
Another impressive performance by Sophos. The program detected and blocked all three files pre-download (on both HTTPS and HTTP) in real time, and then did the same thing on the full scan. This performance would imply a fast-acting and responsive program that can deal with a variety of different threats.
How effective are its scans?
The next test I ran on the software was to check how deep its scans delve into a machine. The table below shows how long Sophos’ full scan takes to resolve, and how many items it checks in that time.
|Test Type||Full Scan Time (minutes)||Full Scan # Items Scanned|
Sophos’ results look rather strange on this table. As you can see, the full scan only took 15 minutes to resolve. There was no information provided with regards to the number of items this scan manages to check. As you can see in the next table, most of Sophos’ other antivirus rivals do include this number, and all of them have significantly longer scan times than Sophos does.
|Test Type||Control CPU Utilization % (no scan)||Control Memory Utilization % (no scan)||Full Scan CPU Utilization %||Full Scan Memory Utilization %|
It’s concerning that Sophos offers no information about the number of items scanned and that it resolves so fast (perhaps indicating a less than thorough scan).
It is worth noting that Sophos still informs you of malicious items that have been located when it resolves its scans.
Here, we’ll look at how Sophos performs in tests run by a leading antivirus comparison website, AV-Comparatives.
As a comparison tool, AV-Comparatives focuses more on specific performance against malware rather than the suite’s overall performance as a PC tool. Scores are presented in a rating system with a maximum of three stars awarded to the top performing antivirus programs.
AV-Comparatives uses two different tests to examine the products within its scope.
The first is the Real-World Protection Test, which checks the products against 380 live virus samples from real malicious links found online over the course of a year. This test simulates the types of malware a consumer might come across.
The latest results available for Sophos for the Real-World Protection test come from July 2016, so that time gap is worth considering. In the July 2016 Real-World Protection Test, Sophos did not score well. Out of a possible 100, the Real World Protection rate for Sophos was 96.2. This is far below most of its competitors, and lands it within the bottom cluster of all products tested. It also generated a large number of false positives, which is undesirable in AV software.
The Malware Protection test is designed to check how the software copes at different stages of malware coming in contact with your system. Like our live sample test above, it checks if a malware file will be downloaded, found on a system, and blocked. There is not a recent enough result for Sophos for this test, but a similar Malware Removal test was run back in 2015. In that test, Sophos scored 82 of a possible 100 points – again trailing behind the pack of antivirus providers tested.
While Sophos did perform admirably in our own tests, these scores in the AV-Comparatives tests are slightly worrying, as they show a lack of consistent performance over a large number of test cases.
The lack of recent data is also a concern, with the independent labs seemingly believing Sophos is not competitive enough to be included in its latest comparison tests.
Impact on PC performance
This section examines how much Sophos’ antivirus program might impact your computer’s system performance. First, I take a control measurement of the computer’s system performance by checking the CPU and memory utilization when no is scan running. Then I attempt to run both the quick and full scans, recording the impact on CPU and memory while the scans are running.
Despite nearly every other antivirus provider having the option of a quick scan, or a customizable scan that can simulate one, Sophos does not. This is somewhat of a problem as a quick scan is an incredibly useful tool for performing a speedy check for issues with your computer.
A quick scan works by targeting the areas of a system that are most commonly compromised (or that have been the subject of previous attacks) and scanning them for threats, rather than spending time checking an entire system. The lack of functionality here is also carried on in the full scan where Sophos fails to provide data on what has been scanned. We can at least measure what impact the full scan has on performance.
The table below shows the impact that Sophos’ 15-minute full scan had on the rest of the system’s processing capabilities.
|Test Type||Control CPU Utilization % (no scan)||Control Memory Utilization % (no scan)||Full Scan CPU Utilization %||Full Scan Memory Utilization %|
While an 18 percent CPU is not nothing, Sophos is not as impactful as some of its peers, as you can see in the following table.
|Software||% increase in CPU Utilization||% increase in Memory Utilization|
This is an interesting result relative to those of the other antivirus software on this list. This low-impact and relatively quick full scan stands out as odd among the more taxing and time-consuming scans that are present here. This would perhaps imply that Sophos’ “full” scan is not actually taking stock of the entire machine.
Again, it would be much easier to actually say what was happening here if Sophos was more transparent about what exactly its software does when running its full scan, and the lack of communication to the end-user is rather disappointing.
Here, we’ll examine some of the additional features offered by Sophos.
Artificial intelligence-led real-time threat prevention
A benefit of the Sophos Home AV solutions is that they offer some of the advanced features of the Sophos business plans. Some of these security features are trusted to protect leading businesses and are endorsed by various business security leaders on the Sophos website. Of note here is the AI-led real-time threat prevention offered by Sophos, which is available in both its free and premium services.
The same AI that prevents cybersecurity disasters for large businesses can also be used to protect your system, including the prevention of zero-day attacks.
A zero-day attack is a type of cybersecurity attack that has either not happened before or that no one was aware of. These can be particularly dangerous if your antivirus software has no ability to combat them, as there is no pre-established playbook for how to deal with them.
This is why advanced systems designed for zero-day attacks are essential. Sophos’ AI is designed to predict the types of attacks that might arise as zero-day threats, and will be able to retaliate quickly and effectively.
Sophos remote security management
This feature is an excellent one to have in a home cybersecurity system that governs multiple devices. With this system, you can use your Sophos account to remotely manage the security settings of each device that is covered by your subscription.
For example, if the multiple devices covered by your subscription are all within one family, your Sophos account can change device settings for your family members. This could be useful for parents seeking to limit certain internet access, or if you are providing protection for a less tech-savvy family member and they need help with setting up this kind of protection for their device.
Remote security management is available for up to 10 devices with your Sophos Home Premium subscription.
Sophos has some distinct, clear, and well-formatted elements on its user interface. The tabs are separated by boxes, with some useful pictures illustrating the functionality of each item. The use of light grays and whites as the predominant colour scheme does mean the buttons blend in with the background and are quite hard to see. Apart from that, any hyperlinks are provided in a bright, bold blue, and new activity and notifications are denoted by a striking orange accent.
Sophos’ customer support is comprehensive and very accessible, though users of the freeware are limited to support in the form of knowledgebase articles only.
While there is no phone support, premium users can find live chat support on the Sophos website. This provides dedicated support personnel, Monday to Friday, 8AM to 8PM Eastern US time. There’s also an FAQ page, and a comprehensive knowledge base offered by Sophos users.
This level of support places Sophos on parity with the other antivirus companies I have reviewed, though it would be nice if it offered phone support for premium users.
|Products||Windows 10||Windows 8||Windows 7||Windows Vista||Mac||Mobile||PC hard disk space required|
|Sophos Home||Yes||Yes||Yes||No||OS X 10.12 or later||Yes, Android and iOS||1GB Windows, 4GB Mac|
|Sophos Home Premium||Yes||Yes||Yes||No||OS X 10.12 or later||Yes, Android and iOS||1GB Windows, 4GB Mac|
In conclusion, Sophos has a lot to offer consumers other than its usual business clients. If you’re on a budget and looking to cover multiple devices, Sophos Home Free is a solid choice, allowing coverage for three devices at no cost.
It is also encouraging to see coverage for 10 devices included in the one-year subscription price of the Sophos Home Premium package. Plus the price for this plan is not particularly high when compared to its competition.
The advanced AI threat detection is nothing to sniff at either. Zero-day attacks are a very real, dangerous threat so if that level of computer safety is important to you, this software might be worthy of your consideration.
That said, there are a few important notes of concern with the Sophos range. A lack of a quick scan, while not completely unheard of, is certainly a mark against the product. On top of that, Sophos is not highly regarded for its virus detection and malware prevention abilities.
The lack of information provided to users on what its full scans do and why they only take 15 minutes to resolve leaves several questions unanswered.
In all, the Sophos Home range offers some useful device coverage and management tools, but it appears to lack efficacy when it comes to running proper scans and fighting malware.