Sophos Home Free

Editors' Note: This product is no longer available. For our top recommendations for free antivirus protection, please see our roundup of the best free antivirusbest free antivirus utilities.

When a big company’s CISO deploys an antivirus system, they don't want every random employee to meddle with it. Business-level antivirus is all about central management, and Sophos is a big name in that realm. Consumers can get that same high-end antivirus protection in the form of Sophos Home Free. This no-cost product earned perfect scores in two of our hands-on tests. It’s an especially good choice if you manage antivirus protection for family members or friends. And, of course, it doesn't cost you a cent.

Online Management

With Sophos, you install a small local agent on each PC or Mac that needs protection and manage all the settings from an online console. That makes perfect sense, given that in a business setting the IT department manages security remotely. In a consumer setting, this lets you install protection for any friend or family member and take care of any problems without paying them a visit or trying to talk them through it over the phone. There is a limit of three installations per subscription, but of course you could set up another subscription on a different email address if necessary. With a Sophos Home Premium subscription, you can manage up to 10 installations.

The Dashboard displays your protected devices and offers two ways to extend your protection. You can share a link via email or install Sophos on the current device. Easy enough.

When you select a device you get a page with five tabs: Status, History, Protection, Web Filtering, and Privacy. The Status page features five large panels representing protective components. Free users can work with Antivirus Protection and Web Protection—the other three are Premium-only. History displays a list of everything Sophos has done to protect you, with an option to filter on different event types. Privacy is irrelevant, because the only feature on that page is not for free users. And Web Filtering lets you configure the parental control system, which I’ll discuss later.

That leaves the Protection tab, the place where everything happens. This tab has four sub-tabs: General, Exploits, Ransomware, and Web. Exploit Mitigation and Ransomware Protection are reserved for paying customers (yes, there’s quite a lot that you don’t get unless you pay).

You can also reach the General tab by clicking Antivirus Protection on the Status tab. Most users shouldn’t touch the controls on this page, as doing so would turn off various protective features. The one exception is the scheduler—if you like, you can set Sophos to run a full antivirus scan on any days of the week. The Web tab (also reached by clicking Web Protection on the Status tab) similarly contains settings that you shouldn’t turn off.

Since all configuration happens in this online dashboard, your friends and family members can’t mess up their antivirus installation. They don’t have access to the controls. You can even launch a scan of the remote computer if necessary. It’s quite a different setup from most antivirus utilities.

There’s one new feature for the free edition that you’ll only see as a Dashboard setting. AMSI Protection, turned on by default, ties Sophos into the Windows AntiMalware Scan Interface. Briefly, this lets PowerShell, Windows Script Host, and similar applications call on a registered antivirus for help when they detect a scripting operation that might not be on the level. Norton’s latest antivirus ties in with AMSI in a similar fashion.

Simple Local Client

The local client features a simple left-rail menu with five items: Status, Dashboard, Add Device, Buy Premium, and Help. Dashboard and Add Device take you to the remote management console, and Buy Premium starts the purchase process. On the Help page you can click to get help online, check for updates, or launch a troubleshooting system. Really, the Status page is the only one that relates directly to antivirus protection.

Across the bottom you’ll find five buttons that reflect the status of five security components: Malware Protection, Web Protection, Ransomware Protection, Privacy Protection, and Malicious Traffic Detection. The last three are disabled, as they’re only available in the premium edition. Clicking Malware Protection or Web Protection sends you off to the management console to view and possible change the product’s configuration.

When I last reviewed Sophos, it devoted the remaining large area of the main window to security status, with a banner at the bottom touting the virtues of upgrading to Premium. That banner is absent in the current edition, but an advertisement for the Sophos Intercept X mobile security app replaces the status indicator. I prefer the old way.

Scans and Scheduling

Many antivirus tools offer three scan choices: a quick scan of memory and likely malware hiding places; a full scan of the entire computer; and a custom scan where you choose the scan's target and settings. With Sophos, clicking the Scan button always runs a full scan. Be sure to do this right after installation to root out any existing malware infestations. In theory, real-time protection should handle any attacks after that initial cleanup, but Sophos does let you schedule a repeating full scan for any or all days of the week.

On our standard clean test system, the scan quickly reached 96% completion, but it then slowed precipitously. The scan took an hour and 15 minutes, a bit longer than the current average of an hour and four minutes. By observation, Sophos uses this first scan to optimize subsequent scans. A repeat scan finished in 22 minutes.

Few Lab Results

Researchers at independent antivirus testing labs around the world put products through grueling tests and regularly report on their effectiveness. I closely track reports from four labs: AV-Test Institute, AV-Comparatives, SE Labs, and MRG-Effitas. These labs are major operations, and their reputations depend on accurate testing, so I take their results seriously.

Sophos appears in the latest reports from just one of these labs. The experts at SE Labs challenge antivirus products using a capture and replay system that lets them hit each product with the same real-world malware attack. Products can earn certification at five levels: AAA, AA, A, B, and C. Along with Microsoft Defender and Kaspersky Security Cloud Free, Sophos took the top score, AAA certification. In fact, of all the tested products only Norton, with AA certification, didn’t reach the AAA mark.

I use an algorithm that maps each lab's results onto a 10-point scale and generates an aggregate result. However, this algorithm requires at least two lab scores as inputs, and Sophos has just one at present. The best products earn high scores in tests from all four labs. Kaspersky tops the five products tested by all four labs, with 9.7 points, and Avast One Essential comes next with 9.5. Tested by three labs, AVG and Bitdefender both scored 9.8.

Hands-On Malware Protection Testing

Lab results are all well and good, but I always run my own hands-on malware protection testing as well. To start, I simply open a folder containing malware samples that I collected and analyzed myself. Sophos sprang into action immediately, displaying transient popups when it found a threat and when it finished cleaning up a problem. I had to click away each pop-up individually, as Sophos doesn't provide an option to close the whole stack.

Clicking the Manage button in any pop-up just opened the online console. I expected it to select the History tab automatically, but I had to do that myself. I found the list awkward and unwieldy. Each entry in the long scrolling web page was big enough vertically that no more than three were visible at a time. Of course, the average user probably sees no more than one malware attack at a time, so this may not matter. I did observe that the history reported some found threats as “not cleaned up,” with no option beyond a link to ignore the problem.

In previous reviews, Sophos eliminated more than 90% of the samples as soon as Windows Explorer displayed them. This time around its behavior was very different. It only eliminated 14% on sight, leaving me to launch all the remaining samples and observe how the antivirus handles them.

Sophos clearly brings more protective power to bear on programs that attempt to launch than it does to those sitting idly in a folder. It wiped out another 83% before they could launch, leaving Windows to display an error message. As for the few remaining samples that managed to launch, Sophos caught them at some point during installation, for a perfect 100% detection. It did allow malware to place a few executable files on the test system, which is why it scored 9.9 rather than 10.

Out of all other products tested with my current set of samples, only Malwarebytes and McAfee AntiVirus Plus managed 100% detection. McAfee also scored 9.9, while Malwarebytes managed a perfect 10.

Gathering and analyzing a new collection of malware samples takes a long time, time that I can't spend on reviews, so I only do it about once a year. For an evaluation of each product's ability to protect against the very newest malware, I start with a feed of malware-hosting URLs supplied by London-based testing lab MRG-Effitas. These URLs are typically no more than a couple days old. Launching each in turn, I record whether the antivirus prevents the browser from even opening the dangerous page, eliminates the malware payload on download, or sits idly doing nothing. Once I have enough data points, I tally the results.

Sophos blocked 75% of the malware downloads by preventing all access to the dangerous URL. By observation, it used the warning High Risk Website Blocked for URLs already on the blacklist. For new discoveries, the message was Malicious Content Blocked.

As for malware caught at the download stage, the real-time protection eliminated most of it. For the rest, the Download Protection component kicked in. This component relies on a reputation score based on the item's content, the hosting website, and feedback from other computers. If the reputation is low, Sophos strongly advises skipping the download. One way or the other, Sophos caught the remaining 25% of samples at the download stage, for a perfect 100% score.

Bitdefender, McAfee, and Norton also scored 100% in their latest runs of this test. Microsoft Defender and G Data Antivirus came close with 99%. I’m a big fan of smacking down malware before it can even download onto your system.

One more thing. Sophos doesn’t install a browser extension to do its website screening, a clue that suggests this feature is browser independent. Indeed, it visibly works in Chrome, Edge, Firefox, Internet Explorer, Opera, and even Vivaldi. But it’s not universal. For example, it won’t filter out dangerous sites for those who rely on the Brave browser.

Mediocre Phishing Protection

Sophos watches network traffic to cut off access to malware-hosting websites, but those aren't the only sites you need to avoid. Just because phishing sites don't typically contain malware doesn’t mean they can’t cause plenty of trouble. A phishing site masquerades as a secure and sensitive site, anything from banking to email to dating. If your eyes are sharp enough, you'll spot the scam and move on. But if you enter your credentials on the fake page, you've given away your account to the fraudsters. Fortunately, Sophos helps steer you away from phishing sites. Unfortunately, it doesn’t do a great job.

For testing, I scrape the newest reported fraudulent sites from websites that track such things. I include roughly equal numbers of verified frauds and of sites too new for analysis. I launch each one in four browsers simultaneously. Of course, one is protected by the product under testing. The other three use the phishing protection built into Chrome, Edge, and Firefox. If the page doesn’t load correctly in all four browsers, I discard it. If it's not a clear attempt to steal credentials for a sensitive site, I discard it.

Phishing pages do their best to emulate the real site they’re faking. For many, that includes using a secure HTTPS connection. When Sophos encounters a secure but fraudulent site, it displays a popup warning while the browser just shows an error. It flags the rest with the High Risk Website warning, not distinguishing the phishing sites from malware-hosting sites.

When last tested, Sophos scored 84% detection. Its score of 82% this time around wasn’t a big change. Do note that despite this fair-to-middling score in the current test, it outperformed the protection built into all three browsers. Still, if you really want your antivirus to detect and deflect phishing frauds, Sophos isn’t the best choice.

Looking at other free products, Avast scored an excellent 99%, Bitdefender Antivirus Free Edition managed 97%, and Kaspersky Security Cloud Free took 96%. But if you want perfect 100% scores, you’ll have to consider commercial products. F-Secure, McAfee, and Norton all managed 100%.

See How We Test Security SoftwareSee How We Test Security Software

Ineffective Parental Content Filter

Like Sophos Home Free for Mac, this antivirus comes with a very simple (possibly too simple) parental control content filter. To configure it, you log in to the online console and choose the Web Filtering tab. Filtering is on a per-device basis; there's no option to filter for one user account and not for others.

The filtering page lists 28 content categories, organized into three groups: Adult & Potentially Inappropriate, Social Networking & Computing, and General Interest. For each category, you can configure Sophos to block or allow access. When last reviewed, Sophos included a per-category option to just display a warning page that allows access but notes that Sophos will log the activity. That option is no longer present.

There’s no system of presets based on age, and no categories blocked by default. If you choose to use this feature, be certain that you block the Proxies & Translators category. Otherwise, your clever teen could totally evade the content filter using a secure anonymizing proxy.

In testing, the content filter blocked all the naughty sites we tried, and it didn't cave to a three-word network command that defangs some outmoded parental control systems. For HTTPS pages, as with malicious and fraudulent sites using HTTPS, Sophos pops up a notification of its action while leaving the browser to display an error message.

Unlike almost every other content filter, Sophos is not browser-independent. By observation, it supports Chrome, Edge, Firefox, Internet Explorer, Opera, Safari, and Vivaldi. But Brave browser apparently isn’t on the list. Sophos exhibited no power over Brave. Your kids could install this, or any less-popular browser, to evade all content filtering.

You might get some benefit from this content filter if all you want is to protect a young child from encountering the seamy side of the internet. A child who objects to parental control and monitoring will have no trouble getting around it. Yes, this is a bonus feature, not a central antivirus component, but I'd still like to see it improved. Or removed.

Worth a Look

Sophos Home Free detected 100% of our real-world malware samples in one test and blocked 100% of malware downloads in another. It didn’t do as well identifying phishing frauds, though. Only one of the labs we follow has included Sophos in its latest reports, though that lab gave it a good rating. The web content filter is so porous as to be useless, but content filtering isn’t a required feature for antivirus protection. If you're managing security for family members or friends, this product's remote management console can make it a good choice.

Kaspersky Security Cloud Free has excellent test scores from all four of the independent labs that we follow, and Avast Free Antivirus scores almost as high. Both go way beyond mere antivirus, with numerous suite-level features. Kaspersky and Avast are our current Editors' Choice winners for free antivirus.