You probably picture antivirus protection as something that resides on your computer and protects it against security dangers. With Sophos Home Protection, that idea is only half right. Yes, a local app on your PC or Mac handles the bare-knuckles malware fights, but its management lives in the cloud. You can manage up to 10 devices remotely when logged into the Sophos online dashboard. It’s a godsend if you’re the antivirus guru for your family or friends, and it costs much less than the competition. If your needs don’t precisely match its profile, though, you’re better off choosing one of our Editors’ Choice antivirus apps, Bitdefender Antivirus Plus or Norton AntiVirus Plus. Both receive high scores from testing labs, and both have even more bonus features than Sophos.
How Much Does Sophos Home Premium Cost?
Many antivirus companies let you purchase subscriptions for one, three, or five devices; some of them go up to 10 or more. Sophos skips the small stuff and jumps straight to an inexpensive 10-pack. For $59.99 per year, you can install Sophos Home Premium on up to 10 devices running Windows or macOS.
That’s quite a deal. Norton AntiVirus Plus costs $59.99 to protect just one device. With Bitdefender, Emsisoft, or Malwarebytes, paying that amount protects three devices. And paying $59.99 per year for ESET NOD32 Antivirus gets you licenses for five devices. Sophos has the lowest 10-license price among popular brands, undercut only by the less familiar SecureAge CatchPulse, which charges $39.90.
It's Surprisingly Easy to Be More Secure Online
With McAfee AntiVirus Plus, your $64.99 subscription lets you install antivirus on all the devices in your household, whether they run Windows, macOS, Android, iOS, or even ChromeOS. Even so, until you pass the 10-device mark, Sophos costs less.
Similar Products
Bitdefender Antivirus Plus
Norton AntiVirus Plus
McAfee AntiVirus
G Data Antivirus
Malwarebytes Premium
Webroot AntiVirus
ESET NOD32 Antivirus
Total Defense Essential Anti-Virus
Trend Micro Antivirus+ Security
Online Management Dashboard
Sophos just installs a small, local client on your PC. All configuration and logging activities take place in the online dashboard. That makes a lot of sense, given this app's business origins. IT departments take care of antivirus management from a central console; they don't rely on untrained employees to keep things running.
If you're the go-to tech support person for your family or circle of friends, consider installing Sophos for the whole gang and managing it remotely. It's easier than driving across town to sort out the mess they've made or trying to walk them through diagnosis and repair over the phone. There is a limit of 10 installations per subscription, which seems reasonable. Would you really want to manage more?
The main screen of your dashboard displays all the devices you've protected, each with a number representing outstanding notifications. Click any device for more details and configuration options, or click Add Device to extend protection to another PC or Mac. You can click to download and install on the current system or copy a link that you can send to someone else. Either way, it both installs Sophos and connects the installation to your account for remote management.
When you select a device, you get a page with five tabs: Status, History, Protection, Web Filtering, and Privacy. The Status page features five large panels representing five protective components: Antivirus Protection, Web Protection, Ransomware Protection, Privacy Protection, and Malicious Traffic Detection. On the History page, you see a list of everything Sophos has done to protect you, with an option to filter on different event types. The Privacy page just contains Webcam Protection, and Web Filtering lets you configure the parental control system. I’ll discuss both of those below.
That leaves the Protection tab, the place where everything happens. This tab has four sub-tabs: General, Exploits, Ransomware, and Web. Note that clicking any of the feature panels on the Status tab takes you to the corresponding area on the Protection tabs. Well, any except Privacy Protection—that one takes you to the Privacy page.
Most users shouldn’t touch the controls on the General tab, as doing so would turn off various protective features. The one exception is turning on the scheduler. If you like, you can set Sophos to run a full antivirus scan on any day of the week. The Web tab (also reached by clicking Web Protection on the Status tab) similarly contains settings that you shouldn’t turn off.
Since all configuration happens in this online dashboard, your friends and family members can’t mess up their antivirus installation. They don’t have access to the controls unless you give them the login credentials. You can even launch a scan of the remote computer if necessary. It’s quite a different setup from most antivirus utilities.
Here’s a point of interest you may encounter when exploring the Dashboard. AMSI Protection, turned on by default, ties Sophos into the Windows AntiMalware Scan Interface. Briefly, this lets PowerShell, Windows Script Host, and similar applications call on a registered antivirus for help when they detect a scripting operation that might not be on the level. Norton AntiVirus Plus ties in with AMSI in a similar fashion.
Simple Local Client
The local client features a simple left-rail menu with four items: Status, Dashboard, Add Device, and Help. Dashboard and Add Device take you to the remote management dashboard. On the Help page, you can click to get help online, check for updates, or launch a troubleshooting system. A blue Scan button at the bottom left launches a scan for malware.
The Status page is the only one that relates directly to antivirus protection. It should look familiar, as it displays the same panels as the Status tab in the online dashboard. Clicking any of those panels sends you off to the dashboard to view and possibly change the app's configuration.
Scans and Scheduling
Many antivirus tools offer three scan choices: a quick scan of memory and likely malware hiding places, a full scan of the entire computer, or a custom scan where you choose the scan's target and settings. With Sophos, clicking the Scan button always runs a full scan. Be sure to do this right after installation to root out any existing malware infestations. In theory, real-time protection should handle any attacks after that initial cleanup, but Sophos does let you schedule a repeating full scan for any or all days of the week.
When last tested, the scan quickly zoomed to within a few percent of completion, but then it slowed to a crawl, taking 75 minutes overall. This time, the scan finished in a very speedy 15 minutes. Malwarebytes Premium completed a full scan in five minutes and Webroot AntiVirus in less than two minutes, but the current average time is 100 minutes.
Sparse Lab Results
Researchers at independent antivirus testing labs around the world put antiviruses through grueling tests and regularly report on their effectiveness. I closely track reports from four labs: AV-Test Institute, AV-Comparatives, SE Labs, and MRG-Effitas. These labs are major operations, and their reputations depend on accurate testing, so I take their results seriously.
Sophos appears in the latest reports from just one of these labs. The experts at SE Labs challenge antivirus utilities using a capture and replay system that lets them hit each antivirus with the same real-world malware attack. Contenders can earn certification at five levels: AAA, AA, A, B, and C. Comodo and Webroot reached AA certification. Sophos, along with the rest of the tested antiviruses, achieved the highest rating, AAA.
I use an algorithm that maps each lab's results onto a 10-point scale and generates an aggregate result. However, this algorithm requires at least two lab scores as inputs, and Sophos has just one at present. All four labs include Norton, Avast One Essential, and Microsoft in their latest reports. These three earned aggregate scores of 9.6, 9.6, and 9.1 respectively.
Bitdefender, Kaspersky, and McAfee appeared in reports from three of the four labs. They aced all tests, each coming in with a perfect 10-point aggregate score.
Malware Protection Success
When lab results are few or absent, my own hands-on malware protection testing becomes more important. To start, I simply open a folder containing malware samples that I collected and analyzed myself. Sophos detected just a handful at this point. Copying the samples to a new folder fully engaged its real-time protection. Over a period of five minutes or so, it detected and eliminated more than 90% of the samples, displaying transient popups when it found a threat and when it finished cleaning up a problem.
Clicking the Manage button in any pop-up just opened the online console. I expected it to select the History tab automatically, but I had to do that myself. I found the list awkward and unwieldy. Each entry in the long scrolling web page was big enough vertically that no more than three were visible at a time. Of course, the average user probably sees no more than one malware attack at a time and probably doesn’t dig in to view detection history, so the awkward display may not matter.
Continuing the test, I launched each sample that wasn’t taken out in the initial sweep. Sophos detected almost all of them either on launch or during the installation process for a final detection rate of 98%. It did allow malware to place a few executable files on the test system, which is why it scored 9.6 rather than 9.8 points.
Among antivirus apps tested with this same malware collection, only Malwarebytes, with 9.8 points, scores higher. It’s true that PC Matic and Guardio also show a 9.8-point score, but they required special handling to even get through the test. PC Matic relies on allowlisting rather than identifying malicious programs, and Guardio strictly and only checks files when they’re downloaded from the internet using Chrome.
Gathering and analyzing a new collection of malware samples takes a long time, so I only do it once a year. To evaluate how each antivirus handles the very newest malware, I start with a feed of malware-hosting URLs supplied by London-based testing lab MRG-Effitas. These URLs are typically no more than a couple of days old. Launching each in turn, I record whether the antivirus prevents the browser from even opening the dangerous page, eliminates the malware payload on download, or sits idly doing nothing. Once I have enough data points, I tally the results.
Sophos blocked 91% of the malware downloads by preventing all access to the dangerous URLs. By observation, it uses the warning High Risk Website Blocked for URLs already on the blacklist, which accounted for most of its detections. For new discoveries, the message is Malicious Content Blocked.
Real-time protection caught the malware payloads for the remaining 9% of samples, giving Sophos a perfect 100% protection score. Bitdefender, Guardio, Trend Micro, and ZoneAlarm reached 100% in their own phishing protection tests.
Sophos doesn’t require a browser extension to screen out dangerous websites. However, in past testing, I’ve observed that it didn’t work with less common browsers—for example, it wouldn’t filter out dangerous sites for those who rely on the Brave browser. This time, I verified its effectiveness with Brave, DuckDuckGo, and Epic Privacy Browser. However, dangerous pages slipped right through when I tried the privacy-focused browser from Ghostery.
Phishing Protection
Sophos watches network traffic to cut off access to malware-hosting websites, but those aren't the only sites you need to avoid. Just because phishing sites don't typically contain malware doesn’t mean they can’t cause plenty of trouble. A phishing site masquerades as a secure and sensitive site, anything from banking to email to dating. If your eyes are sharp enough, you'll spot the scam and move on. But if you enter your credentials on the fake page, you've given away your account to the fraudsters. Fortunately, Sophos helps steer you away from phishing sites.
To test phishing protection, I scrape the newest reported fraudulent sites from websites that track such things. I include roughly equal numbers of verified frauds and of sites too new for analysis. I launch each one in four browsers simultaneously. Of course, one browser is protected solely by the antivirus under testing. The other three depend on the phishing protection built into Chrome, Edge, and Firefox. If the page doesn’t load correctly in all four browsers, I discard it. If it's not a clear attempt to steal credentials for a sensitive site, I discard it.
Phishing pages do their best to emulate the real site they’re faking. For most, that includes using a secure HTTPS connection. When earlier versions of this feature encountered a secure but fraudulent page, they’d display an error page in the browser with a popup notification to explain. This time, it handled secure and nonsecure frauds exactly the same by displaying the High Risk Website warning and identifying the problem as Phishing & Fraud.
When last tested, Sophos scored 82% detection, an unimpressive showing. This time, it managed a much better 95%. Even so, more than a dozen competitors earned better scores. Guardio, McAfee, Norton Genie, Trend Micro, and ZoneAlarm all scored 100% in their most recent phishing protection tests.
Parental Content Filter
Like Sophos Home Premium for Mac, this antivirus comes with a very simple parental control content filter. To configure it, you log in to the online console and choose the Web Filtering tab. Filtering is on a per-device basis; there's no option to filter for one user account and not for others. And you won’t find screen time control or any other parental monitoring features.
The filtering page lists 28 content categories organized into three groups: Adult & Potentially Inappropriate, Social Networking & Computing, and General Interest. For each category, you can configure Sophos to block or allow access.
There’s no system of presets based on age and no categories blocked by default. If you choose to use this feature, be certain that you block the Proxies & Translators category. Otherwise, your clever teen could totally evade the content filter using a secure anonymizing proxy.
In testing, the content filter blocked all the naughty sites we tried, and it didn't fall to a three-word network command that defangs some outmoded parental control systems. As with its blocking of dangerous and fraudulent sites, Sophos now handles secure HTTPS pages the same as non-secure pages. That is, it displays a Website Blocked page along with the category that triggered blocking.
I mentioned earlier that filtering out dangerous pages works in most browsers but not all of them. That’s no big deal if you use a browser that’s even minimally popular. However, this lack of true browser independence becomes a problem for parental content filtering. All your kid needs is an unsupported browser, and the parental content filter becomes useless.
You might get some benefit from this content filter if all you want is to shield a very young child from encountering the sleazy side of the internet. A child who objects to parental control and monitoring will have no trouble getting around it, though. Yes, this is a bonus feature, not a central antivirus component, but I'd still like to see it either improved or removed.
Exploit Protection
Some malware coders spend their days analyzing and reverse-engineering operating systems and popular applications, looking for programming errors that leave holes in your security. As soon as they start to exploit those holes, the designers of the victim app or OS get busy patching. However, until you install the resulting patch, your systems are vulnerable to attack. Sophos aims to block these exploits directly, with special protection for common victim apps.
On the Exploits tab, you find panels for Exploit Mitigation, Protected Applications, and Risk Reduction, along with a few more arcane settings. Exploit Mitigation and Risk Reduction are turned on by default, with the option to dig in for advanced settings. Those advanced settings involve things like which apps Sophos should protect and what kind of sneaky maneuvers it should block. Just leave those settings alone; they come configured for maximum protection.
Exploit protection is more common as support for the firewall in a security suite. Norton and Sophos are among the few antiviruses that boast an anti-exploit component. To test this feature, I rely on 30-odd exploits generated by the CORE Impact penetration testing tool and aimed at Windows itself and popular apps.
Sophos didn't detect exploits at the network level, but the real-time protection component blocked 28% of the malicious payloads, reporting Malicious Content Detected. That’s about the same score Norton achieved. Sophos flagged the attack using its official name in quite a few cases. The test system is fully patched, so even the two-thirds of exploits missed couldn't do any harm.
Overall, scores on this test have been declining. Even the best recent scores don’t reach twice what Sophos achieved. Those scores belong to Vipre Antivirus Plus and Bitdefender, with 55% and 53%, respectively. But once again, missed exploits can’t harm the fully patched test system.
The tools managed on the Exploits page are among the most complex in this app. Fortunately, you don't have to understand them to benefit from their efforts. Just leave them alone to do their work.
Premium Ransomware Protection
In theory, regular malware scans and real-time antivirus protection should prevent ransomware attacks, just as they prevent other malware infestations. However, the consequences of missing a brand-new ransomware sample are more significant and permanent than other types of malware. Even if your antivirus gets an update that wipes out the zero-day ransomware ten minutes after the attack, your files are still encrypted and useless. That’s why Sophos, like more and more competitors, offers a separate component dedicated to ransomware protection.
In testing, the antivirus eliminated all my ransomware samples, as expected. To simulate attacks by zero-day ransomware that evades usual protection, I turned off the real-time component and put my folder of ransomware samples back in place. I then started releasing a dozen real-world ransomware attacks, one by one, on the virtual machine test system.
Sophos detected and eliminated all but two of my encrypting ransomware samples, including one that attempts to encrypt the whole drive rather than just certain files. As for the missed encrypting samples, they simply didn’t do anything. Without any activity, behavior-based detection has nothing to detect.
When I last tested this feature, I found that several samples managed to encrypt some files before they got the axe, anywhere from a couple of files to a couple thousand. This time around, no files were harmed.
Sophos relies on detecting ransomware activity, which is a more effective defense than simply blocking unauthorized access to protected files. IObit Malware Fighter Pro uses the latter technique. While it detected all the ransomware samples and kept them out of the Documents folder, half the samples encrypted unprotected files elsewhere—up to 10,000 of them.
I've occasionally encountered ransomware protection systems that suffer a window of vulnerability during the boot process, allowing ransomware launched at boot time to do its dirty deeds before the ransomware protection system kicks in. I tested Sophos by configuring some real-world ransomware samples to launch at startup. It had no trouble preventing the attacks.
My testing aims to simulate a situation where the real-time protection system has missed a zero-day ransomware attack. Confronted with prevalent real-world ransomware samples, without the help of real-time antivirus protection, Sophos caught them all before they could do any harm. Based on my testing, it's also likely to handle most of those pesky zero-day ransomware attacks.
Safe Online Banking
Web Protection prevents access to malicious and dangerous websites, and Download Reputation scoring helps keep you away from files that, while not definitively malicious, have troublesome traits. You find settings for both by selecting Protection and then clicking the Web tab.
Kaspersky, Bitdefender, and several others offer browser protection to isolate your financial transactions from other processes, thereby preventing data theft. With Sophos, Safe Browsing simply warns if your browser has been compromised. I assume it works; I don't have a way to compromise a browser for testing.
Webcam Spyware Protection
Many kinds of spyware programs aim to capture your credit cards or other kinds of personal data that malefactors can monetize. Perhaps the creepiest spyware, though, is the kind that secretly activates your webcam and spies on you when you think you're alone. Quite a few antivirus utilities now include spyware protection components to prevent this pervy peeping.
Bitdefender and ESET, among others, don't get in the way of legitimate applications that need to use the webcam. However, when an unknown program tries to peek at you, these apps suspend its access and notify you. If it's some new video-conferencing tool you just installed, you can mark it as trusted. If you didn’t trigger the use of the webcam, just block its access.
Webcam Protection in Sophos doesn’t maintain a list of trusted programs. When any process accesses the webcam, it slides in a notification that the app is using your webcam. In the case of a possibly malicious app, a larger notification displays “Webcam Access Warning.” In either case, you can terminate the app if you don’t want it using your camera.
What’s Not Here?
When I last reviewed Sophos, I put its keylogger-blocking ability to the test. Specifically, I disabled real-time protection and loaded up a free keylogger. It visibly captured text typed into Notepad, but for text, I typed in a browser, it got nothing but gibberish thanks to the keyboard encryption built into Sophos. That test failed this time around. Poking around in the release notes for the antivirus, I determined that the keylogger protection was first temporarily and then permanently removed.
I’ve previously applauded the Sophos mobile management app (Android and iOS) for making it even easier to manage your antivirus installations. Cousin Eddie has a tech problem while you’re at the ball game? Just whip out your phone!
Alas, the mobile app took early retirement in 2023. It doesn’t show up in a search on either app store. You can still find links to the old app on the Sophos website, but the Android app won’t log in, and the Apple store reports the app is unavailable.
A Good Choice for the Right User
If you're enough of a techie to comprehend its range of features, Sophos Home Premium lets you install and remotely manage protection on up to 10 PCs or Macs. When you're the tech guru for your extended family or circle of friends, these remote-control capabilities can be a godsend. Sophos earned great scores in our hands-on malware protection tests, and its behavior-based ransomware protection proved effective. That said, Bitdefender Antivirus Plus and Norton AntiVirus Plus both get plentiful high scores from the testing labs and offer bonus features beyond what you get with Sophos. These two are our current Editors’ Choice picks for antivirus protection.
The affordable Sophos Home Premium expands on basic antivirus with protection forged in the company's enterprise-level solutions, with all configuration managed remotely.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
