Pricing and Pricing Tiers

A one-year subscription for Norton antivirus and a one-year subscription for Sophos both cost $59.99, but they’re not remotely the same. Your Norton subscription protects just one device, while Sophos lets you install antivirus on up to 10 PCs or Macs. As a nice bonus, you can manage all your Sophos installations remotely. If your favorite aunt runs into antivirus trouble, you can just take care of it from your desk (or couch) rather than trying to walk her through remote troubleshooting over the phone.

Norton does offer a volume discount: $84.99 for a five-device license. But that’s still about $17 per device, compared with $6 per device with Sophos. Sophos is easily the low-price leader.

Winner: Sophos

Independent Lab Test Scores

When an antivirus lab includes a particular antivirus in its testing, it means two things. The lab considered the antivirus significant enough to merit its attention, and the antivirus company valued the results enough to pay the testing fee. Having little or no presence in lab results may just mean the antivirus company chose not to participate, but having a lot of them is a strong sign of an important product.

I follow regularly scheduled lab reports from four labs: AV-Test Institute, AV-Comparatives, MRG-Effitas, and SE Labs. Looking at the most current results, Norton has mixed scored from AV-Comparatives but perfect scores from the other three. Lab results come in many different forms, so I’ve formulated an algorithm to map them all to a 10-point scale and derive an aggregate lab score. Norton’s is an impressive 9.6 points.

It’s Surprisingly Easy to Be More Secure Online

As for Sophos, it only shows up in the latest reports from SE Labs. This lab uses a capture-and-playback system to hit multiple antivirus apps with exactly the same real-world malware attacks. Each app can earn certification at five levels: AAA, AA, A, B, or C. Like almost all the tested antiviruses, including Norton, Sophos came away with a perfect AAA rating.

It’s possible Sophos might have scored high with the other labs, too—we just don’t know because it wasn’t tested. What we do know is that Norton holds excellent scores from all four labs.

Winner: Norton

Scores From Our Hands-On Tests

I’m always pleased to find lab results available when I’m evaluating an antivirus program. But with or without those results, I run my own hands-on tests. Doing so lets me measure antivirus efficacy and get a feel for how each app does its protective job.

Each spring, I spend a few weeks gathering real-world malware samples for use in my testing. I try for six or seven dozen, winnowed down from an initial haul of thousands. For my malware protection test, I give each antivirus the opportunity to prevent the installation of each sample using all its features. Based on the number of samples caught and on how completely the antivirus foiled malware activity, I calculate a numeric score on a 10-point scale. In this test, Norton scored 9.7 and Sophos came close with 9.6.

(Credit: Sophos/PCMag)

For another view of malware protection, I challenge each antivirus with a collection of very new malware-hosting URLs. If the antivirus keeps the browser from even displaying the dangerous page, replacing it with a warning, I count that as a win. Eliminating the malware during or right after download is another way to win. The only way for the antivirus to lose is by ignoring the whole thing and allowing the download to finish unmolested. I base the final score on 100 such sample URLs. Sophos prevented 100% of the downloads, while Norton stopped 99% of them.

(Credit: Norton/PCMag)

Phishing pages masquerade as banks, auction sites, and other sensitive sites, hoping to trick victims into logging in. If you fall for it, the perps own your account. The antivirus component that detects malware-hosting types usually includes detection of these phishing frauds. When I tested them with hundreds of real-world fraudulent websites, Norton detected 99% and Sophos caught 95%.

Both these antivirus apps perform very well in my hands-on testing. I’m calling this a tie.

Winner: Tie

VPN Protection

When you go online, every website you visit learns a lot about you, including your IP address, which can be parlayed into your geographic location. But if you connect through a VPN (virtual private network), your traffic seems to be coming from the VPN server, foiling attempts to track or profile your internet activity. Changing your apparent location can also give you access to geographically locked content, and of course, your information is protected by powerful encryption while in transit.

Clearly, VPN protection is a useful adjunct to antivirus, protecting your data even when it’s outside your computer. All of Norton’s security suite products include a full-powered VPN, with no bandwidth or server location limits. Alas, this bounty doesn’t extend to the standalone antivirus under discussion here. Neither Norton nor Sophos includes a VPN component with their basic antivirus apps.

Winner: Tie

Firewall and Exploit Protection

Having a connection to the internet gives you access to unlimited information and entertainment. But sometimes when you gaze into the abyss, the abyss gazes into you. Your computer can be subject to infiltration and attack coming from that very same internet. The purpose of a firewall is to ensure that only safe traffic goes to and from your computer.

(Credit: Norton/PCMag)

Like most personal firewalls, Norton’s both defends your computer against attacks coming in from the network and marshals permissions for programs running on your system, ensuring they don’t misuse the connection. Where early personal firewalls relied on the uninformed user to make security decisions, Norton never pops up a firewall query unless it’s important.

Norton goes beyond firewall basics with a separate Exploit Prevention module that looks for network-based attempts to hack into vulnerable applications. In a similar fashion, Sophos promises exploit mitigation and risk reduction for protected applications. Both scored well when I hit them with exploits generated by the Core Impact penetration testing tool.

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

(Credit: Sophos/PCMag)

This is an easy call. Both apps have exploit protection, but only Norton pairs that with a full personal firewall component. Norton wins.

Winner: Norton

Ransomware Defense

Ransomware gangs mostly hit big targets these days—businesses, hospitals, even local governments. The odds are low that you’ll get hit personally. So, do you feel lucky? Or would you rather hedge your bets with an antivirus that pays special attention to detecting and foiling ransomware attacks? Good news—that’s something both Norton and Sophos do.

(Credit: Norton/PCMag)

Norton’s Data Protector prevents all unauthorized changes to files in the folders you’ve chosen to protect. By default, it covers Documents, Pictures, Videos, and Desktop. Any attempt to modify a protected file triggers a warning. From the warning, you can click to trust the programs if it’s, say, just a new image editor, or you can block and delete the program if it’s nothing you recognize.

To test ransomware protection, I disable all other antivirus features, cut off the test virtual machine from the network, and launch real-world ransomware samples, one at a time. Norton detected and blocked 11 of 12 samples in this test. However, most of the samples managed to encrypt files outside of the protected folders, as many as 10,000 ancillary Windows files in one case. In addition, the 12th sample ran amok, encrypting files without any hindrance by Data Protector. Good thing this was just a test. The regular antivirus features eliminated all these samples on sight, of course.

Ransomware protection with Sophos works by detecting ransomware behavior, so even a never-before-seen zero-day attack should be caught. Sometimes, ransomware encrypts a few files before a behavior-based detection system kicks in, but Sophos blocked every sample before it could do a lick of harm in testing. Sophos is the clear winner in the ransomware challenge.

Winner: Sophos

(Credit: Sophos/PCMag)

Secure Backup for Files

As you watch your laptop sailing majestically over the ferryboat’s rail, into the dark waters, you’re probably wishing you had backed up your data. No matter what befalls your computer, be it accident, natural disaster, or ransomware, recovery is so much easier when you’ve backed up your files to a safe location. It’s not surprising that security companies often sweeten their security suites by adding a backup system.

(Credit: Norton/PCMag)

In an unusual move, Norton extends backup protection to its entire product line, including the antivirus. The main difference is in how much online storage it provides for your files. The very top Norton with LifeLock suite gets 500GB of storage, while the antivirus comes with just 2GB. That’s not a lot, but you can probably cover your most important files.

In past years, Norton’s backup offered a local backup option and retained multiple versions of backed-up files. Although its backup features have diminished, it still handily beats Sophos, which doesn’t offer backup at all.

Winner: Norton

Breadth of Security Features

There are reasons you might prefer a plain cheese pizza to one with a boatload of toppings, but an antivirus with plenty of additional security features is almost always better than one that just handles the basics. Sophos and Norton totally handle the core tasks of scraping away any malware barnacles that may have accumulated on your system and keeping any future infestations at bay, but they also do quite a bit more.

Both apps work on Windows and macOS, and Norton also protects mobile devices. Both offer special browser protection for financial transactions and other sensitive online interactions.

Your regular antivirus should handle eliminating spyware apps that try to steal and exfiltrate personal information. Sophos adds detection of apps and websites that abuse your webcam to peek at you without your knowledge. That’s not something you’ll get from Norton.

(Credit: Sophos/PCMag)

Web-based protection with Sophos goes beyond diverting the browser from malicious and fraudulent sites. It expands to a full parental control content filter that can block or allow access to websites matching 28 categories. However, the content filter only works in supported browsers, so all your clever teen needs to do is find an unsupported browser. Norton adds a more effective parental control system at the security suite level, but not at the antivirus level.

Now we come to the litany of bonus features found in Norton but not Sophos, and it’s a pretty long list. Norton’s File Cleanup eliminates junk files wasting space on your drive, and Startup Manager reins in programs that unnecessarily launch at startup. The Software Updater tool finds and applies missing security patches for apps on your computer.

(Credit: Norton/PCMag)

If you connect to a Wi-Fi hotspot that’s not properly secured, Norton’s Wi-Fi Security will warn you, but that’s not all. It also quashes man-in-the-middle attacks, DNS spoofing, content tampering, and other network-based attacks. The Anti-Tracker browser extension suppresses ads and trackers on the web pages you visit, and you even get a password manager.

Sophos goes beyond the basics, but Norton goes beyond Sophos, for the win.

Winner: Norton