For some Macs, the "Best Free Mac Antivirus" according to "Best Antivirus Software and Apps 2016" would be Avast, not Sophos. Specifically, those running OS X 10.7 and earlier, since August 2016 was the last time that the last compatible version (9.4.2) added a newly-downloaded virus definition (after having been reduced to limited support in November 2014 and zero support in November 2015). So I decided to try switching. So far it seems a perfectly serviceable replacement, though with fewer of Sophos' user interface features I enjoyed.
During installation I unchecked "install browser plugins". One, I use Firefox which already includes a perfectly good Mozilla blocklist service, and I suspect filtering all web accesses through multiple blocklists exceeds the point of diminishing returns. Two, I don't use Mozilla's blocklists either because I use MVPS hosts and NoScript and have enough confidence to prefer keeping my network and system resources away from blocklisting. Three, if there was any adware (I have no idea), a browser extension is the most likely host. Four, complexity is the enemy of efficiency and reliability (see the KISS principle).
Thanks to Little Snitch, the first thing I had to do after installation was Avast >> Preferences >> Shields >> Web Shield >> Disable. Because Web Shield renders Little Snitch a useless waste. Because Web Shield creates a virtual proxy network (to inspect all the machine's network connections) in between the applications and the physical network, and Little Snitch can only see the applications connected to the physical network, i.e, Avast-proxy. For anything to work, Little Snitch would have to be told to allow all Avast connections, exactly the same as having no Little Snitch at all. So, buh-bye Web Shield.
I can't remark on Avast's Mail Shield because I do not use mail applications on my machine, I use exclusively email service providers' web interfaces (a.k.a. webmail). So, the second thing I did after installation was turn off Mail Shield (otherwise I'd leave it on).
The third thing I did after installation was Avast >> Preferences >> Updates >> uncheck everything. In my decades of computing experience, unmanaged automatic updates were the Number One source of avoidable problems (see Windows 10). That makes the only reason to ever allow anything to update randomly is an inability or unwillingness to update deterministically. And that's one problem I never had.
Thanks to Little Snitch, the fourth thing I did after installation was delete all Avast-related Little Snitch rules and start over, approving new rules for (manual) Update Virus Definitions, Update Program, Scan Network, and Help (except denying access to apis.google.com, code.jquery.com, connect.facebook.net, fonts.googleapis.com -- give me a break). I also denied all network access for com.avast.account-sync since I do not have an Avast account.
So far, everything seems to work perfectly. I only have 8 issues so far, all only with the user interface.
Issue #1: logging. Installation threw a whole mess of tiny log files in /private/tmp, but not a single one where the Console app can see them. If it's not written to the system log, it's gone (or possibly hidden). Why? Are any of those hidden log files useful, or persistent? Dunno. Will take a while to find out.
Issue #2: opening Avast. It never remembers its previous window state, it always opens to Status. Why? What if I want it to open to Preferences >> Updates, why not? It's not AppleScriptable either.
Issue #3: "Status". If 100% of Avast's automatic services are not enabled, it asserts "You are not protected" with a Big Red X. Why? I am 100% as protected as I wish. If that's not a "You are protected" Big Green Checkmark, it's at least a "You are partially protected" Big Yellow Triangle; quit lying. So there's no easy way to tell whether or not my specified protection level is fully operational. Why not?
Issue #4: scans. It moves all suspect files to its Virus Chest without allowing any opportunity to confirm its suspicions first. Why? Alarmed at the prospect of unintended consequences of unwarranted filesystem modification, the first thing I did was immediately have them all moved back, but in doing so, Avast wrongly changed some of their modification dates. That's bad if you use modification dates to indicate, say, dates of modification. Automatic relocation of suspects should be optional, not forced.
Issue #5: reports. Reports aren't functional. After restoring all the Virus-Chested items to their proper locations, the intent was to subsequently investigate each item individually at my convenience, and return it to the Virus Chest only if necessary. But items restored from the Virus Chest leave no trace...except in the Report, which is just dumb pixels with no way to act on or even copy the file path of an item. Why?
Issue #6: reports. Reports aren't outputtable. There is no way to save a report. There is no Console-readable log of a report. There is no way to copy any text off a report to paste somewhere else. They are just dumb pixels, and all anyone can do is take a screenshot of them. Why?
Issue #7: reports. Reports disappear easily and permanently. After a Full System Scan I experimented with the Home Network Security Scan 4 times, and suddenly my Full Scan Report was gone, never to be seen again. What? Why?
Issue #8: manual updating. There is no convenient Update Now method using the menubar icon menu or anything else. There is exactly one manual update procedure: (1.) open Avast, (2.) click Preferences, (3.) click Updates, (4.) click Virus Definitions Update Now, (5.) type password, (6.) wait, (7.) click Program Update Now, (7.) type password again, (8.) wait, (9.) quit Avast. It doesn't even retain administrator privileges from one action to the next. Why? Is not automation kinda the thing computers were invented to do?
Again, no issues I found interfere with protection from malware, only with user experience. Thus I am satisfied with switching from Sophos to Avast so far.