We test 10 of the most popular AV programs lock, stock, and barrel!
Selecting an Internet security suite is a lot like plodding through a Choose‑Your‑Own‑Adventure book. Remember those? The path of the protagonist was entirely up to you, and if those books taught us anything at all, it’s that every decision carries with it potentially devastating consequences. The same thing applies to your choice of antivirus software, only the repercussions of malware are real, and if a shoddy security suite fires off a blank and leaves you exposed to danger, there’s no flipping back the pages for a do-over.
The stakes are high, and it’s important you choose the right defense the first time. If you don’t, you risk leaving your system vulnerable to attack from an increasingly sophisticated arsenal of digital artillery. And don’t expect cyber-scoundrels to fight fair. They’ll lace screensavers and kids’ games with malware, spoof email addresses, record your keystrokes, and perform all sorts of underhanded tactics. Your PC is a gold mine of valuable information, and once compromised, these crooks will attempt to steal your identity, swipe your credit card information, pillage your PayPal account, lift your bank login credentials and sell ‘em to the highest bidder, or any number of insidious schemes. If all that weren’t enough, malicious software can render your once-fast PC a pop-up-infested jalopy. Is there any hope?
That’s where we come in. We’ve called to arms a gnarly collection of security suites with the roughest, toughest reputations around. We’re also including three popular no-cost AV solutions to find out how they compare. Flip through the pages to get started, and if we miss one you think should have been included, let us know—we’ll run stand-alone reviews of even more AV apps in the future.
What Makes a Good AV App?
We rely on five key criteria
SYSTEM PERFORMANCE AND SCAN SPEED
As power users who give a damn about performance, we’re picky about what we install on our systems. We gauge each AV app’s overall footprint by comparing boot time, PCMark 7 and Vantage scores, and the time it takes to transfer 6GB of files to that of a pre-AV state. We also take scan speed into consideration because, let’s face it, if you have reason to run a manual sweep, do you really want to sit around all day waiting for a clean bill of health? Neither do we.
Dealing with a potential malware infection is stressful enough, so the last thing we need is to be agitated by our security suite. A good program won’t provoke us with constant pop-ups trying to upsell security or crying wolf about legitimate programs. In fact, we shouldn’t even know it’s there most of the time. And when we do cross paths, we expect to be able to navigate the UI without ending up frustrated and wanting to fist-slam our keyboard.
FEATURES AND IMPLEMENTATION
We know how to roll our own security using a mishmash of free programs on the web. But the whole point of an Internet security suite is to bundle everything we might possibly need into a single package, saving us the hassle of managing a bunch of separate programs. There’s value in that, but we’re also looking for meaningful additions and not just a truckload of features for the sake of building a bigger bullet list than the competition.
Seven of the 10 AV programs in this roundup are fully fledged security suites that require an annual subscription plan. The onus is on each and every one to justify its price tag and convince us we should be pouring money into an all-in-one security package instead of building our own protective bubble with freeware alternatives. The higher the subscription, the harder it will have to work to sell us on paid security, plain and simple.
This is where the rubber meets the road, so it carries more weight than any other category. To determine how well a security program performs, we run several synthetic spyware and virus tests found on www.spycar.org and www.eicar.org. We then dart through the seedier side of the web with reckless abandon, followed by firing off a shotgun full of malware samples. When the dust settles, we compare our results with that of independent testing labs Virus Bulletin, AV-Comparatives, and AV-Test.
Panda Internet Security 2012
There’s a reason it’s called Panda and not Cheetah
This is the third year running that we’ve included Panda’s Internet security suite in our antivirus roundup, and like the previous two times, this year’s model sports a new skin. It’s too bad Panda didn’t focus its attention where it’s needed most: on the inside. Panda continues to scan files with all the urgency of a slug, a problem that’s plagued this program for as long as we can remember. What’s worse is that scan times never improve.
Panda’s scan engine isn’t fast, but it’s effective, at least in ravaging real-time threats. More often than not, Panda prevented malicious websites from loading, and on the rare occasions it didn’t, the on-demand scanner obliterated dirty downloads before they could touch the desktop. It wasn’t quite as effective in clearing up existing infections, leaving traces of neutralized malware behind.
Panda sports a sleek new look, but it’s running the same slow scan engine as before.Pick up the pace, Panda!
One way Panda improved over last year’s version is in scaling back the number of pop-ups. They’re not completely gone, but Panda’s firewall no longer freaks out whenever it detects activity on your network. Panda still implores you to register (there’s no option to permanently disable the reminder), and a persistent ad in the UI tries to upsell security, though you can disable it in the Preferences menu.
Panda’s slow-loading menu feels heavy. At the same time, it’s easy to navigate and brimming with options. We especially appreciate the virtual keyboard for those times when paranoia sets in, and the Safe Browser option is a nifty concept, if only we could get it to work. It’s supposed to load a sandboxed browser to keep web surfing sessions isolated from the OS. Great, only it refused to load after going through a lengthy setup process that walked us through installing a dated version of Sun’s VirtualBox.
We like Panda overall, but its quirks are tough to bear.
Kaspersky Internet Security 2012
Good for touch-screens and keyboard/mouse users alike
For its 2012 product, Kaspersky put a great deal of effort into making security management less intimidating. This is evident from the moment Kaspersky loads for the first time. It starts with the redesigned Windows widget (provided you’re running Windows 7 or Vista), which lets you know the status of your security software at a glance. You know the drill—green means all systems are go, yellow indicates a problem with security, and red means it’s time to panic (or press the button to fix whatever’s freaking Kaspersky out). You can customize each of the four quick launch buttons, and if you drag a file or folder on top of the widget, Kaspersky will scan the contents. It’s all very slick.
Rocking an all-in-one PC with a touch screen? You’ll love Kaspersky’s oversize tiles, which are easy to manipulate with a good old rodent, as well.
Kaspersky’s updated dashboard is equally user friendly and looks as though it was designed with touch screens in mind. Stifle the groans, because it’s a cinch to navigate with a mouse. The top portion is dominated by a status window that lets you know if there are any pressing matters that require your attention, and below that sits a scrollable row of oversize icons. Kaspersky displays four at a time, or you can press the up arrow to stretch the section up over the status window. Kaspersky didn’t forget about power users, and if you want to get your hands dirty, you can dig several layers deep by clicking Settings.
The changes in KIS go beyond the cosmetic. Kaspersky injected the scan engine with a much‑needed dose of nitrous oxide, but it might be a little too fast. Several dirty files went undetected as we downloaded them to the desktop, though Kaspersky sprang into action when we tried to execute them. Combined with high scores from independent testing labs, we remain fairly confident in Kaspersky’s ability to keep malware at bay.
Bitdefender Internet Security 2012
Silent as a ninja and almost as lethal
It’s easy to forget you have Bitdefender installed on your system—that is, if you want to. One of the big new features in this year’s build is an Autopilot mode. When engaged, Bitdefender plops itself into the driver’s seat and navigates through potentially sticky security-related situations without any supervision. The idea is to provide protection in absolute silence, and this stealth approach works so well that we initially thought Bitdefender had fallen asleep at the wheel. Turns out Bitdefender had its eye on the road the entire time, though it was sometimes slow to react. What we mean is that Bitdefender didn’t always stop dirty downloads from reaching the desktop, nor did it block us from pulling foul files off our USB flash drive. Pretty soon our once‑clean desktop had turned into a virtual minefield of malware.
Bitdefender’s awesome Autopilot will make you forget you’re even running security software.
After a while, most of these files began to disappear one by one. It started with the ones we clicked and then spread to others we hadn’t. Bitdefender disarmed almost every threat and proved particularly adept at weeding out rootkits, though it did let a trojan add an entry to the registry. As far as we can tell the actual virus had been neutralized, and even though all the independent labs laud Bitdefender’s detection rates, its seemingly slow reaction time leaves us feeling a little uneasy.
Bitdefender is overflowing with features. All the essentials are there—antivirus, antispyware, antispam, firewall—and so are loads of extras like identity‑theft protection, parental controls, a rescue mode that reboots your PC in a trusted environment, social network scanning, a virtualized browser, and the list goes on. To top it off, the new menu layout is both easy to navigate and customizable. Bitdefender clearly understands what we want from a security suite
Norton Internet Security 2012
An era of excellence continues
It’s been three years since Symantec overhauled its Norton security line, yet we still feel compelled to mention it. Why? For the simple reason that it’s not easy reinventing yourself, and there are still those who view Norton as a bloated, flat-footed application built on shoddy code. The truth is Symantec turned its Norton product around in 2009 with a code base it rewrote from the ground up, and Norton’s been earning high marks ever since.
Symantec took it a step further last year by giving the UI a face‑lift. What emerged was sleek and sexy, and at the same time overwhelming for less experienced users or anyone uninterested in such fine-grain control. NIS 2012 solves this problem by removing most of the clutter from the main screen and sweeping it beneath the rug where power users can still get to it. The result is a user-friendly UI dominated by three main controls: Scan Now, LiveUpdate, and Advanced. If you happen to miss the way things used to look, Norton lets you pin the Advanced menu to the main window, which has the added bonus of covering up the goofy world map that shows cybercrime activity hotspots. Seriously, does anyone use this?
If Symantec ever removes Norton’s real-time (and real hokey) Threat Map from the UI, we won’t have anything left to piss and moan about.
Other changes in NIS 2012 are equally subtle and effective, like the small Windows gadget Norton installs. Also new is the ability to remotely manage multiple Norton subscriptions from the web (handy feature for updating mom’s machine), the ability to scan your Facebook wall for malicious links, and a Reputation scan for determining a file’s trustworthiness.
Norton added 16 seconds to our system’s startup time, tying for last place. If you want, you can disable or delay the start of programs through Norton’s new Startup Manager. It’s similar to the one built into Windows, but far more robust and easier to use, and it reports resource usage (displayed as Low, Medium, or High). As before, Norton skips scanning unaltered files after the first pass-through, so an initial eight-minute scan was reduced to a little more than two and a half minutes.
In terms of protection, Norton continues to impress, both during internal tests and also those conducted by independent testing labs. Symantec tells us it’s added 120 new rules to Norton’s Sonar module, which is now better at detecting not only non-process threats like those hiding in DLL files, but also fake AV programs. We tried our best to trip up Norton, but it stood tall throughout testing.
McAfee Internet Security 2012
Light on its feet, but too easily tripped up by malware
Two years ago we applauded McAfee for giving its security suite a much‑needed makeover. McAfee apparently decided to leave well enough alone, as the UI looks identical to both the 2011 and 2010 models. We’re not advocating change for the sake of change, but compared to the current crop of AV applications, McAfee’s menu layout has fallen behind the times and now feels stale.
McAfee did teach its old dog some new tricks, though nothing that will win it Best in Show. USB and removable drives are now scanned automatically (if you want them to be), it’s supposedly better at blocking botnet software from communicating with the mother ship, and a preinstall scan sniffs out malware before McAfee gets fully settled.
McAfee hasn’t changed its appearance since 2010, but its real blemishes are beneath the surface.
Believe it or not, McAfee’s greatest strength is its low impact on performance. Our file transfer test took the same amount of time with or without McAfee installed. What’s more, McAfee added a mere five seconds to our boot time—impressive! We’re also blown away by McAfee’s speedy scan engine, which sifted through 35GB in less than 30 seconds on a second pass-through.
Cue the horror music because this is where things turn gruesome. While trotting around the web’s dark alleyways, McAfee tried its best to ward away hostile downloads, but was only semi-effective. File after cantankerous file filled up our desktop. As we clicked them, McAfee would often require a reboot to rinse off the scum. Repeated reboots quickly got old, and we still ended up with an infected test bed. After McAfee issued our system a clean bill of health, Malwarebytes detected more than 40 infections, including a MyDoom variant that sabotaged 25 percent of our CPU. That’s a problem.
McAfee made big strides in minimizing its impact on system resources, but it’s of little benefit if it can’t protect our system.
ESET Smart Security 5
Even the best boxers sometimes lose a round
ESET has flirted with a Kick Ass award each of the two previous times we reviewed it, and we had high hopes the third time would be the charm. But rather than receive a Kick Ass award, version 5 got its ass kicked by a fake AV virus and a few other pieces of malware. That’s unfortunate, because even though ESET has never offered the most features or fastest scan times, we could always count on it to overpower malware.
Don’t overpay for security—ESET offers several subscription options, ranging from one to two years for up to five PCs.
Things weren’t quite as bad as they were with McAfee, and ESET did a much better job at blocking polluted downloads and keeping us away from murky websites. However, the few containments it did let through worked our system over like a schoolyard bully picking on the class nerd. We couldn’t access the Task Manager to kill the offending processes, nor were we able to load MSConfig to disable misbehaving apps from loading with Windows. The fake AV program even prevented us from installing third-party software, an underhanded tactic intended to stop users from calling in the cavalry. Our only option was to boot into Safe Mode, but you’d have to be pretty tech savvy to deal with the infections ESET couldn’t.
Performance was a mixed bag. ESET didn’t impress us with its PCMark 7 or PCMark Vantage scores, yet it added only five seconds to boot and three seconds to our file transfer test. Our test bed didn’t feel slow, but if you live and breathe benchmark scores, ESET will leave you winded.
The list of grievances concludes with ESET’s clunky interface. It’s not terribly difficult to find your way around, but it’s just complicated enough to keep less experienced users from making changes. We had high hopes for ESET, but we are ultimately let down by this year’s release.
Webroot SecureAnywhere Complete 2012
Floats like a butterfly and stings malware like a 10-pound hornet
You could hear our collective groans from a country mile when Webroot told us its new SecureAnywhere line exists almost entirely in the cloud. Our first thought was, this is going to suck. Webroot proceeded to tell us that SecureAnywhere is like no other antivirus out there: it takes up a fraction of the hard disk space as competing security programs, consumes a minuscule amount of RAM, and can scan a hard drive in seconds, not minutes. All this while still being effective? There’s no way, or so we thought. Astonishingly, Webroot undersold its product.
Installing Webroot’s flagship SecureAnywhere Complete software took less than five seconds and consumed roughly 50MB of disk space. That’s because SecureAnywhere is mostly just a local command hub for Webroot’s cloud database where the bulk of the signatures are stored. With an active Internet connection, you’re plugged in to a constantly updated “threat intelligence network.” Combined with a multilayered heuristics analysis that examines a file’s behavior, age, and popularity, SecureAnywhere is able to detect zero-day and even zero-hour threats, at least in theory.
Webroot has its head in the cloud, and that’s precisely why SecureAnywhere is so light and effective.
In practice, SecureAnywhere works as advertised. We tested SecureAnywhere using the default settings and watched in surprise as it intercepted a bevy of threats, both locally and on the web. Against all odds, this tiny program towered like a giant. But what happens when you remove the cover of the cloud?
To find out, we disconnected from the Internet and unleashed a flurry of local attacks. As one might predict, SecureAnywhere stumbled, but it didn’t wave the white flag. When you’re working offline, SecureAnywhere still scans for suspicious activity and is able to block some threats. At the same time, it logs all active processes and tattles to the cloud the next time you’re online. If those processes turn out to be malicious, SecureAnywhere gets to work trying to stomp them out by reversing any changes that were made. It wasn’t quite as effective in our tests, but how often are you both offline and shuttling a bunch of dirty files to your PC?
Extras include a light firewall, cloud backup, a network manager capable of killing offending processes even when you’re cut off from the Task Manager, a customizable sandbox, and a whopping 124 settings to tinker with. Oh, and SecureAnywhere doesn’t conflict with other AV apps, so feel free to double-up with a free solution if you’re paranoid about security. Color us impressed.
Avira AntiVir Personal
Suffocates most malware but isn’t quite airtight
Avira’s AntiVir is a favorite for frugal computer geeks. It’s free, it doesn’t gorge itself on system resources, and it consistently performs well in front of the big independent testing labs, albeit not all of them. Both Virus Bulletin (www.virusbtn.com) and AV-Comparatives (www.av-comparatives.org) sing high praise for AntiVir’s detection rate, but the song coming from AV-Test (www.av-test.org) is less upbeat and tells of AntiVir faltering in the face of zero-day malware attacks. After putting AntiVir through our own battery of tests, we feel compelled to join AV-Test’s chorus line.
AntiVir recommends disabling Microsoft’s Windows Defender to avoid potential conflicts, but we think it’s a risk worth taking for the added protection.
At first, malware had a tough time slipping past AntiVir. Dirty download after dirty download was swept away. It wasn’t until we tried to install a fake AV program that things turned ugly. Rather than stop us from turning our test bed into a pop-up infested mess, Avira blinked, and it was lights out. AntiVir wasn’t the only one to fail this portion of our in-house testing, but somewhere along the line, it also let rogue code ensure that our efforts to click URLs from Google searches were redirected. Our verdict is inevitably going to disappoint staunch AntiVir advocates, and while it blocked the majority of threats we threw at it, the two it missed happened to be big ones.
On the plus side, system performance is virtually unaffected with AntiVir installed, save for a slightly longer boot time. There’s also a fair number of tweaking options, though digging into the settings feels a little cumbersome. Along with AntiVir’s inability to guard against some fake AV software, we wouldn’t advise installing it on relatives’ machines willy-nilly. Computer‑savvy users who plan to supplement AntiVir with smart computing habits and the occasional second opinion from a dedicated antispyware program (or two) should be OK. Faults aside, you can’t argue with the price.
How to avoid getting hit
The best protection against malware isn’t security software, it’s you, the user. You should consider antivirus software as your last line of defense, and if you really want to avoid malware—don’t we all?—you should steer clear of high-risk situations altogether. Here are some tips.
Above all else, keep your software up to date. It starts with Windows but extends to all of your system software, especially programs that connect to the Internet. If you have a lot of programs installed, Secunia PSI (free, bit.ly/DW9u) will sift through them and let you know which ones are out of date. It will even fetch updates for you.
Be extra cautious when connecting to open Wi-Fi networks like the ones you find at coffee shops, airports, and other public places. It doesn’t take much effort for a hacker to set up a fake free Wi-Fi hotspot in hopes that you’ll connect to his laptop instead of the real hotspot.
Whenever possible, try to avoid using someone else’s computer to check your webmail. Can you really trust that their system isn’t infected with a keylogger or a screen‑capture utility? It just isn’t worth the risk. If you simply must, don’t forget to log out.
Finally, check the file extension before you open what you think is a JPEG or some other picture format. We’ve seen dirty executables hide behind picture icons. Right-click and select Properties, or configure Windows to “Show hidden files, folders, and drives” by opening a folder and going to Tools > Folder Options > View.
AVG Anti-Virus Free 2012
The king of free AV is back, baby!
The latest version of AVG gets medieval on malware in the same unrelenting manner Duke Nukem hunts down alien scum, only without all the R-rated sound bites (that’d be rad though, wouldn’t it? Hold that thought…). Part of the reason it’s so effective is because of all the weapons it brings to the fight. This is an exciting trend we’re seeing in the free AV field and a marked departure from the days when no-cost security software only provided basic protection.
Too many of AVG’s menus include upgrade offers, marring an otherwise awesome (and free) antivirus program.
In this case, AVG hunts down viruses, spyware, Potentially Unwanted Programs (PUPs), rootkits, email‑borne threats, suspicious registry entries, boot sector viruses on removable media, and tracking cookies. AVG proved especially skillful at stopping unknown threats dead in their tracks. This is commonly known as behavior-based scanning, though for whatever reason, AVG chose to attach the moniker “Identity Protection” to this component, a peculiar and confusing choice of terminology that we initially thought was referencing some form of built-in ID theft protection. That isn’t included here, and neither are many of the extras typically stuffed in a complete security package—things like a firewall or parental controls. We did eventually manage to overwhelm AVG’s defenses, so it’s still a good idea to seek a second opinion from a dedicated spyware scanner on occasion. This holds true for all three free AV apps included in this roundup.
AVG’s dashboard is slightly chaotic, and it doesn’t help that it’s littered with upgrade offers. An abundance of tweaking options sits beneath the surface (Tools > Advanced settings), some more fleshed-out than others. And those R-rated sound bites you’re holding on to? You can attach them to a handful of events via a customizable soundboard. Way cool.
If you’re trying to save a few pennies by rolling your own security suite, this is a good place to start.
Avast Free Antivirus 6
Better than basic protection without the price tag
Let’s get one thing straight: Avast’s free antivirus software isn’t going to keep your PC squeaky clean if you’re determined to run reckless on the web and click every download that comes your way. Few programs can. But where Avast shines is in blocking most bad downloads from reaching the desktop in the first place. In our tests, Avast performed at least as well as some of the full-blown security suites, and in some cases did a better job screening websites.
Avast provides real-time protection against an assortment of malware, not just viruses, through eight configurable so-called “shields” you can fine-tune to your specific setup. Heavy file sharers will want to spend some time polishing the P2P Shield, for example, and there are other shields for instant messaging, email, network activity, and more.
Avast’s boot-time scan option helps rid your system of deeply rooted malware by attacking infections before they’re able to dig their hooks into Windows.
Be careful not to let the sheer number of shields lull you into a false sense of super-security. They weren’t strong enough to prevent every piece of malware from penetrating our test bed, though Avast did an above-average job minimizing the damage from unknown threats. One aspect of Avast we really like is that you can choose to have Potentially Unwanted Programs (PUPs) load in a sandboxed environment. By keeping suspicious programs at arm’s length of the OS, Avast adds another layer of security. Should that not be enough, Avast also includes a boot-time scanner to scrub out stubborn malware before it has a chance to load and defend itself. This was effective in removing some, but not all, of the infections Avast failed to prevent in real-time.
The notion that you always get what you pay for completely ignores the potential value inherent in free security software. More specifically, it disregards the level of protection that programs like Avast provide gratis, at least when combined with safe computing practices.
|Scan 1 (min:sec)||12:48||8:07||6:34||8:26||4:56|
|Scan 2 (min:sec)||12:14||2:40||1:18||2:14||0:28|
|6GB File Transfer (sec)||+8||+5||+3||+3||+0|
Antivirus Program Comparison Chart (2 of 2)
|Scan 1 (min:sec)||5:44||0:47||6:54||7:09||5:19|
|Scan 2 (min:sec)||0:27||0:10||4:36||7:31||0:59|
|6GB File Transfer (sec)||+3||+0||+0||+0||+2|