Behind every piece of malware—be it a virus, spyware, or any other form of hostile, destructive code—is a sneaky, scheming scoundrel, oftentimes someone you’d never suspect. Antivirus suites promise to defend your PC against all the baddies. We test 10 of the leading products to see which ones are best at keeping your PC safe.
And if all that weren’t enough, social networking continues to sweep the web, making it even easier for morally bereft miscreants to spread their foul files. Can you really trust that MySpace page you’re viewing not to contain some hidden element ready to do you harm? You even need to be suspicious of IMs, and that includes messages seemingly originating from contacts on your buddy list. It’s enough to make you want to wave the white flag—and if you plan on going into battle alone, you probably should.
But you don’t have to fight the fight all on your lonesome. Several security vendors offer software packages that not only promise protection against viruses, but also purport to run off rootkits, stop spam dead in its tracks, and even circumvent websites from loading hidden malware before it has a chance to run amok on your PC. This got us wondering, just how much protection is actually necessary?
To answer that question, we hit up all the major security vendors and asked them to send us their most robust packages. We also gathered the most popular free antivirus programs for comparison. After all, power users know how to practice safe computing habits, which can go a long way toward PC safety. We’ll cut through the hype to tell you if the protection you get with a paid app is any better than what you can get for free—or if the paid programs, which have become so huge as of late, are too unwieldy and ultimately more troublesome than the viruses they’re meant to combat.
It doesn’t matter how effective an AV app is at catching viruses if it means we have to suffer through constant nagging or performance degradation in our day-to-day computing. We’ve identified the five criteria by which security apps should be judged.
We know you spent time researching components and toiling over your system build, so why let a poorly optimized program transform your hot rod into a horse and buggy? To gauge each AV package’s performance impact, we loaded up a series of action scripts in OSMark (http://tinyurl.com/OSMark), paying close attention to both memory and CPU activity. We then compared the results to that of a clean install.
We’re also interested in how long it takes to complete a full system scan. In today’s dual- and quad-core landscape, you no longer have to sit idly by waiting for a scheduled scan to finish, but if you suspect your system has become ill, you won’t want to do much of anything until your virus scanner produces a clean bill of health. With stopwatch in hand, we measured the time it took each program to run through its routine.
Whether we’re using our PC for work or play, we don’t want to be bothered with near-constant nagging from our security software. An AV app should integrate seamlessly with the OS and be able to do its job with minimal interaction from the end user, while still offering at least some level of customization. Otherwise, it’s no less obtrusive than the viruses it’s supposed to be protecting against.
In order to assess how much each app intrudes on our day-to-day life, we performed a variety of common tasks to see how the AV software responds, if at all. This includes web surfing, downloading files, running executables, playing games, and everything else you’re likely to do with your PC.
We also took into account how much harassment we can expect to receive when the subscription runs out.
Anyone who’s ever shopped for a new car knows what it’s like to be pressured into paying extra for all kinds of upgrades. And just because the salesman is attempting to increase his profit margin doesn’t mean you can’t both benefit from tacking on useful additions, but that only works if you’ll actually use the added amenities. Do you really need six cup holders in a two-seat sports car?
Likewise, there’s no point in owning a security suite stuffed with apps if most of them suck. Not only that, but you need to consider whether this added functionality is easy to use and how much pestering you can expect from disabling unused features. We take all this into consideration.
Let’s be honest, nobody likes to pay for software utilities. It doesn’t matter that we spent an entire week’s pay on two of the hottest videocards so we can squeeze a few more frames per second out of Crysis or that we took out a loan to fund the fastest processor money shouldn’t buy (hey, it comes with an unlocked multiplier!), there’s just something about paying for security software that feels sacrilegious. Maybe it’s because the free alternatives have done so well in the past. Whatever the reason, these paid apps have to prove their worth in the bang-for-buck department. Higher-priced suites should come with a bevy of useful features, offer a high level of customization, be easy to navigate, and, above all, perform competently.
We don’t care what method each AV application uses to identify and disinfect viruses, so long as it gets the job done. The only way to find that out is to bombard each package with a multitude of payloads representing the thousands of viruses running rampant in the wild. Rather than scour the web trying to build up a repository of infected files, we turned to the experts to lend us a hand.
Virus Bulletin (www.virusbtn.com) is an independent testing lab whose certifications are sought after by antivirus vendors. We scrutinized the latest detection results for each AV app and paid attention to the percentage of viruses caught, which includes Trojans, polymorphic viruses, worms, bots, and more, and then we punished each app with our own collection of malware.
A computer virus is a piece of software or code capable of reproducing itself and spreading to other systems, but the term is often used to describe a multitude of threats. The effects of malware can range from mildly annoying to completely debilitating, sometimes costing corporations thousands of dollars in downtime and manpower to heal the outbreak. Let’s have a look at the different types of infections.
Trojan horse: Named after the mythological wooden horse used to sneak Odysseus and other Greek heroes into roy, a Trojan horse will masquerade as a legitimate program but will unleash a harmful payload once installed.
Worm: Computer worms are self-replicating programs that burrow into systems, seeking out vulnerabilities to exploit. The ability to spread all on their own makes worms particularly dangerous.
Spyware: Ever feel like you’re being watched? If your PC is infected with spyware, you just might be. Even worse, spyware not only monitors your activities but can also hijack your system with redirected web searches and other annoyances.
Polymorphic: To avoid detection, polymorphic malware constantly changes its own code, often using encryption with a variable key. This stealthy technique poses a problem for typical scanners.
Captain Obvious says that the best way to prevent infection is to avoid viruses in the first place, but what he doesn’t tell you is how to do it. And even though hackers continue to get more cunning in both delivery and execution, you can tip the odds considerably in your favor by practicing safe and sane computing.
If you receive an unknown or unexpected attachment, don’t open it no matter who it came from. Not only are some viruses capable of emailing themselves to everyone they find in an infected user’s address book, but inexperienced computer users are just as guilty of passing along payloads as hackers are of distributing them.
BitTorrent sites and peer-to-peer networking clients are also common modes of spreading infection. When attempting to download a legitimate program—a Linux distro, for instance —use the link provided at the vendor’s website. Pirated software is a particularly popular source of malware, so if your moral compass doesn’t steer you toward the straight and narrow, the risk of infection should.
And finally, get in the habit of regularly checking for software updates. New exploits are always being discovered in Windows, QuickTime, web browsers, and other common programs.
A mishmash of features leaves us with mixed feelings
Most enthusiasts view McAfee as just another resource hog often found in OEM systems alongside performance-pillaging bloatware. Fair assessment or not, this is the perception McAfee’s up against in trying to win over the PC elite. It helps that the company isn’t blissfully unaware of the importance placed on performance; its latest edition promises to raise the bar with a more efficient engine that won’t drag your system down.
In our testing, McAfee fell in the middle of the pack instead of leading the charge. RAM consumption crept above what we’d consider lean, and while scanning for malware, CPU utilization often hovered around 40 percent. That in itself isn’t criminal, but we felt swindled when all it bought us was the second-slowest scan time of the bunch—although, remarkably, we didn’t see much of a drop in gaming or day-to-day computing performance.
McAfee’s list of features ranges in practicality from the beneficial to the unlikely to ever be used. Occupying the former camp are spyware protection, a highly configurable firewall, email and IM guards, basic parental controls, and a file shredder. But we just can’t get stoked about the virus map, which displays global viral hot spots, or the HackerWatch module, which looks for patterns of attack around the world to report to ISPs. And still other features, like Active Protection for real-time safeguards, will be made available only through future updates—boo!
Living up to its name, McAfee Total Protection 2009 proved a formidable adversary against all types of malware and stopped malicious websites from loading. We also dig McAfee’s SiteAdvisor tool, which not only identifies questionable search results but also gives a detailed report on why the URL is suspect. But no matter how good it protects, we’re not willing to endure slow scanning performance or wait for features that should have been available at release.
$70 (3 PCs)
Could this be the luxury sedan of antivirus suites?
For the latest version of its AV suite, Symantec went back to the drawing board and completely rewritten the program from the ground up with a focus on speed. Even the installer has been revamped; in an attempt to reduce setup time to less than a minute (we clocked it at 55 seconds), Symantec coded its own proprietary installer instead of using Microsoft’s, as it has
in the past.
This year’s release adds a smart scheduler that monitors task utilization in real time and queues up its task if the system is busy. This means if you’re lining up a headshot in your favorite shooter, NIS will take a backseat until system resources are freed. But if a task qualifies as critical, it will run regardless of what you’re doing, so you can continue to crunch
Folding@Home without being a sitting target. And to keep itself honest, Symantec integrates a system monitor showing what percentage of CPU cycles NIS is consuming—nifty!
Live Update has been rewritten too, and in addition to regular updates, Symantec sends out micro updates. These pulse updates ensure that when a new threat is discovered in the wild, you’ll have the necessary signature definition within minutes instead of waiting up to 24 hours for the next refresh.
The program swept through our test system in less than 10 minutes, and subsequent scans completed in less than two minutes! NIS accomplishes this by discerning between trusted and untrusted files and by default won’t rescan files that haven’t changed.
NIS 2009 leaves virtually no security stone unturned. Our biggest knock is that not all features work under Vista x64, such as right-click scanning. Still, if security suites were cars, consider NIS 2009 a decked-out Lexus.
$70 (3 PCs)
Why pay more when you can get the same or better for less?
At $80 for a one-year subscription, Kaspersky charges more than any other suite we tested. If you buy the downloadable version instead of a retail boxed copy, the license is good for up to three users—that’s little consolation to single-PC
Kaspersky also holds the undesirable record for longest install time. What started off as a pokey two-minute install ballooned into an agonizing eight minutes composed of a tediously long update and no less than two reboots.
Once we were finally up and running, Kaspersky began to atone for its pricing and installation sins. Like Norton’s package, Kaspersky significantly shortens subsequent system scans by skipping files already determined to be clean. During an initial run-through, Kaspersky’s iChecker algorithm makes note of certain files’ digital signatures and saves them in a special table. If the signature matches the next time a scan takes place, the file will be skipped over. The result is that a 12-minute system scan was reduced to a blazing one minute and 14 seconds, finally setting a record Kaspersky could be proud of.
Like the other full-featured suites, Kaspersky crams a multitude of tools into a neatly organized package and manages to set itself apart in some areas. Rather than limit email scanning to Outlook and POP3, Kaspersky also analyzes IMAP traffic. It boasts a banner-ad blocker and, through parental controls, the ability to limit how much time children can roam the web. Finally, road warriors will appreciate the option to automatically disable scheduled scans when running on battery power.
Kaspersky provided a formidable wall of defense against both viruses and spyware, keeping our test bed protected against Trojans, dialers, and other Internet-bound ills. But so did some of the less-expensive suites.
$80 (3 PCs)
An old favorite gets a new look
Now in version 8.0, AVG’s latest release appears to have taken a page or three from Vista. A redesigned interface sports high-resolution icons and a more colorful palette, and even the system tray icon feels borrowed from Microsoft’s newest OS; turn off one of the security modules and the icon turns red, alerting you of impending doom, even if you’ve only disabled the spam filter. That’s just wacky. Thankfully, you can turn off the ominous notification.
No other AV application we tested consumed more RAM, and our performance benchmarks took the biggest hit with AVG installed. During a system scan (which, while not the slowest, dragged along at the tail end of all the suites), CPU utilization averaged 25 percent with sporadic spikes reaching as high as 84 percent. We didn’t know if AVG was scanning or having a seizure.
AVG provides one of the more feature-rich packages of the bunch. In addition to the new scanning engine, you’ll find spam and spyware protection, a firewall, safeguards against drive-by downloads, immunity against IM-bound attacks (IQC and MSN only), a customizable scheduler, and a rootkit scanner. Tying it all together is a back end brimming with options to satiate even the most demanding security connoisseur.
We especially like the concept behind AVG’s web protection; we just wish it worked better. The Active Surf-Shield component scans visited web pages for malicious code and the Search Shield checks Google, MSN, and Yahoo search results for active threats, but enabling them slows down web surfing. And at the time of this writing, Search Shield was not working with Firefox 3.0.
AVG’s detection rate dips below that of the best-performing AV apps during Virus Bulletin’s extensive testing but still earned a VB100 award, meaning it caught all of VB’s in-the-wild viruses with no false positives. ANG also excelled in our own tests. Just make sure you have a modern system to run it on.
$55 (2 yrs)
You won’t find many diamonds in this rough
It’s almost as if Czech-based developer ALWIL intentionally designed Avast! to be annoying, starting with the exclamation point in the program’s title. We can forgive the name, but we’re not so quick to offer amnesty for the program’s other failings.
Despite being offered as a free download for home use, you’re required to register the product, after which you’ll be sent a product key. Without it, the program will stop working after 60 days. Worse yet, you have to re-register every year just as you do with a paid program, which doesn’t instill confidence that ALWIL won’t one day decide to stop offering Avast! gratis.
What starts off as a ridiculously fast install time turns into a 20-minute endeavor if you choose to perform a boot-time scan during the required system restart. Scanning our test system from within Windows was even slower, taking 24 minutes, making Avast! by far the pokiest of the pack. The slow-footed scanner was also the second-largest system hog.
We’re not sold on the gimmicky main menu, which deliberately resembles a media player complete with a play, pause, and stop dial for controlling system scans. We’re grateful the On-Access Scanner menu takes a more mainstream approach, and it’s here where you’ll spend time customizing the several shields. In addition to the usual suspects—web shield, Outlook/Exchange module, Internet mail controls, system and network shields—you’ll find support for nearly every IM and P2P client you can think of.
It’s a shame so much about Avast! annoys us because the scanning engine, despite bogging down our system, had us strutting across the web with reckless abandon. Avast! cut off all forms of malware at the knees, preventing us from downloading various forms of pestilence and blockading their websites of origin. But ultimately you’re just trading one inconvenience for another.
A superbly high detection rate makes up for paltry options
At first glance, you might be inclined to dismiss Avira’s AntiVir as nothing more than a run-of-the-mill virus scanner with a feature set that’s as meager as its price. The sparse interface certainly won’t wow any power users, but it would be a mistake to cast AntiVir aside based solely on appearance. A tiny checkbox in the upper-left corner of the configuration screen unlocks the program’s Expert mode, and with it a heap of options previously unavailable. This still doesn’t put the program on par with the more robust packages in our roundup, nor is the menu system laid out as intelligently as some of the other programs’. Nevertheless, you’re given enough control not to feel cheated, even for software you didn’t have to pay for.
You can choose between three levels of heuristic scanning (low, medium, or high) or turn it off completely. Likewise, enabling the Macrovirus heuristics option will ensure that all macros are deleted in the event an infection necessitates a repair. AntiVir will also rummage for rootkits and examine emails for suspect files, and it even proved surprisingly successful at killing off keyloggers, a feature Avira doesn’t list for any of its security products. What it won’t do is combat most forms of spyware or prevent hackers from exploiting your browser.
AntiVir’s biggest strength lies in its detection rate. It’s the only scanner in our roundup to triumph with a near clean sweep during Virus Bulletin’s latest testing, and it did so without reporting any false positives. That’s impressive. AntiVir performed equally well in our Lab, as long as we didn’t attempt to install spyware or hijack the browser.
If you can live with the popup ad AntiVir forces you to view each time a scheduled update is performed, you’ll be rewarded with a potent, no-cost AV scanner. Move over AVG, we have a new favorite freebie.
Power users not willing to concede an ounce of performance during day-to-day computing will get exactly what they bargained for in F-Protect, whose small footprint should be its calling card. After a stupid-fast 35-second install routine (plus a reboot), our test system raced along just as zippy as it did with no AV software installed. This will come as a boon for anyone falling short on system resources or still trying to get by with an older rig.
Performance comes at a price, however, in the form of a stripped-down interface and limited options that often carry caveats. For instance, you can instruct F-Protect to scan your email through Outlook, but not any other email client. And while heuristic scanning comes as part of the bargain, you’re not able to tell F-Protect how aggressively it should zone in on unknown files. Don’t look for any extras, either—like a separate spyware scanner, phishing protection, spam controls, or identity safeguards—because you won’t find anything more than the bare essentials.
We’d be OK with this if F-Protect built up an impenetrable wall, but this one’s easily breeched. We tried downloading a test virus from the European Institute for Computer Antivirus Research (EICAR) website using Internet Explorer, and F-Protect promptly vaporized the imposter before it could reach the desktop. And while we got further with Firefox, F-Protect nixed our attempt to execute the fake virus. But when the threat became real, things took a dramatic turn for the worse.
Repeating the same test with a dirty executable we knew contained a real payload, all hell broke loose. Opening the virus-laden .exe unleashed a fury of fiendish files that nuked our desktop background, killed our Internet connection, took our system hostage with sluggish performance—and whisked away our confidence in F-Protect’s bare-bones approach to security.
$29 (up to 5 PCs)
Like its paid version, AVG’s free edition pounces on viruses before they have a chance to hamstring your PC. It didn’t matter what payloads we clicked because AVG acts like an assassin whenever it detects a tainted file. Indeed, where AntiVir proved futile in keeping our browser from getting hijacked and preventing potentially unwanted applications (PUPs) from running, AVG swooped in to save the day, sans goofy looking tights.
That doesn’t mean you can completely let down your guard. AVG’s freebie app trades in the paid suite’s decked-out utility belt for one with less gadgets, ultimately leaving you less equipped to defend yourself against a wider variety of threats. The free edition doesn’t come with an anti-rootkit scanner, and if you plan on strolling through seedier sections of the web, you’ll have to do so without AVG’s Web Shield, which provides real-time protection against hidden malware. IM protection gets axed in the free version too, as do the anti-spam controls and firewall, neither of which give us cause for concern.
What you’re left with is a basic but powerful scanner with a few extras thrown in. Configuring POP3 and SMTP settings ensures you’re guarded against email bound malware, the resident shield can be set up to seek tracking cookies, and AVG’s LinkScanner analyzes your web search results so you don’t fall prey to a trap.
If that were the end of the story, AVG would remain our free scanner of choice, but this latest version adds another chapter that we’re not so fond of. While it doesn’t come with a price tag, you pay dearly for AVG’s multi-faceted protection. AVG chews on system resources like nobody’s business, and we don’t recommend playing games during a scheduled scan, lest it’s your FPS that gets fragged.
We suspected PC Tools of cutting corners after we recorded an insanely fast 8-second install routine, and that includes the time it took to download the latest virus definitions. We grew even more leery after the company’s program turned in the fastest initial system scan time of every AV app we tested. Either PC Tools Antivirus is harboring some serious horsepower under the hood or we call shenanigans on the scanning engine. In our opinion, it’s the latter.
The reason PC Tools beat all the competition is because it took a shortcut to the finish line, scanning only about 15 percent of the files on our hard drive. We’d be OK with that if, like some of the other applications tested, it had raced through a qualifying lap and determined which files could be skipped, but this happened during a first run.
Still, it wasn’t until we test drove PC Tools on the web that we lost faith in the program. Downloading the same contaminated executable as we’d been using for each application, PC Tools remained in a near comatose state as Trojans and downloaders took control of our system. It did manage to catch a small handful before they could do harm, but the dozens it missed left us conceding defeat. Our system was in such bad shape that neither an online scan nor an antispyware sweep could restore our test bed to anything resembling a healthy PC.
With a little digging, PC Tools’ sparse-looking interface hides a handful of options to make you feel as though you’re fine-tuning your security. You can turn heuristic scanning on or off, configure specific ports for email scanning, and force the scanner to dig through all levels of an archive, but why bother? The time you spend setting up rules would be better spent downloading a different antivirus program, preferably one that works.
Independent test labs consistently rank ESET’s Nod32 antivirus program as one of the top performers, so how has company gone about improving its product? For starters, the Smart Security suite builds on Nod32’s core by stuffing a personal firewall, antispyware module, web access protection, and spam controls into a tidy 22MB package. But that’s just the beginning.
From first click to finish, you’ll be up and running in less than a minute with no reboot required. The default settings will have you ready to romp around the web, but should you decide to dive into the interface’s advanced section, you’ll find a truckload of options at your disposal in plain English.
In addition to scouring your local drives, the real-time file protection homes in on removable media and network drives too. And when it comes to safeguarding your email, if you’re not using Outlook, simply expand the POP3 tree and put a checkmark next to your email client of choice, or click the Add button if you don’t see it listed. It doesn’t get any easier than this.
Parental units and IT admins alike will appreciate the ability to block specific web addresses, and support for wildcard entries save you the time of inputting every subdomain. Once you have everything configured, export your settings to an XML file for effortless configuration of your entire home or work network.
Given the bevy of options and stellar track record, we were determined to uncover an Achilles’ heel, but we just couldn’t find one. ESET’s Smart Security thwarted our attempts to download infected files, making the scant 7 minutes and 54 seconds it took to scan our system feel as though we were just going through the motions.
Only the lack of identity protection and the inability to create a rescue disk prevent this from being the perfect package. As it stands, it will have to settle for near-perfect.
$59 1 yr ($89 2 yrs)
Correction: PC Tools AntiVirus does include both heuristics and email scanning.