In some ways, visiting cyberspace is kind of like entering a crowded subway car during the peak of flu season. You’re surrounded by all sorts of germs—in the form of trojans, spyware, viruses, rootkits, etc.—just looking for a vulnerable host to invade and feed on. Once you’re infected, these pests can wreak havoc on your system, swiping your personal information and passwords, annihilating your credit rating, and stealing your identity. To avoid a potentially virulent attack, you need to take precautions.
Wouldn’t it be great if we could ward off both human and computer viruses in one (gooey) swoop?
Smart computing habits—like never downloading unexpected email attachments—are your first line of defense, but that’s not always enough. The best way to protect yourself is with a serious immunity booster, which is exactly what all-in-one security suites provide. Based on our prior antivirus roundups, it’s no longer a question of whether an all-encompassing antivirus package can provide adequate protection on all fronts, but which one does it best?
To find out, we’re pitting the 2011 versions of last year’s top five performing AV applications against five security suites we’ve never before reviewed. The two exceptions are ESET Smart Security, which hasn’t been overhauled since our last roundup, and Kaspersky Internet Security 2011, which we already evaluated and gave a 9 verdict / Kick Ass award to for its rich (and useful) feature-set and insane level of protection. If the product you’re interested in didn’t make the cut, don’t fret; we’ll continue to run stand-alone AV reviews in future issues. In the meantime, we’re anxious to see if any of these suites are as capable as Kaspersky at protecting your PC’s health.
To earn a passing score, security suites have to excel in each of these five subjects.
We don’t spend hours tweaking our rigs to have sloppily coded software muck with system performance. That’s why we’re holding these suites accountable by looking at the overall performance picture. Compared to a clean install, we’re looking at things like boot times, PCMark Vantage benchmarks, file-transfer performance, and system resources. And, of course, we’re also interested in how long it takes to complete a system scan.
A security suite that’s constantly bombarding us with pop-ups and benign alerts can be just as bothersome as the malware it’s protecting us from. Your home security system doesn’t tell you every time a car or person walks by your home, and likewise, AV software should only interrupt you if there’s real trouble. We also take into account how easy (or hard) it is to navigate the UI.
Most power users will bleed their PayPal accounts dry funding a hardware upgrade, like a dual-GPU videocard or smoking-fast solid-state drive. But why shell out any money on security software when there are so many free options available? That’s up to this year’s contenders to answer, and to keep them honest, we’re also including two completely free AV scanners.
Eight of the 10 AV apps in this year’s roundup are full-fledged security suites. What separates these packages from regular antivirus software are the extra components, from enhanced spyware protection to spam controls, and whatever else each vendor decides to stuff in the box. But equally important is how meaningful these features are and how well they’re integrated. Think of it as the difference between ABS brakes, which we’ll take when shopping for a car, versus an air freshener, which doesn’t add any value. The same concept applies.
We’ve had success separating the wheat from the chaff in the past, so we’re not changing things up drastically here. We start by subjecting each AV app to synthetic spyware and virus tests provided by www.spycar.org and www.eicar.org. Next we romp around the web’s more treacherous destinations looking for trouble. We cap off our in-house testing by lobbing our own collection of malware grenades, which we’ve added to this year. Finally, we evaluate the results of independent testing labs, like Virus Bulletin (www.virusbtn.com), AV-Comparatives (www.av-comparatives.org), and AV-Test (www.av-test.org).
Microsoft didn’t even bother to announce a version upgrade from 1.0 to 2.0, and at a glance, you wouldn’t be able to tell the difference. But make no mistake, Microsoft’s team of mechanics tweaked the scan engine and made some other changes underneath the hood.
MSE provides a handful of options for scheduled scans, but doesn’t include the ability to set up two different types (Full and Quick) on different days.
Let’s talk performance. Last year’s version plodded through our files without any sense of urgency, and the speed didn’t pick up during subsequent scans. This time around, the scan engine didn’t waste time investigating clean files that hadn’t been altered. The result is that a laborious 27-minute scan was reduced to less than eight and a half minutes the second time around. Still not great, but MSE’s at least headed in the right direction.
MSE leaves a smaller footprint than an Oompa-Loompa. We recorded a boot penalty of just 10 seconds, and things only improved from there. Copying a 3GB collection of files to our local drive took the same amount of time with or without MSE installed, and memory usage increased only a few percentage points.
Version 2.0 manhandled our updated collection of malware and sailed through another round of testing from Virus Bulletin, earning its second consecutive VB100 award on the Windows 7 platform. And unlike before, version 2.0 keeps the Windows Firewall in check and alerts you if it’s turned off. We just wish there were more to play with. You won’t find nearly the same level of customization as a paid security suite. MSE lets you configure a scheduled scan, for example, but you can’t schedule a Quick scan one day and a Full scan on another. It’s also frustrating that you’re unable to pause scans, only cancel them outright.
With an improved scan engine and the same stellar protection as before, Microsoft Security Essentials is still the freebie AV app to beat.
Light on resources; unobtrusive; integrates well with Windows.
Short on features; scan speed still needs work.
With the release of NIS 2011, it’s apparent Symantec is still trying to shed its lingering image in power-user circles as a resource pig, perhaps a little too hard at times. The new user interface is sleek and sexy with plenty of configuration options to drill into, but it’s also a little daunting for less savvy PC users. It’s the polar opposite of Microsoft Security Essentials, and if you’re experienced with computers, that’s great. Your Aunt Agnes, however, probably won’t make heads or tails out of it all.
Norton’s redesigned UI wins on sex appeal but suffers from a case of information overload.
The main window provides on/off switches for a variety of modules, and if you dive into the Settings menu, you’ll find a whole bunch of additional tools. It’s sheer overload for Aunt Agnes, who won’t understand the difference between Browser Protection, Safe Surfing, and Download Intelligence, all of which appear on the main interface. Hover over any of these, however, and Norton does a serviceable job explaining what they are.
Unlike last year’s version, trying to trip up NIS with our malware samples proved futile. Symantec upgraded its SONAR technology, which pays close attention to how a program behaves rather than relying solely on virus definitions. The idea is to catch zero-day threats that slip into the wild, and it worked beautifully with our contaminated archive. NIS also shields against potentially harmful websites, though you can still truck through if you suspect it’s a false positive.
Installing Norton had no impact on our test bed’s boot time, and system scans were among the fastest of the bunch. We’re beating what’s left of a dead horse at this point, but this isn’t the same Norton from three-plus years ago. Our only real complaint is that Symantec perhaps caters a little too much to enthusiasts and risks alienating some mainstream users.
Fast scan engine; low system impact.
Confusing interface for inexperienced computer users; lacks a virtual keyboard.
$70 (1 Year, 3 PCs), http://us.norton.com
Like Norton, McAfee’s struggling to overcome an unflattering reputation among the tech-literate in hopes of expanding its user base beyond the OEM crowd, and last year’s completely retooled version went a long way toward that goal.
Not much has changed in the 2011 version. It’s still easy to navigate, comparatively light on resources (versus pre-2010 versions), and malware detection is still a mixed bag. McAfee started off strong by breezing through our initial spyware and virus tests, and we nearly finished bombarding the suite with our expanded collection of dirty files without incident. But when a zero-day test file slipped past McAfee undetected, our test bed gave up the ghost and entered a BSoD loop we couldn’t fix. McAfee isn’t the only program that had trouble recognizing the file; we uploaded it to Virus Total (www.virustotal.com) and only 12 out of 42 virus scanners flagged it as malicious. Nevertheless, McAfee’s behavioral-based scanning didn’t detect anything was wrong, and that’s troubling.
Like many antivirus suites, McAfee uses a color-code system. A green bar means all systems are go. If anything needs your attention, it will turn red.
We turned to the malware experts to see if our findings mirrored theirs. Virus Bulletin denied McAfee a VB100 award because it let a virus from its WildList—a list of currently active viruses in the wild—slip through undetected, and according to AV-Test.org’s test results, McAfee performs below the industry average in protecting against zero-day threats. Not good.
McAfee isn’t without merits. The two-way firewall is incredibly easy to configure, and for mobile warriors, the 2011 update adds CPU monitoring intended to improve battery life. It does this by delaying automatic definition updates and other background tasks when the system disk is in an idle state. And contrary to popular assumption, McAfee had little impact on system performance. Kudos for all that, but when the rubber meets the road, McAfee’s airbag may fail to deploy, sending you crashing through Windows.
Uncluttered UI; configuring the firewall is a breeze.
Over-reliance on virus signatures leaves you vulnerable to zero-day threats.
$40 (1 year, 3 PCs), http://home.mcafee.com
Panda holds a ton of promise, and if it weren’t for a few niggling issues, we’d anoint it our favorite security suite. But there are some things that just can’t be ignored, like the same persistent pop-ups we complained about in the 2010 release. It started from the get-go with Panda reminding us that we still needed to activate the program (even though we hadn’t previously been prompted). Shortly after, another pop-up appeared imploring us to register, something that is usually optional. In this case, our choices were to go ahead and register or be reminded at a future date (one day, one week, or one month), with no option to disregard it forever. Bad Panda!
Panda does its due diligence in alerting you to potential threats, but it overreacts to your home network, at least at first. Less savvy computer users may end up inadvertently blocking file shares, thinking that the pop-up represents a real danger when in fact it doesn’t.
Panda’s new UI now includes a virtual keyboard as an added precaution against keyloggers.
Our other issue is with Panda’s pokey scan engine. Panda subjects certain files to its Collective Intelligence database in the cloud, and a company representative warned us this would slow down scanning. It did, but the real problem is with Panda’s poor file-caching algorithm, which shaved only 26 seconds off a second system sweep that wasn’t that fast to begin with.
That’s what we don’t like about Panda, but there are plenty of redeeming qualities. We were told to expect improved boot times over time, and that’s what we saw. Initially, Panda added 15 seconds to startup, but after several reboots, Panda settled down to five seconds over a clean install. We also dig the repainted UI. It’s mostly an aesthetic change from last year’s version, but still packed with features—like a home network manager, ID theft protection, remote access, and more—all thoughtfully arranged.
When we fed Panda our malware samples, it chewed them up like a real panda bear chomps on bamboo. It also zipped through AV-Test.org’s much larger collection of malware, scoring higher than the industry average in each of four virus categories. And as an added layer of protection, Panda now includes a virtual keyboard, in case you’re paranoid about keyloggers.
Panda’s not the fastest security suite, nor is it always well behaved, at least at first. But if you can overlook its flaws, it will protect your system unconditionally.
Virtual keyboard; checks the cloud for updated threats.
Poor file caching and too many alerts.
$60 (1 year, 3 PCs), www.pandasecurity.com
BitDefender flies in the face of conventional wisdom in more ways than one. Like most security suites, BIS runs the risk of spreading itself too thin by combining antivirus, antispyware, antiphishing, a firewall, parental controls, antispam, and more into a single package. That’s a challenge in and of itself, but BitDefender also attempts to cater to computer users of all skill levels, whether you consider yourself a beginner, intermediate, or expert. A tough challenge, but BitDefender proves up to the task.
Last year’s version of BitDefender also included different layouts to choose from, but they weren’t as slick or user friendly as they are now.
BitDefender prompts you to choose your level of expertise during installation, with each option sporting a different dashboard. You’re given a glimpse of each UI along with a short explanation before you commit, but can also select a different layout if you later change your mind. What’s great about this is that you can slap the Basic View on your parents’ rig and not have to worry about them inadvertently pushing a button they shouldn’t, and use the Intermediate or Expert layout on your own machine. The Intermediate UI is a step up from Basic in that you can customize the dashboard with up to 14 scrollable icons (Basic has three), while the Expert layout throws everything plus the kitchen sink and all the plumbing at you.
None of this would matter if BitDefender went belly up the first time you encountered a virus, but in our testing, it stood tall. It also zipped through our test bed’s hard drive like it was late for a date, reducing a little more than a six-minute scan to less than two minutes the second time around. There’s even a vulnerability scan that combs your system looking for unpatched software, missing Windows updates, and weak passwords.
Last year we concluded that “we’d always know we settled” with Bit-Defender, and now we’re wondering why we’d settle for anything else.
Suitable for all skill levels; supersonic scan speed.
No virtual keyboard.
$50 (1 year, 3 PCs), www.bitdefender.com
It’s hard not to look a gift horse in the mouth when you’re told it’s a potential thoroughbred capable of racing in the Kentucky Derby, but later find out it’s limping on two legs short of a set and isn’t even fit for making glue. That’s what we think about ClamWin, a free, open-source antivirus program that comes saddled with “gotchas.”
If ClamWin finds a virus, it doesn’t actually eradicate it unless you change the default setting from “Report Only” to “Remove” or “Move to Quarantine Folder.”
The main problem with ClamWin is it doesn’t offer any kind of real-time protection. It’s strictly an on-demand scanner, so your only chance of avoiding infection is to either manually inspect every file you download, or set up a rigorous automated scan schedule. But even that’s a chore, because you have to configure a separate schedule for every drive/partition in your system. And it doesn’t help matters that ClamWin’s scan engine moves at a snail’s pace. Oh, and it won’t bother analyzing files larger than 100MB unless you change the default setting, nor is it configured to actually delete or even quarantine malware by default.
Actually, we should be careful of using the term “malware.” ClamWin cowers under the blanket when you surf the web, leaving you susceptible to spyware, phishing attacks, browser hijacks, adware, worms, and anything else that requires a real-time scanner. And despite the developer’s claims that “you will be as safe as with a commercial antivirus” so long as you scan suspicious files before opening them, ClamWin gave a handful of our virus samples a clean bill of health. Grrr!
If you insist on using ClamWin, if only to support the open-source community, supplement it with Clam Sentinel (free, http://bit.ly/fayEdZ), an add-on that sits in the system tray and offers basic real-time scanning. You also better be rocking Windows Defender or some other antispyware program so you’re not naked on the web.
No on-access scanning; doesn’t protect against web-based threats; requires too much fiddling.
Sharing the spotlight with ZA’s well-known firewall is Kaspersky’s integrated scan engine. Kaspersky earned a 9 verdict and a Kick Ass award last year, and in our eyes, pairing its scan engine with ZA’s firewall is like hiring Chuck Norris and Bruce Lee as your personal bodyguards. If only they had come dressed for the job.
ZoneAlarm does a fantastic job managing its two-way firewall, which offers up a boatload of customizations for networking ninjas.
Getting acquainted with the text-heavy UI takes a little work. The main window consists of a center panel outlining the status of the firewall, antivirus/antispyware, antiphishing, and browser security modules. This is flanked by a column of options on the left-hand side and a right-justified panel housing additional services, each of which redirects you to a web page to download and configure. It’s not the worst interface in the world, nor is it particularly swank. To perform anything other than a Quick Scan, for example, you have to drill into the antivirus menu, select Advanced Options, highlight Scan Modes under Virus Management, and then select a new default option, which applies to both manual and scheduled scans.
The integration of ZoneAlarm’s ForceField software adds an additional layer of security while cruising the web, but only if you’re driving IE or Firefox. If you are, ZA will scan every download before it touches your desktop, as well as give you the option of loading your browser in a virtual filesystem. Doing so redirects unsolicited downloads away from the OS and encrypts keystrokes, effectively jamming keyloggers. Huzzah!
All this protection adds up to a slightly heavy package. PCMark performance took a hit, and boot times jumped all over the place, finally averaging plus-six seconds (compared to a clean install), but occasionally would take much longer.
We found downloading updates a sometimes laborious waiting game, though this is only a potential problem if you have reason to check for updated definitions rather than let ZA do it for you. As malware detection goes, Check Point’s decision to integrate Kaspersky predictably turned out to be a good one, though it’s not as hurried as the fastest-performing scanners.
ZoneAlarm caught our entire collection of malware, and Kaspersky’s antivirus engine continues to earn high marks from independent testing labs.
It’s too bad ZA discriminates against Chrome, which is quickly picking up market share. And we wish it were a little more nimble. Otherwise, the pairing of a powerful firewall along with one of the best AV scan engines is a winning combination.
Top-notch firewall and Kaspersky scan engine is a potent one-two combo.
Browser protection doesn’t extend to Chrome; text-heavy UI.
$60, (1 year, 3PCs), www.zonealarm.com
When you first install BullGuard, you’re prompted to select a notification level. One of the two choices clamps a muzzle on BullGuard, stifling alerts the program can figure out on its own. The other promises more notifications so you’ll always know what the mutt is up to. We say mutt because BullGuard is another security suite that builds on top of someone else’s scan engine. We saw this with ZoneAlarm, which chose to go with Kaspersky, while BullGuard fetched BitDefender’s scan engine, another solid choice.
Don’t pay any attention to BullGuard’s password strength meter, which gives all eight-character passwords a maximum strength rating.
Initially, however, we feared BullGuard’s bark would be worse than its bite. During the final stage of installation, you’re asked to create a username and password. The password shows up in plain view unless you uncheck the “Show password” box, but more disconcerting is the so-called “strength meter.” All this does is evaluate how many characters you’ve entered. We typed “Password” and registered a full five bars on the strength meter, even though that’s arguably the weakest eight-character password you could possibly choose. It’s a minor gripe, but the feature could give greenhorn users a false sense of security.
Surfing the web was another story. BullGuard went into attack mode and sank its teeth into malicious downloads, a credit to its behavioral-based scanning. And when we chucked our own collection of malware onto the desktop, we might as well have thrown BullGuard a meaty bone, because the outcome was the same.
We paid a heavy price for all this protection, and we’re not talking about skrilla. Startup time never seemed to settle down after several reboots, taking an additional 32 seconds over a clean install. BullGuard was one of the few AV programs to noticeably affect file transfers, and the low PCMark score is a concern. These issues drag down an otherwise well-trained security companion.
Excellent behavioral-based scanning; customizable alerts.
Slows down system performance.
$60 (1 year, 3 PCs), www.bullguard.com
Webroot used to focus its attention solely on system utilities and antispyware programs, such as Spy Sweeper, arguably it’s most popular product. Starting in 2006, Webroot widened its security net and now offers a fleshed-out lineup of antivirus products, the one reviewed here being its flagship suite.
Green and purple is a garish combination, but the color scheme is about the only thing Webroot gets wrong with the UI.
In making the transition from antispyware specialist to an all-encompassing security vendor, Webroot didn’t build its own scan engine and instead uses one provided by Sophos, a well-known security lab. This comes wrapped in a clever UI that’s one of the best we’ve seen. Webroot lays out the program’s four main functions—PC Security, Sync & Sharing, System Cleaner, Identity & Privacy—within easy reach via four large squares. A green checkmark or yellow exclamation point in the upper left corner of each square gives you a quick status report. Hovering over a square expands it to show additional information, like the next scheduled scan, as well as a link to edit settings. Clicking a box brings up a tabbed menu that consolidates all the advanced features into a single, manageable window. It’s a brilliant design with an intuitive flow.
Curiously missing from Webroot’s top-of-the-line security software are parental controls. In the plus column, Webroot includes 10GB of online storage, about five times as much as most other suites offer, and something we might actually use. We also appreciate Webroot’s quiet nature, as it doesn’t bombard you with pop-ups or silly questions it can figure out on its own.
Webroot did a good job thwarting spyware and zero-day threats, but toward the end of testing, it fell for one of the oldest tricks in the book by letting a fake AV program take control of our test bed. Even a safe-mode scan proved futile. The high RAM use didn’t earn any brownie points, either.
Extremely well designed UI; lots of online storage.
Heavy RAM use; scan engine needs some TLC.
$80 (1 year, 3 PCs), www.webroot.com
F-Secure caught lightning in a bottle, poured it into its scan engine, and then built a security suite around it. When we say this scanner’s fast, we mean buckle up, hold on to the seat of your pants, and hope you don’t get whiplash. F-Secure’s scanner sped through our test bed in just three minutes and 18 seconds the first time around, which is nearly twice as fast as the next-quickest AV suite and more nimble than the second, optimized scans of 60 percent of the other apps in this roundup. During a second scan, F-Secure zipped through our files in a mere 45 seconds.
F-Secure is one of the easier AV programs to use, mostly because it doesn’t afford a whole lot of fine grain control.
At that pace, we have to wonder if F-Secure is racing simply to come in first or if it can actually detect viruses, too. As it turns it out, it can. We threw a variety of foul files at F-Secure and hit up a handful of websites serving zero-day malware. The reason we do this is to test both the scan engine and the software’s behavioral analysis. So how did F-Secure do?
F-Secure’s sprightly scanner closed the lid on our boxful of contaminants, blocked most malicious websites, and stopped most suspicious downloads from doing any harm. The lone exception was a polluted installer that contained adware. For everything else, F-Secure kept our test bed out of harm’s way, although it oftentimes required a reboot to do so.
On the usability scale, F-Secure sports an intentionally dumbed-down interface based on the mantra that less is more. New users won’t find the layout intimidating, and while advanced options are hidden behind the main window, advanced users who love to micromanage every last detail will ultimately feel a little shortchanged.
Crazy-fast scanning; minimal interface (if that’s your thing).
Requires lots of rebooting to be effective; minimal interface (if that’s not your thing).
$60 (1 year, 3PCs), www.f-secure.com
|Scan 1 (min:sec)||27:04||7:15||9:52||7:47||6:10|
|Scan 2 (min:sec)||8:25||2:03||4:08||7:26||1:55|
|3GB File Transfer||+0||+0||+1||+2||+5|
|Scan 1 (min:sec)||14:27||5:59||6:36||10:51||3:18|
|Scan 2 (min:sec)||13:51||4:58||1:00||3:19||0:45|
|3GB File Transfer||+0||+3||+5||+0||+5|
Our test bed is an Intel Core i7 930 on an Asus P6X58D Premium, with 6GB Corsair DDR3/1333, a Radeon HD 5850, a Western Digital Caviar Black 1TB 7,200rpm, and Windows 7 Professional 64-bit.
When it comes to PC security, there’s no such thing as one size fits all. If you’re particularly cautious, more than a little computer savvy, and a little bit lucky, you could get by without any antivirus software at all, and while we don’t recommend it, we know plenty of people willing to roll the dice.
A better option for penny-pinching power users is to install free antivirus software supplemented by the occasional antispyware sweep.
There’s nothing wrong with rolling your own security setup, but if you want more protection, you’re going to have to pay for it. There are several advantages to fee-based antivirus. One is that these apps typically roll spyware and virus scanning into one, so there’s no need to install a separate program. Another common trait is more frequent definition updates, sometimes referred to as pulse updates. And while it varies by vendor, paid antivirus apps may include phishing protection, flexible scheduled-scan options, gaming modes, and other tools and services.
You’ll notice we focus most of our attention on so-called Internet security suites, but since most vendors offer AV software à la carte, what do you gain by leveling up? In most cases, the major addition is a more powerful firewall than what Windows provides. It varies by vendor, but security suites might also include enhanced identity-theft safeguards, antispam protection, parental controls, online backups, and other features you may or may not find valuable. It’s important to do your research to avoid overpaying for security.
Smart computing habits and antivirus software go a long way in fending off the bad guys, but it doesn’t make you invincible. For mission-critical setups or just extra peace of mind, you have to take security to the next level. Wipe the sweat from your brow, Charlie, because we’ve come up with a three-step supplemental program to lock down your system tighter than Fort Knox.
The first thing you need to do is download and install Secunia PSI (free, www.secunia.com). This nifty application audits every inch of your system for unpatched software that could potentially expose it to attack. Secunia PSI provides a threat rating for all of your outdated programs, and includes links to the latest patches.
Step two involves adding another layer of protection to Internet activities. BufferZone Pro (free, www.trustware.com) works its mojo by isolating all web-based activities in a virtual bubble. When it’s active, a red border surrounds your browser or IM client, and if you download and install an infected file, it gets written to a virtual folder, not your OS.
The third and final step is to install a virtual machine, like VMWare Player (free, www.wmware.com) or Windows Virtual PC (free, http://bit.ly/3fAC9). While BufferZone Pro protects your system at the application level, a VM isolates your entire OS. It’s the ultimate sandbox for experimenting with potentially harmful software or surfing the web willy-nilly; if you screw up and fall prey to attack, just nuke your VM and create a new one!