Malware, Spyware, and Adware Protection
If you work in an office, chances are good the IT department manages your antivirus protection. That doesn’t leave you well-protected if you suddenly must work from your home computer. It’s bad enough to think that ransomware might encrypt your personal documents, but so much worse if it denies you access to months of documents on a work project. Likewise, you won’t appreciate getting burned by a Trojan that steals hundreds of dollars from your bank account, but imagine if it stole millions from your employer. More than ever, you need antivirus protection both for your own files and your company’s. We’ve evaluated more than 40 antivirus tools to help you pick the one that best suits your needs.
We call it antivirus, but in truth it’s unlikely you’ll get hit with an actual computer virus. Malware these days is about making money, and there’s no easy way to cash in on spreading a virus. Ransomware and data-stealing Trojans are much more common, as are bots that let the bot-herder rent out your computer for nefarious purposes. Modern antivirus utilities handle Trojans, rootkits, spyware, adware, ransomware, and more. PCMag has reviewed more than 40 different commercial antivirus utilities, and that’s not even counting the many free antivirus tools. Out of that extensive field we’ve named four Editors’ Choice products and honored several more with a four-star rating. If you have malware, one of the products listed above should take care of the problem.
Some nonstandard commercial antivirus utilities proved effective enough to earn an excellent four-star rating alongside their more traditional counterparts. VoodooSoft VoodooShield bases its protection on suppressing all unknown programs while the computer is in a vulnerable state, such as when it’s connected to the internet, and also acts to detect known malware. The Kure resets the computer to a known safe state on every reboot, thereby eliminating any malware. These are interesting approaches, but not directly comparable with traditional antivirus tools.
You may notice that one product listed above earned just 3.5 stars. Of the five current products rating 3.5-stars, only F-Secure and G Data have ratings from two labs. F-Secure has the added fillip of costing the same for three licenses as most products charge for just one, so it made its way into the list.
These commercial products offer protection beyond the antivirus built into Windows 10; the best free antivirus utilities also offer more than Windows does. However, Microsoft Windows Defender Security Center is looking better and better lately, with some very good scores from independent testing labs. The combination of good lab scores and a great score in our hands-on malware protection test was enough to bring it up to 3.5 stars. It doesn’t appear in this roundup of commercial antivirus products, naturally.
Listen to the Labs
We take the results reported by independent antivirus testing labs very seriously. The simple fact that a company’s product shows up in the results is a vote of confidence, of sorts. It means the lab considered the product significant, and the company felt the cost of testing was worthwhile. Of course, high scores in the tests are also important.
We follow four labs that regularly release detailed reports: SE Labs, AV-Test Institute, MRG-Effitas, and AV-Comparatives. We also note whether vendors have contracted with ICSA Labs and West Coast labs for certification. We’ve devised a system for aggregating their results to yield a rating from 0 to 10.
We Test Malware, Spyware, and Adware Defenses
We also subject every product to our own hands-on test of malware protection, in part to get a feeling for how the product works. Depending on how thoroughly the product prevents malware installation, it can earn up to 10 points for malware protection.
Our malware protection test necessarily uses the same set of samples for months. To check a product’s handling of brand-new malware, we test each product using 100 extremely new malware-hosting URLs supplied by MRG-Effitas, noting what percentage of them it blocked. Products get equal credit for preventing all access to the malicious URL and for wiping out the malware during download.
Some products earn stellar ratings from the independent labs, yet don’t fare as well in our hands-on tests. In such cases, we defer to the labs, as they bring significantly greater resources to their testing. Want to know more? You can dig in for a detailed description of how we test security software.
Multilayered Malware Protection
Antivirus products distinguish themselves by going beyond the basics of on-demand scanning and real-time malware protection. Some rate URLs that you visit or that show up in search results, using a red-yellow-green color-coding system. Some actively block processes on your system from connecting with known malware-hosting URLs or with fraudulent (phishing) pages.
Software has flaws, and sometimes those flaws affect your security. Prudent users keep Windows and all programs patched, fixing those flaws as soon as possible. The vulnerability scan offered by some antivirus products can verify that all necessary patches are present, and even apply any that are missing.
Spyware comes in many forms, from hidden programs that log your every keystroke to Trojans that masquerade as valid programs while mining your personal data. Any antivirus should handle spyware, along with all other types of malware, but some include specialized components devoted to spyware protection.
You expect an antivirus to identify and eliminate bad programs, and to leave good programs alone. What about unknowns, programs it can’t identify as good or bad? Behavior-based detection can, in theory, protect you against malware that’s so new researchers have never encountered it. However, this isn’t always an unmixed blessing. It’s not uncommon for behavioral detection systems to flag many innocuous behaviors performed by legitimate programs.
Whitelisting is another approach to the problem of unknown programs. A whitelist-based security system only allows known good programs to run. Unknowns are banned. This mode doesn’t suit all situations, but it can be useful. Sandboxing lets unknown programs run, but it isolates them from full access to your system, so they can’t do permanent harm. These various added layers serve to enhance your protection against malware.
Firewalls, Ransomware Protection, and More
Firewalls and spam filtering aren’t common antivirus features, but some of our top products include them as bonus features. In fact, some of these antivirus products are more feature-packed than certain products sold as security suites.
Among the other bonus features you’ll find are secure browsers for financial transactions, secure deletion of sensitive files, wiping traces of computer and browsing history, credit monitoring, virtual keyboard to foil keyloggers, cross-platform protection, and more. You’ll even find products that enhance their automatic malware protection with the expertise of human security technicians. And of course we’ve already mentioned sandboxing, vulnerability scanning, and application whitelisting.
We’re seeing more and more antivirus products adding modules specifically designed for ransomware protection. Some work by preventing unauthorized changes to protected files. Others keep watch for suspicious behaviors that suggest malware. Some even aim to reverse the damage. Given the growth of this scourge, any added protection is beneficial.
Beyond Antivirus: VPN
Your antivirus utility works in the background to keep out any faint possibility of infestation by malware, but its abilities don’t extend beyond the bounds of your computer. When you connect to the wild and wooly internet, you risk the possibility that your data could be compromised in transit. Sticking to HTTPS websites when possible can help, but for full protection of your data in transit you should install a Virtual Private Network, or VPN. This component is important enough that we’re starting to see it as a bonus feature in some antivirus tools.
What’s the Best Malware Protection?
Which antivirus should you choose? You have a wealth of options. Kaspersky Anti-Virus and Bitdefender Antivirus Plus routinely take perfect or near-perfect scores from the independent antivirus testing labs. A single subscription for McAfee AntiVirus Plus lets you install protection on all your Windows, Android, Mac OS, and iOS devices. And its unusual behavior-based detection technology means Webroot SecureAnywhere Antivirus is the tiniest antivirus around. We’ve named these four Editors’ Choice for commercial antivirus, but they’re not the only products worth consideration. Read the reviews of our top-rated products, and then make your own decision.
Editors’ Note: We are aware of the allegations of Kaspersky Labs’ inappropriate ties to the Russian government. Until we see some actual proof of these allegations, we will treat them as unproven, and continue to recommend Kaspersky’s security products as long as their performance continues to merit our endorsement.
Pros: Outstanding scores in independent lab tests and our web protection tests. Multi-layered ransomware protection. Active Do Not Track. Password manager. Banking protection. Offers a virtual private network, or VPN. Many security-centered bonus features.
Cons: Unlimited VPN access requires separate subscription. With all real-time protection disabled, ransomware-specific features missed one uncommon sample.
Bottom Line: With outstanding antivirus test results and a collection of features that puts many security suites to shame, Bitdefender Antivirus Plus is an excellent choice for protecting your PC.
Pros: Perfect and near-perfect scores from four independent testing labs. Perfect score in our phishing protection test. Good scores in our malware-blocking and malicious URL blocking tests. Full-scale phone and live chat support.
Cons: Bonus scans significantly overlap each other.
Bottom Line: Kaspersky Anti-Virus sweeps the antivirus testing labs, with excellent scores across the board. It remains an antivirus Editors’ Choice.
Pros: Perfect score in our malware protection test. Very good antiphishing score. Ransomware protection. Light on system resources. Fast scan, tiny size. Advanced features.
Cons: Limited lab test results due to unusual detection techniques. Missed one unique hand-modified ransomware sample in testing.
Bottom Line: Tiny, speedy Webroot SecureAnywhere AntiVirus keeps a light touch on your system’s resources. It aces our hands-on malware protection test, and can even roll back ransomware activity.
Pros: Protection for every Windows, macOS, Android, and iOS device in your household. Good scores in hands-on tests. Excellent score in antiphishing test. Includes Ransom Guard ransomware protection, PC Boost, and many bonus features.
Cons: Ransom Guard missed several real-world ransomware samples. PC Boost web speedup still works only in Chrome. Very slow full scan on Windows. Mac edition less feature-rich than Windows or Android. Still fewer features for iOS.
Bottom Line: A single subscription for McAfee AntiVirus Plus lets you protect every Windows, Android, macOS, and iOS device in your household. Other products may score better in testing, but none of them offer a deal like this.
Pros: Very good scores from independent testing labs. Good scores in our hands-on tests. HIPS component blocks exploits. UEFI scanner finds malware in firmware. Comprehensive device control.
Cons: So-so phishing protection score. Device control too complex for most users.
Bottom Line: ESET NOD32 Antivirus gets good scores in lab tests and our own tests, and its collection of security components goes far beyond antivirus basics.
Pros: Excellent scores in our hands-on malware protection and malicious URL blocking tests. Includes exploit protection, ransomware protection, behavior-based detection.
Cons: Few and poor independent lab tests scores. Phishing protection ineffective. Ransomware detection results mixed.
Bottom Line: Malwarebytes Premium now functions as a full-blown antivirus and not just second-line protection, as it did previously. It earns excellent scores in some of our hands-on tests, but still doesn’t rate well with the independent testing labs.
Pros: Excellent scores in independent lab tests and in our own tests. Data Protector defends against ransomware. Includes online backup, firewall, exploit protection, password manager, and other bonus features.
Cons: Data Protector fared poorly in testing. Expensive. No multi-license pricing.
Bottom Line: Norton AntiVirus Plus gets impressive scores in independent lab tests and our own hands-on tests and offers a wealth of useful features. However, it’s expensive and doesn’t offer deals for multiple-computer households.
Pros: Excellent scores in our hands-on tests and independent lab tests. Protects against ransomware, keyloggers, and exploits. Remote management for up to 10 PCs or Macs. Inexpensive.
Cons: Advanced features require uncommon tech expertise. Parental control and webcam protection limited.
Bottom Line: Sophos Home Premium expands on basic antivirus with protection forged in the company’s Enterprise-level products. The results are excellent, though some features may be too complex for some users.
Pros: Excellent scores in our antiphishing and malicious URL blocking tests. Multi-layered ransomware protection. Pay Guard protects online transactions. Many bonus features.
Cons: Poor score in our hands-on malware protection test. Pay Guard didn’t consistently offer protection. Spam filter works only with Outlook. No multi-device volume licensing.
Bottom Line: In addition to effective malware protection, Trend Micro Antivirus+ Security offers layered protection against ransomware, a firewall booster, protection for online banking, and more.
Pros: Good scores in independent lab tests and our tests. Behavior-based DeepGuard detects brand-new malware, including ransomware. Advanced network protection. Streamlined, simple interface. Inexpensive.
Cons: Ransomware protection failed against one real-world sample in testing. No antiphishing component.
Bottom Line: F-Secure Anti-Virus’s advanced network protection and DeepGuard behavior-based detection system make it a powerful malware fighter, but its ransomware protection missed one sample in our testing.