Help for picking your next anti-malware tool


Staff member
Mar 24, 2011
By Michael Lasky on November 27, 2014 in Top Story

Picking the right anti-malware app can be onerous; there are dozens to choose from, and rapidly evolving exploits are constantly putting them to the test.

Fortunately, a few independent organizations such as AV-Comparatives are also testing leading security packages and posting the results.

Anti-malware testing is a snapshot in time
Currently, the not-for-profit organization AV-Comparatives (site) claims to run the most comprehensive suite of real-world malware tests, and it regularly reviews popular free and paid anti-malware packages.

AV-Comparative’s evaluations use nearly 600 malicious URLs found online — including currently active exploits, URLs pointing directly to malware servers, and emails containing malicious attachments. They’re the types of infections Windows users are exposed to whenever they browse the Internet.

The organization posts ongoing test results monthly, March through June and August through November, plus summary reports in July and December. (The organization’s site offers numerous other free reports, including tests of security products for Android phones.)

October’s chart is shown below (Figure 1). It reveals the results of tests of 22 products as well as the free Microsoft Security Essentials app — noted by the horizontal line across the middle.


Figure 1. AV-Comparatives October anti-malware performance chart includes 22 vendors. Source: AV-Comparatives

Two interesting measurements in the chart are false positives and Windows’ “Out-of-box production,” which includes the built-in Defender for Windows 8 and the optional Microsoft Security Essentials for Windows 7. The false-positives number is an especially important stat; more on that below.

When looking at this or any other AV performance table, be aware of numerous caveats. For example, AV-Comparatives notes that while some products might achieve 100 percent protection in the tests, that’s not a guarantee that you’ll see the same level of protection. The tests are extensive, but they don’t include all malware. Moreover, the results are a snapshot in time. Existing exploits can adapt quickly, and new forms are popping up every day. (It’s the reason new virus definitions are offered frequently — and are necessary!)

Blocking good data can cause serious problems
Obviously, we all want an AV package that’s 100 percent effective. But in their efforts to be absolutely thorough, some anti-malware apps flag perfectly safe sites, files, and code as dangerous and block them.

Nearly all AV products have a few false alarms, but frequent flagging and blocking suggests an overly aggressive antivirus monitor. Useful and safe data might be automatically quarantined, never seen by the recipient. False positives are akin to important email messages that get lost in your junk/spam folder.

As noted in a Wikipedia page (see the subsection “Problems caused by false positives”), an AV product that automatically deletes or disables an important file can break important applications — possibly even Windows.

According to the October AV-Comparatives chart, F-Secure blocked around 98 percent of the malware thrown at it. But it also had, by far, the highest number of false positives. Other products were equally or more effective but reported few, if any, false positives. F-Secure’s high number somewhat diminishes its overall effectiveness.

What the AV-Comparatives chart doesn’t show
On the surface, AV-Comparatives’ interactive Real-World Protection Test (site) chart shows results for 22 antivirus applications in simple, colored bars. But if you hover your cursor over the various areas of the chart, popup boxes will show the exact percentages for each product. A dropdown box above the chart lets you sort by anti-malware vendor or performance score. (Note: If you have problems viewing the chart, try a different browser.)

These details show overall relative effectiveness at stopping malware, but they don’t tell us about a product’s price/subscription length, ease of use, or the toll the software takes on your system’s performance.

Obviously, the fees (most are annual) are given at each vendor’s site. Finding information on ease of use and system-resource use requires more research on the Web. Typing “antivirus reviews” into Google or Bing returns a useful list of sites that have compared and tested a host of antivirus applications. Some review sites even offer discount codes for specific anti-malware products.

An important note: Testing an AV product’s ease of use or resource utilization is relatively easy — any competent tech publication or PC tester can do it. But reliable, fair, and accurate testing for malware detection and removal is extremely difficult. Only a few security labs have that capability. AV-Comparatives is one such organization; another is AV-TEST (site). When reading comparisons of anti-malware products, consider the source of the malware-detection/-blocking data.

Here are some of the sites I find valuable when considering my AV tools. Each site has a different perspective and different evaluation criteria — and a different top choice. You should base your pick on which characteristics are most important to you — or to those whose PCs you’re managing. For example, a power user most likely wants a less intrusive AV product; but you might want to install a more aggressive package on a child’s or novice user’s system. (Windows Secrets should, of course, be one of your primary sources for malware news.)

Testing AV software’s effects on PC performance
An antivirus/malware detector might block nearly every threat that comes your way (even AV products can’t always protect us from ourselves), but if the app causes slow computing speed or severe disk-access delays, we’re likely to reduce its suite of protections or possibly even turn it off.

You’ll find performance tests at both AV-Comparatives (site) and AV-TEST (site). AV-Comparatives runs several everyday PC tasks to see how a system’s overall performance is affected when a particular AV product is turned on or off. The tasks include copying files, archiving data, installing/uninstalling apps, encoding media, opening Office docs, opening PDFs, and downloading files. The organization also runs Futuremark’s PCMark 8 benchmark suite (more info). Charts in downloadable PDFs summarize the results.


Figure 2. AV-Comparatives October performance results. Even the slowest product in this group had relatively little impact on general system speed. Source: AV-Comparatives

Keep in mind, however, that the results shown by AV-Comparatives, AV-TEST, or any other organization indicate an AV app’s performance only on that organization’s test systems. You might see very different results on your system, depending on its particular configuration of memory, disk, CPU, Windows settings, and applications. In other words, published results are only a general guide to the impact an AV package might have on a Windows system.

In the past, many anti-malware products had a significant impact on overall system speed — especially the big AV suites. That’s far less the case today. As dozens of stripped-down antivirus products became available for download, all anti-malware vendors were compelled to lower system demands. In the above chart, scores range from 1.2 (Avira and Bitdefender; fastest) to 25.3 (Lavasoft). But that breadth of low and high scores could initially be deceiving. In AV-Comparative’s 10 tests, Lavasoft scored “fast” or “very fast” in eight tests — and received no “slow” scores.

More important, the AV-Comparative tests don’t measure an AV product’s impact on system boot time. Depending on the product and system configuration, boot times can be affected noticeably. More frustrating, your PC can seem to boot quickly, only to grind to a virtual halt a few minutes later while the anti-malware system runs some necessary process.

Bottom line: AV software speed tests are one metric in selecting the best product for your system. Give them a higher priority if your system is already relatively slow.

Another metric is, obviously, the ongoing cost of the AV package. Don’t be put off by multiple choices of packages each vendor offers. You’ll have to decide whether any extra features justify higher prices. I recommend sticking to the basics.

Beware the hacker routing of your router
Avast, whose anti-malware software was highly rated by AV-Comparatives, reports that four of five Internet-connected households in the U.S. are at risk of attack via their Wi-Fi-equipped router (DNS hijacking). According to Avast’s research, a survey of 2,000 households found that more than half of the routers had not had their easily hacked default password changed or had no password protection at all.

Hackers can use compromised routers to redirect user data to a malicious site. Think of it as a quick and dirty way to capture your online banking sign-in credentials. Avast, of course, would like you to know about a feature in its latest paid and free AV packages (site) that the company claims is unique. Its Home Network Security Solution specifically guards against router threats such as Domain Name System (DNS) hijacking and weak passwords.

Better yet, simply ensure that your router has a strong password. For safekeeping, write the password down on a small piece of paper and tape it to the bottom or back of your router. That way you’ll never lose it.

Keep in mind that network-access passwords based on WEP encryption are easily cracked. (Even WPA and WPA2 can be cracked if you use a simple, obvious password.)

For even tighter security, create a custom SSID network name. A default SSID such as “Netgear” or “2Wire100″ is a flag to hackers that your network might be an easy target. Also consider enabling Media Access Control (MAC) Address filtering in your router’s management console. Every networked device has its own MAC address. Once filtering is set up, only devices with known addresses can connect to the network.

Finally, ensure that firewalls are on, both in the router and in Windows.

PC security is an ongoing task. Set some time aside every few months to review your entire security system. No one else is going to.