Tag: Symantec Norton
Everybody needs antivirus protection. Everybody! And I don't mean the antivirus built into Windows—it just doesn't measure up. Fortunately, you can get that protection without spending a penny. AVG AntiVirus Free (2017) looks a bit different from its previous edition, and it includes some new technologies. In our own tests and tests by the independent labs, it earned very good scores.
Last year, Avast acquired AVG, but fans of either company needn't worry, as both product lines continue their separate existence. Why would a company want to acquire such a similar competitor? Both AVG and Avast have huge followings, but globally each is strong in different areas. The combined company has a worldwide reach.
Of course, AVG only makes money if somebody purchases the for-pay security suite. There's a certain amount of upsell when you go to install the free antivirus, but it's much more laid back than, for example, Comodo. You can choose the free antivirus or start a 30-day free trial of the suite. You don't have to enter a credit card, and if you do nothing, at the end of the trial it reverts to the free antivirus. It does offer to install a plug-in for all of your browsers, and replace your home page, new tab page, and default search. However, as I'll explain below, installing AVG in the browser gets you a ton of useful security features.
Management by Zen
Like all AVG products, the antivirus includes AVG Zen, a management and launching utility that offers an overview of AVG security on all of your devices. It's similar in many ways to the component that helps you manage McAfee AntiVirus Plus and other McAfee products.
Four panels dominate Zen's main window, devoted to antivirus, PC tuneup, VPN, and Web Tuneup. Each panel contains a circle that can be fully or partially colored, depending on whether or not you've installed all possible protection in that area. If all is well, the circle glows green; if your attention is needed, it changes color.
When you install the free antivirus, you see a three-quarter circle in the antivirus panel. That becomes a full circle only if you upgrade to the paid edition. If you followed the installer's instructions regarding Web Tuneup, that panel displays a full circle. As for the VPN panel, that one remains empty unless you separately install the Hide My Ass VPN.
Likewise, you won't see anything in the PC Tuneup panel unless you install AVG PC TuneUp. You do get a one-day trial of the tuneup product along with the free antivirus; I'll discuss that below.
New User Interface
Last year's edition of the antivirus looked extremely similar to AVG Zen, with the same color scheme and the same circle-based status indicators. This year, the color scheme hasn't changed, but almost everything else has.
The main window has two main panes. The Basic protection pane includes icons for computer protection and for Web and email protection, both enabled. The Full protection panes icons represent protection for private data, protection during online payments, and protection against hack attacks, all three disabled. To enable those, you must upgrade to AVG's non-free security suite.
In the middle, below the two panes, is a big button labeled Scan Computer. Clicking it launches a full scan, which does more than just scan for malware. It also scans for junk files, revealing browser traces, system logs, and Registry problems—but if you want to fix those you must start your short-time trial of AVG PC Tuneup.
In testing, the full scan finished in just six minutes, which led me to peruse all the scan options. I found another option called Deep Virus Scan. This scan took over an hour, quite a bit longer than last year's edition of AVG. However, because the scan flags safe files that don't need to be looked at again, a second scan goes much faster. I found that a repeat scan finished in just a few seconds.
Lab Scores High and Plentiful
It may seem counterintuitive, but in most cases antivirus makers pay for the privilege of having products included in testing by the independent labs, but they do benefit. A high score gives the company bragging rights; if the score is poor, the lab lets it know what went wrong. When the antivirus doesn't bring in any income, a company might be tempted to avoid the expense of testing. Not AVG. I follow five independent testing labs that regularly release reports on their results; all five of them include AVG.
Testers at AV-Comparatives run a wide variety of tests on antivirus and other security products; I follow five of those tests closely. As long as a product meets the minimum for certification, it receives a standard rating. Those that go beyond the minimum can receive an Advanced rating, or even Advanced+. AVG participates in four of the five, and received two Advanced and two Advanced+ ratings. Note, though, that Kaspersky and Bitdefender Antivirus Free Edition both rated Advanced+ in all five tests.
AV-Test Institute reports on antivirus capabilities in three areas: protection, performance, and usability. With six points possible in each category, the maximum score is 18 points. AVG took six points for usability, meaning it didn't screw up by flagging valid programs or websites as malicious. It came close in the other two categories, with 5.5 apiece.
A total of 17 points isn't enough for AV-Test to designate AVG a Top Product; that requires 17.5 or better. Bitdefender, Quick Heal, and Trend Micro earned the necessary 17.5 points, while Kaspersky and Avira Antivirus managed a perfect 18.
AVG scored 81.05 percent in Virus Bulletin's RAP (Reactive And Proactive) test, just a hair below the current average. SE Labs tests products using real-world drive-by downloads and other Web-based attacks, assigning certification at five levels: AAA, AA, A, B, and C.
While most of the labs report a range of scores, tests by MRG-Effitas are more like pass/fail. Half of the products tested failed at least one test; 30 percent, including AVG, failed both. Since not-quite-perfect and epic failure get the same rating in this test, I give it less weight when coming up with an aggregate score.
Avast Free Antivirus, AVG, ESET, and Kaspersky are the only products in my collection that currently have results from all five labs. AVG's aggregate score is 8.7 of 10 possible points, better than many commercial products. At the top is Kaspersky, with 9.8 points, followed by Avira and Norton with 9.7.
Very Good Malware Blocking
Malicious software from the Internet must get past numerous defenses before it can infect your PC. AVG could block all access to the malware-hosting URL, or wipe out the malware payload before the download finishes—I'll discuss those layers shortly. If a file is already present on your computer, AVG assumes it must have gotten past the earlier protection layers. Even so, it checks one more time before allowing such a file to execute.
To test AVG's malware-blocking chops, I opened a folder containing my current collection of malware samples and tried to execute each one. AVG blocked almost all of them immediately, wiping them out so fast it left Windows displaying an error message that the file could not be found. It wiped out most of those that managed to launch before they could fully install.
Initially I determined that AVG detected 94 percent of the samples and scored 9.0 of 10 possible points. However, upon checking with my company contact, I learned that for full protection I should enable detection of potentially unwanted applications, sometimes called PUAs or PUPs. With that setting enabled, AVG's scores rose to 97 percent detection and 9.5 points, better than many commercial programs. I wish, however, that AVG either enabled detection of PUAs by default or, like ESET NOD32 Antivirus 10, made the user actively choose to enable or disable this protection.
Webroot and Comodo Antivirus 10 scored a perfect 10 in this test. However, when I checked Comodo against hand-modified versions of my samples, it missed quite a few.
When AVG detects a file that's completely new to the system, never before seen, it prevents that file from launching and sends it to AVG headquarters for analysis. I managed to invoke this feature using one of those hand-modified samples. AVG killed the process, triggering a Windows error message. To show it wasn't really an error, AVG attached a CyberCapture tab to the error message.
A few other files merited special scrutiny. AVG displayed a message stating, "Hang on, this file may contain something bad," and promising an evaluation within 15 seconds. All of my hand-coded testing utilities triggered this warning; all three got a clean bill of health.
Detecting my months-old samples is one thing; protecting against the very latest threats is quite another. My malicious URL test uses a feed of URLs detected within the last day or two by MRG-Effitas. An antivirus product gets equal credit if it prevents all access to the malware-hosting URL or if it eliminates the downloaded malware immediately.
I test URL after URL until I've recorded data for 100 verified malware-hosting URLs, then tally the results. AVG blocked access to more than half of the URLs and eliminated almost another quarter at the download stage, for a total of 73 percent protection. That's quite a bit better than Comodo, which lacks URL-based blocking and scores just 37 percent. However, others have done quite a bit better than AVG. Symantec Norton AntiVirus Basic holds the lead, with 98 percent protection; Avira managed 95 percent.
Trojans and other malicious programs must successfully infiltrate your compute in order to steal data. Phishing websites, by contrast, only have to trick you, the user. If you log in to a fraudulent site that's pretending to be your bank, or your email provider, you've handed over your account to a crook. Such sites get discovered and blacklisted quickly, but the crooks simply set up new ones.
The most dangerous phishing sites are those that haven't been analyzed yet, so I scour the Web for sites that have been reported as fraudulent but not yet verified. I discard any that don't pretend to be some other site, and any that don't include fields for username and password. I launch each URL in a browser protected by the program under test, and in another protected by long-time phish-killer Norton. I also launch the URL in Chrome, Firefox, and Internet Explorer, relying on the browser's built-in protection. If the URL returns an error message in any of the five browsers (and they often do), I discard it.
Because the URLs themselves are different every time, I report each product's results as the difference between its detection rate and that of the others. In last year's test, AVG lagged Norton's detection rate by 28 percentage points, which is still actually better than the majority of competing products. This time around, it lagged Norton by 70 percentage points, putting it near the bottom. My contact at the company checked with the developers and confirmed that they know about the problem and are working on speedier updates.
Even though Norton is my touchstone for this test, it doesn't beat every single competitor. Check Point ZoneAlarm Free Antivirus+ 2017 tied with Norton in its most recent test. Bitdefender, Kaspersky, and Webroot actually beat Norton by a few points.
The AVG Web TuneUp plug-in installs in all your browsers and offers several useful and important security benefits. First off, the Site Safety component warns when you visit a website that's risky or actively dangerous. You can click for more details, and click again for a full website report online. However, the full report isn't as detailed as what you get from Norton and a few others. And where Norton marks search results with red, yellow, and green icons, AVG only offers a rating once you try to visit a site.
Advertisers love to track your Web surfing, so they can show you ads they think you'll like, and avoid showing the same ad too often. But tracking by advertisers and others is a bit creepy, enough so that there's a header in the HTTP standard specifically designed to tell websites you don't want to be tracked. Alas, the header has no teeth. Your browser can send a Do Not Track header, but sites and advertisers can ignore it.
AVG's Web TuneUp includes an active Do Not Track component, one that checks each page you visit for trackers and optionally cuts off their tracking. It's disabled by default; I suggest you turn it on. A similar feature in Abine Blur uses its toolbar button to display the number of trackers on the current page and let you fine-tune its tracker blocking. AVG just blocks all trackers when this feature is turned on.
The last tune-up feature, Browser Cleaner, doesn't add a lot to your security. It tracks things like browsing history, saved Web form data, and cookies, and lets you click to delete them. But in Chrome, Firefox, and Internet Explorer, you can simply press Ctrl+Shift+Del to do the same, with finer control over what gets deleted.
As noted, you can at any time install a one-day free trial of AVG PC TuneUp. Don't do this until you have a little free time, so you can make full use of your short-term trial.
The final bonus feature is a little hard to spot. Buried in the right-click menu for files and folders, you should find a new item titled Shred using AVG. If you choose this item, AVG overwrites the file's data before deleting it, thereby foiling any attempt to recover the deleted file's data.
An Excellent Choice
With the Avast acquisition, both the outward appearance and the technology inside are changing for AVG AntiVirus Free, and that's not a bad thing. The antivirus gets very good marks from all of the independent labs that I follow, and also did quite well in my malware-blocking test. It wasn't quite as good at blocking malicious downloads, but still beat many competitors. Yes, its antiphishing performance wasn't great, but phishing protection isn't a central antivirus component. Overall, it's an excellent choice.
But don't just take my word for it. Go ahead and give the program a try; it's free, after all. While you're at it, have a look at Avast Free Antivirus and Panda Free Antivirus, our other Editors' Choice products in the free antivirus realm.
The firewall component in modern versions of Windows is quite effective, so the market for third-party personal firewall utilities is shrinking. Paying for a personal firewall seems especially silly when Windows has one built in.
Comodo Firewall 10 is free, and it does a lot more than the basics.
In addition to protecting your PC against attacks from the Internet and controlling how programs utilize your Internet connection, it includes a secure browser, sandbox-style virtualization, a Host Intrusion Protection System, and more.
It performs all expected personal firewall tasks, but not all of the bonus features worked
Comodo's main competition is Check Point ZoneAlarm Free Firewall 2017, and there are quite a few similarities between the two.
Both companies also offer a free antivirus, for starters.
And you can also get a combined firewall and antivirus from both. With ZoneAlarm, you can convert either the antivirus or firewall to the combined product with just a click. With Comodo, you upgrade to the free edition of Comodo Internet Security.
Shared with Antivirus
The majority of Comodo Firewall's features are also found in Comodo Antivirus 10.
I'll refer you to my review of the antivirus for full details on these features. Here's a summary.
Both Comodo products offer a new, attractive user interface with two similar themes named Lycia and Arcadia.
These two feature a big status panel at left and four button panels at right; they just use slightly different colors and icons.
Those who prefer the previous edition's look can choose the Modern theme.
If you're nostalgic for really old editions of Comodo, the Classic theme gets you that look.
In addition, the main window for both products can display either a Basic View or an Advanced View; the latter puts more statistics and action items in easy reach.
While both Comodo products are free, they also both push you to pay in one way or another. Unless you carefully read all screens and popups, you'll find that without realizing it you've agreed to change all of your browsers to use Yahoo as home page, new tab, and default search engine. You'll see messages offering help from the GeekBuddy tech support system, and indeed a GeekBuddy agent will happily chat with you. However, if you want the tech to perform any kind of remote repair or remediation, you'll have to pay.
Comodo Firewall does not in itself include an antivirus component, but its File Rating component checks files against Comodo's cloud database when you access them.
If the database identifies a process as malware, or as a potentially unwanted program, Comodo terminates the process and pops up a notification. You also get a popup offering GeekBuddy services.
File Rating is also a feature of the antivirus, but in testing I found that other protection layers always kicked in before File Rating had a chance.
Both the firewall and the antivirus can automatically sandbox programs that aren't recognized by the database. However, this feature is enabled by default in the antivirus, disabled in the firewall.
A sandboxed program runs in a virtual environment, unable to permanently change important system areas. When you empty the sandbox, all virtualized changes vanish. You can actively launch any program in the sandbox, or open a fully virtualized desktop, isolated from the regular desktop.
It's similar to the SafePay desktop in Bitdefender Antivirus Plus 2017.
The main feature of the virtualized desktop is the Comodo Dragon browser.
By virtualizing your online transactions, you protect them from manipulation by other processes.
The Dragon browser includes a useful collection of bonus apps, among them a media downloader, a price-comparison tool, and a tool for quickly sharing or searching text from Web pages.
Both Comodo products include a Host Intrusion Prevention System (HIPS), but it's disabled by default in the antivirus, enabled in the firewall.
This is not a tool for foiling attempts to exploit vulnerabilities in the operating system and popular programs. Rather, when it detects suspicious behavior by a program, it asks you what to do. You can allow the behavior, block it, or choose to treat the program in question as an installer.
I tested it with a collection of utilities that share certain behaviors with malware.
Comodo only blocked the installer for one, and when I opted to treat it as an installer, I had no further problem.
The HIPS quite reasonably cast suspicious on a test utility that launches Internet Explorer and forces it to open malware-hosting URLs.
It's worth noting that ZoneAlarm's OSFirewall feature functions in much the same way. When I fully enabled the OSFirewall feature, ZoneAlarm flagged behaviors by both good and bad programs.
While Comodo Firewall isn't an antivirus itself, it includes the option to create an antivirus rescue disk, and the process of creating this disk is quite easy. You can also use it to launch Comodo's cleanup-only tool to wipe out persistent malware.
As you can see, this product has a lot in common with Comodo Antivirus, but don't worry; there are plenty of firewall-specific functions too.
Each time you connect to a new network, it asks whether it's a home, work, or public network. When you're connected to a public network, Comodo puts all the system's ports in stealth mode, meaning they can't be seen from outside.
It's true that Windows Firewall also accomplishes this feat, but Comodo does it just as well. Unlike Windows Firewall, Comodo lets enthusiasts get an alert on each unsolicited connection attempt.
As noted earlier, Comodo's HIPS feature does not try to block attacks that exploit vulnerabilities in the OS or critical files.
The same is true of ZoneAlarm.
Symantec Norton Security Premium is the champ in this area.
In testing, it blocked more exploits than any other recent product, and it did so at the network level, before the exploit even reached the test system.
When the firewall detects an attempted network connection by a new program, it asks you what to do about it. You can choose to allow the attempt, block it, or treat the suspect program as a browser or FTP client.
If you choose to block access, you can also terminate the program, or terminate it and reverse its actions.
Testing Comodo with my hand-coded browser, I found the firewall query appeared only after three distinct warnings from the HIPS.
I also tried a few leak tests, programs that attempt to evade firewall control by manipulating or masquerading as trusted programs.
These triggered plenty of HIPS warnings, as well as firewall warnings.
I had to turn off the File Rating component for this test, because it terminated them as potentially unwanted programs.
While Comodo's HIPS and firewall popups aren't as overwhelming as they were a few versions ago, they still give the user a lot to consider. Most user really won't know whether a program should be allowed to access the DNS/RPC Client service, or access a protected COM interface.
The firewall components in Norton and Kaspersky Internet Security track suspicious behaviors, but perform their own internal analysis rather than expecting the user to make complex security decisions.
ZoneAlarm pioneered the concept that a personal firewall must defend itself against attack.
If malware can disable firewall protection programmatically, the protection isn't worth much, right? I couldn't find any Registry entry that would serve as an off switch for Comodo Firewall, and when I tried to terminate its process I got an Access Denied message.
Security products typically rely on one or more Windows services as well—Comodo has four.
I found that I could stop three of them, but not the fourth, the most essential one. However, I managed to set its startup mode to Disabled. On reboot, Comodo offered to fix the problem, after which it was fine.
Still, I'm happier with a product like ZoneAlarm or Norton that simply prevents all modification of its Windows services.
Many antivirus products include a browser-protection component that helps steer users away from malicious or fraudulent URLs.
Comodo Antivirus does not. However, the firewall adds a component called Website Filtering. My contact at the company explained that Website Filtering blocks access to URLs found in Comodo's malicious URL database, but does not attempt to block phishing sites.
To evaluate this component's efficacy, I launched the malicious URL blocking test that I apply to each antivirus.
This test uses a feed of very new malware-hosting URLs supplied by MRG-Effitas.
I use URLs discovered in the last day or two, so they're very new.
I launch each one and note whether the product blocked access to the dangerous URL, wiped out the malicious payload, or completely ignored the danger.
Normally I keep at this test until I have data for 100 malware-hosting URLs. However, after processing 50 without any response from Comodo, I quit.
I suspect that Comodo's blacklist database of malicious URLs isn't updated frequently enough to detect the most recent dangers.
By contrast, Avira Antivirus blocked 93 percent of the URLs in this test.
Does the Job
Comodo Firewall 10 does everything a personal firewall should do, stealthing ports against outside attack and preventing betrayal from within by programs misusing your Internet connection.
In addition, it offers sandboxing, a secure browser, HIPS, reputation-based file rating, and more. However, some of these bonus features are too techie for the average user, and they don't all contribute to the task of a personal firewall.
Our Editors' Choice in the dwindling collection of free personal firewalls is Check Point ZoneAlarm Free Firewall 2017.
It, too, handles all the basic tasks, and it resists direct attack better than Comodo.
It does offer a collection of bonus features as well, but most are easier for the average user to comprehend.
For the tech expert, Comodo can be great, make no mistake.
But ZoneAlarm is better suited for the average user.
PCMag may earn affiliate commissions from the shopping links included on this page.
These commissions do not affect how we test, rate or review products.
Some antivirus companies that are big in Europe don't get as much mindshare here in the US.
G Data is one such security software maker.
According to the G Data website, G Data developed the very first antivirus in 1985; while some dispute that claim, the company has clearly been around for a while.
G Data Antivirus 2017 is the company's latest, and it does a good bit more than the basics of antivirus protection.
At $39.95 per year for a single license, G Data is in good company price-wise.
Bitdefender, Kaspersky Anti-Virus, Norton, and Webroot are among the numerous products at that price point.
For another $10, you can install G Data on up to three PCs.
If you go for a multi-PC license, you create an account for the first installation, then log in to that account for the rest.
G Data's main window features a bold red banner across the top. Not red for danger, or for stop—it's just red.
The rest of the main window displays the status of the product's numerous protection features, in several groups.
A green checkmark icon indicates that the feature is fully active.
For a partially disabled component, the icon changes to a yellow exclamation point; a fully disabled feature gets a grey dash icon. Naturally, you want to see green across the board.
G Data participates in testing with three of the five independent testing labs that I follow.
In Virus Bulletin's RAP (Reactive And Proactive) test, it scored 85.19 percent.
The average score for products I follow is 81.99 percent, so G Data comes in above average. PC Pitstop PC Matic scored highest in the latest test, with 94.75 percent, but failed overall due to many false positives.
Testers at AV-Test Institute look at antivirus products from three different perspectives, assigning up to six points for each of the criteria.
G Data earned 6 points in the all-important protection category, and by avoiding false positives (detection of valid programs as malicious) it managed another six points for usability.
A small impact on performance dragged its score in that category down to five points, however.
The overall score of 17 points wasn't quite enough to earn it a Top Product rating, but it's good.
In that same test, Kaspersky scored a perfect 18 points.
Bitdefender, Quick Heal, and Trend Micro Antivirus+ Security got 17.5 points.
These four earned the designation Top Product.
Most of the lab tests I follow report a range of results. MRG-Effitas takes a different tack.
To pass the banking Trojans test, a product must protect against every sample used; anything less is failure. Over 70 percent of tested products fail, G Data among them.
Due to the binary pass/fail nature of this test, I give it less weight when calculating an aggregate lab score.
G Data's three lab results worked out to an aggregate score of 8.7 points, which better than most companies manage. However, based on tests from all five labs, Kaspersky took 9.8 of 10 available points, the best aggregates score.
Avira Antivirus and Norton managed 9.7 points, each tested by three of the five labs.
Effective Malware Blocking
Your antivirus utility has many opportunities to save your PC from malware attack.
It can block access to the malware-hosting website, eliminate the threat on download, detect and delete known malware based on its signature, and even detect unknown malware based on behavior alone.
G Data includes all of these layers of protection, and my hands-on testing showed them in action.
In addition to scanning files on access, G Data scans your computer any time it's idle.
Between real-time protection and idle-time scanning, there isn't a screaming need for a full scan of your whole computer.
If you want a full scan, you click the Idle Time Scan link on the main window and choose Check Computer.
A full scan of my standard test system took an hour and 40 minutes, over twice the current average of about 45 minutes.
But once again, unless you actively suspect an infestation you should be able to just rely on the idle-time scan.
When I opened the folder containing my current collection of malware samples, G Data started examining them.
The process was slower than with many competing products, but clearly very thorough.
In most cases, it offered to quarantine the item as its default action; for a few, it advised simply blocking the file from execution.
By the time it finished, 97 percent of the samples were either quarantined or deactivated.
I keep a second set of samples on hand; these are modified versions of the originals.
To create each modified sample, I change the filename, append nulls to change the file size, and overwrite some non-executable bytes.
G Data detected all of the same samples, even in their tweaked form.
In addition, it detected all the remaining samples after execution, for a 100 percent detection rate. Webroot SecureAnywhere AntiVirus, F-Secure, and Ashampoo Anti-Virus 2016 also detected 100 percent of the samples. PC Matic also blocked 100 percent of the samples, but then, it blocks any unknown program.
Webroot managed a perfect 10 points in this test.
G Data, like F-Secure Anti-Virus, allowed a few executable traces to hit the test system, but the 9.8 points both of them earned is still very respectable.
For another view of each product's ability to protect against malware, I use a feed of current malware-hosting URLs supplied by MRG-Effitas.
I launch each URL in turn, discarding any that are defective, and noting whether the antivirus blocks access to the URL, wipes out the malware download, or fails to respond at all.
I keep at it until I've accumulated data for 100 malicious URLs.
G Data earned a 78 percent detection rate in this test, in most cases by blocking access to the malware-hosting URL.
That's just a middling score.
Symantec Norton AntiVirus Basic and PC Pitstop managed 98 percent protection, with Avira close behind at 75 percent.
I didn't see G Data's behavior monitoring kick in during these tests, because other protection layers beat it to the punch.
In any case, behavior monitoring in some antivirus products bombards the user with dire warnings about good and bad programs alike.
For a sanity check, I installed about 20 old PCMag utilities, programs that tie into the operating system in ways that malware might also do.
G Data didn't flag any of the PCMag utilities, but it did give the stink-eye to two of my hand-written test programs.
It popped up a clear warning that the test program might be malicious, with a detailed list of its reasons, and its reasons made total sense.
A program that launches Internet Explorer and manipulates it to download malware? That's suspicious! I'm pleased to see that behavior monitoring kicks in for a pattern of suspicious behavior, not for every little potential problem.
So-So Phishing Protection
Writing a data-stealing Trojan and getting it somehow installed on victim PCs can be a tough job.
Simply tricking users into giving away their passwords and other personal data can be quite a bit easier. Phishing websites masquerade as financial sites, Web-based email services, even online games.
If you enter your username and password on the fraudulent site, you've given the fraudsters full access to your account.
If the website looks just like PayPal but the URL is something goofy like armor-recycling.ru, at least some users will detect the fraud.
But sometimes the URL is so close to the real thing that only those with sharp eyes will spot it as a fake.
Antivirus programs that have a Web protection component usually attempt to protect users against phishing as well, and G Data is no exception.
To test the efficacy of a product's antiphishing component, I first scour the Web for extremely new phishing URLs, preferably URLs that were reported as fraudulent but that haven't yet been analyzed and blacklisted.
I launch each simultaneously in one browser protected by the product under test and another protected by long-time fraud fighter Norton.
I also launch each URL in instances of Chrome, Firefox, and Internet Explorer, relying on the browser's built-in phishing detection.
Because the collection of fraudulent sites differs every time, I report results in relative terms rather than absolute detection rate.
Very few products do better than Norton in this test, but many come closer than G Data did.
G Data's detection rate came in 45 percentage points below Norton's, which a is poor result.
Internet Explorer and Chrome both did a better job than G Data. Yes, G Data beat Firefox, but Firefox hasn't been doing very well lately.
The lesson here? Don't turn off your browser's built-in phishing protection.
Along with the expected antivirus features, G Data gives you several features that you'd expect to see in a security suite.
I tested its exploit protection by hitting the test system with about 30 exploits generated by the CORE Impact penetration tool.
It identified 30 percent of the exploits by name and blocked another 20 percent using more generic detection.
That 50 percent detection total is as good as what Kaspersky Internet Security managed in this test. Norton leads this test, with 63 percent protection.
Like Safepay in Bitdefender Antivirus Plus 2017 and Kaspersky's Safe Money, G Data's BankGuard feature aims to protect your financial transactions.
Bitdefender uses a whole separate desktop to run Safepay, and Kaspersky puts a glowing green border around the browser protected by Safe Money.
By contrast, BankGuard works invisibly to protect all your browsers.
The only way to see it in action is to encounter a Trojan that attempts a man-in-the-browser attack or other data-stealing technique.
The related keylogger protection feature was easier to test than BankGuard.
I installed a popular free keylogger, typed some data into Notepad, typed into my browsers, and then typed in Notepad again. When I brought up the keylogger's keystroke capture report, it showed no keystrokes between the two uses of Notepad.
To test G Data's ransomware protection component, I first turned off every other feature related to real-time malware protection. When I launched a ransomware sample, it quickly popped up a warning about suspicious behavior that suggests encrypting ransomware, with the caveat that if you are actively running an encryption utility yourself, you can ignore the warning. My G Data contact noted that in most cases, some other layer of protection will block the ransomware before it gets to this point.
G Data has long featured the ability to manage the programs that launch automatically when your system boots.
Its Autostart Manager can delay launch of any such program for from one to 10 minutes, or set it to never launch at startup. You can also configure it to launch the program when the system's startup activity has died down.
This is a more fine-grained control than you get with the similar feature in Norton.
A Mature Product
G Data has been around longer than almost any of its competitors, and G Data Antivirus 2017 is a mature product.
Since my last review, it has added components specifically designed to protect against exploits, keyloggers, banking Trojans, and ransomware.
It earned a great score in my hands-on malware-blocking test, and took decent scores from the independent testing labs. However, it proved less effective at blocking access to malicious and fraudulent URLs.
Bitdefender Antivirus Plus and Kaspersky Anti-Virus earn top scores from the independent labs.
Symantec Norton AntiVirus Basic scored high in all of my hands-on tests, and includes an impressive set of bonus features. Webroot SecureAnywhere Antivirus goes even farther with behavior-based detection, making it the tiniest antivirus around.
And a single license for McAfee AntiVirus Plus lets you install protection on every device in your household. Out of the huge range of antivirus products, these five have earned the title Editors' Choice.
PCMag may earn affiliate commissions from the shopping links included on this page.
These commissions do not affect how we test, rate or review products.
These days, you can find almost anything bundled into one antivirus or another—firewalls, spam filters, even password managers.
At the other end of the spectrum are lean, mean antivirus tools that just focus on the task at hand.
TrustPort Antivirus Sphere belongs to the latter group.
It does boast several bonus features, but they're all aimed at that core task.
Alas, it didn't fare well in my hands-on testing, and the independent labs mostly ignore it.
At $22.95 per year for one license or $29.95 for three, TrustPort is easier on the wallet than most of the non-free competition.
Bitdefender, Kaspersky, Norton, Webroot SecureAnywhere AntiVirus, and more than a dozen others charge $39.95 for a single license. However, after working with the product I'm not sure it's a bargain, even at that price.
With the 2017 product line, TrustPort has added "Sphere" to each product name, and changed the user interface considerably.
The small main window boasts a horizontal row of five large, square buttons against a dark gray background.
A green button toggles the on-access scanner, and another configures the anti-exploit component.
There are blue buttons to check for updates, display quarantined malware, and access bonus features.
What you won't see is anything like the big scan button that dominates Trend Micro Antivirus+ Security, Quick Heal, and a few others.
The documentation points out that the on-access scanner should take care of any problems, but that there are several ways to launch a scan. You can scan any drive or folder by choosing from the right-click menu, or select from numerous scan possibilities by right-clicking the TrustPort icon in the notification area.
A full scan of my standard clean test system took 63 minutes.
That's longer than the current average of 47 minutes, but again, TrustPort encourages users to skip the on-demand scan and rely on the real-time scanner.
Labs Mostly Mum
Independent antivirus testing labs around the world put multiple products through grueling tests, all designed to identify those that are the most effective.
I follow five labs that regularly report on their findings.
In most cases, vendors must pay to have a product tested (and reap the reward of learning what areas need work). When a product appears in reports from multiple labs, it means the vendor considered the expense worthwhile, and the labs considered the product significant enough to merit one of their testing slots.
Top antivirus utilities like Kaspersky Anti-Virus and Bitdefender get the highest marks from many labs.
If my simple hands-on tests don't seem to align with the lab results, I give the labs more weight.
Alas, there are very few lab results available for TrustPort.
It doesn't show up in reports from AV-Test Institute, AV-Comparatives, or SELabs.
These three offer the most information about a product's antivirus capabilities.
That leaves Virus Bulletin, with its VB100 and RAP (Reactive and Proactive) tests.
I stopped tracking VB100 a while ago, because a single false positive translates into failure.
The RAP test skews the other direction detail-wise, offering scores measured in hundredths of a percent.
TrustPort's latest RAP score of 85.34 percent is better than average, but that's all the information I have.
I can't build an aggregate lab score from one small data point.
Sharp-eyed users may notice that TrustPort uses two antivirus engines, code-named Argon and Xenon.
These are licensed from AVG and Bitdefender, respectively. However, the labs state very clearly that their results apply only to the actual product tested, not to any licensee.
So only tests of an actual TrustPort product are relevant.
So-So Malware Removal
I installed TrustPort on a virtual machine and waited for the necessary initial update.
Then I initiated my malware-blocking test by opening a folder full of malware samples.
TrustPort immediately started checking them, and quarantining any it found to be malicious. However, the process proved so CPU-intensive that the system was unusable for several minutes.
Admittedly, the average user doesn't just open a folder full of malware and shove the antivirus's face in it.
With G Data Antivirus 2017 and some other competitors, you must respond to a popup notification for each detection.
TrustPort conveniently stacks up multiple detections in a single popup.
The on-access scan eliminated 84 percent of the samples at this point.
I launched each of the remaining samples, taking note of how effectively the antivirus blocked its installation.
TrustPort missed a few, but managed to pull its overall detection rate up to 87 percent.
Its malware-blocking score was 8.5 of 10 possible points, which isn't great, especially with no stellar lab results to offset it. Webroot, G Data, F-Secure Anti-Virus, and a couple others managed 100 percent detection. Webroot earned a perfect 10 points; G Data and F-Secure came close, with 9.8 points.
My malicious URL blocking test starts with a feed of the latest malware-hosting URLs graciously supplied by MRG-Effitas.
These URLs are typically no more than a day or two old.
The malware samples aren't zero-day threats by any means, but they're definitely in the wild.
I launch each URL and note whether the antivirus kept the browser from reaching the URL, eliminated the malicious download, or did nothing at all. When I've got data for 100 valid malware-hosting URLs, I tally the results.
TrustPort's antivirus is at something of a disadvantage here, as the company reserves Web-based protection against malicious or fraudulent URLs for the security suite products. However, it proved quite vigilant at blocking malicious downloads.
In many cases, it identified and blocked the download before I could even hit Save.
That vigilance wasn't sufficient to yield a good score, however.
At 70 percent protection, TrustPort is in the lower half of recently tested products. Norton is at the top, with 98 percent protection.
Avira Antivirus Pro came quite close, blocking 95 percent of the malware downloads.
For most products, I would proceed to test antiphishing capabilities, comparing the products detection rate with that of Symantec Norton AntiVirus Basic and of the built-in protection in Chrome, Firefox, and Internet Explorer. However, as noted, detection of undesirable websites isn't included in TrustPort's antivirus.
TrustPort devotes one of its five main buttons to the anti-exploit component.
By default, this component runs in Silent mode, and the average user will assume that means it's offering exploit protection silently. Unfortunately, it isn't so.
The default action in Silent mode is to allow all activity, meaning the anti-exploit component doesn't do anything.
If you take it out of Silent mode, it pops up a notification when it detects chicanery, giving you the option to block or allow a specific action, or mark the program involved as trusted.
To evaluate this component, I turned off Silent mode and attacked the test system with about 30 exploits generated by the CORE Impact penetration tool. Not one of them triggered a notification by the anti-exploit component, though the on-access scanner tagged a dangerous payload for 20 percent of them.
It turns out I just didn't understand the meaning of exploit in this context.
TrustPort doesn't watch for attempts to exploit specific vulnerabilities in the operating system or popular programs. Rather, it looks for programs attempting to manipulate other programs.
For example, it found my hand-written programs that launch Internet Explorer and direct it to malicious or phishing URLs to be highly suspicious.
For a further test, I attempted to install 20 old utilities, programs that work by hooking deeply into the operating system.
TrustPort flagged eight of them, giving me the option to allow or deny the suspicious action.
Strangely, the checkbox to remember my choice wasn't functional, so the popups just kept coming, in every case.
I could end the torture by choosing to trust the program, but I found no other way.
The same menu lets you switch to the application inspector component, disabling anti-exploit.
This component aims to foil zero-day and polymorphic malware by preventing malicious behaviors.
It prevents modification of sensitive file system and Registry areas, active processes, Windows services, and more. When it detects suspicious activity, it asks you, the user, to decide a course of action. You can allow the program, in which case it becomes trusted, with no limits. You can run it with sandbox-like restrictions. Or you can block it, in which case TrustPort kills the process.
I switched TrustPort to use the application inspector and repeated the test with old utilities.
The application inspector flagged six of them for various crimes, among them modifying a protected Registry location, using harmful access privileges, and more.
Two other utilities failed to function properly, with no notice from TrustPort. While both anti-exploit and application inspector flagged eight programs, only two programs got zinged by both.
It's possible to dig deep into settings and fine-tune the way these features work, but few users will go beyond the three basic settings.
The default silent anti-exploit mode does nothing.
The interactive anti-exploit mode blocks activity by some valid programs, and I couldn't end its popup cycle except by trusting the program.
And the application inspector also blocks valid programs, but in a different way.
After experiencing all three, I'm warming to the do-nothing option.
The Extra Applications button on the main window looks tempting. What could these goodies be? Alas, the average user won't be able to make use of them. Who understands what it means to Prepare BartPE Plugin or to Prepare Windows PE CD?
In fact, both options aim to let you wipe out the most persistent malware by booting into an environment where the malware has no power.
If you dare to choose the BartPE option, TrustPort prompts you to select a folder and then announces that it successfully created the plugin. You're left to research BartPE on your own, and create a BartPE bootable disk including the plugin files.
If you choose instead to prepare a Windows PE CD, you'll find that you can't. Not without first downloading and installing Microsoft's Windows Automated Installation kit.
This just isn't something the average user will do.
Bitdefender Antivirus Plus 2017 handles this same problem so much better. You don't have to fiddle with creating a rescue disk at all. Just choose Rescue Mode and the system reboots into a non-Windows environment where Bitdefender is king. Kaspersky automates the process of creating a rescue disk, and Avira at least lets you download its rescue disk as an ISO file.
TrustPort needs to move away from the über-geeky BartPE and Windows PE solutions.
Not a Winner
With its new name and user interface, TrustPort Antivirus Sphere makes a good first impression. However, most of the antivirus testing labs ignore it, and it earned mediocre scores in our testing.
The anti-exploit component takes no action by default.
If you take it out of silent mode, it pops up warnings about both good and bad programs. Yes, it costs less than most competing products, but the best of those are worth paying more for.
From the many dozens of antivirus products available, we've identified five as our Editors' Choice products.
They are: Bitdefender Antivirus Plus, Kaspersky Anti-Virus, McAfee AntiVirus Plus, Symantec Norton AntiVirus Basic, and Webroot SecureAnywhere Antivirus.
Each has its own virtues.
These commissions do not affect how we test, rate or review products.
If a website's massive data breach compromises your privacy, there's not much you can do. It's out of your hands. But that doesn't mean you're completely helpless. There's plenty you can do to protect your own privacy, things like encrypting your files, and protecting your passwords. Steganos Privacy Suite 18 brings together a variety of useful privacy-related tools. However, the quality of the tools varies, and the suite lacks some useful features found in competing products.
With most antivirus tools, security suites, and password managers, you pay a yearly subscription fee. That's not the case with Steganos. For $59.95 you can install it on up to five PCs and use it for as long as you like. The only thing you don't get is a free update to the next version.
Earlier editions of this product included VPN protection, but the current product lineup makes Steganos Online Shield VPN a separate product. As I write this, Steganos is running a promotion that gives you the VPN for free when you purchase the suite. Note, though, that PCMag's Max Eddy gave this VP service just two out of five stars.
Getting Started with Steganos
After the quick, simple installation Steganos displays its main window. At the left is a three-by-three matrix of icons representing the suite's features: Safe, Portable Safe, Crypt & Hide, Password Manager, Private Favorites, E-Mail Encryption. Shredder, Trace Destructor, and Privacy. The suite is effectively a launch pad for these utilities.
The right-hand portion of the main window is a kind of security progress report. Just by installing the suite, you start with a 20 percent security level. Creating an encrypted safe for storing sensitive files gets you another 20 percent, and setting up the password manager raises it by another 20. Using the password manager's bonus ability to store private favorites adds 20 percent more. Configuring the Privacy components takes you to 100 percent. I like the way this simple report encourages full use of the product's features.
Several components of the Steganos Privacy Suite are available as standalone products. I'll summarize my findings regarding those products. To get full details, please click the links to read my reviews.
Steganos Safe 18 lets you create any number of safes, which are encrypted storage containers for your sensitive files. You can create safes on your PC, on portable devices, or in your cloud storage accounts. When a safe is open, you use it exactly like any disk drive. When it's shut, its contents are completely inaccessible.
Steganos Safe is extremely easy to use, more so than most container-based encryption products. In addition, it offers some seriously sneaky techniques for hiding the very existence of your safes from prying eyes. For example, you can hide a fairly small safe inside an audio, video, or executable file. And the Safe in a Safe feature lets you dedicate a percentage of a visible safe for use as a discrete, invisible storage location, with its own separate password.
Along with the encryption tool, you also get Steganos Shredder, a secure deletion shredder utility. You can securely delete any file or folder by selecting Destroy from the right-click menu. With this tool you can also shred all of the free space on disk, effectively applying secure deletion to already-deleted files. It can also wipe any disk drive (except the active Windows drive) so thoroughly that a format is required when it's done.
Steganos Password Manager 18 handles the basic tasks of password capture and replay, and includes a password generator. Unlike most competing products, it doesn't directly handle syncing your passwords between devices; if you want syncing, you must connect to your existing cloud storage. You also get a limited ability to fill Web forms with personal data.
In testing, I couldn't get the password manager's Firefox extension to load. Also, some features worked in Chrome but not in Internet Explorer. If you get this password manager as part of the Steganos suite, you might as well use it. But if you're shopping for a standalone password manager, there are much better choices.
The two standalone Steganos products I've reviewed account for five of the suite's nine component icons. Password Manager and Private Favorites both correspond to Steganos Password Manager. Safe and Portable Safe are parts of Steganos Safe, as is Shredder. For the remainder of this review I'll focus on the rest of the privacy components.
Encrypt and Hide
The name Steganos comes from the term steganography, which is not the same as encryption. The aim of encryption is to ensure that others can't decipher your secrets. The aim of steganography is to conceal the fact that you have secrets. When you process a file through the suite's Crypt & Hide component and then shred the original, a hacker or snoop won't find any evidence that the sensitive data exists.
I don't know precisely how this tool processes files—it's not in the company's interest to reveal such information. But here's a simple example of how steganography could work to hide a file inside an image. First, picture that the file contains a list of numbers representing the exact color of each pixel in the image. Now round all those numbers so they're even. That tiny change doesn't make a visible difference in the image. Convert your secret file into a stream of bits, and step through the list of the image's pixels, leaving the color number unchanged for zero bits and making it odd for one bits. You've hidden the file in a way that's completely recoverable, but the image doesn't look appreciably different.
Steganos can use BMP, WAV, or JPG files as carriers for encrypted data. The help system advises using a carrier file at least 20 times the size of the encrypted data. You can also use it to create encrypted archives without hiding them, much as you'd do with a ZIP archive utility. Note, though, that the archives created by Steganos use the proprietary EDF format, not the standard ZIP format.
To create a simple encrypted archive, drag files and folders onto the Crypt & Hide dialog, or browse to locate the desired items. You can also enter a text description of the contents. Clicking Save lets you define the name and location for the resulting EDF file. The password entry dialog is the same as that used by Steganos Safe and Steganos Password Manager. It rates password strength as you type, with the option to use a virtual keyboard, or to define the password by clicking a sequence of pictures.
To create an encrypted file and also hide it, follow precisely the same procedure, but click the Hide button instead of the Save button, and choose a BMP, WAV, or JPG file as carrier. That's it. Your secret files are hidden within the chosen carrier. Don't believe it? Launch Crypt & Hide again, choose Open, and select your carrier. Once you enter the password, your files are back. Of course you must use the shredder to destroy the originals.
As you use your computer and browse the Web, you leave behind traces of what you've been doing. Sure, you hid your secret plans using Crypt & Hide, but if MyWorldTakeover still shows up in the list of recent documents, you're busted. In a similar way, your browsing history may reveal way too much about what you've been researching. That's where TraceDestructor comes in.
TraceDestructor clears various types of browsing traces from Chrome, Firefox, Internet Explorer, and Microsoft Edge. For Edge, it just clears cookies and cached files. For the others, it can also wipe out such things as history, autocomplete data, and passwords. It can also empty the Recycle Bin and eliminate Windows temporary files, recently used file lists, and other traces.
Cleaning up traces doesn't take long. When the process has finished, Steganos advises you to log off and on again, for full cleanup. Simple!
Clicking the Privacy icon brings up a simple settings dialog with four on/off switches, all off by default. I couldn't test Webcam protection, because my virtual machine test systems simply don't have webcams. In addition, every time I opened Privacy Settings I got a notification from Windows that the webcam privacy component crashed.
Webcam protection does nothing but deactivate your webcam, so you must turn that protection off if you want to use the cam for videoconferencing. A similar feature in ESET Internet Security 10 lets you disable the webcam in general but enable specific programs. That would prevent webcam spying while still letting you Skype, for example.
Kaspersky Total Security also offers webcam blocking for all but permitted programs. It extends similar protection to the microphone, to head off the possibility of a snoop listening in on your activities.
Internet advertisers work hard to profile your personal surfing habits, so they can target ads based on your interests. If you've ever bought (or looked at) a product on one site and then seen an ad for that product on a different site, you've seen this process in action. You can set your browser to send a Do Not Track header with each request, but sites aren't compelled to obey this header. The Prevent tracking option in Steganos filters out tracking activity before it reaches the browser.
Some trackers skip the usual techniques for tying together all data about your online activity, instead trying to create a fingerprint of your devices and activity, including precise data about the browsers you use. Steganos lets you replace your actual browser details with a generic fake set, to anonymize your browser type. Finally, you can choose to block advertisements altogether. The Block ads, Prevent tracking, and Anonymize browse type settings are simple on/off switches.
In testing, these three privacy elements initially didn't work. I confirmed this using various online tests. I reinstalled the product, to no avail. I installed it on a physical system, thinking that it might be incompatible with running in a virtual machine. Here, too, the privacy elements just didn't work. Tech support determined this was due to the absence of a proxy process that provides all three types of filtering.
Going back and forth with tech support, I determined that the installer failed to create a necessary configuration file. Even after I manually copied the config file that tech support supplied, it did not launch the proxy process. After more back and forth, I got the proxy running on both systems. It seemed to be running smoothly on the physical system, but its output on the virtual system contained many error messages. That being the case, I focused on the physical system.
There's no way to tell if the Prevent tracking feature is working, but Anonymize browser type should change the user agent string that your browser sends to every website. It did not do so. And although the filter's output log contained tons of ad blocking reports, the ads visibly weren't blocked.
The worst thing about this component is that even when its proxy failed to load, it didn't display any kind of error message. The privacy features work silently, so you'd have no idea that they weren't functioning, unless you noticed its failure to block ads.
There is one icon I haven't covered, E-Mail Encryption. I've skipped this one for several reasons. First, it is not a Steganos product; it's from another company, MyNigma. Second, on a PC it only functions as an Outlook plug-in, and my test systems don't have Outlook. Third, it only works to encrypt email between other users of MyNigma, so it's not useful for general-purpose encrypted communication.
Another Take on Privacy
Abine Blur is another suite of tools aimed at protecting your privacy. Its active Do Not Track component goes way beyond just sending the DNT header, which websites can ignore. Furthermore, unlike Steganos, it makes its activity visible. It includes a simple password manager, but goes beyond Steganos by offering a safety report that flags weak and duplicate passwords.
Blur protects your privacy by masking email accounts, credit cards, and (on a smartphone) phone numbers. Suppose you make a purchase from a merchant using a masked email account, and a masked credit card. Mail from the merchant reaches your inbox, but you can delete the masked account if it starts getting spam. And a merchant who doesn't have your real credit card number can't sell the card data or overcharge you. Read my review for a full explanation.
Blur doesn't block ads, and it doesn't include file encryption, but all of its components are directly aimed at protecting your privacy. Even if you do install the Steganos suite, consider trying Blur's free edition for additional protection. Note that if you do opt for a $39-per-year premium subscription, you can use Blur on all your devices.
Do You Already Have It?
You may also find that you've already got significant privacy protection courtesy of your security suite. For example, Kaspersky and AVG Internet Security include an active Do Not Track system, like what Blur offers, and Kaspersky can block banner ads. Webcam protection in Kaspersky and ESET goes farther than what you get with Steganos.
As for encrypted storage, the core of Steganos Privacy Suite, you can find a similar feature in many suites, among them McAfee LiveSafe, Bitdefender, Kaspersky, and Trend Micro. Admittedly, none of the suites build out this feature into the comprehensive encryption system that is Steganos Safe.
As for password management, it's becoming a common bonus feature in larger suites. Webroot includes a version based on award-winning LastPass, and McAfee comes with all the multi-factor authentication glory of True Key. Symantec Norton Security Premium, Trend Micro, ESET, Kaspersky, and Bitdefender are among the other suites with a password manager built right in.
Before you purchase a set of privacy tools, check to see what you already have right in your existing security suite.
A Mixed Bag
Steganos Safe is easier to use than other container-based encryption programs, and has some nifty features to both encrypt and hide your files. However, Steganos Password Manager lacks advanced features, and some of its features didn't work in testing. The Crypt & Hide component is a kick, as it truly hides your secrets, leaving no trace. But the browser-related privacy filters just didn't work in testing. Steganos Privacy Suite is a mixed bag, for sure.
There aren't many utilities specifically devoted to privacy. Abine Blur Premium remains our Editors' Choice in this interesting field. I look forward to seeing more competition in the specific area of privacy protection.
Microsoft includes free antivirus protection with recent versions of Windows, and it does work—to a point. But for full protection against malware, you need a third-party antivirus, and you don't necessarily have to pay for it. Bitdefender Antivirus Free Edition (2017) includes all the core malware-fighting components of Bitdefender's paid edition, but without the vast collection of additional security features. This product has gone several years without an update; the latest edition is now compatible with Windows 10.
Installing Bitdefender Free is quick and easy. During the process, it downloads the latest version and scans for active malware. You need to sign up for a Bitdefender account to activate it (or sign in if you already have one). The premium edition's main window isn't especially busy, but the free edition is simplicity itself. There's a button to run the full system scan, a drag/drop spot to scan specific files or folders, and a timeline of recent activity. That's it. There isn't even a separate scan window. When you launch a scan, the scan's progress appears in the events timeline.
Excellent Lab Results
While Bitdefender Free doesn't include every feature of the commercial edition, its core antivirus engine is exactly the same as what the independent labs test. And indeed, all the labs that I follow include Bitdefender in their testing. It scored 84.36 percent in Virus Bulletin's RAP (Reactive And Proactive) test, very close to the current average. PC Pitstop PC Matic blew away the competition in the most recent RAP test, with a score of 99.87 percent.
In the three-part test regularly reported by AV-Test Institute, Bitdefender earned 6 of 6 possible points each for protection and usability, and 5.5 out of 6 for performance. Its total score of 17.5 points makes it a top product. Avira and Kaspersky edged out that score, each taking a perfect 18 points.
The researchers at AV-Comparatives perform a wide variety of tests; I follow five of them. Products that pass a test earn Standard certification, while those that do significantly better receive Advanced or even Advanced+ certification. Bitdefender took Advanced+ in all five tests; only Kaspersky Anti-Virus has matched that feat recently.
Simon Edwards Labs attempts to simulate the real world of malware as closely as possible for testing purposes, using a capture/replay system to present each product with a real-world Web-based attack. Certification from this lab comes at five levels, AAA, AA, A, B, and C. Bitdefender and Avast got AA certification, beaten only by the AAA certification received by ESET, Kaspersky, and Norton.
The tests performed by MRG-Effitas are a bit different from the rest. To pass this lab's banking Trojans test, a product needs a perfect score; anything less is failure. Another test using a wide variety of malware offers two passing levels. If a product absolutely blocks every installation attempt, it passes at Level 1. If some malware gets through, but is eliminated within 24 hours, that earns Level 2. Anything else is a fail. Like two-thirds of all products tested, Bitdefender failed the banking Trojans test. Along with Avast Free Antivirus 2016, Avira, and a few others, Bitdefender passed the broad-spectrum test at Level 2.
Only Avast, AVG AntiVirus Free, Bitdefender, and ESET show up in the test results of all five of the labs that I follow. Bitdefender's excellent performance yields an aggregate lab score of 9.3 points. Avira Antivirus and Norton scored a bit better, and Kaspersky is at the top, with a perfect 10 points, but all the other products I track trail Bitdefender in aggregate lab score.
Very Good Malware Blocking
I always run my own hands-on testing, just to get a feel for the way a product handles malware. If I don't get enough data from the labs, my hands-on test is the only way I can rate antivirus accuracy. In this case, the labs have already made it very clear that Bitdefender is a winner.
Naturally the results of my hands-on malware blocking test were basically the same as what I got when testing Bitdefender Antivirus Plus 2017 a few months ago. In a few cases the cleanup was more thorough, but not enough to change the score. A detection rate of 90 percent isn't tip-top, nor is an overall score of 8.8 points. Tested with this same collection of samples, Webroot managed 100 percent detection and a perfect 10 points. Avast detected 100 percent of my previous collection and earned 9.7 points. But when my results don't jibe with the findings of the labs, I yield to the labs.
Bitdefender's premium antivirus, along with the suite products, runs by default in AutoPilot mode, meaning that as much as possible it takes care of security without bothering the user. You can turn off AutoPilot in the premium products, but not in the free edition. I observed that in several cases, it silently killed off a malware process and cleaned up its traces, occasionally triggering an error message from Windows about its inability to access the file.
My malicious URL blocking test takes an hour or more to run. In this test, I challenge the antivirus's Web-based protection to keep the browser safe from 100 very fresh malware-hosting URLs. I also give credit if the real-time antivirus eliminates the malicious payload during the download process. I didn't rerun the entire test, since the underlying engine is the same, but I ran a stripped-down version just to verify that the free edition handles malicious URLs. A 90 percent protection rate is quite good, better than all but a few competing products. However, with 98 percent protection, Norton has the top score.
Tops at Antiphishing
The most accurate malware-detection system in the world can't help you if you fall for a scam and give away your precious passwords. Phishing websites masquerade as banks, online merchants, even gaming websites, and do their best to steal your login credentials. They get caught and blacklisted quickly enough, but the fraudsters just grab their winnings and move on.
To test a product's ability to keep users safe from this kind of fraud, I scrape phishing URLs from a variety of reporting sites. I try to get URLs so new that they haven't been analyzed and verified. I run the test simultaneously on the product under testing and on Symantec Norton AntiVirus Basic, a consistent antiphishing winner. I also check the protection built into Chrome, Firefox, and Internet Explorer.
Hardly any products come even close to Norton's detection rate. Avast and Qihoo 360 Total Security 8.6 did well, coming in just 1 percentage point behind Norton. Webroot beat Norton by 1 percentage point, and Kaspersky beat it by 2 points. But Bitdefender owns this test, coming in 5 percentage points better than Norton.
Note that Bitdefender also aims to detect frauds and scams other than straight phishing websites. The full antivirus product uses specialized icons for such things as escrow scams, online dating scams, and piracy sites. With the free edition, you just get a report that it blocked a phishing attempt or a fraud attempt.
What's Not Here
I've described the entirety of what Bitdefender Free does. The feature list of the full, premium Bitdefender Antivirus goes way, way beyond this. Please read my review (linked above) for full details on what you get by paying for the full edition. I'll list the bonus features here.
The Bitdefender Wallet component is a complete, if basic, password manager. It captures and replays passwords, imports passwords from your browsers, generates strong passwords, and fills Web forms. It doesn't try for advanced features like two-factor authentication or automatic password update.
Bitdefender SafePay is a hardened separate desktop designed to keep your sensitive online transactions safe. Processes running under SafePay are isolated from processes on the regular desktop. The Wi-Fi Advisor both checks your home network's security and warns when you connect to an insecure network. If the antivirus can't eliminate a particularly nasty malware specimen, you can reboot in Rescue Mode to handle the threat outside of Windows.
Using the File Shredder you can delete sensitive files permanently, beyond the possibility of forensic recovery. A Search Advisor add-in marks up dangerous websites in search results. And the Vulnerability Scan checks for missing security updates and for weak Windows passwords. A new ransomware-specific protection layer aims to protect your important files. And none of these jolly bonus features are present in the free edition.
As you can see, Bitdefender Antivirus Free Edition doesn't have the wealth of features that makes its for-pay sibling such a powerhouse. But it totally does contain the same basic protection against malware, malicious websites, and fraudulent sites. If that's exactly what you want, then you needn't spend a penny to get your system protected by Bitdefender.
The feature set of AVG AntiVirus Free includes website rating, file shredding, active blocking of trackers, and a simple browser privacy cleaner. Avast Free Antivirus 2016 offers password management, vulnerability scanning, system cleanup, and an unusual scan for network and router vulnerabilities. Panda Free Antivirus helps clear out unwanted toolbars from your browsers, scans every USB drive you mount, and vaccinates USB drives against malware infestation. These three are our Editors' Choice free antivirus utilities. Of course, since they're all free, you can give each of them (and Bitdefender, too) a try before settling on your favorite free protection.
Passwords are terrible. We all hate them.
But we're stuck with them until something better comes along.
Still, it seems like adding insult to injury when the first thing a password manager does is ask us to create and remember...a master password! The folks at LogMeOnce feel your pain.
As long as you have a smartphone or mobile device available, LogMeOnce Password Management Suite Premium is perfectly happy without a master password. Just be sure to keep that smartphone well secured.
This free password manager rivals LastPass in its broad feature set, and it outperforms most of its for-pay competitors.
Like LastPass, LogMeOnce is totally free, with no limit on the number of saved passwords or on the number of devices you use.
Certain advanced features aren't available in the free edition; gaining access to those requires that you purchase LogMeOnce Password Management Suite Ultimate. Other features have limits not found in the paid edition.
Still, this free password manager is more feature-rich than most of its paid competitors.
Speaking of those competitors, LogMeOnce has the ability to import passwords from LastPass 4.0, Dashlane, Roboform, and 19 others.
If you're looking to make a change, importing from your old password manager certainly makes it easy. LogMeOnce can also import passwords stored in Chrome, Firefox, and Internet Explorer. KeePass is the import king, with the ability to import password data from more than 40 competitors.
You begin the process of signing up for a LogMeOnce account by entering your first name, last name, and email address. You also choose a security question and answer. Here, as always, it's extremely important to pick something that nobody could figure out by Googling you or eyeing your social media. Rather than accept one of the predefined questions, add something that has meaning to you, and only you.
Now comes the big choice. You can choose to create a passwordless account, or one that uses a master password.
For testing, I started with the default passwordless account, and installed the necessary browser plugin.
The account creation wizard sent a text to my Apple iPhone 6 with a link to install the LogMeOnce app. Once I entered my email address in the app, the Web page displayed a QR code for pairing.
To finish off the process, I defined a six-digit PIN.
You can use LogMeOnce on any computer, but you do have to install the browser extension first. Once you've done that, LogMeOnce sends an authentication request to your smartphone (Android or iOS).
If the phone supports it, you can log in with a fingerprint.
If not, that six-digit PIN does the job.
Bear in mind that a hacker couldn't do anything with the PIN alone.
Authentication requires knowing the PIN and having possession of the smartphone.
Because LogMeOnce is totally browser-based, it's not limited to a specific platform.
It works just the same on Windows and macOS devices. You can even use it under Linux (something I haven't tried). And it's available in the app store for both Android and iOS devices.
There's also an unusual authentication option called PhotoLogin. When logging in on the smartphone itself, this feature simply snaps a photo of whatever is in front of the phone.
If the photo matches what you expected to see, you tap to log in.
Using this feature to authenticate your login from the browser-based version is a premium-only feature.
Indeed, when I tried, it simply showed a generic image, with the message "Upgrade to paid edition for actual data." However, when I tapped to accept, it still unlocked my account in the browser.
While PhotoLogin seems akin to facial recognition, it really isn't. You, the user, verify that the picture you are seeing is what you just snapped.
Someone who picks up your phone while it's not locked is equally free to verify the photo, and thereby get full access to your passwords.
The premium edition has additional protection and verification features for PhotoLogin and the related Selfie-2FA (two-factor authentication) feature.
If you're going to use this feature with the free LogMeOnce, you need to take some precautions.
Enable a strong PIN for the lockscreen, or better yet, fingerprint-based authentication.
Set your phone to always require the lockscreen.
And never set it down without turning it off.
If that seems too tough, you can always go back to using a master password.
It's worth mentioning that True Key by Intel Security can authenticate without your master password.
Indeed, if you've defined enough biometric and other authentication factors, you can reset a forgotten master password. You can't create an account with no master password, the way you can with LogMeOnce, but you can configure True Key to unlock based on factors other than the master password.
LogMeOnce comes with numerous short videos explaining all its features. On viewing a few of these, you'll quickly realize that by "applications" this product means what other products might call accounts, passwords, or logins.
As with LastPass, Dashlane, RoboForm Everywhere 7, and most competing products, LogMeOnce notices when you log in to a secure site and offers to save your login credentials as an application. You can assign the new application to one of seven predefined groups at capture time.
Creating new groups is a premium-only feature.
Note, though, that there's another option for adding an application. LogMeOnce comes with a catalog of close to 4,500 known websites.
If a site is in the catalog, you know that LogMeOnce can handle it, even if it uses a non-standard login page. LastPass and Sticky Password Premium take a different approach to nonstandard logins, allowing the user to simply capture data from all fields.
When you add an app from the catalog, it prompts you to enter the corresponding username and password.
By default, new apps use Single Sign-On, meaning that LogMeOnce will log in automatically.
Turning this setting off means that login won't happen until you click.
If you choose to enable Single Log-Out, logging out of LogMeOnce also logs you out of the site.
For each application, you can accept the catalog image, use the website's own icon, or add a custom image.
If you revisit a site that's already in LogMeOnce, it offers to fill in your credentials, displaying a menu if you've saved more than one set. You also get ads on-screen here; the premium edition has no ads.
As with most competing products, you can click the browser toolbar button for a list of available logins. Just click one to go there and log in.
If you've saved a ton of sites, you can find the desired one quickly by typing in the search box.
Each letter you type narrows the list.
LogMeOnce stores passwords for websites only, not for other programs.
The only free password manager I've evaluated that handles passwords for programs is KeePass 2.34, which doesn't include the usual password capture and replay for websites.
Password Calculator and Password Policy
When you create a new account, you can use LogMeOnce's password calculator to generate a strong password.
By default, it creates 15-character passwords using all character types.
That's better than Symantec Norton Identity Safe, which defaults to 8 characters.
The default in Enpass Password Manager 5 is an impressive 18 characters, but KeePass tops that with 20 characters.
They call it a password calculator because it calculates the approximate time required to break whatever password you type into it.
For example, it estimates three hours to crack "Password," but 78 days to crack "Password!" with an exclamation mark.
As for its own generated passwords, well, don't try cracking those unless you have 157 billion years to spare.
The point of setting a password policy is to encourage good security habits.
By default, your master password expires every three months, and must be replaced with a new master password you've never used before. You can eliminate or soften the restriction on previously used passwords, allowing reuse after three or five other master passwords.
Those using the premium edition can change the expiry time to as short as one month or as long as one year. Of course, this applies only if you've added a master password to your LogMeOnce account.
By default, LogMeOnce requires that a master password consist of at least eight characters, containing uppercase letters, lowercase letters, and digits.
If do choose to use a master password, I suggest you make it a strong one, well beyond the minimum requirements.
Those using the premium edition can set a password policy for website passwords as well.
When you're using password-less authentication, you've already got a form of two-factor authentication. Nobody can log into your account unless they also possess your smartphone.
But if you're looking for additional security, LogMeOnce has a ton of options.
The two-factor authentication page implies that you must establish a master password to use two-factor protection, but I found that I could use multiple factors along with passwordless authentication. You can use Google Authenticator, or a Google Authenticator work-alike such as Duo Mobile or Twilio Authy, as a second factor. Making the connection is as simple as snapping a QR code with your mobile device.
Like True Key, Zoho Vault, and others, LogMeOnce can send a one-time password via text message, for a second authentication factor.
It can also send that one-time password as a voice call.
But unlike any other product I've seen, LogMeOnce charges you for the privilege of using voice or SMS authentication.
In the US, voice calls cost four credits and text messages cost two. You purchase credits in bundles of 1,000 for $10.
Additional two-factor options become available in the premium edition.
These include Selfie-2FA (photo-based security), authentication using a prepared USB drive, and (for geeks only) authentication using an X.509 certificate.
If you enable multiple two-factor options, your master password plus any one of the other factors unlocks the account.
While not precisely related to two-factor security, LogMeOnce's Mugshot feature also helps secure your account if someone else gets hold of your device. On a failed login attempt, this feature snaps photos with the front and rear cameras and transmits that information to your account, along with the device's location and IP address. Note that the premium edition includes a full-scale set of anti-theft features.
Filling passwords into login pages isn't much different from filling personal data into Web forms. Like many other password managers, LogMeOnce lets you define personal information profiles for Web form filling. You can even update personal data from your Facebook profile.
This utility's collection of personal data isn't as extensive as some, but it covers the basics, and you can create multiple instances of personal, address, phone, and company data. Personal data consists of first and last name, email address, birthday, and gender (just male or female, not the dozens of choices you get with Tinder).
And you can identify each phone number as cell, home, fax, work, or other.
I was pleased to see that the multiple phone entries correctly filled the matching fields, and that it filled an Age field by calculating from the profile's birthdate.
New since my last review, LogMeOnce now lets you save credit card details in its Secure Wallet.
Cleverly, it detects the card type based on the number you enter. Like Dashlane 4, it creates a card image using the background of your choice, with the cardholder name and issuing bank. When you click in a credit card field on a Web form, you choose from the clear visual representations of your cards.
Sharing and Inheritance
When you point the mouse at an app in LogMeOnce's Cloud Dashboard, you see icons for sharing, beneficiary, and automatic password change.
I'll discuss automatic password changing in a bit.
You can share any of your passwords with another LogMeOnce user, using the recipient's email address.
The free edition allows five shares; there's no limit in the premium edition.
As with LastPass and Dashlane, the recipient can use the login but can't see the password.
If you choose to make it an open share, the password is visible, but still can't be changed.
There's also an option to set an expiry date, but only in the premium edition.
Defining someone as the beneficiary is a different matter.
The beneficiary gets access to your data only after a specific waiting period, much like the similar feature in Dashlane. You can define one beneficiary for your entire account, and set a beneficiary for up to five specific apps.
A premium account can have unlimited beneficiaries.
There's also an option to require proof of death before LogMeOnce releases the data.
Password Reporting and Changing
When you start using a password manager, the first thing you do is get all of your existing passwords into the collection.
It's easy enough to let the password manager generate strong passwords for any new accounts you register.
But sooner or later, you really must go back and fix any weak or duplicate passwords.
The Security Scorecard page gives you an overview of your security status as well as what it calls a hybrid identity score.
The latter is based on a handful of specific criteria, among them whether you're using two-factor authentication and whether you've watched the training videos.
Clicking for details on master password strength or overall password strength triggers an invitation to upgrade.
Really, the most important part of this report is at the bottom, which lists all your passwords, from weakest to strongest, and also flags any duplicates. Like LastPass and Dashlane, LogMeOnce can automate the password change process for many common websites.
There's also a separate page that just lists the passwords that it can change automatically, with a big button to change them all.
Another page in the Reports section displays any data captured by the Mugshot feature.
This includes the front and back photos, the IP address, and the location at which the failed login took place. LogMeOnce also provides a list of activities, as well as what it calls productivity charts, different views of how you use the product.
New since my last review, a colorful Productivity Dock across the bottom of the dashboard offers quick access to important features.
As you point to icons in the dock, they expand, much as on the macOS desktop.
And if you're using the free edition, the expanded icon displays a tooltip noting that you must upgrade to use the dock. You can access a similar collection of items in the Smart Menu connected to your account picture at top right, so you're not totally missing out. You can even turn off display of the non-functional dock.
The Devices tab under Security lists all your devices, and lets you delete a device that you no longer use.
A map across the bottom lets you locate a missing device…but only if you're a paid user.
For those who've put up the money, LogMeOnce offers a full set of anti-theft features, among them remote locate, lock, and wipe, the ability to display a message on the missing device, and an option to make it ring at top volume, in case you've simply mislaid it.
When you get a notification on your mobile device that someone wants to log in to your account, you had better hope that someone is you. Users of the premium edition get a ton of information along with the login request, things like the associated email address, date/time stamp, IP address, and even GPS coordinates.
Still a Knockout
Despite the word Premium in its name, LogMeOnce Password Management Suite Premium is completely free, and it outperforms many of its for-pay competitors. New features like PhotoLogin and Secure Wallet make it even more of a winner.
Granted, the wealth of features means there's a lot for a new user to learn, but a growing collection of training videos helps with that process.
Along with the free LastPass, LogMeOnce is a five-star Editors' Choice free password manager.
These commissions do not affect how we test, rate or review products.
Modern kids have never known a time when they couldn't connect to the whole world using the Internet. They're probably more at home online than you are. The problem is, there are things on the Internet that you'd rather they didn't encounter. Sites promoting violence. Sites full of hate. Pornographic sites that promote a skewed notion of human sexuality. You can't supervise every moment that they're surfing the Web on a PC, much less on a smartphone or tablet. That's where parental control software comes in, with the ability to filter out unwanted content, limit screen time, and in some cases monitor social media interactions.
Note that these applications can't substitute for good communication. If you don't want your kids to visit certain kinds of sites, talk to them about your concerns. And do take time to convince older kids that you'll respect their privacy while monitoring their online actions. Otherwise, you can be sure they'll find ways to evade even the most sophisticated system.
Parental Control Basics
Most parental control tools include content filtering—the ability to block access to websites matching unwanted categories such as porn, violence, and hate. This type of filtering only really works if it's browser-independent, and full coverage requires filtering secure (HTTPS) traffic. With no HTTPS filtering, a smart teen could bypass the system using a secure anonymizing proxy website like MegaProxy or Hide My Ass.
Access scheduling is another very common feature. Some applications let parents set a weekly schedule for Internet access, some control computer use in general, and some offer both as choices. A daily or weekly cap on Internet usage can also be handy.
Devices, Devices, Devices
Long gone are the days when a single parental control utility on the singular Family PC sufficed. Modern kids use all kinds of Internet-connected devices, and modern parental control systems must keep up.
Before settling on a particular parental control utility, you'll want to make sure that it supports all of the device types found in your household. While all the products in the chart above support Windows, support for Mac OS, Android, and iOS varies. Check, too, that any limits on the number of child profiles or devices won't be a problem. And if your kids are strictly mobile, take a look at our roundup of mobile-centric parental control apps.
If getting parental control coverage installed on each of your family's devices starts to seem too difficult, consider a whole-network solution. These systems perform content filtering at the router level, so your settings affect every device on the network. Naturally you don't get the same fine level of control and detailed monitoring that you get with a local agent on each device, but wow, is it ever simple!
Social Media Tracking
As the kids get older, content filtering may start to seem pointless. Hey, you let them watch Game of Thrones, right? At some point you start to worry more about their interaction with the wide, wide world. Sure, if their friends come over to play Street Fighter V or Guilty Gear Xrd in person, you can at least meet them. But what about friends on social media? Who are they, really, and what are your kids discussing with them?
That's where social media trackers come in. Typically you have the option to limit your view to posts and interactions that contain words or phrases that might indicate something inappropriate. Also typically, if you really want to you can dig in and see everything.
In most cases, installation of social media tracking requires that you know your child's login credentials, or that you convince the child to log in and install the tracker's app. Disabling this kind of data collection is a snap for the child, so here, more than ever, you need to get agreement from your child.
Remote Notification and Management
With most parental control systems, you can opt to receive notification via text or email when your child tries to visit a blocked site, makes a post using iffy language, or otherwise bends the rules. Some of these tools let kids remotely request parental override to unblock a particular site, or get extra time online to finish homework.
In most cases, you manage your parental control system by logging in to an online console. From the console, you can tweak settings, review activity reports, or respond to a child's override request. And any changes you make propagate to your children's devices when they connect to the Internet.
When you get beyond the basics, parental control systems start to diverge, with many advanced features to help them stand out from the crowd. Some limit access to games, TV shows, and movies based on ratings. Some let parents control just who the kids can chat with via various instant messaging systems. Blocking specific applications is another advanced feature, as is forcing Safe Search on popular search portals.
You'll also find advanced versions of standard features. For example, the best content filters don't just use a database of categories. They analyze page content in real time so that, for example, they can allow access to a short-story site but block the erotica. To learn about these advanced features, and to make an informed choice for your own family, you'll need to read our full reviews.
FEATURED IN THIS ROUNDUP
With configuration and reporting moved to the Web, ContentWatch Net Nanny 7 is fully at home in the modern multi-device world of parental control, and it still has the best content filtering around. Net Nanny 7 is a parental control Editors' Choice. Read the full review ››
With Qustodio Parental Control 2015, you can keep track of your children's online activity on PC, Mac, iOS, Android, or Kindle devices. Its rich feature set and clever social media tracking make it a new Editors' Choice for parental control. Read the full review ››
Symantec Norton Family Premier lets parents track and manage their children's use of Windows, Android, and iOS devices. Its completely Web-based configuration and wealth of features make it a great choice for parental control. Read the full review ››
Kaspersky Safe Kids offers well-rounded, very affordable parental control and monitoring, and it doesn't limit the number of child profiles or devices you can cover. It's an excellent choice. Read the full review ››
You configure Mobicip's parental control options online, and a local agent enforces the rules on your children's devices. In testing, we hit a few communication problems, but overall it's a good choice for the modern multi-device family. Read the full review ››
OpenDNS Home VIP applies parental control and monitoring at the network level, for all your devices, and its essential features are available for free. Consider using it in conjunction with a more conventional parental monitoring tool. Read the full review ››
When you configure your router to use SafeDNS, you can filter out dangerous or objectionable content for every device that connects using your home network. Just don't expect a full range of parental control features. Read the full review ››
Almost all the antivirus programs in my reviews are just updates of products I've examined many times over the years. I rarely see anything new, which is why I was excited to check out WinPatrol WinAntiRansom. Despite the name, this product aims to protect against all forms of malware, not just ransomware. Because it analyzes program behavior rather than relying on signatures, it should in theory be equally effective against all malware, including brand-new zero-day attacks. In practice, however, it both missed some malware and falsely identified many good programs as malicious.
At $19.95 per year, or $24.95 for three licenses, WinAntiRansom is decidedly less expensive than most. Looking strictly at the list price, Bitdefender Antivirus Plus 2017, Kaspersky, Norton, and Webroot all cost twice as much for a single license. McAfee runs three times the price of WinAntiRansom, but permits unlimited installations. On the other hand, paying a bit more gets you a lot more in the way of protection in this case.
WinAntiRansom is unusual in that it doesn't have a home screen or main window. At launch, it displays the settings page, with a ribbon across the top allowing access to logs, configuration, help, and so on. A set of icons at top right expands into a screen that lets you select from nearly four dozen skins, including several devoted to specific seasons or holidays. I can't quite fathom why an anti-malware program needs so many skins, though.
Immediately after installation, WinAntiRansom runs a scan to identify and list known good programs present on the system. Clicking the Programs icon displays this list, which flags digitally signed programs and Windows components with special icons. Once this scan finishes, WinAntiMalware is on the job.
Malware Blocking on Launch
The independent antivirus testing labs around the world have more resources than I do for putting security programs to the test. The fact that they test a program at all says that they consider it important enough, and that the vendor is up for participation. Good scores? Even better! Kaspersky Anti-Virus in particular earns excellent scores from all the labs that I follow.
Unfortunately, none of the labs include WinAntiRansom in testing. That doesn't mean it's bad, but it doesn't inspire confidence.
With no test results from the independent labs, I had to rely entirely on my hands-on testing of this utility's efficacy. Unlike most antivirus apps, WinAntiRansom looks only at program behavior, so there's no on-access scan. That made testing simple. I just launched each malware sample in my collection and recorded the app's reaction.
The antivirus detected 97 percent of my samples, the same as Norton, Trend Micro Antivirus+ Security, and a few others. In each case, it popped up a notification window with the title "PreEmptive Strike Block!" and a line stating "Performed a Ransomware/Malware like action" followed by a number in parentheses. The popup offered two choices, Allow Next Time and Quarantine. WinAntiRansom detected some of the samples immediately on launch, others after a little time had passed.
Those numbers intrigued me. During my testing, I encountered 15 different numbers, ranging from one to 3001. My contact at the company explained that the numbers represent the final action that pushed the program's aggregate behavior score over the top. "We've never made them public because we don't want to help the malware authors find a way to avoid detection, or competitors to improve their products," he explained.
WinAntiRansom's quarantine prevented most of the malware sample from installing anything at all. However, in a few cases I found a malware process not only installed but running. It's possible that the behavior-based detection system quarantined one process but missed another. This brought WinAntiRansom's overall score down to 9.2 points. Symantec Norton AntiVirus Basic and Trend Micro earned 9.7 points because they completely blocked every detected malware attack. Webroot ranks at the top in this test, with a perfect 10 points.
Many False Positives
I could write an antivirus program that absolutely blocks every malicious program. The only problem is, it would also block every non-malicious program. In the real world, antivirus utilities have two goals—to block all malicious programs, and to leave all valid programs alone. False positives, flagging valid programs as malicious, break down the user's trust in the accuracy of the antivirus.
For a false-positive sanity check, I tested WinAntiRansom's reaction to a collection of utility programs once published in PC Magazine. I keep these utilities in the same folder as the malware samples, going through the list alphabetically, and launching both good and bad programs.
The results were dismal. Only five of the 20 programs escaped WinAntiRansom's preemptive strike block. Yes, the user could choose to allow the program next time, and launch it again. But I'm not a fan of security programs that leave that sort of decision to the user. The fact that the popup notification doesn't identify its reason for classifying the program as malware makes that decision extra tough.
Blocking the Latest Threats
I couldn't apply my usual malicious URL blocking test to WinAntiRansom, because it doesn't attempt to block access to malware-hosting URLs and doesn't scan downloads until they run. I value this test, however, because the malware samples in the feed supplied by MRG-Effitas are very current, and the URLs themselves no more than a day old. So, I devised a modified test for WinAntiRansom.
Usually I use 100 samples, but for this more labor-intensive test I stopped once I had downloaded 50 of them. Then I simply went down the line, launching each and noting the application's response. The results were disappointing. WinAntiRansom only offered to quarantine 78 percent of the samples. Norton blocked 98 percent, mostly by wiping out the downloaded malware. Avira Antivirus Pro managed 95 percent protection, almost all by steering the browser away from the malware-hosting URL.
Just for a sanity check, I ran the MD5 hash of each sample through VirusTotal. VirusTotal checks each sample against more than 50 antivirus engines and reports how many deemed it malicious. I recorded the percentage that flagged each sample as malicious. For files that WinAntiRansom detected, the average VirusTotal detection rate was 59 percent. For those that it missed, the average was 53 percent, which isn't much of a difference.
To be fair, it's possible that some of those missed files simply hadn't started their malicious behaviors. That's a hazard of strict behavior-based detection—it can't identify a program that's just lurking in the background, waiting for an opportunity to misbehave. But Webroot SecureAnywhere AntiVirus also uses behavior-based detection, and it scored much better in all of my tests.
See How We Test Security Software
Other Features, and Flaws
WinAntiRansom has numerous additional layers to prevent damage by a malicious program that gets past its behavior-based detection. Network Lockdown works like a firewall's program control, blocking network connections by programs not on the trusted list. Registry protection prevents unknown programs from making changes to critical Registry areas. The company deliberately doesn't list the critical Registry areas, so as not to make things easy for hackers.
As a further bulwark against ransomware, WinAntiRansom denies unknown programs access to files in the SafeZone, which, by default, is a subfolder of your Documents folder. I thought it would make more sense to put the entire Documents folder in the SafeZone, but the app wouldn't let me. From the ribbon, you can click icons to view all recent actions by Registry protection, Network Lockdown, and SafeZone.
I tried to test Network Lockdown by surfing the Internet with my hand-coded tiny browser. However, WinAntiRansom identified it as malicious. The only way I could run it was to mark it as trusted, at which point it was no longer subject to Network Lockdown. Likewise, I thought I could test SafeZone using a tiny text editor that I wrote myself, but WinAntiRansom quarantined it. All three of my lists remained empty, just as they are in the help system's screenshots.
During my testing, the program froze several times, triggering a query from Windows about whether I wanted to just close it, or seek a solution first. It also crashed with an unhandled exception error message a couple times.
I also encountered a very bizarre behavior related to the skins feature. First, I selected the Valentine's Day skin, which turns the background pink, with little hearts scattered around. Then I resized the window. At this point, the background started cycling through three views, each one sweeping down slowly from the top. One was the correct pink-heart background, one was a window-filling grid of little gear icons, and one was just black. The peculiar display stopped after a while, but started again if I resized the window. This behavior was completely repeatable, and happened with some, but not all, of the other skins. I mentioned earlier that I'm baffled by the huge amount of design attention given to supplying dozens of skins, and the weird skin behavior just makes it more puzzling.
WinPatrol WinAntiRansom aims to keep you safe from known and unknown malware by basing its detection on behavior, not on predefined signatures. It's a noble goal, but as far as I could see in testing, the program has a long way to go. It missed some malicious programs, blocked many valid programs, and exhibited oddly buggy behavior in testing.
Out of the huge number of antivirus products out there, we've identified five as Editors' Choice: Bitdefender Antivirus Plus, Kaspersky Anti-Virus, McAfee AntiVirus Plus, Symantec Norton AntiVirus Basic, and Webroot SecureAnywhere Antivirus. Each has its own virtues; for example, McAfee offers unlimited installations, and Webroot uses behavior-based detection successfully. You pay more for one of these antivirus utilities, but you get significantly better protection.