Even the most perfect antivirus utility can’t protect you against a real-world terror attack. Fortunately, you’re much more likely to encounter things your antivirus can defend your from, such as drive-by downloads, Trojanized apps, or malvertising attacks. Just be sure you keep your antivirus active and up to date: You wouldn’t want a zero-day attack to slip past your protection.
Notice I didn’t mention encountering an actualcomputer virus. That’s because these days other types of malware are more prevalent. Don’t worry: Despite the name, antivirus utilities handle Trojans, rootkits, adware, spyware, ransomware, and all kinds of malicious software. PCMag has reviewed over 30 different commercial antivirus utilities, and that’s not even counting the many free antivirus tools. Out of that extensive field, we’ve named four Editors’ Choice products. Eight more commercial antivirus utilities proved effective enough to earn an excellent four-star rating, and another eight earned 3.5 stars.
Almost all of these products are traditional, full-scale, antivirus tools, with the ability to scan files for malware on access, on demand, or on schedule. A couple are outliers, tools meant to enhance the protection of traditional antivirus. As for just relying on the antivirus built into Windows 8.x or Windows 10, that may not be the best idea. In the past, Windows Defender has performed poorly both in our tests and independent lab tests, though it did score a win in September andagain last month. Maybe Microsoft’s slump is ending?
Listen to the Labs
I take the results reported by independent antivirus testing labs very seriously. The simple fact that a particular vendor’s product shows up in the results is a vote of confidence, of sorts. It means the lab considered the product significant, and the vendor felt the cost of testing was worthwhile. Of course, getting good scores in the tests is also important.
I follow six labs that regularly release detailed reports: West Coast Labs, Virus Bulletin, ICSA Labs, Dennis Technology Labs, AV-Test Institute, and AV-Comparatives. Tests by the first three are based on simple threat-recognition, while the last three attempt to simulate real-world malware-attack scenarios. I’ve devised a system for aggregating results from the labs to yield a rating from 0 to 5.
Hands-On Antivirus Testing
I also subject every product to my own hands-on test of malware blocking, in part to get a feeling for how the product works. Depending on how thoroughly the product prevents malware installation, it can earn up to 10 points for malware blocking.
My malware-blocking test necessarily uses the same set of samples for months. To check a product’s handling of brand-new malware, I test each product using 100 extremely new malware-hosting URLs supplied by MRG-Effitas, noting what percentage of them it blocked. Products get equal credit for preventing all access to the malicious URL and for wiping out the malware during download.
Some products earn absolutely stellar ratings from the independent labs, yet don’t fare as well in my hands-on tests. In such cases, I defer to the labs, as they bring significantly greater resources to their testing.
Multi-Layered Antivirus Protection
Multi-Layered Antivirus Protection Antivirus products distinguish themselves by going beyond the basics of on-demand scanning and real-time protection. Some rate URLs that you visit or that show up in search results, using a red-yellow-green color coding system. Some actively block processes on your system from connecting with known malware-hosting URLs or with fraudulent (phishing) pages.
Software has flaws, and sometimes those flaws affect your security. Prudent users keep Windows and all programs patched, fixing those flaws as soon as possible. The vulnerability scan offered by some antivirus products can verify that all necessary patches are present, and even apply any that are missing. You expect an antivirus to identify and eliminate bad programs, and to leave good programs alone. What about unknowns, programs it can’t identify as good or bad? Behavior-based detection can, in theory, protect you against malware that’s so new researchers have never encountered it. However, this isn’t always an unmixed blessing. It’s not uncommon for behavioral detection systems to flag many innocuous behaviors performed by legitimate programs.
Whitelisting is another approach to the problem of unknown programs. A whitelist-based security system only allows known good programs to run. Unknowns are banned. This mode doesn’t suit all situations, but it can be useful. Sandboxing lets unknown programs run, but it isolates them from full access to your system, so they can’t do permanent harm. These various added layers serve to enhance your protection against malware.
Firewall protection and spam filtering aren’t common antivirus features, but some of our top products include them as bonus features. In fact, some of these antivirus products are more feature-packed than certain products sold as security suites.
Among the other bonus features you’ll find are secure browsers for financial transactions, secure deletion of sensitive files, wiping traces of computer and browsing history, credit monitoring, virtual keyboard to foil keyloggers, cross-platform protection, and more. And of course I’ve already mentioned sandboxing, vulnerability scanning, and application whitelisting.
Which antivirus should you choose? You have a wealth of options. Kaspersky Anti-Virus (2016) and Bitdefender Antivirus Plus 2016 invariably rate at the top in independent lab tests. A single subscription for McAfee AntiVirus Plus (2016) lets you install protection on all of your Windows, Android, Mac OS, and iOS devices. And its unusual behavior-based detection technology means Webroot SecureAnywhere Antivirus (2015) is the tiniest antivirus around. We’ve named these four Editors’ Choice for commercial antivirus, but they’re not the only products worth consideration. Read the reviews of our top-rated products, and then make your own decision.