This website uses cookies to ensure you get the best experience on our website.
Please note that by continuing to use this site you consent to the terms of our
Privacy and Data Protection Policy
.
Some of our partner services are located in the United States. According to the case law of the
European Court of Justice, there is currently no adequate data protection in the USA. There is a
risk that your data will be controlled and monitored by US authorities. You cannot bring any
effective legal remedies against this.
Accept
We are an independent test lab, providing rigorous testing of security software products. We were founded in 2004 and are based in Innsbruck, Austria.
AV-Comparatives is an ISO 9001:2015 certified organisation. We received the TÜV Austria certificate for our management system for the scope: “Independent Tests of Anti-Virus Software”.
At the end of every year, AV-Comparatives releases a summary report to comment on the various anti-virus products tested over the year, and to highlight the high-scoring products of the various tests that took place over the course of the year. Please bear in mind that this report considers all the main-series tests of 2018, i.e. not just the latest ones. Comments and conclusions are based on the results shown in the various comparative test reports, as well as from observations made during the tests (https://www.av-comparatives.org/test-methods/).
Tested Products
The following vendors’ products were included in AV-Comparatives’ Public Main Test-Series of 2018 and had the effectiveness of their products independently evaluated. We are happy that this year’s tests helped several vendors to find critical and other bugs in their software, and that this has contributed to improving the products.
The tested products of all the 18 vendors above are AV-Comparatives 2018 Approved Windows Security Products.
Management Summary
Tests
In 2018, AV-Comparatives subjected 18 security products for Windows to rigorous investigation. All the programs were tested for their ability to protect against real-world Internet threats, identify thousands of recent malicious programs, provide protection without slowing down the PC, and remove malware that had already infected a PC.
Results and Awards
Whilst all of the programs in our test reached an acceptable level overall, some programs outperformed others. For details, please see “Overview of levels reached during 2018” on page 6. In order to recognise those products that achieve outstanding scores in our tests, we have given a number of end-of-year awards that highlight the best results in each test, and overall. The Product of the Year, Outstanding Product and Top Rated awards are based on overall performance in the Public Main Test Series; there are also Gold, Silver and Bronze awards for each individual test type. Please see the Award Winners section for more details of the awards. The 2018 Product of the Year Award goes to Avast; the Outstanding Product Award goes to Bitdefender; Top Rated Products are (alphabetically) AVG, AVIRA, Kaspersky Lab, Tencent.
Overview of tested products
Here we provide a summary for each of the programs tested, with a note of each one’s successes during the year. Although the user interface does not affect any awards, we have noted some of the best UI features as well.
Avast is Product of the Year 2018. It received an Avanced+ Award in every test this year. It also takes the Gold Award for the Malware Protection Test, Silver for Malware Removal, and Bronze for the Performance Test. Our reviewers praised its clear, modern, touch-friendly interface and comprehensive Smart Scan feature.
AVG is a Top Rated Product for 2018. It got the Advanced+ Award in all six tests that it was tested in. Additionally, it wins the Gold Award for Malware Protection, and the Bronze Award for the Performance Test. Its clear, touch-friendly interface makes it easy to find essential functions.
Avira is a Top Rated Product this year. It took five Advanced+ and two Advanced Awards in this year’s tests. Moreover, it receives Silver Awards for the Real-World Protection Test, Malware Removal Test and False Positive Test, along with a Bronze Award for Malware Protection. It features a redesigned modern, touch-friendly interface.
Bitdefender wins this year’s Outstanding Product Award, having reached Advanced+ in all seven tests this year. It additionally receives the Gold Award for the Real-World Protection Test, and Silver Awards for the False Positive Test, Malware Protection Test, and Malware Removal Test. Its well-designed user interface includes highly sensitive real-time protection.
BullGuard received one Advanced+ and three Advanced Awards this year. Reviewers noted its effective and functional user interface, along with additional features such as backup.
Emsisoft wins the Bronze Award for the False Positives Test. It also took two Advanced+ and four Advanced Awards in this year’s tests. Its user interface is clean and modern, and well suited to a touchscreen device.
ESET takes this year’s Gold Award for the False Positive Test, and the Silver Award for the Performance Test. It received four Advanced+ and two Advanced Awards in this year’s tests. Reviewers were impressed with the clear and simple layout of the GUI, and ease of use.
F-Secure received six Advanced Awards in 2018. We noted its easy-to-use, simply laid-out interface, and additional features.
K7 takes this year’s Gold Award for the Performance Test. It also got three Advanced+ and one Advanced Award in the 2018 tests. Reviewers liked its simple design and impressive scanning speed.
Kaspersky Lab is a Top Rated Product this year, having got five Advanced+ and two Advanced Awards in the tests. In addition, it receives the Gold Award for the Malware Removal Test, Silver Award for the False Positives Test, and Bronze Award for the Real-World Protection Test. As well as its additional features, reviewers praised its easy-to-use tiled interface.
McAfee received four Advanced+ and two Advanced Awards in the year’s tests. Its brand-new design is clean and modern, and is well suited to touchscreen use.
Microsoft’s product is integrated into Windows 10, and has a simple, unobtrusive interface. It took three Advanced Awards in the year’s tests.
Panda received one Advanced+ and four Advanced Awards in this year’s tests. Reviewers noted its Rescue Kit feature, which allows you to run a recovery environment from a bootable USB drive.
Quick Heal reached Advanced+ level in one test this year. It includes additional features such as parental control, and has very effective on-access file detection.
Symantec took one Advanced+ and four Advanced Awards in this year’s tests. It has a well-designed overall user experience, and extra features such as a password manager.
Tencent (Global English Version) is a Top Rated Product in 2018, having taken five Advanced+ and one Advanced Awards in the year’s tests. It also wins the Bronze Award for the Malware Removal Test. It has a very simple main program window.
Trend Micro received one Advanced+ and three Advanced Awards in this year’s tests. Reviewers praised its clear design, which presents a simple overview, but allows easy access to advanced options.
VIPRE reached at least Advanced level in all of this year’s tests, including three Advanced+ Awards. We liked its additional features and the clear homepage, which provides easy access to important features.
Advice on Choosing Computer Security Software
There is no such thing as the perfect security program, or the best one for all needs and every user. Being recognized as “Product of the Year” does not mean that a program is the “best” in all cases and for everyone: it only means that its overall performance in our tests throughout the year was consistent and unbeaten. Before selecting a security product, please visit the vendor’s website and evaluate their software by downloading a trial version. Our awards are based on test results only and do not consider other factors, as there are some important factors (such as available interface languages, price, and support options), which you should evaluate for yourself.
Overview of levels reached during 2018
AV-Comparatives provides a wide range of tests and reviews in comprehensive reports (https://www.av-comparatives.org/test-methods/). Annual awards for 2018 are based on the Public Consumer Main Test-Series: Real-World Protection Test, Performance Test, Malware Protection Test,False-Alarm Test and Malware Removal Test.
All the programs tested are from the reputable and reliable manufacturers. Please note that even the STANDARD level/award requires a program to reach a good standard, although it indicates areas which need further improvement compared to other products. ADVANCED indicates areas which may need some improvement, but are already very competent. Below is an overview of awards reached by the various anti-virus products in AV-Comparatives’ consumer main test-series of 2018.
Award Winners
Awards for individual tests
For each of the test types* in the Public Main Test Series (Real-World Protection, File Detection, Performance, Malware Removal, and False Positives), we give Gold, Silver and Bronze awards, for the first, second and third highest-scoring products, respectively.
Awards for all combined scores of all tests
As in previous years, in 2018 we are giving our Product of the Year Award to the product with the highest overall scores across all of the tests in the Public Main Test Series. This depends on the number of Advanced+ awards received in all the tests. As all products receiving an Advanced+ award are considered (statistically speaking) to be as good as each other, a product can receive the Product of the Year award without necessarily reaching the highest score in any individual test.
As in previous years, where there has been a tie for Product of the Year, we are using the following tiebreaker: the product that has not won the award before, or the product that has won it less often/less recently, is given the award. However, there was very close competition between two different products in 2018, both of which received the Advanced+ Award in all of the qualifying tests. Consequently, we are again giving the Outstanding Product Award to the other product that also achieved top scores.
As in previous years, we will also be giving Top Rated Awards to a select group of tested products which reached a very high standard in the Public Main Series tests. We have used the results over the year to designate products as “Top Rated”. Results from all the tests are assigned points as follows: Tested = 0, Standard = 5, Advanced = 10, Advanced+ = 15. Products with 90 points or more are given the Top Rated award, with two conditions. Firstly, any products that failed to win any award (i.e. got 0 points) in either of the Real-World Protection tests have not been considered. Secondly, good results in the Performance Tests cannot make up for weak results in the detection/protection tests.
To get the Approved Windows Security Product Award (see page 4), at least 35 points must be reached.
*For some test types, there may be two actual tests conducted in a year; the awards are based on the combined score of both tests.
Product of the Year 2018
AV-Comparatives’ 2018 Product of the Year award goes to:
Avast
Outstanding Product 2018
AV-Comparatives’ 2018 Outstanding Product Award goes to:
Bitdefender
Top-Rated Products 2018
AV-Comparatives’ Top-Rated Award for 2018 goes to, in alphabetical order:
AVG, AVIRA, Kaspersky Lab, Tencent
Real-World Protection Test winners
Security products include various different features to protect systems against malware. Such protection features are taken into account in the Real-World Protection Test, which test products under realistic Internet usage conditions. Products must provide a high level of protection without producing too many false alarms, and without requiring the user to make a decision as to whether something is harmful or not.
The programs with the best overall results over the course of the year were from: Bitdefender, AVIRA and Kaspersky Lab.
Bitdefender
AVIRA
Kaspersky Lab
For details and full results of the 2018 Real-World Protection tests, please click the link below: Real-World Protection Tests
Malware Protection winners
The Malware Protection Test evaluates an AV product’s ability to protect against malware coming from removable devices or network shares. Products must provide a high level of protection without producing too many false alarms. In the Malware Protection Test, all samples not detected on-demand or on-access are executed.
Avast, AVG, AVIRA and Bitdefender scored well in both tests.
Avast, AVG
Bitdefender
AVIRA
For details and full results of the 2018 Malware Protection tests, please click the link below: Malware Protection Tests
False Positives winners
False positives can cause as much trouble as a real infection. Due to this, it is important that anti-virus products undergo stringent quality assurance testing before release to the public, in order to avoid false positives. AV-Comparatives carry out extensive false-positive testing as part of the Malware Protection Tests. Additionally, also false alarms from the Real-World Protection Test are counted for this category.
The products with the lowest rates of false positives during 2018 were ESET (10), AVIRA, Bitdefender, Kaspersky Lab (15) and Emsisoft (19). These figures represent the SUM of the false positives from all FP Tests.
ESET
AVIRA, Bitdefender, Kaspersky Lab
Emsisoft
False Alarm Testing is included in each Protection Test. For details about False Positives, please click the link below: False Alarm Tests
Overall Performance (Low System-Impact) winners
Security products must remain turned on under all circumstances, while users are performing their usual computing tasks. Some products may have a higher impact than others on system performance while performing some tasks.
K7, ESET, Avast and AVG demonstrated a lower impact on system performance than other products.
K7
ESET
Avast, AVG
For details and full results of the 2018 Performance tests, please click the link below: Performance Tests
Malware Removal winners
This tests a program’s ability to remove malware which has already infected a system.
In this year’s test, three products received the Advanced+ award and scored over 90 points in the Malware Removal Test, these being Kaspersky Lab, Avast, AVIRA, Bitdefender and Tencent:
Kaspersky Lab
Avast, AVIRA, Bitdefender
Tencent
For details and full results of the 2018 Malware Removal test, please click the link below: Malware Removal Tests
Product Reviews
Review Format
For each of the tested products, we have looked at the following points (where applicable).
Summary
Here we tell you about the product type, i.e. whether it is a straightforward antivirus program or Internet security suite, and whether it is paid for or free. We also note any particularly good aspects of the user experience.
Setup
This section notes whether you have to make any decisions when installing the product, or can simply accept default settings in all cases. We also look at any installation options available for advanced users.
Finding essential features
This section gives you an idea of how easy it is to find the most important everyday functions of the program, namely status, update, scan, subscription, quarantine, logs, settings and help.
Security alerts
Here we tell you about the program’s status alerts, i.e. how it warns you if protection components are disabled, and how easy it is to reactivate them. We also show typical warnings displayed by each program when it encounters a malicious file (malware), and potentially unwanted programs (if applicable).
Other points of interest
If there are any unusual or especially good features of the program, we tell you about them here.
Usability report
This section talks you through what it’s like to use the program, including a detailed account of what happens when malware is found, logging and quarantine functions, and extra features such as software updates.
Avast Free Antivirus is, as its name suggests, a free antivirus product. It advertises additional features found in Avast’s paid-for Internet security suites. It impressed us with its clear, modern, touch-friendly interface and comprehensive Smart Scan feature. Some aspects of the program may make it more suitable for advanced users.
Setup
This is a very straightforward process, which does not require you to make any decisions. There is a choice of languages for the user interface. The Customise option lets you choose which components to install, and the location of the installation folder.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Status page
Update
Menu/Settings/Update
Scan
Protection in sidebar, Scans
Subscription
Not applicable
Quarantine
Protection in Sidebar, Virus Chest
Logs
We could not find a separate logs feature
Settings
Menu/Settings
Help
Menu/Help
Security alerts
If real-time protection is disabled, Avast shows an alert on the Status page. You can reactivate the protection by clicking Turn On. If you click Ignore, the status display will then state You’re protected, even though real-time protection is disabled.
If a malicious file is download, Avast blocks the download and displays an alert:
If a potentially unwanted application is downloaded, by default Avast does not take action. However, detection of PUAs can be enabled in the settings. If this is done, Avast blocks the download and displays a similar alert to the one for malware.
Other points of interest
By default, the Avast Secure Browser will be installed, though you can opt out of this.
When a warning message is shown, an audio alert is also played.
One of Avast’s language options is “Pirate Talk”, which renames a few items with amusing nautical language, e.g. “Swabbin’ the deck” for Auto-Cleanup.
Overall, the product installs easily, works well and is reasonably easy to use. For most users most of the time, the UI will be able to cope with occasional issues, and help the user appropriately. Installation is quite straightforward, especially if you choose the default route. Few questions are asked, and the flow is obvious. At the end of setup, it gives a screen which pushes you to a subscription, albeit at a reduced cost for the first year. The main program window also offers a “welcome gift” of a paid version of Avast Internet Security at a lower price.
If protection components are disabled, Avast gives a warning, but if you choose Ignore, the application still says “You’re protected”. If protection is permanently disabled, then this will carry over through a reboot, which is potentially risky.
If you push a collection of malware samples onto the computer, it will find them during copy. The dialog box reporting each item is clear and has good information, with more available if you expand the dialog box. On-access scanning during copying did not appear to scan the source drive (a USB stick loaded with malware) but only the destination folder (Windows Desktop in our case), and the “Scan My PC” function did not initiate a scan of the USB source stick.
The default action is “Scan My PC” which initiates a smart scan of the computer. This works well; however, as each item is identified, you get the same dialog box, with the same “Scan My PC” button. The number of alerts can get somewhat overwhelming and confusing here, especially since the popup window locks you out from the main Avast window.
Part of Smart Scan is the Tune-Up tool, which is not enabled in the free product. The required browser extensions are enabled for you in Chrome, and the antiphishing feature was enabled here.
We liked how the Smart Scan looks for out-of-date software, and such app scanning is definitely useful and worth having. However, it didn’t notice that the Google Chrome installation on our test system was out of date.
Logging and reporting could be stronger. There is no log function to be found, and when doing cleaning you can have conflicting windows on screen: the main window says that “No viruses found” and the popup window says that malware was found and treated:
The core user interface of Avast Free is clear and clean. Most items that are only available in a paid-for version are identified by a padlock symbol in the GUI. However some are not so obvious; the “SecureLine VPN” tool is not identified as a paid-for feature, but starting it up takes you to a free trial or “Buy Now” screen. The same applies to “AntiTrack Premium” and “Cleanup Premium”. We liked the “Wi-Fi Inspector” tool (which will actually scan any network, so the “Wi-Fi” name is actually understating its capabilities).
AVG Free Antivirus is, as its name suggests, a free antivirus product. It advertises additional features found in AVG’s paid Internet Security suite. We liked its clear, touch-friendly interface that makes it easy to find the essentials. Some aspects of the program may make it more suitable for advanced users. AVG is basically a rebranded version of Avast.
Setup
Installing the program is very simple, and there are no decisions to be made. However, there is a choice of languages for the user interface, and the Customise option lets you choose which components to install, and the location of the installation folder.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Home page
Update
Menu/Update
Scan
Scan Computer on home page
Subscription
Not applicable
Quarantine
Menu/Quarantine
Logs
We could not find a separate logs feature
Settings
Menu/Settings
Help
Menu/Settings
Security alerts
If real-time protection is disabled, an alert is shown. You can reactivate the protection by clicking Fix Now.
If a malicious file is downloaded, AVG blocks the download and displays an alert:
If a potentially unwanted application is downloaded, AVG does not take action with default settings. However, detection of PUAs can be enabled in the settings. If this is done, AVG blocks the download and shows a similar alert to the one for malware.
On-access file detection
AVG Free Antivirus has on-access file detection enabled by default. Whilst checking the product for our review, we discovered a bug in the program, which caused poor detection rates when copying malware samples from a USB device or network drive. AVG inform us that this is for performance reasons, and that malware is always scanned on execution.
Other points of interest
When first run, the program prompts you to install AVG AntiVirus for Android.
Installation is straightforward and is quick to complete. Once installed, the app launches its main window. This, like many AV products, takes a rather dark grey theme, with strong highlights in green. The button layout is clear and clean, and it is obvious how to perform a scan of the computer. For most users, this front end will be where they have most interaction with the app.
The buttons are split between “Basic Protection” (covering file system, web and email) and “Full Protection” (covering Hacker Attacks, Privacy and Payments). The latter set are not included in the free version of the product, but can be added by appropriate payment for an upgrade.
We liked the clear indication of when the AV definitions were last updated. However, despite pressing the update button, we couldn’t get this to be more current than 18 hours ago, which might be a concern given the prevalence of zero-day and near-real-time malware that is being released.
Starting up Chrome showed that “AVG Safeprice” had been added as an extension.
Configuration of the app is quite straightforward, and most of the complexity is kept well away from most users on a daily basis. We liked the clear integration of the Support function, including 24/7 premium tech support which claimed to be free, via an 0800 phone number.
If you disable a protection component, such as the File Shield, then this is made obvious on the front screen of app, which informs you in red that “Protection is Disabled”, along with a clear “Fix Now” button to reset the configuration to the known-good state.
Overall, it is a simple and clear application to use.
Avira Antivirus Pro is a paid-for antivirus program. There is the option of installing some additional components, such as a password manager and VPN program. Its redesigned user interface is clear, modern and touch-friendly.
Setup
This is a very simple procedure with no options or decisions to be made.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Status (home) page
Update
Check for updates at top of home page
Scan
Scan in left-hand menu bar
Subscription
To find out when your licence expires, log in to your Avira online account
Quarantine
Quarantine in left-hand menu bar
Logs
Activity in left-hand menu bar
Settings
Cogwheel icon in bottom left-hand corner
Help
? symbol in top right-hand corner
Security alerts
If real-time protection is disabled, Avira displays an alert on the Status page. You can reactivate the protection by clicking Fix Now.
If a malicious file is downloaded, AVIRA blocks the download and displays an alert.
If a potentially unwanted application is downloaded, AVIRA blocks the download and displays an alert in the browser window.
Other points of interest
There is currently no trial version of Avira Antivirus Pro as such. However, you can try out the Avira Prime package, which includes Antivirus Pro, or you can install Avira Free Antivirus. This has an identical interface to the Pro version, but some features (Ransomware, Web and Mail Protection) are disabled.
If you have bought the Pro version, this can be installed by logging in to your Avira account, and clicking Install on the Subscriptions
When you launch the program, it opens on the “all Avira products” overview page.
The antivirus scanning window is titled “Luke Filewalker”, for the benefit of Star Wars fans.
Installation was simple and straightforward. The main user interface is fresh, modern, clean and quite obvious. It is also touch friendly, which is useful for a tablet. However, once you move beyond the main window, you get back to a more traditional Windows UI, which is not as simple or clear as the redesigned modern interface. When you insert a USB flash drive, Avira asks “Allow this device to access your computer?” – this is a good idea, even if the subject and the object of the verb are the wrong way round. Avira tell us that the wording will be corrected in a coming update. A number of components appear not to be installed by default: “Software Update”, “Password Manager” and “Phantom VPN”.
Warning messages appear as slide-up/slide-down dialog boxes at the bottom right of the Windows Desktop. Many of these, including status messages containing important file path information, are not resizable, which limits their usefulness. When we examined the quarantine facility, the threat names were clearly marked. We clicked on the “!” button to bring more information from the online encyclopaedia. Unfortunately, in almost every case, this gave us no additional information about that specific malware, which was disappointing. However, Avira say they are working on providing additional technical information for power users.
The “Activity” window was clear and obvious, although there was confusion over the update status window. It claimed that an update had been successfully carried out, despite the version numbers not changing. It might be clearer to the user to employ terms such as “Update process run” and “Application/VDF files updated” to indicate checking versus updating, and Avira tell us that they are considering doing something along these lines.
Overall, the product has had some nice redesign of the main window, and we look forward to seeing the few minor usability issues being tidied up in a future release.
Bitdefender Internet Security is a paid-for Internet security program. It includes a VPN and bootable rescue mode, amongst a number of additional features. The suite impressed us with its clean, well-designed user interface and very sensitive real-time protection.
Setup
You need to enter an email address before you can download and run the installer. There are no decisions to be made during setup, but you can change the interface language, and decide whether to send product reports to the vendor. After the wizard has completed, you have to create a Bitdefender account (or sign in with an existing one).
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Top of Dashboard page
Update
Right-click System Tray icon/Update Now
Scan
Start Scan button on Dashboard page
Subscription
My Account in left-hand menu bar
Quarantine
Protection in left-hand menu bar, Quarantine
Logs
Notifications in left-hand menu bar
Settings
Settings in left-hand menu bar
Help
Support in left-hand menu bar
Security alerts
If real-time protection is disabled, an alert is shown on the Dashboard page. You can reactivate the protection by clicking Enable Now.
If a malicious file is downloaded, Bitdefender blocks the download and shows an alert in the browser window:
If a potentially unwanted application is downloaded, Bitdefender blocks the file and displays a pop-up warning message:
Other points of interest
A product tour is shown when the program is first run.
Installation is straightforward with no issues. Once installed, the package asks if you want to enable a subscription or run in trial mode. The main application window has a clear “Dashboard” page, which tells you very clearly that you are safe. From here you can initiate a scan, enable a VPN, install to another device, or manage the “Safepay” privacy option. This UI can be customised by the use of the “Quick Action” buttons, and this clearly elevates the product above the average product, by allowing the user to customise their experience. By default, the application updates every hour, and performs a silent update in the background. To manually force the update process, you need to right click on the tray widget and then choose “Update Now”. It’s not clear why this button is not in the main window.
Walking through the UI, it is obvious that much work has been done to keep unnecessary complication away from the user, yet still allow rapid and uncomplicated access when required. The “Protection” tab, for example, splits the various capabilities in categories, and makes each one obvious. We liked the “Rescue Environment” which lets you boot into a rescue environment. When in this mode, you go straight to a locked-down scanning environment.
There is a lot of functionality to explore in this app. As well as the standard antivirus capabilities, there are features that might seem a little geeky to the average user. “Online Threat Prevention” and “Advanced Threat Defense” might not mean much to non-experts, but they have reassuring descriptions and are enabled by default. Both “Safe Files” and “Ransomware Remediation” are enabled by default. We were not sure what the difference was between these two ransomware-related features; Bitdefender tell us that the former protects files against ransomware attacks by adding them to a protected folder, while Ransomware Remediation will reverses any damage done by ransomware by automatically restoring a backup of the encrypted files after the ransomware is blocked.
Going into the privacy tab, we find the “Password Manager” feature, which saves passwords into an encrypted wallet. “File Encryption” lets you create encrypted folders within your file system, for the highest level of security. “Webcam Protection” allows you to control access to the camera, which might be useful e.g. for parents setting up a laptop to be used by their children. “Safepay” takes you to a hardened web browser, aimed at financially sensitive transactions like online banking. “Parental Control” takes you to an online portal where you can manage settings on a child’s computing device.
Special mention needs to be given to the online management portal called Bitdefender Central. We especially liked the ability to remotely initiate a “Quick Scan” or “System Scan” on a computer, which would be reassuring for a parent looking after the family’s computer collection.
Finally, if you want to tune the settings for different environments (home, work, gaming, public Wi-Fi etc.), then the “Profiles” section allows you to do this in an efficient manner.
On our USB-flash-drive copy check, using a directory full of malware, the program reacted immediately on insertion of the drive. Within a second it had found malware stored in a subdirectory, and had displayed a dialogue box asking what to do. We would prefer the default to be “Take Proper Actions” rather than “Choose action”. But this is a small point. The feedback to the user was clear and clean here, and remediation was fast. After cleaning was completed, the USB stick held no malware.
BullGuard Internet Security is a paid-for Internet security program. It includes a number of additional features, such as a supplementary firewall, backup, and parental controls. We found its user interface to be effective and functional.
Setup
Installing the program is very simple. There are no options or decisions to be made. When the wizard has finished, you have to create a BullGuard account, or log in with an existing one.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
The status of each component is shown by a graphic in the top right of its tile
Update
Update at top of window
Scan
Drop-down menu in Antivirus tile on home page
Subscription
Settings at top of window
Quarantine
Drop-down menu in Antivirus tile on home page
Logs
When malware is found, a Report option is shown in the Antivirus tile
Settings
Settings at top of window
Help
Support in bottom right-hand corner of window
Security alerts
If real-time protection is disabled, the text and graphic in the Antivirus tile change to show this; the notification icon in the top right-hand corner of the window also flashes red. You can reactivate the protection by clicking Enable in the Antivirus tile.
If a malicious file is downloaded, BullGuard quarantines the file and shows an alert.
If a potentially unwanted application is downloaded, BullGuard blocks the download and shows a similar alert to the one for malware.
Other points of interest
A short introduction to the product is offered after installation; you can skip this if you want to.
If real-time file system protection is in a disabled state when the program is started, an alert is shown in the window when it first opens. This persists until you click View Report or Dismiss.
Installation is straightforward and simple. You need to create an online account, but this is easy to do. The main window is broken into a number of panels, in two rows of four (although there are only three on the second row, the fourth panel being empty). Each panel covers a specific area of the application: “Antivirus, Firewall, Backup, Game Booster” and so forth. At the bottom of each panel is a dropdown combo box which also acts as a selector, and sometimes gives feedback too (for example, when doing scanning). This mixed-modal UI is a somewhat mixed blessing; its unusual use of a combo box is not necessary particularly intuitive.
Some actions perform an in-panel task, like scanning. Some open a separate dialog box, like “Custom Scan”. Some change the whole app window to another feature, like “Firewall/Manage Rules”. To get back you might be tempted to use the top right “X” button, but this closes the whole app window. There is a small back arrow that appears in the title bar, and you should use this.
Many items have a settings element, and this takes you to a settings window with a selector down the left-hand side. There is a “Basic/Advanced” selector in the title bar, which needs to be found, as this opens up more capabilities if you need to access the more advanced functions. Status management is reasonably solid: if you disable antivirus real-time protection and then go back to the main status screen, the antivirus panel gains a red outline and a warning icon.
There is a lot of functionality here. There is the “BullGuard Firewall”, though it isn’t clear here how this works with the Windows Defender firewall, because both are enabled, as shown in the screenshot of Windows Security Center below:
The “Vulnerabilities” tab opens up an entirely different UI which tells you about issues within the computer. “Backup” lets you back up to various locations, including cloud services like Dropbox, Google Drive, OneDrive, or an external USB devices or network location like a NAS. “Game Booster” allows you to optimise the AV functionality when a game is running, to get the best in-game performance. “PC Tune Up” does system optimisations like registry defragmentation, cleaning of browser caches and so forth. Finally, “Parental Control” lets a parent lock down a device for use by a child.
When we introduced a USB stick containing malware, BullGuard immediately started scanning the device and finding/fixing the issues. The UI here was rather weak, in terms of slow updating, limited feedback, and also a “Total Time” counter which didn’t appear to work in a meaningful way. The “Quarantine” window was adequate, but not resizable, and the “Details” column was cut off. Clicking on an item only gave minimal information about that piece of malware.
Overall, it is an effective and functional interface. However, despite giving Basic and Advanced modes in the settings section, the whole UI has a rather complex and geeky operational feel. It could be considerably more streamlined and user friendly. A small but useful step would be to use the blank 8th panel for some sort of ongoing status monitoring, for example.
Emsisoft Anti-Malware is a paid-for antivirus program. We liked its clean, modern design, which would work well on a touchscreen device. Some aspects of the program may make it more suitable for advanced users.
Setup
This is very straightforward, with no options or decisions to make. To use the trial version, select Test for 30 days, free when prompted by the installation wizard.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Protection tile on Overview (home) page
Update
Update Now on Overview page
Scan
Scan and Clean tile on Overview page
Subscription
Shown underneath the tiles on the Overview page
Quarantine
icon in left-hand menu bar
Logs
icon in left-hand menu bar
Settings
Settings tile on Overview page
Help
? icon on Overview page
Security alerts
If real-time protection is disabled, an alert is shown on the Overview page. You can reactivate the protection by clicking Fix Now.
If a malicious file is downloaded, Emsisoft quarantines it and shows an alert.
The same procedure is used for potentially unwanted programs.
On-access file detection
By default, Emsisoft does not provide on-access file detection. In our usability check, it was possible to copy malware samples from a USB flash drive to the Desktop without any warning or intervention from the program. Emsisoft does however detect malicious programs immediately when they are executed. On-access file detection can be enabled in the File Guard settings, by setting Scan level to Thorough or Paranoid. If you do this, Emsisoft will quarantine any malware being copied to the system, and show an alert.
Other points of interest
The vendor’s website explains the product’s name: Today’s threats come in new shapes and are called Malware… “Anti-Malware” is the more appropriate term, even if it’s the same as what’s commonly known as “Anti-Virus”.
Installation is simple and straightforward, and takes little time. You can run the app in trial license mode if you wish. The main window has a clean UI and is touch friendly. There are four main areas: “Protection, Scan & Clean, Logs, Settings”. On the left-hand side is a small button bar area which takes you through a similar set of configuration and task areas. The program is easy to use – it is quite obvious what every tool does, and how to use it.
We found that although the app detected the insertion of a USB stick, it didn’t automatically scan it for malware. For a beginner or more paranoid user, this would be a useful feature. Similarly, we found that there is no real-time on-access scanning of the file system under default settings. We managed to copy malware from a USB stick onto the Desktop with no mention or warning from the app. This can be fixed by going for a higher level of scanning within the app, but it would have been nice if the user had been asked during setup – do you want more performance, or choose a more paranoid setting?
Catching of malware on execution was straightforward and worked well. The log facility is quite comprehensive and clear, showing what was infected. There was no significant virus encyclopaedia function found.
Overall, the app is quite easy to use and obvious, although we found the settings and configuration rather geeky and spread around within the app. We liked the simple, clear and accurate description of the program’s name on the website – Anti-Malware as opposed to “antivirus” – as this can only help the average user to understand the nature of current threats.
ESET Internet Security is a paid-for security suite. It includes additional features such as a firewall and parental controls. We were impressed with the clear and simple layout of the GUI and ease of use.
Setup
To try the product for free, download the installer and select the Free Trial option in the setup wizard; you have to provide an email address to do this. The wizard asks you if you want to enable ESET’s Live Grid feedback system, and whether the program should detect potentially unwanted applications.
There is a choice of languages for the user interface, and you can change the location of the installation folder. When first run, the program invites you to set up the Anti-Theft and Parental Control features, and to protect all settings with a password. All of these are optional.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Home page
Update
Update in menu bar
Scan
Scan yourComputer in menu bar
Subscription
Home page
Quarantine
Tools in menu bar/More Tools/Quarantine
Logs
Tools in menu bar/More Tools/Log Files
Settings
Setup in menu bar
Help
Help and Support in menu bar
Security alerts
If real-time protection is disabled, an alert is shown on the Home page. You can reactivate the protection by clicking Enable real-time file system protection.
If a malicious file is downloaded, ESET blocks the download and shows an alert.
If a potentially unwanted application is downloaded (and PUA detection has been enabled), an ESET dialog box asks whether to block or allow the download.
If you allow the download to continue, and then try to run the downloaded file, a similar ESET dialog will ask whether you want to clean the PUA file or allow it to run.
Other points of interest
After installation, an initial scan is run automatically.
The program will remind you about setting up the Anti-Theft feature, if you haven’t done this.
The home page of the program will inform you if there are Windows Updates available.
When you insert a USB flash drive, ESET offers to scan it.
The Refer your friend link on the homepage encourages you to send to your friends a link for a 30-day trial of the program. There is no reward for you if you do this, however.
ESET Internet Security is clearly a solid and well-considered suite of tools. Installation is easy, with obvious questions and appropriate help to aid making the right decisions. Once installed, the package automatically does a system scan, which is a welcome move.
The only complaint is that we didn’t get a shortcut icon to the app on the Windows Desktop, but it was easy enough to get to the program through the tray icon. The tray icon itself gives a good overview of the security status, and quick access to a number of tools. This has been well designed, and removes the need for the main window to be visible much of the time.
The main app is well designed, clear and clean. The “Home” page gives good status information, and access to key functions. “Computer Scan” works well, and has a drag-and-drop area, with which you can scan specific files or folders. The “Update” tab is clear, showing the current version, and the last update date/time and last check date/time. “Tools” allows access to some optional components which might not be installed by default.
“Connected Home Monitor” gives an IP-address view of your local network, which could be useful for identifying any rogue devices. “Banking and Payment Protection initiates a specially hardened version of the default browser (Google Chrome, in our case). ESET state that this mode is only for use for online banking and payment websites and not for general browsing. It isn’t clear what specific hardening has been enabled here, and we whilst we applaud the availability of the functionality, it would be nice if it was visually differentiated in a stronger way.
The setup and configuration components are well layered, with obvious status buttons. The integrated help and support pages work well. When we connected a USB flash drive containing malware, ESET immediately notified us, and offered to scan it. This could be made the default action if desired, and it would be nice if this were already the default. Scanning the drive immediately flagged malware already found, and the use of colour here was restrained but obvious. Most of the dialogs were similarly straightforward, although the window for PUA detection alert could be clearer in its wording.
F-Secure Safe is a paid-for security suite that includes additional features such as parental controls and banking protection. We liked its ease of use and simply laid-out interface.
Setup
To install the program, you have to create an F-Secure online account, or log in with an existing one. Before you can download the installer, you are prompted to decide whether you want to set the program up on your own PC or your child’s PC, due to the integrated parental control feature in the product. Aside from this, there are no setup options or decisions to be made.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Antivirus page
Update
Tools in left-hand menu bar, Check for Updates
Scan
Virus Scan on Antivirus page
Subscription
Top of window
Quarantine
Tools in left-hand menu bar, App and File Control
Logs
Tools in left-hand menu bar, Recent Events
Settings
Settings on Antivirus page
Help
? symbol in top right-hand corner of the window
Security alerts
If real-time protection is disabled, an alert is shown on the Antivirus page. You can reactivate the protection by clicking Turn On.
If a malicious file is downloaded, F-Secure blocks the download and shows an alert in the browser window. An example is shown below, other alerts may be shown in other circumstances.
If a potentially unwanted application is downloaded, a similar alert will be shown, and the download blocked. An example is shown below, other alerts may be shown in other circumstances.
Installation is quite simple and straightforward. You are offered the choice of setting up the software for yourself, or for a child, whereby you set up “Family Rules” as part of parental controls. We liked this up-front provisioning of the software directly into a parent-managed installation. The main window is clear and clean. It makes it obvious that the computer is protected, and that all security features are up to date. There is a clear “Virus Scan” button to initiate a scan.
Other buttons on the left-hand side are for “Family Rules” and “Tools”, which is the settings area covering scanning options, app and file control, web site access, updating, malware sample submission, Windows Firewall settings, and the ability to turn off all security features. If you turn off the security features, they are automatically re-enabled at next boot, or by use of the “Turn On” feature on the main page. It would have been nice to allow a time window, for examples 10 minutes, after which the security was automatically re-enabled.
F-Secure does a good job of keeping configuration pages away from the user in normal operation, and this we liked.
Banking protection through the browser seems comprehensive. We logged into a banking site, and the browser immediately informed us that banking protection was active. The feature claims that “some web sites and applications are blocked during the banking session”, which is reassuring, if a little lacking in information.
Although the application talks about a firewall, it is simply controlling the Windows Firewall, which could, of course, also be done through the usual Microsoft interfaces.
On insertion of our USB flash drive containing malware files, there was no automatic scanning on insertion. However, when we opened the folder containing the malware, a scanning process was automatically run. This seemed effective, as it showed multiple pop-up alerts for every malware sample on the drive. Although it didn’t actually remove the malware source files themselves, the alerts indicated that they had been “blocked”; in practice, this meant that it was impossible to execute the malware programs.
Although each individual malware detection had produced a dialog box, the Event History window simply stated “Manual virus scan handled all harmful items”, without further details of the individual items detected. Putting the quarantine functionality under “App and File Control” didn’t strike us as obvious either.
Overall, the program is polished, easy to operate and obvious in its functionality. One suggestion for improvement would be to show fewer pop-up alerts when malware is found, but put the details into the event log.
K7 Total Security is a paid-for antivirus program. We were impressed with its simple, easy-to-use interface, and impressive scanning speed.
Setup
Installing the product is very straightforward, as there are no options or decisions to be made. At the end of the setup wizard, you have to activate the product, which involves entering a name and email address.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Home page
Update
Update at the bottom of the home page
Scan
Scan at the bottom of the home page
Subscription
Subscription tile on home page
Quarantine
Reports at the top of the home page, Quarantine Manager
Logs
Reports at the top of the home page, SecurityHistory
Settings
Settings at the top of the home page
Help
Help at the top of the home page
Security alerts
If real-time protection is disabled, K7 displays a warning on the home page. You can reactivate the protection by clicking Fix Now.
If a malicious file is downloaded, K7 blocks the download and shows an alert.
If a potentially unwanted application is downloaded, K7 blocks the download and displays an alert in the browser window.
Other points of interest
K7 offers to scan a flash drive when it’s inserted.
There is very sensitive on-access file detection; malware samples are detected and quarantined as soon as the flash drive is opened in Windows Explorer.
Installation is straightforward and quick to complete. Once installed, the app does an update and is then ready to use. The main window shows the status, the time since the last update, the status of the subscription, and has buttons for scan, update and tools. On the title bar are buttons for “Settings, Reports, Support, Help”. Help opens a local Windows Help file for the product.
The design of the app is somewhat curious, having a metalled skin finish including custom window control buttons. Opinions may differ on the aesthetics of this design. The main window is not resizable, but those windows which benefit from more desktop space (including the “Quarantine” window) can be resized. However, it is not obvious that a window is resizable. This slight design awkwardness is found in other areas – the table view in Quarantine has clickable column headers which can be dragged to reposition them left and right. But you cannot click on them to change the default search order, for example.
In operation, the program is clear and clean. And it is notable by its extraordinary speed. It ripped through a USB drive of malware in just a few seconds, clearing up everything in the process. An attempt to copy a directory of malware from USB to desktop was immediately stopped, and the resultant popup status window handled the stream of updates in a coherent way.
The program is easy to operate for the most part. However, a few areas would benefit from better in-app explanation, for example the USB Vaccination facility. On this window, clicking on the “?” help button in the title bar brings up the local help, but there is no context lookup here. You have to go digging through the help yourself.
Kaspersky Internet Security is a paid-for security suite. It includes a number of additional features such as parental controls, application control, and a cleaning tool that removes dubious and unwanted browser extensions, adware and scareware. We liked its clear tiled interface, which makes the most important functions easy to access.
Setup
This is very straightforward, you just have to decide whether to join the Kaspersky Security Network (data-sharing scheme). At the end of the setup wizard, a number of recommended configuration options are presented:
If you have selected the “tour” option, the setup wizard will show a brief overview of the suite’s features. You will be prompted to restart your PC after Kaspersky Internet Security (KIS) has run an update.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Home page
Update
Database Update on home page
Scan
Scan on home page
Subscription
Bottom right-hand corner of home page
Quarantine
More Tools on home page, Quarantine
Logs
More Tools on home page, Reports
Settings
Cogwheel icon in bottom left-hand corner of window
Help
? icon in top right-hand corner of window
Security alerts
If real-time protection is disabled, Kaspersky Internet Security (KIS) will show an alert on the home page. To reactivate protection, click Details, then Enable in the Protection section.
If a malicious file is downloaded, KIS shows a pop-up alert and blocks the download:
Under default settings, if a potentially unwanted application is downloaded, KIS quarantines the download and shows a similar warning to the one for malware.
Other points of interest
In our review PC, three recommendations were made by the program (click Details in the status section of the home page), including the suggestion to “use a PC that supports hardware virtualization”.
If a potentially unwanted program is detected by on-access file protection, a yellow alert will be shown in the program window:
If you click on Details, Resolve, you will be presented with the options Delete, Skip, and Add to exclusions:
If you click the arrow to the right of Resolve, you will be presented with more options for dealing with the PUA, namely Add to exclusions, Ignore, Go to file, View Report, and Learn more.
Installation of Kaspersky is straightforward, although it places quite a few large license agreements on the screen that you have to agree to. Once installed, the main KIS window is easy to use, and has obvious tools and functions. Firstly, we used the recommendations provided in the upper part of the screen. This told us that updates were available, so we used this to update the app and definitions. It also had a recommendation for “Anti Banner”.
The main front screen keeps the most important functions available for you: “Scan, Database Update, Safe Money, Privacy Protection, Parental Control, My Kaspersky”. The buttons themselves change text colour and vertically move upwards as you mouse over them. We found this somewhat confusing, because you might wonder if you had already clicked on the button.
The Scan button offers the usual range of scans, including “Full Scan, Quick Scan, Selective Scan, External Device Scan”. You can also schedule scans to be run at predetermined times. As with the updating function already mentioned, the Full Scan button states “We recommend that you run a Full Scan immediately after installing the application”. Kaspersky Lab tell us that this is not run by default, as it can be quite time consuming.
Database Update is obvious, and tells you when it was last run. Safe Money takes you to a setup page for the browser protection feature for banking. Privacy Protection covers webcam protection and browser data collection – both are enabled by default. Parental Control gives a comprehensive set of parental controls to lock down the system to a level suitable for a child. My Kaspersky takes you to the online portal where you can manage and control all the devices that you have installed KIS on. The capabilities here will depend on the operating system used on each device. The “More Tools” button takes you to a more detailed screen of less-used features. For example, you can access the “Quarantine” feature here, use an onscreen keyboard to protect you from keyloggers, generate a “Rescue Boot Disk”, use the VPN capability, and scan your local network for devices.
The “Software Updater” feature allows you to check that your installed apps are up to date. The “Trusted Applications” mode is interesting, because it locks down the computer so that only apps that are known and trusted from the Kaspersky Lab database can be started on the computer. They suggest that this is “the optimal mode for beginners who need to be confident in their security”, which suggests it is a solid setting for most users. Finally, “Clean and Optimize” has various system cleaning tools.
When we inserted our USB stick loaded with malware into the computer, KIS didn’t take any visible action, although Kaspersky Lab say that a Quick Scan is actually started in silent mode, in order to minimise any distraction to the user. When we dragged a folder of malware to the desktop, KIS immediately sprang into action, popping up messages in the bottom right-hand corner of the desktop, and also showing the updated status in the main window.
The resultant pop-up alerts said “File deleted: disinfection failed”. The use of the word “failed” here is likely to confuse less-experienced users. One pop-up was generated for each piece of malware as it was handled, and this meant that the popups kept appearing for many minutes after the USB stick was completely cleaned. Better handling of pop-ups would be an improvement here, including a “stop updating me” button. However, this is only an issue in the rare event of numerous malware discoveries on one drive, and we liked the fact that all the malware in both the source and destination folders were cleaned.
We then tried to find status information about what had happened. The main KIS window had no indication that a large malware cleaning operation had just taken place. We had to go to More Tools, then Security, then Quarantine, to see the list of affected files. We liked the clear listing of each piece of malware, along with the “Detected” explanation. But this window is not resizable and so it is awkward to scroll around. You also cannot click on the malware name to get more information about it, which is disappointing.
The “Reports” button is useful, offering a comprehensive list of reports that can be run. We looked for a report of our recent cleaning outbreak, and found only minimal information logged here. However, there is the “Details” link at the bottom of the right column which leads to the full list of processed objects.
Overall, the program is clear to operate and keeps the most important information front and centre for the user. However, improvements could be made for its handling of multiple simultaneous events. And we would prefer a more interactive initial setup and configuration to take advantage of the capabilities which are already there in the app, especially in terms of setting up KIS for a less-experienced user.
McAfee Internet Security is a paid-for security suite, which includes additional components such as a firewall and performance booster. The latest version offers a brand-new, clean and modern interface, well suited to touchscreen use. Some aspects of the program may make it more suitable for advanced users.
Setup
This is a very simple procedure, with no options or decisions to make. When the program first starts, you can take a short tour of the program’s main features, but this is optional.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Home page
Update
System Tray icon context menu, Check for updates
Scan
Scan for viruses on home page
Subscription
My Info page
Quarantine
Settings/Quarantined items
Logs
Settings/Security history
Settings
Cogwheel icon in top right-hand corner of window
Help
My Info/Get help and support
Security alerts
If real-time protection is disabled, a warning is shown on the Home page. You can reactivate the protection by clicking Turn it on.
If a malicious file is downloaded, McAfee displays a warning in the browser window.
Potentially unwanted programs are handled in exactly the same way as malicious programs.
On-access file detection
McAfee Internet Security does not offer on-access file detection. This means that a user could copy malware from a USB flash drive to the Windows Desktop (and vice-versa) without McAfee taking any action or showing any sort of alert. Malicious and potentially unwanted programs will only be detected on execution or if you run an on-demand scan.
Other points of interest
Depending on how you acquire the program, you may see an older interface (described in our 2017 Summary Report). McAfee tell us that existing users are slowly being automatically upgraded to the new user interface or get the newest program version if bought in an offline store.
To download the Windows installer, you have to log on from a Windows PC. If you use a Mac, you will only be able to download the Mac version.
After purchasing a year’s subscription from McAfee’s Irish website, we were surprised to see that this would apparently expire in just over two months’ time. In fact, the program uses the United States’ date format (M/Y/D), evidently regardless of where you purchase it.
You can find out more about the program on the vendor’s website:
Usability report
The McAfeee Internet Security app has recently received a thorough revamp and reorganisation, and many of the small issues with the previous version have been addressed. Installation is simple and straightforward, and the choices are obvious. Once completed, you can open the main McAfee window. We liked the fact that it ran a full auto-update after installation, to ensure that it was fully up to date.
There is a strong set of walk-through screens, and highlights, to help the beginner quickly get accustomed to the capabilities of the platform. The app now has a cleaner front screen, again showing the security status. There is a tabbed row of options at the top. “Home” shows the status screen, with four buttons for quick access to malware scanning, password management, app updating and remove cookies and trackers.
The next tab is “PC Security”, where you can manage-real time scanning, firewall, updates, and scheduled scans. “PC Performance” allows access to the McAfee Web Boost technology. “My Privacy” lets you enable antispam and parental controls if required, and to access file shredding, manage passwords and some network settings.
Most screens are quite clear in operation, although there is a notable lack of online help, or much help of any sort linked to most screens here. A lot of settings are hidden away behind the gear icon at the top right. And some of the items here are both buttons to open up more windows, and also on/off switches. For example, “Quarantined Items” says “On >” both indicating its status and also operating as a button.
Status reporting is quite clear, but it can be hard to drill through for further detail. For example, the “Security Report” screen doesn’t allow you to click on “Threats Fixed” to find out more about what happened. To do this, you need really to go into the Quarantined Items section and then drill through from there. Most items of malware cleaning had a link to a URL, but few resolved to detailed information on the McAfee website.
Most windows are not resizable, and this leads to scrolling both up and down and left to right through lists. A more pliable UI design here would be an improvement.
We are concerned that McAfee does not provide on-access file detection, and that there appears to be no way of enabling it in the settings.
To check the efficiency of the on-demand scanning process, we started a scan on the folder of malware we had copied to the desktop. Each item was found and cleaned in turn. However, the user feedback was weak. There was no popup warning that malware had been found. All that the user was told was that there was a rising count of issues and that they had been fixed. No information about the nature of the problem was shown to the user.
At the end of the scan, we were given a brief overview of issues found and the option to see more. This opened another window where each item was listed. Each malware definition was highlighted as a hotlink, to take us to the McAfee online encyclopaedia. However, in every case, this failed to find any additional information, which was disappointing.
When executing malware itself, a window appears in the middle of the screen for a small fraction of a section. It then disappears however, there is no other warning given. We expected, at least, to see a McAfee warning dialog telling us that malware had been caught and cleaned. The lack of information here is weak.
Microsoft Windows Defender Virus & Threat Protection is Microsoft’s integrated malwareprotection in Windows 10. We liked its simple, touch-friendly interface and unobtrusive system integration.
Setup
No installation is necessary, as the product is built into Windows 10.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Virus & Threat Protection on Home page
Update
Virus & Threat Protection/Protection Updates/Check for Updates
Scan
Virus & Threat Protection/Quick Scan or Advanced Scan
Subscription
Not applicable
Quarantine
Virus and Threat Protection/Scan History
Logs
Combined with quarantine
Settings
Virus and Threat Protection/Virus and Threat Protection Settings
Help
Settings/Community (forum)
Security alerts
If real-time protection is disabled, an alert is shown in the Virus and Threat Protection section. You can reactivate the protection by clicking Turn on.
If a malicious file is downloaded, Windows Defender blocks the download and shows an alert.
The same procedure is applied to potentially unwanted programs.
Other points of interest
If real-time protection is disabled, the status heading in the main Windows Defender Security Centre window continues to state “Your device is being protected”, even though the Virus & threat protection section indicates that real-time protection is turned off (please see screenshot in previous section).
The major advantage of Windows Defender is that it is built into the operating system, and is updated automatically along with other OS components. Accessing the control panel for the tool is quite straightforward, and it follows the Windows 10 style of large-panelled touch-friendly design.
There is little in the way of configuration, and other security functions like the firewall are provided in other components of the operating system. We will concentrate on the “Windows Defender Virus & Threat Protection” component here.
Most of the time, there is no significant UI for the user to see. Windows Defender is essentially hidden away in the background, and only appears when it discovers something. We took our USB stick of malware and inserted it into the Windows review PC. Windows Defender took no action here. We then browsed the drive, and it noticed the malware when we got to the directory containing the samples. We initiated a copy of the malware folder to the desktop. At this point, Windows Defender awoke and started giving warning messages at the bottom right of the screen. We felt these could have been a little more insistent and urgent.
The main Windows Defender window shows what is happening during the cleaning process. It should be quite straightforward, but the window is split between what has been detected and what has been quarantined. The window can appear to jump around a lot when handling a number of pieces of malware, which is disappointing and confusing to the user. However, Windows Defender is effective, and well integrated into the Windows ecosystem.
Panda Free Antivirus is, as its name suggests, a free antivirus program, which shows some advertising for paid-for Panda products with additional features. We liked the Rescue Kit feature, which lets you create a bootable USB drive with a recovery environment.
Setup
This is a very straightforward procedure with no decisions to be made. However, there are some options, shown below:
The program prompts you to create a Panda account, or log in with an existing one, when the program first starts.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Home page
Update
Menu/Settings/General/UpdateNow
Scan
Scan button on home page
Subscription
Not applicable
Quarantine
Antivirus button on home page
Logs
Antivirus button on home page, View Report
Settings
Menu/Settings
Help
Support button on home page
Security alerts
If real-time protection is disabled, an alert is shown on the home page. You can reactivate the protection by clicking Fix.
If a malicious file is downloaded, Panda quarantines it and shows an alert.
If a potentially unwanted application is downloaded, Panda quarantines it and shows an alert.
Other points of interest
When you insert a USB flash drive, Panda prompts you to scan it.
You can display labels for the icons on the home page by clicking the Aa
Installation is quite straightforward. However, it is worth noting that the setup program asks for a number of settings to be made, by default. This includes setting your default home page to the Panda Safe Web site, and changing your default search provider to “Panda Safe Web (powered by Yahoo)”.
The main user interface is a little quirky. There is a background image of a mountain range which, whilst very pretty, does nothing to add to the usability. In fact, it makes reading text like “Your PC is Protected” unnecessarily hard. The second issue is that the buttons move upwards when you mouse over them, to reveal their text explanation. The button icons are not particularly obvious, so you need to hover over each one to find out what it does.
Finally, there is a second row of buttons which you can get to by pressing the down arrow, or using the right-hand scrollbar. The first-row of buttons contains “Scan, Antivirus, VPN, My Devices, Support”. The second row contains “USB Protection, Process Monitor, Rescue Kit, My Products”, and a spare space where you can place your own icon. Given that the main window is not resizable, these three design elements (unnecessary background image, obscure sliding buttons, hidden second row) are unnecessarily gimmicky, and detract from what should be a simple experience.
The windows that appear when you perform a function are similarly dark and dour, with overly fussy details. For example, when doing a scan, you can click the “Show Details” button. A panel slides up within the fixed size window, and this gives some fairly unnecessary repeated information. But at this point, the “Cancel” and “Pause” buttons are hidden from sight. If you choose a “Custom” scan, you get a drive/directory picker to choose a target folder; however, this is a custom design by Panda, not the standard Windows UI component, and it omits any network-drive access.
When we connected our USB stick filled with malware, Panda immediately showed a dialog box which noted that a USB stick had been inserted, and asked if it should be scanned. Automatic scanning can be enabled by default in settings if required, but this is a good compromise setting. We chose “Yes”, and a scan started on the USB stick. The dialog box for Custom Scan was as non-detailed as before, with little or no real information for the user, despite it having a rising count of malware detections. There was no obvious sign of alert or warning here, which was disappointing. “Show Details” could allow for more information to be shown. After the scan and clean-up was completed, the report view was quite useful, and had links on some (but not all) of the malware detections, offering more information on the Panda website. The quarantine page was similar in view, again offering details about most of the malware discovered.
The other functionality is useful. The VPN feature is limited to 150MB per month, but this is a free service with a pay-for upgrade available. “Rescue Kit” allowed for the creation of a bootable USB recovery stick which is useful. Overall, it is a strong product which is let down by some unusual user interface design decisions. It could be considerably easier to learn and use with a minor make-over.
Quick Heal Total Security is a paid-for security suite with additional features such as parental controls. We were impressed with its ease of use and very effective on-access file detection.
Setup
The file that you initially download from the Quick Heal website creates an installation folder on the Windows Desktop, to which the actual installer is downloaded. This then runs automatically (by default). Installation is a straightforward process, with no decisions to be made. However, you can change the location of the installation folder. After installation, you have to register the product online in order to activate it. This setup wizard asks you to provide your name, phone number and email address, and country/city of residence.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Home page
Update
Help menu, About, Update Now
Scan
Scan button on home page
Subscription
Help menu, About
Quarantine
Tools menu on home page, View Quarantine Files
Logs
Reports menu on home page
Settings
Settings menu on home page, and component tiles on home page
Help
Help menu on home page
Security alerts
If real-time protection is disabled, an alert is shown on the home page. You can reactivate the protection by clicking Resolve Now.
If a malicious file is downloaded, Quick Heal blocks the download and displays an alert in the browser window, plus a pop-up message on the desktop.
The same procedure is used if a potentially unwanted application is downloaded.
Other points of interest
When the program is first opened, the Parental Control tile displays an exclamation mark in a red circle to indicate that the feature needs to be set up before it will work.
The manual update functionality can also be accessed from the System Tray context menu, or a separate app, Quick Update, found in the Windows Start Menu.
On-access file detection is very effective. As soon as you plug a USB flash drive in, Quick Heal starts scanning it, and quarantining any malicious files found.
The program may display messages that prompt the user to follow Quick Heal on social media sites such as Twitter.
A remote management feature is available, using a cloud-based console. This displays system information and the license expiry date, with an option to renew the license online. You can see alerts for controlled devices, although you cannot take any action on these remotely.
Setup is relatively straightforward, although broken into several components. The installer spends quite some time showing “Scanning Memory”. Quick Heal tell us that this is because it scans all running processes and loaded components, as it is possible that the PC might be infected even before installation. Whilst this is fair enough, we would have liked to see some feedback on progress.
Having the setup program show “copyright 2017” in the year 2018 suggests to the user that it might not be the latest version of the program, even if the status display makes clear that the Virus Database is fully up to date. To get updates, you have to register, even for the trial version, and this requires submission of an email address and phone number.
After installation we found two application icons on the desktop – one for “Quick Heal Secure Browse” [sic], and the other for “Quick Heal Safe Banking”. There was no icon for the main Quick Heal application itself, although Quick Heal tell us that this will be included in the next version. The System Tray right-click menu allows you to open the program and quickly access other main functional areas of the product.
During our usability check, we saw some unusual warning messages appearing, one covering something to do with EMV chip cards. This is unlikely to interest the average home user, and our first reaction was that it was a malware warning banner. Quick Heal say that the mechanism is used to provide users with alerts on the latest security threats, and advice on good security practice.
The main user interface is quite simple. There is a status panel telling you that the system is secure. Then there are four buttons for main functions: files and folders, emails, internet and network, parental control, and then on a second page there is external drives and devices.
“Parental Control” was flagged with a red icon indicating that it hadn’t been set up. Unfortunately, this cannot be disabled, even if you do not need the parental control function.
Insertion of our malware-loaded USB stick immediately started a scan of the drive. It quickly found each item of malware and automatically cleaned each item. At the end of the cleaning process, two items were left in our folder, but it appeared that these had been successfully cleaned.
The logging capabilities are comprehensive, but we noticed that the malware that was discovered on insertion didn’t seem to be reported in the scanning log itself. However, the malware could be found within the Quarantine section of the app. The Quarantine window was adequate, but lacked any information about individual malware until you scrolled to the right. A resizable window would help here. Overall, the app is quite simple to use, but would benefit from some design tuning, and also some reconsideration of a few features like fixed window-sizes.
Norton Security is a paid-for security suite with additional features such as a password manager. We were impressed with its well-designed interface and overall user experience.
Setup
There are no decisions to be made, but a couple of options are available. You can choose the location of the installation folder, and opt in to the Norton Community Watch data-sharing scheme. This involves entering a name, email address, phone number and country of residence. After installation, you have to create a Norton account, or sign in with an existing one. The program prompts you to add Norton browser extensions after setup.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
On home page
Update
Click on Protection Updates, LiveUpdate on home page
Scan
Click on Security, Scans on home page
Subscription
Shown at the bottom of the home page
Quarantine
Click on Security, History on the home page
Logs
Click on Security, History on the home page
Settings
Settings button at the top of the home page
Help
Help button at the top of the home page
Security alerts
If real-time protection is disabled, an alert is shown on the home page. You can reactivate the protection by clicking Fix Now.
If a malicious file is downloaded, Norton blocks the download and shows an alert:
The same procedure is used if a potentially unwanted application is downloaded.
Other points of interest
A product tour is available after setup, though you can skip it if you want.
Logs and quarantine are combined under the heading of History.
Installation is simple and easy to do. It requires you have an account, and this requires a phone number, even for the trial version (which is unusual).
On the first start of the app there is a tour, which is helpful and well laid out. Initial impressions of the main app window are positive. The window is clear and clean, and the buttons that can be pressed are obvious. There are four main tabs: “Security, Online Safety, Performance, More Norton”. Pressing the down-button slides the lower button bar down, and reveals more options in the upper half for each of the tabs as they are selected.
Security offers “Scans, LiveUpdate, History, Advanced”. Scans gives a good selection of default scans and eraser tasks. Live Update runs an update process for all components. History takes you to a full integrated history/log facility, which can usefully be resized. Advanced gives access to the configuration tools for the live scanning.
Online Safety told us it was not installed, because the browser extensions were not installed. This was simple to fix. In Chrome, we were offered “Norton Safe Search, Norton Home Page, Norton Safe Web, Norton Password Manager”, which is a quite comprehensive set of browser tools. We liked the capabilities here, for example Safe Search added in green ticks against known good website directly into a Google search.
The password manager lets you handle all passwords within one managed tool. This requires separate set up. The “Performance” tab offers tools to optimise the disk, do file clean-up, manage apps which run at startup, and get high-performance graphics.
“More Norton” takes you to the tools for managing your estate of devices from one cloud-based console. The “Settings” window does a good job of hiding you away from the complexities on a day-to-day basis. And the really deep configuration items are even further hidden behind additional layers.
Inserting our USB stick of malware, the program did not immediately notice the insertion. Once we had browsed to the USB stick with File Explorer, it took notice of what was happening, and started scanning. This worked well, and there was good reporting. The only issue was with one piece of malware which required manual intervention; it would have been nice if the app simply deleted the offending file, or offered to do this for the user.
Overall, it is a very polished user experience which brings much confidence to the user.
Tencent PC Manager is a free antivirus program. Its interface design is clean and modern, and makes most important functions easy to find and use. Some aspects of the program may make it more suitable for advanced users.
Setup
This is very straightforward. There are no decisions to be made, though you can change the location of the installation folder.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Right-click System Tray icon, then click Active Defense1
Update
Menu in top left-hand corner, Check for Update
Scan
Green button in top right-hand corner
Subscription
Not applicable
Quarantine
Quarantine link at bottom of main window
Logs
Scan logs at bottom of main window
Settings
Menu in top right-hand corner, Settings
Help
The product does not include a help feature
1Protection Status in the main window does not indicate whether features such as real-time protection are active
Security alerts
If real-time protection is disabled, an alert is shown in the separate Active Defense/Realtime Shield window, but not the main program window. To check the security status, you have to deliberately open the Defense/Realtime Shield window from the System Tray icon. You can reactivate the protection from this window, by clicking Activate All.
If a malicious file is downloaded, Tencent deletes the file and shows a warning.
If a potentially unwanted application is downloaded, Tencent blocks the download and displays a warning message in the browser window. A similar warning is shown if the user accidentally browses to a malicious URL.
On-access file detection
By default, Tencent does not provide on-access file detection. We were able to copy malware samples from a USB flash drive to the Desktop of our review PC. Tencent does however detect malicious programs when they are executed, and in an on-demand scan. On-access file detection can be enabled by going to Settings/Realtime Protection and setting File System Protection to High, in which case Tencent will detect and quarantine malicious files when they are copied to the system.
Other points of interest
During the review process, we noticed that Tencent frequently asks the user to upgrade to a new version.
You can find out more about the product on the vendor’s website:
Usability report
Installation is simple and easy to perform. Once running, you get a straightforward PC Manager window which offers a “Quick Scan” by default if you click the scan button. Rather unusually, it claims to have four AV engines – three from Tencent and one from Bitdefender. The UI is very simple and clean. There is a task bar icon which offers quick access to the main functions.
We noticed that there were a number of update window notifications appearing during reviewing. Operating PC Manager is very simple, mostly because the app concentrates on antivirus, and does not have any of the extra tools and capabilities that come with some other packages.
PC Manager does not do on-access file scanning. We were able to connect our USB drive of malware, open it up, browse it, and then copy the folder of malware to the desktop, all with no intervention from PC Manager. When we executed malware, Tencent caught the files and quarantined them. When we told PC Manager to scan the folders for malware, it found them and cleaned them appropriately. However, we were disappointed that by default there was no on-access scanning for malware, and it would be easy to copy malware from one USB stick to another, potentially passing on malware from one friend to another.
The dialog boxes that appear when malware is found are reasonably comprehensive, clear and clean, but there is no detailed explanation of what each item is. Nor is there much in the way of warning status on the main window. More significantly, there appears to be no online or offline help either. Logging appears to be fairly lightweight too, and the quarantine window is limited by it being non-resizable.
A more consistent use of colour would help – in some places, red is used to indicate problems, whereas in others green is used (probably to denote an issue that has been resolved). Overall, it is a usable product, but would be improved by fixing some engineering and usability issues.
Trend Micro Internet Security is a paid-for security suite with additional features such as a password manager and parental controls. We liked its clear design, which presents a simple overview, but allows easy access to advanced options.
Setup options
There are no decisions to be made in the setup wizard, which is very straightforward. However, on the license agreement page of the setup wizard, you can choose the location of the installation folder and language, and whether to install Password Manager. You can also enter an email address on the final page of the wizard if you want to receive news and offers from Trend Micro. When the program first starts after installation, you are prompted to set up the ransomware feature.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
Home page
Update
Not applicable, as the product uses cloud-based definitions
Scan
Scan button on home page
Subscription
Menu in top right-hand corner of window, Subscription Information
Quarantine
symbol, second icon to the right of Scan button on home page
Logs
Combined with quarantine
Settings
Cogwheel icon to the right of Scan button on home page
Help
? icon at top right of program window
Security alerts
If real-time protection is disabled, an alert is shown in the program window. You can reactivate the protection by clicking Enable Now.
If a malicious file is downloaded, Trend Micro blocks the download and displays an alert in the browser window.
The same procedure is used if a potentially unwanted application is downloaded.
Installation is clean and easy, and there are well-designed dialog boxes asking obvious questions. The main window is easy to use, with four major feature buttons to use: “Device” leads to “Security Settings, PC health Checkup, Mute Mode, Protect another Device”. “Privacy” covers “Privacy Scanner, Social Networking Protection, Pay Guard, Data Theft Prevention”. “Data” covers “Folder Shield, Secure Erase, Password Manager, Cloud Storage Scanner, Vault”, the latter being encrypted local storage. Finally, “Family” covers parental controls.
In the middle of the window is a large “Scan” button, with a drop-down menu from which a variety of scan options can be chosen. To its right are two small icons, for “Settings” and “Security Report” (which is the log/quarantine facility).
The app is well designed for most users, but there is a great deal of capability here, which obviously leads to complexity as soon as you start digging. This is typified by the “Protection Settings” dialog, which immediately drills down into a sea of tick boxes. And then there is the “Other Settings” button which opens yet another window of configuration choices.
Fortunately, there is a large “Restore Default Settings” button to allow you to undo any unwanted fiddling and ill-considered adjustments.
If the non-expert user can keep to the main control window, and use the popup windows as appropriate, then it is a relatively simple program to use. But there is a large amount of adjustment and tuning here which will delight a geek but potentially frustrate a beginner.
We connected our USB stick filled with malware in the usual way, and the Trend Micro app took no immediate notice. However, once we started to copy the subdirectory of malware to the desktop, the app immediately started detecting and cleaning. This took some time, because it was cleaning both the source and destination directories, which we liked. At the end of the scanning process, we were left with a clean computer with no traces of malware.
The “Security Report” window allows you to dig into more detail about what has happened, and to manage the quarantine. The status windows which can be viewed from here offer window resizing, which is helpful when trying to dig through a lot of log data. We liked the integrated reporting view, which allows you to move between all of the various detection processes (scan, spyware, viruses, web threats, updates and so forth).
Special mention should be given to “Pay Guard”, which is their secured browser facility for doing banking and other financial tasks. This is Internet Explorer, but wrapped up in a secure environment. You can tell it is a hardened version of IE because the window border is blue, to differentiate itself from an ordinary IE window.
VIPRE Advanced Security is a paid-for security suite with additional features such as a firewall. We liked its clean and clear homepage, which provides easy access to important features. Some aspects of the program may make it more suitable for advanced users.
Setup
This is essentially very straightforward, although one aspect confused us slightly. We had downloaded the trial version of the product, which involved providing an email address. We were prompted to enter a licence key during setup, although none had been sent to the registered email address. It turns out that you just need to leave the Product Key boxes blank, and click Agree and Continue.
There are no other decisions to be made, but you can change the location of the installation folder, and opt out of VIPRE’s ThreatNet data-sharing scheme.
Finding essential features
The table below shows you how to find the program’s most important functionality:
Status
MyVIPRE (home) page
Update
MyVIPRE/Updates
Scan
MyVIPRE/Scan
Subscription
Account page
Quarantine
Manage page/Antivirus
Logs
MyVIPRE/Click here to see the timeline in bottom-right of MyVIPRE
Settings
Manage page
Help
Account/Help and Support
Security alerts
If real-time protection is disabled, a (subtle) warning is shown in the Antivirus section of the status display. You can reactivate the protection by clicking Turn on.
In our usability check, VIPRE blocked both a malicious file and a PUA silently, i.e. without showing any sort of alert.
On-access file detection
VIPRE has on-access file detection enabled by default. However, in our usability check, we found that this displays an unusual inconsistency: loose malware samples copied to the system are detected immediately, but the same samples copied within a folder are only detected much more slowly.
As noted below, VIPRE offers to scan USB drives when they are connected. For the purposes of our check, we assume that the user would decline to run a scan (or overlook the alert). For our check, we connected a USB flash drive containing 10 common malware samples in a folder. We then opened the drive in Windows Explorer, opened the containing folder, selected the samples and tried to copy them to the Desktop of our review system. VIPRE immediately detected all of these, and blocked the copy process, meaning that none of the samples ever reached the Desktop. An alert was shown:
We would describe this as exemplary behaviour. However, when we repeated the process, but copied the folder containing exactly the same 10 samples from the USB drive to the Windows Desktop, detection was very much slower. Initially, all the samples within the folder were copied intact, without any warning being shown. VIPRE did then slowly begin detecting and deleting the malware samples on the Desktop, but this took a few minutes. We note that there was no risk of the system itself being infected, as VIPRE immediately detected and blocked any of the copied samples when we attempted to execute them.
However, the slow detection of malware in a folder might make it possible to pass on malicious files to another user. We found that we were able to copy the folder on the Windows Desktop, along with its 10 malware samples intact, to a second USB drive, without any alert being shown. We cannot see any sense or purpose in the much slower detection of malware samples that are in a folder, and can only regard this as a bug.
Other points of interest
When you connect a USB storage device, VIPRE prompts you to scan it.
There is a choice of 7 different colour schemes for the program, which can be seen and set by clicking Account on the home page of the program window. The default colour scheme is dark grey, though we changed this to white on our review system to make text more legible.
Installation is straightforward. The only issue is the license key screen: if you want to run a trial version, then you simply don’t enter a key here. This isn’t explained either on the dialog box or in the email you receive to get the downloader.
Once installed, the app initially impressed with a clean and uncluttered look. However, it soon becomes clear that there are some unusual design challenges in play here. For example, the app has a skin on it, and you can change the colours. This window isn’t resizable nor are most of the other windows, which somewhat cramps the view. In addition, the default colour palette can have a selected menu item in green, an available choice in blue, and a roll-over highlight in orange. Unfortunately, this isn’t consistent through the app – on the front screen, the menu is orange not green (Compare Firewall Rules page to front page). It is hard to see what benefit this skinning brings, and we feel that a more standard Windows look and feel would be better – especially since the current skinned design does not respect Windows Ease of Access facilities like High Contrast mode for partially sighted users.
On the main status page, you get status of the antivirus, updates and firewall. And you can initiate a scan and set up a scheduled scan. The Account page handles subscription status, product key, help and support, and allows the choice of one of 7 colour skins for the app. The Manage page handles all the settings, including Antivirus, Updates, Email, Firewall and Privacy. These are reasonably well design although you can get quite technical.
Each area of the app has a history or log window. This is quite small, cramped and not resizable. We inserted our USB stick of malware, and liked that the Vipre app immediately noticed this and offered to scan it. We chose to perform the scan. This initiated a scan in the main app. One unusual user interface point is that the circular fuel gauge spins many times, and doesn’t seem to be related to the completion of the work. Contrast this with the next stage, the cleaning cycle, where the fuel gauge is related to 100% completed work.
The scan provided a complete clean of our malware folder, which was good. However, the status reporting was weak here, especially at the end of the scan. The window that popups has each malware listed and each is clickable. Sadly, the detail panel that pops up appears to be almost entirely generic in its content with no information about that specific malware. The Timeline popup on the main window is weak, and only said it had blocked 80 items with no details. When we looked at Quarantine/Manage Items then we had a similar view. However, it’s not possible from this screen to delete all items from Quarantine, this has to be done from the main Manage window.