Your Buying Guide for the Best Antivirus in 2017
Why you need antivirus
Unless you’ve got some sort of security software installed, your Windows PC or laptop is vulnerable to viruses, malware and ransomware. The latter is particularly important right now, given that a second huge ransomware attack of 2017 has hit the headlines: Petya follows WannaCry, which earlier this year hit huge organisations including the NHS.
The best solution is to install antivirus protection, and you'll be pleased to hear it doesn't have to cost you loads.
Antivirus software detects, and then prevents, disarms or removes malicious programs or malware, often referred to as 'viruses'. Antivirus doesn't offer a perfect solution to the problem of malware, but it is a critical first step to securing your PC or laptop. To help prevent viruses infecting your PC you must install antivirus, and then regularly update your antivirus software. All the antivirus software reviewed here will update automatically.
But internet security software is no longer just about countering viruses. Although they still exist, viruses are arguably a minor part of the malware now prevalent on the web. More important now is security of personal data and protection from ransomware. Security exploits aren't about show-off hackers massaging their egos, anymore, but about monetising their malware.
The modern day criminal doesn't have to be a hard-line hacker, either. They can buy all the software they need, and millions of addresses, on the dark web or even on eBay, if they know where to look. You can buy everything from denial of service attack - with botnets for hire - to individual exploits. Custom attacks are available, where the code changes after only a dozen uses or so, making it very hard for Internet Security (IS) providers to block every new variant.
Zero day attacks
Although the primary concern is to block malware so it doesn’t install on your PC in the first place, there isn’t an internet security suite made which is 100 percent effective. Worthwhile IS and antivirus software should also detect so-called ‘zero day’ attacks, where the malware is so new it hasn’t yet been analysed or had ‘signatures’ built into IS protection routines.
The speed with which these analyses are made is an important factor in the level of protection an IS suite can provide. Some companies now claim a turnaround of well under an hour, using information gained from their own customers about similar attacks. The cloud element in security applications is growing more and more important in speeding this process. So-called "next gen" protection using behaviour analysis and even artificial intelligence is also beginning to creep into some products.
Newly-installed software can be monitored, looking for suspicious activity and can then be prevented from potentially damaging actions, such as changing registry entries, or installing as a browser add-in. Ransomware can also be identified by unexpected attempts to encrypt your files.
So how do you test antivirus software?
Malware is evolving faster than ever, but fortunately the latest generation of antivirus - or AV - is better equipped than ever to handle new threats.
In recent years, the technology that powers AV software has changed dramatically. An AV package you purchased a few years ago was able to stop known viruses and other known malware, but brand-new, unknown viruses proved more difficult. Newer products do a better job of stopping them.
For our antivirus tests we team up with Germany's AV-Test.org and the UK's SELabs, both highly respected independent security-software testing labs. Each rigorously tests AV products from a number of leading security companies.
The multifaceted testing procedure looks not only at how well an AV product can detect malware using traditional, largely signature-based methods (that is, employing a database of known malware types), but also at how well it can block brand-new, unknown malware caught fresh from the wild. These companies also examine how well security products clean up after an infection if a piece of malware does get through.
Every program in this list is worth your investment. The differences between the top few are relatively minor. The critical thing is to install one of these programs.
Is free antivirus good enough?
Our tests focus on paid-for and free AV products, although there are a few free options here too. Even big names like Kaspersky now have free versions.
Paid-for AV products usually offer better technical support and more comprehensive protection features than free programs, but free is free and some free packages can still give paid packages a run for their money. Internet security suites go further still, offering firewalls, parental controls, identity theft protection and more.
Antivirus test scores
Bitdefender Total Security 2018
Bitdefender Total Security 2018 is a comprehensive security package for Windows, Mac OS and Android (iOS coming soon), all managed from a central web portal. Its core technology regularly scores top marks in independent tests, and it now offers features that will protect users from new and emerging threats, such as ransomware.
Ransomware has proven a huge threat so far in 2017, but Bitdefender 2018 uses a double-layer defense against the newest of its kind, including Advanced Threat Defense technology and a new layer that prevents any changes to user-protected folders.
Additionally, there's improved protection against snooping hackers, including Webcam Protection, Safe Online Banking, File Shredder and Password Manager.
Bitdefender has a fine technical reputation, too. The 2018 version delivers the usual top drawer protection in a simple, no-fuss style, and carries plenty of genuinely useful features. It should be near the top of any family antivirus shopping list.
Norton Security Deluxe 2017
Owned by Symantec, Norton benefits from its parent's technology and cloud support, including SONAR Protection, which detects malware by examining the behaviour of applications as they run.
This is technically a "next generation" technology, widely tipped to replace traditional signature-based protection. The related Intrusion Prevention module also blocks attacks from threats on already infected computers.
Web activity is protected by tools such as the integrated password manager, which helps secure your identity with one-click logons.
There's also Browser Protection, which seeks to prevent malware exploiting known vulnerabilities. However, Microsoft's secure Edge browser is not completely supported.
Web downloads are also analysed, and after scanning, a report on their safety pops up.
Performance tools include a disk optimiser, which defragments data on the disk to make access more efficient. This is something Windows already does, but apparently not consistently.
Likewise, the File Cleanup facility will free up space from forgotten temporary files. This is especially a problem for computers where disk space is at a premium.
Topping off the performance features are the startup manager, which enables you to delay some services so that you can log in faster, and a useful graph showing all major events by month, including malware detections, scans and alerts.
Overall, this product has the feel of Symantec's impressive next generation business-oriented products, belying its parentage.
Kaspersky Total Security 2017
Privacy from eavesdropping is the focus here. There's a secure browser to prevent web sites tracking you, and the Kaspersky Safe Money utility. Add all your banking and other financial web sites here, and click them when needed.
If the frame around your browser turns green, you're secure. If it's orange, there's a problem. To prevent keyloggers intercepting your details, Safe Money also an on-screen keyboard.
Included is a wide range of tools suitable for all kinds of users, from domestic to small business. Free participation in the Kaspersky Security Network means that any suspicious files are sent to the cloud for testing, thereby gaining the experience of millions of other users.
Other nice touches include right clicking files to send them to the cloud for reputation checking before opening them, and the Software Cleaner that scans for unused applications you can safely uninstall.
The default Trusted Application Mode means you can only install and run software that Kaspersky Labs knows to be safe, thereby preventing the family running dodgy downloads.
The data vault facility should protect your files from ransomware, and is secured by NSA-approved AES-256 encryption.
What is surprising is the lack of a dedicated anti-ransomware module given the maturity of the rest of the package. During the current epidemic, something keeping an eye out specifically for this form of attack would bring a certain peace of mind.
Kaspersky Security Cloud
The main difference is that the new product contains patented adaptive security technology, which automatically adjusts your security settings and advises you based on your current activities.
When a new device connects to your Wi-Fi network, for example, adaptive security announces the event, which means that neighbours cannot leech your bandwidth without discovery. Connecting to web sites that don't have proper security certificates also generates a pop-up. The certificate may have simply expired, but fake sites create their own bogus certificates to trap the unwary.
Another nice feature is the strength indicator, which pops up when you enter a password. This works locally, so your password is never sent anywhere for analysis, and basically analyses the password's complexity. Speaking of passwords, you can have Kaspersky Security Cloud inform you if you're using the same password for different sites, and there's the usual password wallet to store them all.
It's not all plain sailing, however. Installing Kaspersky Security Cloud also installs Kaspersky Secure Connection, which gives you access to a secure VPN. A slight peeve here is that deleting the main product doesn't also delete the VPN. Another is that you're limited to 200MB of data per day.
On the plus side, if you've ever mistakenly installed a browser toolbar when installing software, then rejoice. Kaspersky Security Cloud gives you the option (enabled by default) to only install software and not adware when downloading anything.
Included in the price of the Android version is Kaspersky Mobile Antivirus. This is not installed by default with the main product. Instead, you must download it from the main Kaspersky control panel. If you're already logged into your Kaspersky account, however, registration is automatic.
You can get Kaspersky Security Cloud from £49.99 in the UK, though the US version hasn't released yet.
McAfee Total Protection 2017
Total Protection is a big claim, and this product lives up to its promise on many fronts. Included in the cost is a subscription to Intel's True Key, which is basically a password manager. The difference is that it uses multi-factor authentication, including fingerprints or your own face.
The major components to Total Protection are the antivirus scanner and web/email protection. The scanner is billed as award-winning and is certainly up there with the best of the signature-based scanners. Nowadays, however, more protection is required.
Most threats come not from hackers directly infiltrating your network, but from unwise web surfing leading to drive-by infections, and from opening email attachments. The WebAdvisor tool scans downloads for malicious payloads, and identifies any suspicious URLs. Backing this is the associated anti-spam module, designed to keep your inbox free of malicious pink stuff.
File Lock is a data vault like most others. It will password-protect your valuable files against stealthy Trojans, ransomware, and local prying eyes. The associated shredder will ensure that the files you delete stay deleted. There are options to shred the recycle bin, temporary internet files, or you can choose your own files.
The seemingly misnamed Vulnerability Scanner regularly searches out vulnerable software and downloads the latest versions for installation. Finally, My Home Network gives you a thousand-foot view of your network, enabling you to see instantly if you have any unauthorised devices.
ESET Internet Security 10
Immediately after installation, the initial scan promises to speed up subsequent scans. Our tests clearly show this to be very a dramatic improvement indeed.
At first glance, the main interface seems sparse, apparently containing just vital protection for internet commerce and banking, and a very useful Home Network Protection tool. This scans your network and builds a diagram showing all active devices. If you see one you don't recognise, you may have a neighbour leeching your Wi-Fi.
You can also scan your router for vulnerabilities, which should give you peace of mind given the rise of botnets consisting of domestic routers.
Dig into the setup menu, and you discover protection such as blocking malicious and phishing web sites, spam blocking and email content checking, botnet protection in case you've become infected, and increasingly important web cam protection.
The tools menu contains a plethora of ways to monitor and really get to grips with your security. You can monitor major application events (installations, etc.), running processes, file and network activity, and network connections.
More importantly, you can submit unknown files for analysis before opening or running them. You can also download and run ESET SysRescue Live, which will scan the system for persistent threats such as rootkits.
ESET mobile Security offering includes SMS and call filtering, and the anti-theft facilities include an alert being sent whenever an unknown SIM is inserted, thereby giving you a heads-up that your phone is in a stranger's hands before you realise it's gone.
Trend Micro Internet Security
This is a mature offering from one of the oldest antivirus companies, and as such it has some nice touches beyond real-time protection.
For example, Folder Shield specifically protects you from ransomware. Simply select a folder you wish to protect, and if the module detects that something unknown is trying to access your files, it will stop it. Protected folders have a shield logo added to them.
At a time when everyone seems to be on at least one social network, security is more important than ever. Trend Micro has a dedicated module to check your security settings on Facebook, Google+, Twitter and LinkedIn to ensure that you don't over-share your details. It also keeps you safe from web tracking by advertisers.
As with many other packages, there's a PC Health Checkup facility. This isn’t as detailed as others; the overall focus of the product is on online protection. Speaking of protection, it is possible to set Trend Micro's real time shield to "Hypersensitive", which means it aggressively eliminates program that may only pose a small risk of bad behaviour.
Also very useful is the Data Theft Prevention facility. This stops hackers and spyware stealing sensitive data from your devices. It can also be used to stop your kids from sending personal information to others, thereby augmenting the usual parental controls.
Surprisingly, the password manager is only a free trial, but this doesn't detract from an otherwise well thought out product for the social media age.
If every internet security product has a focus to differentiate itself in a crowded market, then bundling AVG's System TuneUp tool with s AVG Internet Security in one package puts the emphasis firmly on system speed.
Pretty much every aspect of Windows and its activities can be tuned, including visual effects, unused applications, and so on. You can also tune web browsing with Web TuneUp, and there's a Turbo Mode to really get the best performance out of your PC. You can also make applications "sleep" until needed so that they don't use any CPU until you want to use them.
Compared to other packages covered here, Internet Security portion of AVG Ultimate seems a little sparse, but hidden away is an artificial intelligence component that can identify malware that isn't known to the AVG ThreatLabs team.
A link scanner will keep you safe from dangerous web sites, and Real-Time Outbreak Protection uses crowd intelligence to give your protection a heads up on new threats that may be coming your way. Backing this protection is the Software Analyser that sniffs out suspicious behaviour to block zero day exploits.
There are problems, however. The integrated VPN is actually HideMyAss. Despite seeming to be free, this is just a trial.
Also, on a default Windows 10 installation, clicking the Web TuneUp button resulted in a message that the default browser (Microsoft Edge) is incompatible, and that it is only available for Internet Explorer, Firefox and Chrome.
These are minor worries considering that with AVG Ultimate, you get genuine "next gen" AI protection, serious system tuning, and unlimited installs for your money.
Avast Premier is the flagship home antivirus solution from this evergreen AV supplier. At first glance it looks pretty much the same as the free version, but contains some interesting tools focused on threat discovery and handling.
Smart Scan, for example, not only looks for viruses, outdated software and browser plug-ins with bad reputations, but also reaches out to your network to check for threats on other devices. What's a mystery, however, is how it can tell there are "weak" passwords when some of mine are 16 characters long and all are stored encrypted.
Of all the products tested, this is the only one with an inbuilt sandbox accessible by the user, enabling you to run suspect downloads in a safe environment to see if they produce malicious behaviour. At a time when it seems as if everyone is trying to infect you with ransomware, this could be a digital life-saver.
Plus, as of June 2017, Ransomware Shield has been added. This offers an extra layer of protection by “walling off” designated folders from any unwanted changes. This means if you select your Pictures and Documents folders, they'll be safe should any ransomware manage to get past the initial malware detection.
Seeing as this is the full, paid-for version of Avast, there are some annoyances. The SecureLine VPN is only a 7-day trial, with further access billed on a monthly, yearly or bi-annual basis. Avast Premier also installs Google Chrome, however the Avast Online Security browser plugin it installs isn’t enabled by default, and isn't installed in Microsoft's new Edge browser.
There's an inbuilt password manger that will also let you store notes, and a useful data shredder. You can also create and run a rescue disk to look for persistent threats, but if you're looking for a privacy-heavy solution, you'd need to look elsewhere. This baby is focused on malware, its identification and destruction.
Avira Free Security Suite 2017
Performance is the focus of this product, and a system tune up is available at any time. It will scan for fragmented files that may slow your computer, and the paid version will even optimise your devices after scanning. The dedicated boot optimiser even draws a graph showing how startup changes over time.
System scanning can be done in a surprising number of ways, including dedicated scans for all local drives, for removable drives, the My Documents folder structure, all running processes, and even for rootkit action. Unlike many paid-for security solutions, you can also set the priority of the scanner, which is great if you like to perform a full scan in the background.
Backing local protection is the Avira Protection Cloud. Unknown files can be automatically sent to check them out against services such as Google's VirusTotal database of known malware signatures.
The Avira Phantom VPN comes with 500MB bandwidth, and has a handy readout showing the percentage used. 500MB may not seem much, but used intelligently, it should be plenty.
Not installed by default but equally free is the Scout browser, which promises to block harmful sites, protect your privacy, and defend against potentially unwanted programs installing themselves. It even claims to check prices to make sure you're getting the best deal when shopping online.
Also included but not installed by default is a software updater, which will install all the latest updates for you.
The mobile version covers the usual facilities such as theft control, but also has some useful features, such as alerts when a company that has your details is hacked.
Overall, a very capable free package that genuinely gives paid-for solutions a serious run for their money.
Panda Free Antivirus 2017
At first glance, Panda's Free Antivirus 2017 doesn’t seem to offer that much, but this is not the case. With a light footprint, this is a bare bones antivirus solution for people who either don’t need the "kitchen sink" approach of a full antivirus suite, or know enough about online security to be able to layer a solution of their own design covering password protection, VPN, parental controls, and so on.
So, what do you get? Well, like all antivirus products there's real-time scanning as well as on-demand scans and these are configurable, including explicit protection for inserted USB drives. However, scanning can take time as our results show.
A novel feature is the Process Monitor. Unlike the Windows Task manager, this gives you information about the nature of processes, which it rates as secure or otherwise. It also gives you the number of HTTP connections associated with each process, whether the image is signed (an unsigned "Microsoft" image is a sure sign of malware, for example), and where it was downloaded from (for confirmation of dodgy code).
Click a process and you can see its details and also block it immediately from running ever again. Like some paid solutions, Panda can also block new executables until information about their reputation has been received from the cloud.