HIGHLY INFECTIOUS Security software

Cyber threats are on the increase, but is your security suite really protecting you? We put 10 of the best products against each other to find out

Every year the risk of attack goes up, with cyber criminals finding newer, smarter ways of attacking you. While Windows 10 has boosted base security levels, you’re still not completely safe.

Nothing shows this as much as the results of our testing. The last time we tested security suite, the lowest-rated product managed a protection rating of 88.1%; this year, the worst product managed just 48%. That’s quite terrifying.

Fortunately, there are better products out there that can dramatically improve your protection and stop you getting hacked or your private details being stolen.

HOW WE TEST

Testing security software means turning to the experts. This year all the tests were performed by SE Labs, run by Simon Edwards.

SE Labs uses the Anti-Malware Testing Standards Organization (AMTSO) standard for testing. What this means is that all of the products have been tested thoroughly in a way that the results demonstrate real- world performance.

All products are tested using a double form of attack. First, there are threats collected in the wild, which means the kinds of threats that your computer is exposed to. These should be relatively straightforward for a product to deal with. Second, products are exposed to targeted attacks. These are created using publicly available free hacking tools, so no unique malware was written and there’s no technical reason why any software should do poorly here.

When it comes to blocking a threat, there are degrees of success. Ideally, a product should block malware before it runs, but some products let an exploit attack, stopping it after it’s detected. To show this, products that block a threat completely are rated higher than those that don’t. Products that allow malware through are heavily penalised. The scoring system works like this:

DETECTED (+1)

If the product detects the threat with any degree of useful information, it is awarded one point.

BLOCKED (+2)

Threats that are disallowed from even starting their malicious activities are blocked. Blocking products score two points.

NEUTRALISED (+1)

Products that kill all running malicious processes ‘neutralise’ the threat and win one point.

COMPLETE REMEDIATION (+1)

If, in addition to neutralising a threat, the product removes all significant traces of the attack, it gains an additional one point.

COMPROMISED (-5)

If the threat compromises the system, the product loses five points. This loss may be reduced to four points if it manages to detect the threat (see Detected, above), as this at least alerts the user, who may now take steps to secure the system.

Protection ratings are then weighted, scoring products that protect against threats far higher than those that were compromised. This information is then scored as a percentage.

It’s important that any security product lets legitimate programs carry on without being blocked. After all, any AV software that proves too annoying to use will likely be turned off. Products were also tested to see how they dealt with false positives.

Again, there are degrees of success here. A product that blocks the latest version of Word was given a lower score than a product that blocked an obscure utility. How the information is presented to the user is also taken into account. It’s rare for security software to simply block software, and it will usually flag up a warning with either a

The last time we tested security suites, the lowest-rated product managed a protection rating of 88.1%; this year, the worst product managed just 48% recommendation to block or continue.

All of this information is put together as a total accuracy rating, scored as a percentage, demonstrating the overall effectiveness of a product. We’ve graphed the total accuracy rating. We’ve also graphed each suite’s accuracy in identifying legitimate software, so you can see which are the best for avoiding annoying false positives.

VERSION CONTROL

SE Labs tested the current versions of products available, performing tests for a three month period. Typically, version upgrades don’t affect the performance of a product, but new features are added. Instead, most security software is updated at least daily to improve its threat detection and blocking.

For our reviews, we’ve used the best-value version of a product available. Typically, higher-cost suites just pile on the features and number of supported devices; lower-cost packages have the same basic protection.

EXTRA FEATURES

Security software isn’t just about malware, and manufacturers have added lots of features over the years to cover all areas. Some add-ons are a waste of time; others are surprisingly useful. You’ll often get credential/password managers that integrate into your web browser. These can do some useful things, including generating impossible- to-guess passwords, autofilling password forms and autofilling other web forms, such as store checkouts. These are all protected by a master password known only by you.

Parental controls vary slightly, and aren’t available with all packages, but they let you set up filters for adult content, with preset filters and customisable lists of URLs to block. Many of them also allow you to limit the time your children spend online.

GOING MOBILE

Many of the packages we’ve reviewed this year have mobile versions available. Some packages include mobile as standard, but with many, protecting your smartphone or tablet requires an additional subscription. Generally available for Android, some also work on iOS.

It’s arguable how useful these products are, as mobile operating systems are well locked down, and apps are mostly available only through official stores, so it’s far harder to get a mobile virus. We don’t recommend prioritising mobile protection over desktop protection, and the mobile performance of each product has not been tested.

THE PRICE IS RIGHT

We’ve listed the official manufacturer’s pricing for each product, but you may be able to find a better deal online by buying a boxed copy of a product. Don’t worry if the product you buy seems out of date, such as the 2017 version; all software will update to the latest current version on installation. You can used boxed software for future updates, too, rather than having to renew your licence through the manufacturer after a year.

CONTENTS

• Avast Free Antivirus
• AVG AntiVirus Free
• Bitdefender Total Security
• BullGuard Internet Security
• ESET Internet Security
• F-Secure Safe
• Kaspersky Security Cloud Personal
• Microsoft Windows Defender
• Symantec Norton Security Premium
• Trend Micro Maximum Security

Performance graphs

VERDICT

The threat landscape has changed, and our more in-depth tests really highlight the differences between security suites. By injecting targeted attacks, of the kind that happen every day, we could see how security suites deal with the unknown. Overall, this year’s tests give a far better view of which products will protect you.

There have to be winners. While we strongly recommend that you use paid-for software for the best protection, we have to start by mentioning AVG AntiVirus Free. This software managed to defend against most attacks, and it’s lightweight and easy to use. It wins a Recommended award.

Next, we have two products with a high level of protection. If you run these already or can find them online for a lower price, these suites will keep you safe. Symantec Norton Security Deluxe and Trend Micro Maximum Security both win a Recommended award. For the best protection, it’s a fine line between ESET Internet Security and Kaspersky Security Cloud. Overall, ESET’s higher price makes it less competitive, so it wins a Recommended award; Kaspersky’s value, protection and range of features make it our Labs Winner.