We need to talk about AV software: a buyer’s guide
If you’re running Windows 10 or 11 then it has built-in AV protection, so why worry about buying software? It’s a fair question, but not the only one you need to answer
Modern security software packs in loads of features, but if you’re shopping for antivirus software then your top priroity is simple: not getting infected by malicious software.
That means that real-time malware protection is the critical feature of a security suite. This is a service that continuously monitors your PC for malicious software, primarily by scanning new files and websites your computer encounters.
It’s also our minimum bar for inclusion in this group test. For example, the free edition of Malwarebytes is effective and justifiably popular but, unlike its paid-for version, it only provides on-demand scanning.
Every single product in this group test is capable of protecting your computer against the vast majority of malicious software. Performance analysis of malware protection is in the business of assessing edge cases, unfamiliar malware and false positives. These marginal instances can have an impact on your quality of life and, potentially, the health of your PC.
Malware signatures – the hashes of known malicious files – remain important to both real-time and on-demand scanning, and this is why you still see testing houses running flat file scans against large batches of recently collected malware introduced on a disk.
But polymorphic viruses and other forms of obfuscated malware have been around for decades, which is where heuristic scanning comes in: this looks at characteristics and behaviours of a suspicious file or process to determine whether it’s likely to be a threat.
Does it use known detectionevasion techniques such as encryption or compression (“packing”)? Does it engage in potentially threatening behaviour such as attempting to delete files or terminate processes? Characteristics like these allow antivirus software to decide whether an unknown program is likely to be a threat or not.
Can it beat Microsoft Defender?
The fundamental question about any third-party antivirus solution is whether it can consistently perform better than Microsoft Defender antivirus, which comes built into Windows 10 and 11, and requires no additional software installation or payment.
We’ll be reviewing the free “for individuals” version of Microsoft Defender that ships with the operating system on the same terms as its rivals, but the fact that you don’t need to install anything new or update any licences makes it a compelling choice when it comes to protecting the PCs of less tech-savvy friends and relations. But that’s only assuming that its protection continues to meet the grade.
At the start of its life, Defender didn’t. However, due to the huge number of systems on it’s deployed, Microsoft has a real advantage when it comes to obtaining malware samples to analyse, which informs not only its malware signature database, but also the behaviour data it has to add to its heuristic rules of thumb for sketchy software.
Over the past few years Defender has matured into a piece of software that even seasoned security experts have started to respect, and that’s been based on a fine string of performances across the likes of AV Comparatives, AV-Test and SE Labs ( see How we test, p92).
How much to pay
Just for once, free antivirus isn’t one of those you-get-what-you-pay-for deals. In fact, there are good reasons for companies to produce effective free AV software: they benefit by getting more data about malware that their free users encounter, by promoting their paid-for products, and by the reputational boost that their free products bring.
Naturally, though, they want to upsell you to their full security suites. These generally include features that are more expensive to provide, from online password managers to cloud backup and even hands-on helplines in case you lose your wallet or have your identity stolen.
We’ve roughly divided antivirus suites into free products, mid-tier services that you can expect to pay around £60 a year for, and high-end suites with numerous service-based features, plenty of installation licences and a price that works out at £120 or more per year.
All those are renewal prices.
Rare exceptions such as G Data aside, the AV companies employ the same tactic as many broadband suppliers: cut-price deals for the first year to lure you in, then more expensive renewals. Although the warnings and advertising around this have become clearer, we aren’t fans of this approach –not least because if you buy direct from the companies then they have your card/account details and will auto-renew.
See the boxout below about buying from the PC Pro store as an alternative way to order what you want.
Extra features
Our reviews are weighted heavily towards protection against malware, in real-time. However, most of the products in this group test do a lot more, helping to justify their status as card-carrying security suites.
Some of these features are tied to device security: ransomware protection that can lock down and/or back up your most important folders; web-based management consoles that allow you to remotely find, lock down or wipe lost computers or mobile devices; bootable rescue disks to help you recover after a malware infection.
Then there’s dedicated webcam protection and firewall software that, in almost all cases, has a less creaky interface for creating rules than Microsoft’s integrated solution.
Others are still security-oriented, but a little broader in the net they cast – they’re usually things that you might otherwise buy as a dedicated service, such as password managers, parental control software, cloud backup services and VPNs.
While it’s convenient to get everything bundled together, you’re rarely going to get the best of all worlds. Plus, we don’t think it makes sense to invest in a password manager with one provider when you may switch in a year’s time; far better to invest in the likes of 1Password or use Bitwarden for free. The same is true for cloud backup, as shifting this from one provider to another is a hassle.
The bundled VPNs are fine for occasional use, but power users will want more. For example, if you use multiple operating systems, or want a VPN that you can deploy to your router, the VPNs bundled with security suites rarely provide sufficient flexibility.
Bundled parental control suites tend to be mostly okay, with the caveat that they don’t do much that Microsoft Family Safety or macOS Parental Controls don’t, unless you’re in the market for a crossplatform solution. Some third-party parental control suites, including those provided with internet security software, are also less than entirely respectful of children’s rights under British law.
The final category of extras consists of tools such as local encrypted data stores, secure file shredders, registry cleaners, disk usage analysers and even disk defragmenters. Although they can be handy, there are free/open-source applications that do as well or better in almost all cases, so these can be safely ignored as filler.
The bottom line is this: if you’re mainly looking for malware protection, but with some extra options in case you need them, then most services we’ve reviewed do an adequate job. You don’t need to pay more to get better protection against malicious software.
While it’s convenient to get everything bundled together, you’re rarely going to get the best of all worlds