The web today is filled with cyber threats. From botnets comprised of thousands of compromised computers launching distributed denial of service (DDoS) attacks to ransomware that locks down a computer until a ransom is paid, the array of hazards is vast. Faced with such a landscape, venturing unprotected onto the internet is inadvisable. Fortunately, a range of antivirus security products is available that offers protection against the variety of malware in existence.
Cybercriminals have devised many types of malware to further their nefarious objectives. The list includes viruses, worms, trojans, ransomware, rootkits, adware and spyware. Malware targets vulnerabilities in Windows as well as third-party software like Adobe Flash, Adobe Acrobat Reader, Java, and web browsers such as Mozilla Firefox, Google Chrome and Microsoft Edge.
Cybercriminals distribute malware with the intent to compromise victims’ computers and gain access to their personal data such as login credentials or banking information. Antivirus software detects and removes existing malware and prevents malicious code from executing. By not allowing malware to establish itself on the host system, users remain safe.
Antivirus programs should be updated on a regular basis. This ensures the program has the latest virus definitions containing the signatures by which malware is identified as well as the newest techniques to identify and deal with malware. It is also a best practice to apply the latest patches and updates to the operating system and third-party software to fix software vulnerabilities.
With so many antivirus products on the market, it can be hard to decide which product to use. Evaluating and comparing the features, performance, and malware detection rates of antivirus software makes it possible to make an informed choice.
Scanning for malware is a fundamental feature of antivirus software. Most products offer both on-access and on-demand scans. On-access scans provide real-time protection by examining files immediately upon access, before their contents are executed. On-demand scans include scheduled full or partial system scans to identify dormant malware.
Many antivirus products include behavior-based, or heuristic, detection. Instead of searching for an exact file signature to match against, this type of scan examines files and code for suspicious characteristics that the antivirus software classifies as virus-like. Behavior-based detection provides protection against the newest “zero day” threats that have yet to have their file signatures documented.
Some antivirus programs feature a cloud scanning capability in which the signatures of suspicious files are uploaded to a remote server and scanned for maliciousness, with the results returned to the local machine. This method of scanning can improve performance on the PC running the antivirus software.
Modern antivirus software often offers protection beyond simply scanning files for threats. Website ratings indicate whether sites are safe to visit. Malicious URL blocking prevents the system from connecting to sites that are known to host malware. This can also protect against domain name system (DNS) hijacks that attempt to redirect users to fake sites. Phishing protection blocks access to sites that pretend to be authentic in order to steal private data like credit card numbers.
Some antivirus products also include firewalls that monitor traffic over the computer’s network ports to block unauthorized access and other malicious threats by enforcing secure authentication certificates and security protocols.
Other features include vulnerability scans, spam filtering and password managers. Vulnerability scans examine a system for outdated and vulnerable applications, risky system settings and missing security patches, and then recommends or automatically applies appropriate fixes. Spam filtering identifies suspicious or junk emails and prevents them from reaching the primary inbox. Password managers store passwords and personal information such as credit card numbers and addresses in an encrypted state and offer to automatically fill out web forms with this data.
Antivirus software often comes in premium versions that are full security suites with additional features such as mobile Android and iPhone protection; virtual keyboards to prevent keyloggers from capturing keystrokes; cleanup tools to securely delete private data; parental controls that limit the content children can access as well as browsing time; and secure browsers that offer additional safeguards.
An evaluation of antivirus software is not complete without examining its effect on computer performance. The ideal security product will have a minimal impact on the computer’s network, processing and memory capacity as it carries out its functions. In addition, the performance of the software itself can be quantified by timing how long it takes to complete a full system scan.
Perhaps the most important attribute of antivirus products is their detection rate, or the percentage of known malware that the antivirus detects. The best antivirus products detect and remove known malware, and in addition, prevent unknown zero-day exploits from compromising users’ systems by employing behavioral scanning techniques. They protect against an array of threats on the disk, in running process memory and on the web — including traditional malware like viruses and newer dangers like ransomware — and protect against identity theft hazards like phishing attempts. And they avoid false positives, which are legitimate files flagged as malware.
Windows 8 and Windows 10 feature a built-in security tool called Windows Defender, but its malware detection rate lags behind third-party solutions.
The antivirus products below rank highly in independent lab tests and are also highly rated by consumer review outlets like PCMag: