Please note:
•
•
There is no need to translate parts in red.
Should you find any errors in the English text, a short notice would be wonderful.
If you would like to see the page you are translating, please visit:
https://softwarelab.org/best-antivirus-software/
--
General:
Advertiser Disclosure - SoftwareLab.org is an independent software testing company.
To keep our information free for you to access, we earn a referral commission when you
make a purchase using one of the links below. In doing so, you are supporting
independent testing, for which we are grateful. Thank you.
Sort by: All Devices | Windows | Mac | Android
Read our full BitDefender Review
Visit Site
Save 50% Today
Editors’ Rating – If there is a local way of saying this better, feel free to use it.
Excellent
Very Good
Test Winner – If there is a local way of saying this better, feel free to use it.
✓ Protects Windows, Mac, iOS, and Android
✓ 30-day money-back
Perfect
Excellent
Very Good
Good
Average
Poor
Perfect Protection
Excellent Protection
Very Good Protection
Good Protection
Average Protection
Poor Protection
Perfect Performance
Excellent Performance
Very Good Performance
Good Performance
Average Performance
Poor Performance
How We Test - Below we explain with factors go into the calculation of our editors’
rating, what each of these factors means, and the data sources we use
General – Section “Author Description”
Technology analyst
Tech enthusiast and founder of SoftwareLab. He has degrees in Engineering and
Business, and has been active in the analysis of software, electronics and digital
services since 2013.
General – Section “Page Navigation”
Navigate this page:
Summary
How we test
Protection from malware
Impact on performance and speed
Devices and features
User reviews
Value for money
False positives
Done Reading?
Visit BitDefender for a unique SoftwareLab discount.
Test factors and sources
Frequently asked questions
General – Section “Frequently Asked Questions”
Below we have summed up the most commonly asked questions surrounding the topic
of cybersecurity and the best antivirus software.
General – Section “Sources”
Below you can find all the sources we have used in our analysis
General – Section “Various”
Protection from malware makes up 50% of the total score
Performance impact makes up 15% of the total score
Supported devices makes up 10% of the total score
Consumer satisfaction makes up 10% of the total score
Value for Money makes up 10% of the total score
False Positives makes up 5% of the total score
Content – Section “Heading”:
Top 5 Best Antivirus Software of 2018
Updated: September 2018
✓ Perfect protection from all malware
✓ No impact on the speed of your devices
✓ The best deals and lowest prices
Content – Section “Comparison”:
Award-winning antivirus. Fully automatic. Free VPN. Safe online banking. Webcam
security. 24/7 Support.
Global market leader. Best-in-class parental controls. Extra identity protection available.
24/7 Support.
One of the most used antivirus in the world. Best parental controls. Identity protection
available. 24/7 Support.
Excellent protection at a low price. Top user reviews. Free VPN included. Safe online
shopping. 24/7 Support.
Globally recognized brand. Advanced password manager. Home network protection.
24/7 Support.
Excellent user reviews. Game booster. Home network scanner. Identity protection. 24/7
Support.
--
Content – Section “How We Test”
Purchasing the right antivirus software is important.
So we want to be 100% transparent about the data and method we use to select the
best antivirus software of 2018.
We use 6 factors to select the winning software. All factors matter, but not all are
equally important. Therefore, the impact they have on the final score varies. All factors,
and the impact they have, can be seen here:
-Further below, we will explain each of the factors in detail. But first, we would like to
highlight where our data comes from:
The data for Protection, Performance, and False Positives, comes from AV-Test and
AV-Comparatives. These are the two internationally recognized leaders in antivirus
testing.
The data for the User Reviews comes from TrustPilot and the Google Play Store.
Trustpilot is the most trustworthy platform in the world when it comes to the collection of
objective and verified user reviews.
And the Google Play Store is the app store for Android, the most used operating system
for mobile phones. It has one on of the largest database of software reviews globally.
The data for Value for Money come from the vendor directly. These are the protection
features offered and the price requested.
The data for Supported Devices also comes from the vendors directly.
Content – Section “Protection from Malware”
The most important feature of any cybersecurity product is, of course, the protection
from malware.
Malware is a collective term which stands for a large number of cybersecurity threats,
including viruses, ransomware, spyware, adware, phishing and more. In order to protect
you effectively from such a diverse range of attacks, the most advanced antivirus
software use three different protection methods. Below we provide more detail on each
method.
All antivirus providers featured in this comparison have been tested in-depth on each of
the methods.
Signature File Detection:
Signature file detection is the most classic form of malware detection. Using this
method, antivirus software scan files for traces of malicious code, called digital
signatures. This scanning behavior is why many people refer to antivirus software as
virus scanners.
A digital signature is a unique pattern that allows security tools to recognize malware.
Imagine it as the equivalent of a fingerprint a burglar would leave. Only in this case, it is
a digital fingerprint left by malware in its attempt to cause damage to you or your
devices.
These digital signatures are stored in a database containing hundreds of millions of
malware samples. Whenever a new malware threat is uncovered by a cybersecurity
company, it is added to the database.
This method of malware detection is reliable, fast, easy to operate, and scalable.
However, it is not perfect. As it relies on cybersecurity companies to first recognize new
threats and then updating the malware samples in the database, this method is useless
against brand new malware. It is always one step behind new attacks.
Therefore, cybersecurity companies have developed a second form of file detection.
Heuristic File Detection:
Heuristic file detection is the evolution of signature-based detection. It allows antivirus
tools to identify malware that have not been seen before and havenot been added to
any database.
It does this by looking for behavioral patterns that are typical of malware, rather than at
malware signatures. Once a file is flagged as having suspicious behavior, there are
generally two ways the antivirus software would move forward with its analysis:
File Emulation: Also known under the term “sandbox testing”. In this method, the
antivirus software will allow the malware to operate in a safe environment called the
sandbox. This is often a virtual machine where the malware can cause no harm, and the
antivirus can analyze it in more detail.
In the sandbox, the potentially dangerous file is analyzed for common malicious
patterns. These include rapid replication attempts, file overwrites, or any attempt to hide
certain files. If any of these patterns are detected, the antivirus software takes further
action to eliminate the threat.
Genetic Signature Detection: New malware are often a slightly adjusted form of
existing malware. This allows the creator to reuse its malware without triggering
signature-based detection.
In genetic signature detection, however, antivirus software compare the source code of
potentially dangerous files with the source code of known malware. If there is a
significant overlap between the two, the antivirus software takes further action to
eliminate the threat.
User-Focused Protection Features:
Next to the two methods described above, there is a third way in which antivirus
programs protect users from malware. Rather than a specific method, it is a collection of
features designed to protect users from downloading malware or visiting dangerous
websites.
If you think about it, this is the natural evolution of the cybersecurity industry. As both
malware and anti-malware become increasingly sophisticated, cybercriminals look for
other weak links in the chain. And often this weak link is us, the users.
The tools to protect users are varied. But some of the most common include:
Web advisors that flag suspicious or dangerous websites before you visit them.
WiFI security advisors that recommend you to avoid specific WiFi networks or use a
VPN when connecting to them.
Password managers that help you create and store unique and highly secure
passwords.
Hardened browsers that open encrypted web browsers when you attempt to access
online banking or payment tools.
Content – Section “Impact on Performance and Speed”
Performance impact stands for the influence of the antivirus on the operating speed of
the device. Every antivirus tool requires a certain amount of resources to run, impacting
the operating speed in some way. However, some do so in much more dramatic ways
than others.
Performance impact can be measured in a variety of ways. The most common are the
impact on download times, load speeds and the resources required to run the program
in the background.
Content – Section “Devices and Features”
In this factor, we analyze which operating software the antivirus support, and which
features they offer per operating software. In many cases, the cybersecurity companies
build full security suites for Windows, but offer significantly less for their antivirus for
Mac, Android, and iOS.
There are some exceptions to this rule, however. And that is exactly what this factor is
about.
A note on iOS:
All of the antivirus programs in this list have dedicated security apps for Windows,
Mac, and Android, which is great. Two of them, however, don’t have dedicated apps for
iOS.
Although it is true that Apple has designed iOS to be incredibly safe, users still fall into
phishing traps, use unsafe passwords, or are tracked by their internet service provider.
Therefore, having a web advisor, password manager or VPN, is just as valuable on iOS
as on any other operating software.
Content – Section “User Reviews”
User reviews are incredibly important as they reflect not only the product quality, but
also the customer service of the companies.
As customer reviews have turned into a powerful marketing tool, it is often difficult to
know which reviews to trust.
In order to get access to high quality and verified user reviews, we have consulted the
Google Play Store and TrustPilot. These are the largest and most trustworthy user
review databases currently available and publicly accessible.
Content – Section “Value for Money”
Considering the amount of harm malware can cause, and how much this can end up
costing, the price of an antivirus should not be the most important factor in your
consideration.
That being said, it definitely does matter. As all antivirus providers in this list offer
excellent protection, there is no reason to pay more for an overpriced product.
To research this factor, we have analyzed the pricing strategy of the various
cybersecurity companies in each market they are available, and compared it to the
protection and features offered.
Content – Section “False Positives”
False positives are instances in which antivirus software flags a clean file as malware.
All antivirus programs do this to some degree, as they are a common byproduct of
heuristic file detection. Some cybersecurity products, however, produce considerably
more false positives than others. Although this does not pose a security threat, it can be
annoying in day to day usage.
Content – Section “Data Sources”
AV-Test is a German bases test laboratory that specializes in cybersecurity. It uses
state-of-the-art technology and one of the largest malware databases in the world to run
its tests. We consult AV-Test’s findings in the calculation of the protection and
performance scores.
AV-Comparatives is an Austria based test laboratory that has been running
cybersecurity tests since 1999. It is well-known to build real-world test scenario’s in
which all three protection layers of the antivirus software are fully utilized. Like AV-Test,
we consult AV-Comparatives findings to calculate the scores in the protection and
performance categories.
TrustPilot is one of the largest and most trustworthy user review platforms in the world.
Its mission is to bring businesses and people together and allow them to engage in
meaningful ways. Over 200.000 businesses have been reviewed in Trustpilot by more
than 45 million reviews.
The Google Play Store is the app store for Android, the most used mobile operating
system in the world. The Google Play Store has one of the largest software review
databases in the world.
Content – Section “Frequently Asked Questions”
What is Antivirus?
Antivirus software helps you in the fight against all forms of malware. The software both
prevents and cures, meaning it helps you avoid the installation of new malware, as well
as removes malware that already exists on your device.
It does this by scanning your system using the signature and heuristic file detection
methods described in the previous section, and by offering you a wide range of userfocused protection features, such as anti-phishing, password managers, and web
advisors.
What is Malware?
Classically, malware was used to describe any type of software that could infect your
device and cause harm. Usually, this harm included slowing down your device, stealing
sensitive information, or show you unwanted ads.
In the modern era, where cybercriminals not only create malicious software, but
also attempt to manipulate users into providing them with information, malware has
become a much broader term.
It is now loosely used to describe many forms of cybercriminal activity. Both the actual
malicious software, as well as the various manipulation attempts.
Types of Malware
Below we describe many forms of malware, as well as a range of surrounding terms
that are not classically considered malware, but are still important to know.
The terms are ordered alphabetically, rather than in frequency of occurrence.
What is AdWare?
AdWare is software installed on your device, designed to show you advertisements in
pop-up or toolbar form. These are adware at its most harmless. Other versions will track
your internet use or even monitor your keystrokes to steal sensitive data. AdWare can
be removed by dedicated anti-adware software or any of the top antivirus software.
What is a Botnet?
Botnet stands for Bot Network and is sometimes referred to as a zombie army. It is a
network of a large number of devices that have been infected by malware and can be
controlled remotely by a hacker. The purpose of a botnet is staging DDoS attacks,
stealing sensitive data or spreading further malware.
What is a Computer Virus?
A computer virus is a piece of code or software installed on your device without your
permission and knowledge. Computer viruses range from annoying to incredibly
destructive. They are designed to spread automatically between computers and
networks and include all types of malware. Famous examples are CryptoLocker and
Storm Worm.
What is a Computer Worm?
A computer worm is a form of self-replicating malware that can slow down your
computer by incredible proportions. It is usually spread through email attachments and
file sharing networks.
What are Computer Exploits?
When software, hardware or a network has a particular vulnerability, and a hacker
makes use of it to hijack the system, we speak of an exploit. The hacker often uses a
piece of code or software to take control. Usually, the vulnerabilities are discovered
post-mortem when hackers have already hijacked the system and caused damage.
What is Computer Hacking?
Hacking is the manipulation of a computer and its network, often for malicious purposes.
By using malware that alters the data that passes through the network, a hacker can
access the information on the system. Using any form of malware to achieve a goals is
considered hacking.
What is Cybercrime?
Cybercrime is any form of digital crime executed by using the internet or electronic
devices. In the age of the internet, cybercrime is one of the most common forms of
crime and increasing year-on-year. It comes in two major forms: Single attacks in which
sensitive data is stolen, and continuous crimes such as extortion and cyberbullying.
What is a DDoS attack?
Usually, when a mainstream website is unreachable or incredibly slow, it is suffering a
DDoS attack, which stands for Distributed Denial of Service attack. A DDoS attack is
executed by overwhelming a website with internet traffic from thousands of devices.
These are usually devices infected by malware and controlled remotely, also known as
a Botnet.
What is Identify Theft?
Identify theft happens when someone steals your tax information, credit card data or
passport details, and impersonates you. The criminal in question either opens up
a new account in your name, such as a mobile phone contract, or uses your existing
account, such as your internet banking credentials, to pay for products and services.
What is a Keylogger?
Keyloggers are a specific type of spyware that records the information you type on your
device, allowing criminals to track your activity and steal passwords, credit card
numbers, bank details and more.
What is Phishing?
Phishing messages are schemes to trick people into revealing personal information,
such as credit card details, bank account numbers or passwords. Often, phishing
attacks come in the form of emails pretending to come from real organizations like your
bank or Payal, requesting you to validate or update information.
What is Ransomware?
Ransomware, also known as rogueware or scareware, locks your device until you pay a
ransom fee to unlock it. Some of the biggest ransomware attacks in recent history, such
as WannaCry, Petya, Locky, Cerber, and CryptoLocker, have made headlines globally.
What is a Rootkit?
A rootkit is a piece of malware that provides administrative access of your device to a
hacker. It is often hidden deep within the operating software, from where it can offer
remote control to your device. Rootkits are used for a variety of purposes, from
relatively harmless to you personally, such as staging DDoS attacks, to serious forms of
identity theft.
What is a Scam?
An internet scam is a general term used to describe various kinds of fraud. In each of
them, the scammers attempt to make you give up personal information or pay for a
product you will never receive. Common scams include the Nigerian scam emails,
make-easy-money scams, dating site scams and Craig’s list scams.
What is Social Engineering?
Social engineering is the concept of exploiting people into giving up important personal
information such as credit card details or passwords, or grant access to an IT system. It
usually involves appealing to a person’s greed, vanity, curiosity, altruism, or fear of
authority. As the weakest link in the chain here is the person themselves, even the best
antivirus software have a hard time protecting you from it.
What is Spam?
Spam describes the unwanted emails and messages that (poorly) advertise a product or
service. These are often messages sent in bulk, with little or no personalization. The
best antivirus software all have spam filters built in, as do most modern email clients.
What is email, IP or DNS Spoofing?
When a hacker pretends to be someone else in order to spread malware, steal sensitive
information or gain access, we speak of Spoofing. IP Spoofing means sending a
message from a trusted computer (/ IP address). Email Spoofing means designing the
email, and email address, to seem legitimate. And DNS Spoofing means the
modification of the DNS of a domain, in order to reroute the traffic to a specific IP
address.
What is Spyware?
Spyware is used by hackers to steal all sorts of personal information. It analyzes which
websites you visit, records your browsing history and steals personal and financial
information such as bank details or credit card numbers. A common form of spyware
are keyloggers which track the information you type.
What is an SQL Injection attack?
When a hacker ads a malicious piece of SQL (Structured Query Language) code to an
input field of a website, which usually requests a username and password, we speak of
an SQL attack. The SQL code is designed to read, create, delete or alter data in the
database of the website. Either to gain access to the website itself or to steal sensitive
information.
What is a Trojan Horse?
A Trojan Horse is a piece of malware that masks itself in an email or download,
pretending to be something fun, useful or helpful, while in practice downloading other
malicious software such as ransomware, spyware or adware onto your device. The
most famous Trojan is called Zeus.
What is a Zero-Day Exploit?
Software vendors frequently release new products or products updates. When such a
product or update contains a cybersecurity vulnerability, that neither the software
vendor nor the cybersecurity companies know off, we speak or a zero-day vulnerability.
A zero-day exploit means someone taking advantage of this vulnerability.