Endurance Test: Which Package Protects Windows the Best?
The question as to which protection software keeps systems safe over the long-term is not easy to answer. The laboratory of AV-TEST tested 18 candidates over a period of 6 months in terms of their protection, performance and usability. While some products proved to have staying power, others demonstrated a kind of biorhythm – constant ups and downs in performance. The test also answered the question as to whether Windows Defender built into the Windows operating system is sufficient as basic protection.
In the evaluation, products were able to receive up to 6 points in each of the three categories tested. Only the protection package Avira AntiVirus Pro achieved 18 points in the continuous test from March to August 2018. Following close behind with excellent scores of 17.8 to 17.5 points, however, were the packages from Kaspersky Lab, McAfee, AhnLab, Bitdefender and VIPRE Security. That is why in a traditional certification test by AV-TEST, these products would receive the TOP PRODUCT distinction, alongside a security certificate. The lab awards this to all products attaining a final result of 18 to 17.5 points.
The upper third in the ranking of products in the test achieved 17.5 or more points. The middle third of the test, however, has nothing to be ashamed of: excellent point scores of 17.4 to 17.1 were achieved by the packages from AVG, Avast, Symantec, Microworld, Trend Micro and Microsoft. The lower third BullGuard, Comodo, K7 Computing, G Data and F-Secure scores between 16.8 and 15.7 points. The only exception is PC Pitstop with 13.7 points.
Reliable detection of Trojans & other malware threats
It is very interesting to take a look at continuously tested rates of protection. In this category, 9 out of 18 products earned the full 6 points: AhnLab, Avira, Bitdefender, Comodo, F-Secure, Kaspersky Lab, McAfee, Symantec and Trend Micro. The rest of the field is between 5.8 and 5.5 points. PC Pitstop lags somewhat behind with 5 points.
18 protection packages in an endurance test
Protection in the endurance test
For this test, all the protection packages were required to undergo two test phases each month. First, the real-world test is performed. As part of this test, the lab exclusively uses 0-day malware, e.g. originating from e-mails or websites. The still unknown threats are partially only a few hours old, yet no more than 24 hours old. In the second phase, the objective is to identify a reference set. This contains known viruses, Trojans and other threats that are no more than 2 weeks old. Throughout the test period of 6 months, the goal was to identify many types of malware: over 700 0-day malware threats and over 30,000 malware samples from the reference sets.
System slowdown rather than protection?
Most users think that good protection from attackers always has a catch to it: sacrifices in performance under Windows. To resolve these doubts, the lab evaluates the load each product places on the system. On a standard and high-end PC without a protection solution, the lab performs defined operations: launching websites, installing and starting up programs, performing downloads and copying data. The times required then serve as reference times for the further tests. The lab repeats the operations on the test PCs with each protection package and compares the times. Only a very slight load was recorded by the lab for these products throughout all tests in 6 months: AhnLab, Avira, Bitdefender, Microworld, Symantec and VIPRE Security. For this, the packages each received the highest-possible point score of 6.
A somewhat higher load, yet not too much, was measured by the lab on these products: Kaspersky Lab, McAfee, AVG, BullGuard, Avast, Comodo, Microsoft, PC Pitstop and Trend Micro. For these products, good results of 5.8 to 5.5 points were still achieved.
Only the packages from F-Secure, G Data and K7 Computing slowed the systems down somewhat, thus scoring only 5.2 to 5.0 points. But those are still good results.
Avira Antivirus Pro
Kaspersky Internet Security
McAfee Internet Security
Silent partner or a pain in the neck in everyday use?
Experts often speak of "false positives" when referring to security software. The term refers to applications falsely identified by security software, thus leading to falsely initiated actions such as blocking or deleting a program. Under the category of usability, the lab examines the security packages in terms of false alarms. To do so, the packages are required to scan nearly 4 million normal files, visit thousands of websites and monitor the installation of nearly 200 clean applications. The ideal result would be not a single alarm, as none of the test cases pose any danger. The packages from Avast, AVG, Avira, Kaspersky Lab and McAfee sounded either none or only a sparse few false alarms in the test. For this performance in the test category of usability, they earned 6 points each. With just a slightly higher number of false positives, the following packages received 5.8 to 5.5 points: Microsoft, AhnLab, Microworld, Trend Micro, VIPRE Security and Bitdefender.
The average score of the lower third in this test category still reached 5.3 and 5.2 points respectively: this involved the packages from BullGuard, G Data, K7 Computing, Symantec and Comodo. F-Secure achieved only 4.7 points, and PC Pitstop 3.2 points.
Top result: 12 finishers with 17 to 18 points
In the endurance test from March to August 2018, the lab evaluated a total of 18 protection packages for Windows. During the test, 12 of the 18 products tested averaged 17 to 18 points – those are top results. Still, it deserves to be mentioned that Avira Antivirus Pro was the only product to achieve the full 18 points.
The lower half of the field ranges between 16.8 and 15.7 points. But even that is not a bad result in a test series conducted for 6 months straight. Only PC Pitstop with 13.7 points needs to improve its quality for the future.
And the test table resolves the question as to whether Windows Defender as free standard protection is sufficient: While 17.1 points is great performance on average, it could be even better.
Enslaved PCs forced to mine Bitcoins
CEO AV-TEST GmbH
Ransomware is out – Crypto Miners are in. Cyber attackers are switching over to easy money through bitcoin mining and enslaved PCs and mobile devices. Good security suites provide reliable protection, however.
Attacks with ransomware are declining, according to various statistics. The modus operandi of an attack always followed a familiar pattern: first, a Windows PC was infected, then most of the data available was encrypted. Only by paying a ransom in the form of bitcoins was the key for the data handed over in individual cases. However, the attackers had to provide digital wallets and accounts for payment of the bitcoins. The time and effort was commensurately high. The new attacks now have a different appearance: infected PCs are now forced to compute bitcoins and the attackers can legally use the bitcoins. Because no one verifies where the computing power for the bitcoins came from.
The attack on unwitting Windows users usually proceeds as follows: a Trojan is slipped onto the PC via e-mail or drive-by download, for instance. From that moment on, it begins mining (computing) bitcoins. To do so, the PC naturally requires its total computing power, it can hardly be used, and the electrical bill skyrockets. Sometimes only the browser is infected, however, and the coins are mined without permission, using this pathway. The use of an up-to-date security suite for Windows helps to identify the new threats and to prevent a PC from becoming a number-crunching vassal.
An interesting trend: with the help of its own statistics, the lab determined that the number of new crypto miners is dependent upon the prices at which Bitcoin, Ethereum etc. are trading. If prices increase, the malware authors invest in new Trojans, and new versions crop up relatively quickly. When prices are falling, browsers are often only attacked "opportunistically" and forced to engage in mining.