VPN Packages for Private Users Put to the Test under Windows 10
VPN software is used for many operations: Getting around geo-blocking for services, tuning the ping when gaming or surfing anonymously, downloading or sending messages. For all these purposes, the VPN software has to not only provide a fast server but also be secure, and the company behind it needs to keep things private. The lab at AV-TEST examined all these criteria.
Many Windows users have already had a chance to make use of a VPN software or a VPN service. Perhaps they have used the VPN service integrated in the Opera browser to surf the web anonymously or to access a special website, for example. While this browser service is easy to use, the VPN is slow and is only available within the browser.
Anyone requiring a quick and secure VPN that works for all Windows applications or games has no choice but to go with a special VPN software package. Here's how it works: a small software agent creates a secure tunnel for the Internet connection of the PC or mobile device to a server of the provider, offering the user a location from which to surf anonymously and securely, download data or use a web service. This may be a platform with video or TV streams, for example, which are ordinarily reserved to viewers located in the country defined by the provider. Because good VPN software allows the user to freely adjust the location, i.e. the country from which the user is gaining access, so-called geo-blocking is generally no longer an issue. This masking of access or personal data, including encryption, is also important for whistleblowers, for instance, so that they cannot be traced. Under the aspect of tracing, which is also another word for privacy, the ability of a provider to keep the connection private is also very important. In this, the provider must be credible and trustworthy and ought to demonstrate transparency in every respect: for instance, in terms of the country of origin, what happens to user data and the country or laws by which the provider is governed.
VPN software for private users put to the test
In the latest test, three packages from well-known manufacturers show all they have to offer:
VPN software put to a performance test
How transparent are the VPN providers towards the user?
A quick overview of VPN Software
The test is divided into 5 key topics: usability, security, privacy, speed and transparency. In addition, we introduce a few important features and extras included in the packages.
Each package that meets the test requirements receives recognition from the lab as an "Approved Virtual Private Network Solution". In this test, all the products received this recognition.
For many users, the key question when considering VPN software is: How quickly can I upload or download data with active VPN software, either directly or per torrent network? The quick and direct answer can be found in the "performance test" table. For each product, a value between 1 and 3 is assigned there, depending upon speed performance. The figures serve as orientation instead of non-descriptive standalone values in KB/s or MB/s. Here is what the numbers mean:
Up to 1: performance below the industry average
Between 1 and 2: performance is within the industry average
Between 2 and 3: performance is above the industry average
Anyone wanting to explore the exact numbers will find them here for downloading in a PDF for experts.
This is how fast the VPN packages are
As the test is performed under realistic conditions, the lab measures all the up and downstream speeds with local and overseas connections. "Local" in this sense means: The performance is measured from one server in Europe to another server in Europe. The lab carries out the same procedure within the United States and Asia. For overseas connections, a server on one continent is connected to a server on another continent. Connections are evaluated from Europe to Asia, from Europe to the United States, from USA to Asia, and all pairings are repeated in the opposite direction.
As a final test criterion of performance, the lab measures the up and downstream via a torrent network. Here again, a distinction is made between local and overseas benchmark values.
The lab collects all the values in continuous measurements throughout a 7-day period. In addition, the lab measures all the values with each of the internal protocols Hydra, WireGuard and OpenVPN (see below in this article for more on the protocols). The score for each individual performance evaluation (1 to 3) results from the average of all measured values.
In the table, the packages from Kaspersky and NordVPN stand out in terms of the upstream and downstream. The highest rating of 3 (performance is above the industry average) was achieved in all categories by the VPN package from NordVPN. Kaspersky followed close behind, having to concede, however, in the category of downstream bitrates, and coming in at 2.1 and 2.3 respectively, or slightly above the industry standard. F-Secure cannot keep up with those speed ratings and had to be content with lower-than-average values of 1 and 1.6 respectively.
The lab decided against a special video streaming and speed test, as it is practically impossible to definitively test major streaming providers such as Netflix etc. as a remote station. The fluctuations of the networks, depending upon the time of day, along with non-accessible buffers of data in the software agents of the providers, do not allow for any verifiable measurements. However: a high downstream evaluation of a VPN software suggests that videos can be played smoothly.
The right VPN protocol
VPN software is very easy to use, but behind the scenes it involves a degree of cleverly engineered and sophisticated technology. In terms of settings, all the users really have to do is choose the country from which they wish to begin surfing. But there is an interesting function with a highly technical background: the VPN protocol used.
The products examined offer various VPN protocols. Naturally everyone can use the standard protocol OpenVPN; but not everyone is versed in the newer and mostly faster protocols such as Hydra or WireGuard. Only Kaspersky offers Hydra, and NordVPN relies on NordLynx, an internal variant of WireGuard.
All protocols have advantages and drawbacks. Some of them also may not work with the individual services, in case of geo-blocking, for instance. Another protocol might work better; it's something that users need to try out on a case-by-case basis. One very interesting aspect involves the switching of protocols with respect to up and downstream. One example: OpenVPN may be the standard, and it works with nearly all services, but it runs quite slowly. The Hydra protocol is hardly any faster, but it stands out in terms of better latency – important for gamers. The WireGuard protocol doesn't work with some services, but it often offers the best up and download speeds. In an internal side-by-side test, WireGuard demonstrated a 300 percent boost in performance compared to OpenVPN: for up and downstream. It needs to work, however.
Kaspersky Secure Connection
Latency: important for gamers
The so-called latency determines the ping time, and this in turn affects the reaction time of a figure or a device in a game. If a server is located far away, and if the traffic has to be routed via a large number of intermediate servers, latency increases – which adds up to a poorer reaction time. That is why gamers often use VPN, in order to directly connect to a remote game server (e.g. located in the United States) and thus achieve lower latency.
When looking at latency, the lab also distinguishes between local and overseas connections, collecting and evaluating data for an entire week. In final analysis, all the VPN packages were neck-and-neck in the overseas results and with a 2.0 rating, offered a good industry average. This means that they are just as good as other popular products on the market.
Among the local VPNs, F-Secure performed somewhat below average. In this category, Kaspersky and NordVPN, scoring 2.3 and 2.4 respectively, performed quite a bit above average.
Oldies but goodies: torrent networks
The popularity of torrent networks has decreased somewhat, but many people still like to use them. The biggest advantage: the data of a file is distributed in pieces among many servers. A downloader can thus retrieve several pieces in parallel, thus boosting the download rate. In addition, torrent networks can be formed out of personal computers and do not necessarily require own servers that would be more easily subject to intrusion by official bodies.
In this test segment, the lab also examines local and overseas connections for 7 full days. While the Kaspersky VPN package, scoring a 2 each time, was well within the industry average, NordVPN, with a rating of 2.5, was somewhat faster in the overseas category. Locally, Kaspersky and NordVPN were equal.
In the test with torrent networks, F-Secure received no evaluation, as it did not support torrent links on all server test connections, thus no comparison was possible.
Transparency: Is the provider trustworthy?
VPN can be used not only as a secure tunnel against attackers or to circumvent geo-blocking. What's more, VPN also offers good protection against nosiness or even persecution by authorities in totalitarian countries. That's why it is especially important how trustworthy the provider of a VPN software package is and what the provider does with the stored data that is actually flowing hidden through its network.
Most of the providers explain this on their websites in such clear terms that it is comprehensible to everyone. But the provider company also needs to reveal some information about its own identity. Who is behind the service, and where is it located? Or additional information, such as management, the company address, the legal jurisdiction, along with many details on the EU General Data Protection Regulation, or EU GDPR for short. That regulation specifies how user data is to be handled. And it is indeed information that all providers in the test make freely accessible to users. But only Kaspersky offers a publicly available transparency report. The transparency table illustrates all the additional items.
If a provider has been forced by a government entity to hand over data, it is generally not permitted to publicly disclose this fact. That is why the providers utilize a trick: They publish a "warrant canary" with a constantly revised date next to it. If the company has been ordered to hand over data, the date is suddenly no longer included there, and it is clear to everyone what has happened. The "warrant canary" information is only offered by NordVPN.
While information on transparency from the provider is good, and it fosters trust, independent auditors are even better. That is why Kaspersky and NordVPN rely on independent auditing entities. In the case of NordVPN, it is PriceWaterhouseCoopers, a specialist for industry audits. Kaspersky appointed the specialist Deloitte to conduct its audits. An audit evaluates a company's quality standards, as defined by rules or industry norms established by the DIN or ISO.
Comparison of features
One of the classic functions of VPN software is the protected use of third-party or open networks. There are always repeated instances where especially in public places, a cyber attack occurs under the guise of offering users free Wi-Fi. This cannot happen with VPN, as the communication occurs in a secured tunnel which is switched through the third-party network. The VPN tunnel protocols, combined with data encryption, typically involving 256-bit AES, are what make VPN so secure. Which is why many users opt for the secure tunnel when conducting online banking, for example.
This is also what makes it interesting to know how many devices can be used with one VPN software license. F-Secure Freedome provides for at least 3 devices, and an upgraded license allows for 5 or 7 devices. Kaspersky Secure Connection provides for 5 devices and Nord VPN for 6 devices.
Whereas all the products run under Windows and Mac, there are some differences among mobile devices. While iOS and Android are supported by all, only F-Secure and NordVPN can connect an Android TV. Only NordVPN recognizes the special case of the Fire TV Stick. When on holiday or abroad, this allows you to stream TV series that would otherwise be blocked in other countries.
An additional but unrated overview of the particular extras and features of the VPN packages are displayed in the table.
The best VPN package
In this test, there is no ranking of the packages according to points achieved – that wouldn't fit the scenario. After all, the evaluated packages all have their pros and cons depending upon the user group. Those who look closely at transparency will only find an open transparency report from Kaspersky. An independent audit was performed in the case of Kaspersky and NordVPN. F-Secure relies more on its reputable name and many details on the company.
If the only criterion is the up and download speed, then NordVPN has an edge with the best average values, followed by Kaspersky. F-Secure apparently cannot and does not want to compete on this score – even with respect to torrent support, the company is somewhat reserved.
Gamers who pay special attention to latency don't care about the product name and range of features, as long as their mouse click or button press won't take one millisecond too long over the Internet. Based on the measured values, Kaspersky and NordVPN are the first choice in this regard. F-Secure can compete on overseas connections, but it is too slow locally.
The prices for an VPN annual license available on the web vary depending upon the provider. Based on the manufacturers' suggested prices on their own websites, VPN costs roughly EUR 10 per device from F-Secure, 9 Euros from NordVPN, and roughly 5 Euros from Kaspersky – at least in the initial year of use.
Does a VPN protect privacy?
Head of Test Research
One argument against the use of VPN that repeatedly surfaces on the web is that it does not protect privacy at all. Technically speaking, that statement is not correct. It is only true in case of incorrect use of VPN software and the additional tools, such as the browser.
Rerouting the Internet connection via VPN through special servers and masking of IP's is not sufficient to surf anonymously on the web. At least not when simultaneously using a browser that assigns a unique fingerprint to every user. Browsers tend to be talkative, accepting cookies with information and thus leaving a trail of the user.
Anyone seeking to provide the best possible protection of their privacy with VPN also needs to look at the overall environment. People should only use a browser, for instance, that does not reveal information and does not store cookies. Good to know: the private mode offered in browsers can only partly achieve this objective. For Chrome, Firefox, Firefox on Android, Edge and Opera, there are extensions that protect privacy and fend off cookies and fingerprinting of websites or return wrong information to them. The Privacy Badger of the Electronic Frontier Foundation is one such tool, but it has not been tested by AV-TEST.
Furthermore, it is important for users not to log on to websites or services with an account. Otherwise they will leave tracks that others can exploit. If users pay attention to these details, then VPN and existing SSL encryption through the HTTPS protocol can help them remain anonymous on the web to the greatest extent possible.
The only entity still having all information on the surfing excursion is the VPN operator. That's why it's important for the operator to be trustworthy, as we have also evaluated among the test candidates. Blind trust is not recommended here, as unscrupulous providers could store or disclose the data to third parties.
But it is important for everyone to realize that even for private use with a VPN and all additional production tools, a true James Bond mode does not exist.