• United States



by John Breeden II

Old-school anti-virus vendors learn new tricks

May 11, 201526 mins
Advanced Persistent ThreatsData and Information SecurityNetwork Security

Testing reveals that traditional AV vendors have added defense-in-depth, BYOD protection

In an era when businesses are scrambling to defend against sophisticated advanced persistent threats, old school anti-virus may seem like a relic. But traditional anti-virus companies are changing with the times, delivering defense-in-depth for a BYOD world.

In this review, we looked at products from seven of the original anti-virus vendors, each dating back to at least the 1990s: AVG, ESET, Kaspersky, McAfee, Symantec, Panda Software and Trend Micro. We focused on ease of installation and management, ease of use, plus the protection each suite offered beyond traditional signature-based anti-virus. Special emphasis was placed on the software’s ability to also protect mobile devices running both iOS and Android. (Read an analysis of the antivirus market.)

+ ALSO ON NETWORK WORLD: New weapons offer hope against cyber-attacks +

We found that despite its shortcomings, traditional anti-virus remains an indispensable part of any network’s security posture. The reasons are twofold: First, anti-virus still works to catch the low-hanging fruit. An updated anti-virus database can protect endpoints from almost all of the typical threats that a user is likely to run into.

Secondly, companies in this review have added a slew of new features, including privacy scanners, social media link monitoring, behavioral analysis, tune-up software and anti-phishing protection, as well as the ability to lock down both computers and mobile devices.

The winner in our testing was Trend Micro Premium Security, which has one of the best overall packages for building a defense-in-depth across multiple devices. It was one of only two packages to catch 100% of exploits, with no false positives. And it has an easy to use interface, a quick install process, and a huge maintenance suite of helpful programs. (Watch a slideshow version of this test.)

Coming in a close second was Kaspersky Total Security, which also scored 100 in our exploit testing. Kaspersky also has excellent anti-phishing protection, an automatic exploit blocker, a firewall, and a feature that allows you to rollback a device to a pre-exploit state, should an attack get through. Plus, it has a unique Safe Money feature that protects users making banking transactions.

Symantec has wisely consolidated its numerous versions of Norton into one product: Norton Security. The Norton product worked well on the desktop, but was really the standout star for mobile devices. For example, Symantec protects not just against spam texts on phones, but also from unwanted calls. Features also include an identity safe and a password manager. Both use AES 256-bit encryption and the password manager is especially elegant.

AVG Anti-Virus 2015 stands out for harnessing the power of the cloud. With AVG’s cloud-based management, protection can be extended to devices not on the network. And AVG takes advantage of cloud-based global threat intelligence to update its signatures.

ESET Smart Security goes beyond traditional anti-virus, with advanced traffic monitoring and exploit blocking. It also extends security features typically associated with BYOD devices, such as locking down data if a device is stolen, to enterprise laptops. ESET also continues to support devices running Windows XP.

We found McAfee LiveSafe to be the easiest to use. LiveSafe also adds extra features, including a very good password manager, and a personal locker that encrypts and protects information from external sources or unauthorized users.

Panda Global Protection is the most like traditional anti-virus in that there is not a lot of defense in depth. That said, it did pick up on almost every bit of malware we tossed at it, including stopping malware from a drive-by website attack. A big plus is the inclusion of PC Tuneup software.

Here are the individual reviews:

AVG AntiVirus 2015

AVG AntiVirus 2015 is a complete set of protection products for individual systems, which can be tied into either AVG CloudCare management software for large enterprise deployments or AVG Zen for smaller installations.

Both management solutions require separate installations, though linking Zen or CloudCare into devices on a network is a fairly smooth process. It would be nice however, especially for installations with fewer users, if Zen were included automatically as part of the installation process of the main program.

+ ALSO: Antivirus software is falling behind the bad guys +

Zen is a pretty ingenious product that allows for the management of all devices within your group, which could be everyone working at a small business. The complete security status of every device that falls under a manager’s purview – individual users have to agree to join the group – can be seen from a single interface regardless of platform.

So if someone’s Android phone is running with outdated virus definitions – it does not yet support iOS devices – it will show on the Zen console. Administrators can fix security concerns on managed devices, even going so far as to turn firewalls on, reboot systems that require major updates and manage most other security settings. If a device is offline, its last security status will have been uploaded to the cloud so that it’s still viewable.

Any commands from the main console, like updating virus definitions, will similarly be uploaded to the cloud and then executed the next time a device powers back up. Because this is cloud-based, the location of the user isn’t a factor. The enterprise level CloudCare product works in a similar way to enhance AntiVirus installations, just with menus and functions designed more to handle a massive number of users at the same time.

In terms of the program itself, the look of AntiVirus 2015 has been updated from previous versions to feature larger buttons and an easy-to-use dashboard that gives a glance at the total security settings for a protected device. The dashboard is still a touch sales-like, showing incomplete security ratings in certain areas unless additional products such as backup tools are also purchased.

The anti-virus scanning engine has also been improved. It’s still one of the slowest in this roundup for scan times, but very accurate against zero-day threats because of the inclusion of cloud-based outbreak protection. As soon as a new virus starts to break out in the world, even if it’s happening in another continent, the malware’s properties will be captured by AVG users and worldwide honeypots and saved in AVG’s cloud. Properties of that new malware will be instantly shared with all connected devices. That way, any instance of the same malware will be blocked even before an official definition is added to the database.

Our testing found that the new scanning engine was good, though not quite perfect in terms of catching malware at the earliest possible time. For example, downloading a known corrupted file from the Internet failed to set off an alarm. A later full scan of the PC did catch it and remove it, and it was also caught when we tried to actually run the file. So AVG works well because of its defense-in-depth, even if something gets past its primary safety net.

ESET Smart Security

ESET is one of the few companies that still offers a standalone anti-virus solution through their NOD32 Antivirus platform, which might appeal to specialized markets such as gamers who want some protection, but not at the sake of performance. Smart Security is the complete bundle of multi-layered protection, but it only works on PCs and laptops. A mobile version of the product that protects Android devices is available through ESET Multi-Device security, which can be bundled as part of a Smart Security purchase or through an enterprise deployment.

+ ALSO Developing a smart approach to SMAC security +

Even though ESET does offer protection for Android phones, the core program is obviously designed to work with laptops and desktops, and offers a few more features for those computers over most of its competition. For one, Smart Security is optimized to work with PCs that are still running Windows XP, with support for that scheduled to continue through at least 2017. If you still have XP-based systems in your network, Smart Security would be a good choice to keep them protected. When tested on a desktop running Windows XP Service Pack 3, Smart Security ran more quickly and more efficiently than any other program in this roundup. And it was able to detect all the threats we threw at it, including a few that were specifically designed to compromise the XP OS.

ESET Smart Security also brings the level of device threat protection normally found only for mobile phones and tablets to laptops, another feature that helps set Smart Security apart from others here. When a laptop protected by Smart Security is lost or stolen, there are several things a user can trigger to help get their property returned. At the first level, a simple message can be pushed to the device that shows who it belongs to and how to get in touch with them. Assuming someone honest finds it, the help message may be all that is needed to get it returned.

But just in case, Smart Security will lock down any laptop that is reported lost. Anyone who tries to log into the lost or stolen notebook will be directed to a sandbox account that keeps all of the other data hidden. The notebook will secretly snap photos of the unauthorized user to both identify the thief and also to help build a case against them. Finally, Smart Security offers the same kind of “Where is my device?” functionality found on a lot of mobile phone security programs where it will locate itself on a map in near-real time to help with recovery.

Giving tools for laptop recovery is a great idea in a security package. The one negative is that Smart Security does not support remote wiping of data. Notebooks are different than phones in that a remote wipe could take a lot of time, but I know certain businesses or government agencies that would rather wipe the data from a device and just write it off than worry about trying to recover the physical property.

Smart Security has a lot of advanced features beyond simple virus protection too. One of the newest features that we were able to test is the exploit blocker. ESET has determined that several programs have known vulnerabilities inside them that are often exploited by attackers at all levels, including ones that use APTs to break into networks. So ESET has locked down programs like Adobe Reader and Internet Explorer to close the gaps that many advanced threats use. Instead of trying to just scan for malware directly, it prevents any program from exploiting those known gaps.

In testing, when used against a program that attempts to exploit Explorer to drop malware on a system from a corrupted webpage, that process was stopped by the exploit blocker before the malware could even get through the gate. Compared to most other programs that allowed the malware in and then detected it, the ESET solution offers better security by preventing the malware from even entering a protected client.

Smart Security also offers traffic monitoring, something that is normally only seen in very high-level enterprise products. The traffic monitoring component scans outgoing traffic to detect even previously unknown malware from calling home to a control server or trying to reach out across a network. We tested this feature with some malware left over from our traffic monitoring review and found that ESET was able to detect even the most hidden files as soon as they tried to communicate, something almost all advanced malware needs to do at some point.

For an all PC-based network of laptops and desktops, ESET Smart Security offers one of the best protection schemes in this review, even adding features like lost laptop protection and some security functions normally only found in very advanced protection schemes. Adding Multi-Device security can also protect Android devices too, although it would be easier from an installation point of view if they would simply combine all of that protection together into a single product.

Kaspersky Total Security

The Kaspersky Total Security product was one of only two packages in this review to get 100% of the anti-virus and exploit protection completely correct, with no false positives. That level of protection comes from a robust defense-in-depth that relies on multiple techniques and programs to keep either PCs or mobile devices safe. For the PC, there is even a last defense roll-back mode available in case the worst should occur.

+ ALSO: 7 all-in-one security suites: Anti-malware for all your devices +

Total Security can be installed on any desktop, Android or iOS device. For mobile devices the core protections include anti-phishing and anti-malware protection, as well as a safe browser mode that protects personal data from being stolen by malicious apps, and a password manager for easy and secure logins for multiple sites. The protection on Android goes a little bit further, with the ability to lock down a phone if the SIM is ever removed, which would prevent someone from stealing a phone and dropping their own SIM inside it. When we tried, the phone remained unusable.

Total Security also employs automatic exploit blocking, including taking a special look at Java-based programs, which can be highly troublesome in terms of security. This prevents any exploit from even running. It could cause some trouble for legitimate programs that try to use those known holes, but it’s unlikely that any useful program would try to do that, and those settings can be overridden if necessary.

Total Security also offers one of the best anti-phishing protections that we tested here. In addition to maintaining a database of known phishing scams, it adds real-time heuristic analysis to any e-mail that comes into a protected endpoint that looks for things like what information an e-mail is asking a user for, what actions the mail is trying to solicit and if anything has been obfuscated or spoofed. That way, if a user on a protected client is the victim of a targeted attack that has never been deployed against anyone else, and thus is not in the database, it can still be caught and flagged based on the message itself – a really nice feature for a first line of defense endpoint product.

Total Security also offers its own firewall to prevent brute force type attacks and a trusted mode that works as a database of the MD5 hash files of known good programs. So if you want to install Skype for example, Total Security knows the hash of the actual file that users need to get and install. Sort of like a virus scanner in reverse, it checks known installation files against their actual profiles to make sure that nothing has been changed or modified before letting it continue.

In addition to great protection in depth, Total Security also offers two unique features not found in other programs. The first is Safe Money, a browser mode that completely locks everything down while in use. It is automatically started whenever a user goes to either a shopping site like Amazon, a banking site like Wells Fargo or one that handles payments like PayPal. The included database of known banking-type sites is extremely detailed and constantly updated, and users can add one in if, for example, visiting their local online branch does not trigger the Safe Money protections. The only reason that Safe Money isn’t active all the time is that it’s extremely resource intensive, so only turned on when needed.

While in Safe Money mode, browsers are brought into a sandbox that prevents any program from executing on the protected system. Keyloggers and screen grabbers won’t function for example. You can’t even take a screenshot of the Safe Money mode in action (we tried a variety of methods) because doing so could be used to steal passwords and account information. Once you leave a banking-type site, the browser reverts back to normal, which is indicated by the Safe Money green border disappearing.

A second unique component to Total Security is the ability to roll-back a system to its last known good profile should a virus somehow still get around all the protections that Kaspersky has put in place. It’s not a total roll back like Apple’s Time Machine, but can roll back most files to a pre-infection state. The only way we could test this feature was to disable Total Security, inject malware, and then reactivate it. The roll-back process worked fine. Most people will probably never need to use it, but it’s nice to know it’s there just in case.

McAfee LiveSafe

The McAfee LiveSafe product is one of the easiest to use in this roundup, and the company makes it fairly easy to install the product on multiple devices without charging extra, so long as all of them are for the same user. So a business or enterprise would need to do it a bit differently, but adding PCs, Macs, iOS or Android devices is a relatively simple process in any case.

+ ALSO: McAfee plans enterprise security package for fast threat detection and response +

Beyond the standard protection offered by most products reviewed here, LiveSafe also adds in some defenses in depth and extra features. These include things like a very good password manager that can keep those safe across multiple platforms, and a personal locker that encrypts and protects information from any external sources or unauthorized users.

Mobile device features include the ability to wipe a lost or stolen phone or tablet with a simple click from the command console. Devices can also be managed through the LiveSafe console to do other things as well, like backing up important files.

The McAfee LiveSafe product also includes an e-mail scanner and spam blocker that makes use of quite a few dynamic filters. The only problem is that the mail scanner didn’t perform very well. Actual messages from contacts would sometimes get flagged as phishing scams when they clearly were not. Other times, gobs of obvious spam would be allowed through normally, even if it all came in together over a few minutes with identical subject lines. We couldn’t really tune the anti-spam product beyond letting it know each time it let a spam e-mail though, but even then, that was no guarantee that the same e-mail wouldn’t make it through the defenses again. As a backup for endpoint e-mail security LiveSafe would work fairly well, but as a front line defense, it’s probably not quite good enough.

By contrast to the poorly performing anti-spam component, the website adviser tool worked great, warning us about websites with suspicious code and not letting that code load should we drop onto a corrupted page. There were no false positives in any of our adviser testing, and it correctly identified all threats on pages where we knew they would be lurking.

Symantec Norton Security

Symantec has been in the anti-virus market almost longer than anyone, especially when considering its acquisition of the Norton product line years ago. However, until this year, they also had one of the most convoluted pricing structures and product lines in the industry. Tossing all of that aside, Norton Antivirus, Norton Internet Security and Norton 360 are now rolled into a single service called Norton Security. Created by the Symantec Technology and Response team, it offers the same high level of protection to consumers, business and enterprises. And it works with PCs, Macs, Android and iOS devices.

+ ALSO: Symantec tailors sharper small business security suite +

The Norton product worked well on the desktop, but was really the standout star for mobile devices, adding helpful features that were either not available or not implemented nearly as well elsewhere. For one, Symantec protects not just against spam texts on phones, but also from unwanted calls, an amazing feature that we really loved. Not only could we block calls from telemarketers or robo-callers, but Norton Security also let us block any calls from people who deliberately obscure their numbers, as many unscrupulous scammers do.

Also for mobile, beyond scanning for viruses, Norton Security catalogs and rates each app you download through it’s App Advisor. Based on each app’s performance, the Advisor will warn users if certain thresholds are too high. For example, an app might be a huge battery drain due to sloppy programming or the way it implements different features. Even if the app isn’t technically malware, having it on your phone might be a bad thing because it drains too much power.

Other apps might conduct borderline behavior like collecting information about other apps on a phone and nagging a user to install more products. Or, it might be outright malware disguised as something else. Pure malware is dumped from a phone, but those grey area programs are presented to a user with all the facts about their bad behaviors. A user can then decide whether to trust them anyway, or simply to avoid the risk and uninstall the app.

Most of the mobile features are designed to work on Android, though the iOS platform is given a few extra tools beyond just malware protection, like the ability to trigger a scream on a lost phone so that it can be located if it’s anywhere within the area. And that scream is really loud so that it can be heard even the missing phone is inside a case, jacket pocket or dropped inside a closet somewhere.

The user interface for Norton Security is simple to use, and is presented as a Web portal which can be accessed from any protected device. From there, any device within that account can be managed. It’s also the place where a user would go to initiate help with finding a lost or stolen phone.

Features that go beyond traditional anti-virus on the desktop include an identity safe and a password manager. Both use AES 256-bit encryption to protect either important files or passwords. The password manager is especially elegant, allowing users to enter one memorable password instead of the real ones for each website they visit which requires it. The real passwords can be something long and complicated like a series of random letters and numbers that no human could easily remember, yet with the password manager, they don’t need to. Symantec really put an emphasis on both of these areas this year, and it shows. Both are the best of breed of the programs that have those features.

One more thing that the Norton product offers is 24/7 technical support. In fact, Symantec promises to work with people who can’t use the software to remove a virus infection. If the company tries and fails to remove malicious programs, it will give the user his money back.

Panda Global Protection

The Global Protection suite from Panda Security offers traditional anti-virus protection for PC, Mac and Android devices as well as iOS devices under certain circumstances, along with some nice extra features to keep desktop systems healthy beyond just having good security.

+ A LOOK BACK: Panda announces antimalware service +

For mobile security, Panda offers protection for Android devices with a set of anti-virus tools that can be installed directly onto a tablet or phone. For iOS, it’s a bit trickier than that. You get a license to install the mobile software on a Mac desktop or laptop. Then you connect the iOS device to that computer to initiate scanning. The extra step is a bit odd and a little bit of a pain, but the protection worked just as well, finding an app with malicious tendencies that we had installed on the test iOS phone and properly identifying it as such.

On the desktop, you get identity protection that keeps you from accidentally entering personal information, or having a program try and secretly do it behind your back. You can of course override this setting on a case by case basis – sometimes you need to enter that information to do things online – but it does alert you that this is taking place.

The biggest extra however is the inclusion of a full PC Tuneup suite, which cleans your system of any unnecessary cookies and temporary files that may be slowing it down. When using Tuneup with a particularly older PC in the test bed which had not been used in a while, the performance increased by 30% when looking at new boot times and file access routines. The suite also includes a secure erase function for files that wipes them out so completely that they can never be recovered by any means.

Global Protection is the most like traditional anti-virus in that there is not a lot of defense in depth behind it. That said, it did pick up on almost every bit of malware we tossed at it, including stopping malware from a drive-by website attack from reaching a host system. When combined with the included Tuneup software, it can make for a speedy and safe PC or Android device. Even using it on a Mac is a good thing, though the extra hoops required for a pure iOS device probably means those users are better off elsewhere with more dedicated solutions.  

Trend Micro Premium Security

Trend Micro Premium Security has one of the best overall packages for building a defense in depth across multiple devices. It was one of only two packages to get 100% of the anti-virus and exploit protection completely correct, with no false positives.

+ ALSO Trend Micro for Enterprise Security +

Trend Micro makes it extremely easy to add new devices to the protection scheme regardless of the OS or platform, which is perfect for an office with a large BYOD program. It’s as easy as having users scan a QR code with their mobile device and then getting a license number from a system administrator to expend one of the company’s licenses to protect the approved new tablet, phone or mobile device. Approved users can have their device protected and able to safely join the network in minutes.

In terms of scanning, the Trend Micro product is also one of the fastest that was tested. A full scan on a test desktop system often took between two and three minutes less than with other programs. For Android devices, the scanning normally took less than a minute, and the speedier scan times didn’t hurt its accuracy.

The Premium Security product contains several elements designed to keep users from falling victim to common scams, including an e-mail scanner that automatically detects and flags suspected phishing e-mails. It does this by checking to make sure links are going where a user thinks they are, and that no information has been spoofed or hidden. If any of these are detected, the email is flagged as suspicious and put into a quarantine area by default. Users can still override that setting in the event that the mail is from a legitimate source, but in our testing it caught phishing scams right away 100% of the time with no false positives, one of the only programs with anti-phishing protection to be able to do so.

The other popular way that people become infected with viruses besides e-mail attachments is by visiting a corrupted webpage. As such, many companies have included link scanners that work with popular search engines like Google or Yahoo. Trend Micro Premium Security goes beyond this to add that technology to social media pages. Working with Facebook, Twitter, Google+ and others, it scans for links and posts that attempt to steer users into dangerous or corrupted places. Should a bad link be found, it can block a user from clicking on it as well as alert the rest of that user’s social network to the dangers.

Another program Trend Micro added to its suite is called the Trend Micro Vault. Users can drop important files and programs into the vault for added protection. Locking the vault then encrypts those files and prevents them from being opened unless a proper password is entered. If a device is stolen, its loss can be reported to Trend Micro which will then put a permanent lock on the files the next time the missing device connects to the Internet to prevent them from ever being opened again. However, permanent does not really mean forever in certain circumstances. Should the device be recovered, there is also a process a user can go through to prove he is the rightful owner to unseal the vault once more.

Trend Micro Premium Security offers a lot more than one would expect from a standard anti-virus program suite, which when combined with a very easy to use interface, a quick install process for any device and a huge maintenance suite of helpful programs, earns it the highest score for this review.

John Breeden is an award winning reviewer and public speaker with over 20 years of experience. He is currently the CEO of the Tech Writers Bureau, a group of influential journalists and writers who work in government and other circles. He can be reached at

How we tested anti-virus suites

A test bed was created consisting of several desktops running Windows XP, 7 and 8, a Windows laptop, an Apple Macbook Pro, a Samsung Galaxy S5 and an Apple iPhone 6. Devices in the test bed were partitioned away from everything else, but networked together. One desktop system being used as a primary installation point for each product was selectively allowed to connect to the Internet at the beginning of each test cycle to receive the latest program updates, and also if the test required visiting a corrupted webpage. All devices were re-imaged or factory reset between tests.

An anti-virus suite was added to the main desktop system first, and then used to install protection on all other supported devices. This process was recorded and evaluated for simplicity and ease of use. Management software was also evaluated including managing each device from a central console if available.

Testing consisted of sending 25 pieces of new malware into the devices through various means including directly through a USB stick, over the protected network from one device to another, or by connecting to a website with known malware. The primary installation computer was used to surf common websites and to evaluate things like social media protection, anti-spam and phishing scanners, tune-up suites included with the package and any extra features. For mobile devices, a selection of apps was evaluated, including at least two of which are classified as malware.

Most suites were able to catch almost everything somewhere within their defense-in-depth, however, when something got through it was noted in the review. Because of the time difference between testing – giving a slight advantage to products tested later in the cycle – results from this evaluation were not used in scoring, though they are noted within the text of the review.