The security of your PC is still something you have to take into account. Microsoft is ramping it up with Windows Defender and Windows Update, but with ransomware, phishing, identity theft, and a host of other security breaches, Windows security is still a concern. As a Windows user, you must therefore take your responsibility unchanged. In this article, we'll help you choose what you need and which software offers the best security.
In January 2002, Bill Gates called on his Microsoft employees to fundamentally change the way they develop their products. At the time, the company had the worst possible reputation when it came to security and it had to change radically, according to Gates. Microsoft must provide products that, in his words, are “as available, reliable and safe as electricity, drinking water and telephony.” Ambitious, but Microsoft programs did improve.
We have tested twelve relevant security suites, looking at the most extensive suites (online security, total security, etc.). Because Windows is the operating system that requires security software, we focus on this. All products are rated for security features, additional features and overall usability. Multiple scans were performed on the entire system, individual drives and USB media, and regular user scenarios such as downloading and online banking were also performed. Furthermore, the integration with other software such as the various browsers and, for example, Microsoft Office has been examined. The results of antivirus labs AV-Comparatives and AV-Test were used to assess the quality of the protection.
Getting Windows Safe
Much of Windows security happens invisibly in the background, but not the components in the Windows Defender Security Center. There you will find protection against viruses and malware, account protection, firewall and network protection, Windows SmartScreen for protection of programs and browsers, parental controls and some security options that depend on the hardware present. The latter include 'secure boot', which checks the integrity of the operating system at boot time and prevents malicious software from loading, 'core isolation' (which uses a lightweight version of Hyper-V to isolate processes and prevents malware from manipulating memory addresses ) and finally support for a TPM chip that enables cryptographic security and which, for example, Microsoft BitLocker uses.
A prominent part of Windows 10's security is Windows Defender. It protects against viruses and spyware, but after some ridiculous results in previous years, it still doesn't have a good reputation. Nevertheless, Windows Defender's performance in comparative anti-malware tests such as AV-Test and AV-Comparatives has been on the rise for years and the package achieved the perfect score for the first time in December 2017.
How free is Windows Defender?
According to Microsoft, Windows Defender is now "so good that a number of companies are completely relying on it", which means that it is also good enough for the home. That sounds logical, but it isn't. Companies have many more security systems in their infrastructure, the status of which is also often actively monitored by well-trained administrators or even a Security Operations Center and who intervene in the event of danger. In addition, Windows Defender and even Windows are different in a corporate environment than at home! Businesses use Windows 10 Enterprise and Professional, which include security features that are missing from Windows 10 Home. And if a company buys Windows Defender, it gets Windows Defender Advanced Threat Protection (ATP) a smarter antivirus than we have at home with the regular Windows Defender.
This makes it clear that extra security is needed. But what security that is, not yet. That question is also very difficult to answer, for that you would have to know the use of the PC and the users. Do you open documents received by e-mail without thinking, do you surf a lot and like to visit lesser-known websites, is that funny PowerPoint with pictures and music that comes in from friends viewed and forwarded or is it deleted unseen? Security is more than installing an antivirus or an internet security suite.
Unfortunately, the providers of security products do not make it easy for the user. Preferably, they all create a dense fog of difficult technical terms and a lot of security marketing around their products. Because what exactly is 'next-gen antivirus' and is it the same with every supplier? And is an antivirus suite that uses the cloud or machine learning better than the one that doesn't? And shouldn't AVG and Norton, which still support Windows XP, simply say that it is better to upgrade Windows than to buy their product? Updating is often a difficult point anyway, because downloading the recent virus information daily, but not also updating Windows and all software is also unsafe. A vulnerability scanner (such as Avast, Avira, Bitdefender, Kaspersky and McAfee that offer) that checks for updates for Windows and all installed software helps with that. It is strange that the other suppliers do not offer such a function, because updating is so important.
In addition to anti-malware, the firewall is an undisputed second part of Windows security. Windows has a firewall that has already proven itself sufficiently. Again, Microsoft claims that its own firewall is sufficient. And that, moreover, by sitting directly in the operating system together with Windows Defender, it works more efficiently and puts less strain on the system.
The producers of the security suites counter this that their firewall is not inferior to that of Windows and by installing their antimalware and their firewall, you enjoy the same benefits with higher quality antimalware. It is striking that Avira, F-Secure and Sophos do not consider this necessary. This trio no longer has its own firewall, but maintains the Windows Firewall.
Another challenge for security suite providers is that for consumers, a firewall is primarily a product that does its job fully automatically. And then it quickly doesn't matter who owns that firewall, as long as there is a firewall. Within the suites that do offer a firewall, there is still a distinction between the packages that make an effort to make the sometimes difficult firewall rules understandable, such as Norton, Bitdefender, G DATA and to a lesser extent Kaspersky and McAfee, and AVG, for example. , ESET and Panda that do not and therefore offer little added value over the Windows Firewall.
In combating malware, despite all the difficult terms, antivirus makers draw on a handful of techniques. The best known are the virus signatures. The code of files is compared with that of known viruses. This form is very effective, gives few false positives, but has a real impact on system performance with many and large files. Because the number of signatures is too large, anti-virus makers are increasingly using behavioral analysis to detect malware early, even though that usually produces more false positives.
Another technique is application whitelisting, where only trusted programs are allowed. Since the antivirus maker largely maintains this system, it is a useful addition to the other forms of security. Malware makers are often familiar with these ways of monitoring and try to make their code look different or even hide it entirely in the PC's memory. In order to still recognize the viruses, the PC is checked for unexpected processes or processes with abnormal behavior, such as a Word document that starts to encrypt files on the hard drive.
In addition to parts that are necessary to protect the PC, security suites also sell parts for which this is not the case, or to a much lesser extent. For example, the shredder with which you delete files irretrievably at AVG, Bitdefender, G Data and McAfee. We find a digital safe in which you store files or passwords safely at Avast, Avira, Bitdefender, F-Secure, McAfee and Norton. Simply redundant are the clean-up functions and system tools to optimize Windows, such as Avira and Norton have. All utilities that have little or nothing to do with security and that are rarely among the best of their kind. Norton offers features to optimize the hard disk (Norton Speed Disk), to clean up temporary files from Windows, IE and Chrome, a boot manager and a totally unnecessary option to display performance graphically. ESET offers a SysInspector that "examines the computer in depth" but, contrary to what was promised, hardly provides "detailed information about components, drivers, network connections and the associated risks".
It gets really annoying with Avast and AVG, which do scan the system and Windows and make findings, but in order to solve them you first have to upgrade to a more expensive version or take out a subscription to AVG PC TuneUp or Avast Cleanup Premium. From a security perspective, the user is more – and unjustly – frightened here than helped. We could not find an option to stop this.
The usability of the packages could be improved across the board. Especially Bitdefender and McAfee are very easy to use and do not bother the user with unnecessary things. However, both (just like almost all other packages with the positive exception of Eset, F-Secure and Sophos) have the drawback that the program cannot be made full screen or even larger than the screen size devised by the makers. Then you suddenly have to scroll through lists of options or warnings while they easily fit into the picture.
The worst scores are Panda's user-friendliness, which has completely redeveloped the interface for the new Dome products. It does harm to an otherwise pretty good program. The designers are presumably real iPhone users, as it resembles them with small icons on a grid, for an automatically changing photographic background. Totally cluttered and unusable, because, among other things, the icons are not sufficiently illuminating and the accompanying text only becomes visible when the mouse is over it.
F-Secure uses a significant portion of the main window to urge you to download its password manager. No matter how many times you do that, that button never changes function and opens the password manager on mouse click - so it remains a link to the download website even after purchase. The password managers that the products offer are a point of interest anyway, as are digital safes where you can keep important data encrypted. Many of the products tested offer such a product, and almost all of them come in the form of a number of browser extensions that take care of username and password entry and synchronization between devices. But none reach the convenience level of Lastpass or Enpass or free and open source alternatives like Keepass, PGP4Win and Veracrypt.
The exception to this is McAfee TrueKey, which is a good product, but unfortunately limited to one user. There is a clear lock-in for all digital safes and password managers: you don't switch from password manager and digital safe as quickly, if at all possible. In many cases you will be better off with an alternative commercial product, even if you have to pay for it separately. That cost is likely to pay for itself quickly with the freedom it gives to buy a cheap offer for a security suite every year instead of renewing the subscription year after year because you're stuck because of the vault.
Similar considerations also apply to the security of macOS and Android and iOS smartphones and tablets. The usefulness and necessity of antimalware on these devices has not been sufficiently established to date, especially because use of alternative app stores hardly ever happens in our part of the world. Handy functions are still anti-phishing and anti-theft to find a lost or stolen device, but those functions are now standard in both iOS and Android.
Privacy is hot and an excellent opportunity for these products to show their added value. Surprisingly, they hardly ever actually do that. It is true that almost all of them offer 'privacy protection', but what it entails and how it is done varies widely. Avast, Avira, F-Secure, G Data, McAfee, Norton and Panda even lack an obvious function such as shielding the webcam. None (!) of the products takes a critical look at the privacy settings of Windows itself, while Microsoft is using Windows 10 more than ever to collect data about the user. A missed opportunity, precisely because programs such as DoNotSpy10 and ShutUp10 show that consumers also need this, but may be wary of tools from unknown providers. Another common privacy feature is a VPN that allows you to “surf the internet invisibly”. In almost all cases, this concerns the resale of a commercial VPN service, usually Hotspot Shield VPN, but always without unlimited data or the freedom to choose your own access point. If you want that, an additional paid subscription is required.
Security with the internet subscription
Internet providers such as Ziggo, KPN and XS4ALL often offer customers a 'free' antivirus or even internet security package as part of their all-in-one and internet subscription. Which package and for how many devices varies by provider, but it's a handy option to take a look at. It can quickly suffice and yield a nice saving.
Now that Windows itself has a good firewall and an increasingly better antivirus, the security vendors have to work hard to keep the current customers of these products. They all seem to be still searching and too often choose the familiar path instead of being truly innovative. On the positive side, none of the tested products really disappoints: they all offer good to very good antivirus and integrate neatly into Windows and other software.
At the level of detail, there are many differences and some of the products know better than others how to draw attention to themselves with, for example, a quieter user interface or some nice extras. Those are the packages that clearly get the full final score. The test winners are Bitdefender, Kaspersky, McAfee and Norton, all of which offer a good set of tools and are pleasant to use. Depending on the number of products to be protected, one of these products is also the Editor's Tip as the best buy. We liked Panda the least, which has really missed its target with its new interface. For most products, it is beneficial to install a trial version first and only then purchase. This also offers the possibility to immediately check whether all the functions you need are present.