What’s the best antivirus software? With the rise in malware and ransomware and a growing reliance on the internet, antivirus solutions are critical for protecting your data and applications.
We here at eSecurity Planet have our own views and methodology on this much-debated issue, and present to you our reviews of the Best Antivirus Software of 2021.
Top 4 antivirus software
Bitdefender Total Security
Bitdefender has been through two rounds of NSS Labs testing in recent years, scoring an A in 2020 testing (no vendor got higher than AA). In the very difficult MITRE testing, Bitdefender was one of just seven vendors to score 90% or greater, a strong result in very difficult testing and better than some well-known names. It’s one of just a handful of antivirus vendors with a strong enterprise pedigree, and that coupled with an impressive consumer product place it atop our list.
For an introductory price of $45 a year for five devices, you get a long list of security protections:
- Advanced protection for Windows, macOS, Android and iOS devices
- Protection against sophisticated malware and zero-day attacks
- Multi-layer ransomware protection
- A network firewall
- Virtual private network (VPN)
- Privacy protections
- Parental controls
- Anti-phishing, anti-fraud and anti-spam features
And all that comes with minimal performance impact. No security product is perfect, but for just under $4 a month, Bitdefender gives you broad, sophisticated defenses.
Sophos Home Premium
Sophos has two years of stellar NSS Labs results, scoring 99.1% in 2019 and posting an A last year while topping Bitdefender in total points, 647 to 600. The company’s first attempt at MITRE testing was somewhat disappointing, but for home users, Sophos Home Premium is a solid offering with advanced features.
For an introductory price of $45 a year for 10 Windows and macOS devices and unlimited Android and iOS devices, you get predictive artificial intelligence (AI) threat detection that can stop unknown threats and learns by experience (how cool is that?), plus a number of other advanced features:
- Real-time protection against viruses, malware, Trojans, worms, bots, potentially unwanted apps (PUAs), ransomware and more
- Parental controls
- Web protection
- Banking, privacy and identity protection
Kaspersky Total Security
Yeah, Kaspersky gets dinged a lot for its Russian roots, but we have yet to see proof that there’s any compromise there, and the company has gone out of its way to be transparent, including allowing independent review of its source code and processes.
Kaspersky got a AA rating and 695 score from NSS Labs last year, putting it in the top tier of enterprise endpoint security products. The company stopped only 63% of threats in last year’s MITRE testing in our analysis, but with a strong R&D team, Kaspersky will use that knowledge to keep improving. The company did not take part in the most recent MITRE tests.
For $50 for the first year, Kaspersky Total Security gives you feature-packed, near-enterprise level security for 5 Windows, macOS, Android and iOS devices. Those protections include:
- AI- and behavioral-based threat detection
- Email phishing filter
- Ransomware protection
- Network monitoring and blocking
- Credit card protection
- Two-way firewall
- Privacy controls
- Password manager
- Webcam protection
- Parental controls
For any buyers still concerned about Kaspersky’s independence from Moscow, we’ve also compiled a list of Kaspersky alternatives.
If you must go with free antivirus protection, at least Microsoft offers a strong option for Windows users. Microsoft’s enterprise-class EDR product, Defender for Endpoints (formerly Advanced Threat Protection), has consistently posted stellar results in rigorous MITRE testing, including a top seven finish this year. Microsoft Defender, the version that comes bundled with Windows 10, doesn’t come with all the features of the pay products listed above, but you won’t do better for free. It’s turned on by default in Windows 10 and turns off if third-party AV protection is installed, but if you want to check, just type “security” into the Windows search bar and go to Windows Security Settings.
Microsoft Defender offers virus and threat protection, firewall and network protection, app and browser control, plus family controls too. Not bad for the incredibly low price of free. Microsoft has been taking security very seriously in recent years, but if you want more than Windows protection, you’ll need to look elsewhere.
If you opt to go the free route with Microsoft Defender, Kaspersky free might be a good choice for mobile devices, but you’ll do best if you take our advice and pay up. $45-$50 a year is cheaper and easier than getting your identity stolen or your computer locked by ransomware. Your internet service provider may also offer free security software that may be quite adequate, but if you want the best, you have our recommendations.
One surprise in the security market has been the enduring strength of the first-generation antivirus vendors. Perhaps that should comes as no surprise – they have a product depth that newer market entrants can only build with time.
Sophos is one such vendor. Trend Micro is another – and with a 90% protection rate in the most recent MITRE tests boasts an enterprise pedigree that should give the most paranoid home users confidence. Trend Micro’s Premium Security Suite is an expensive product, starting at $70 a year for 10 devices, but it offers advanced features, AI-based detection, and even a free tech helpdesk. A strong offering from a dependable name.
Two other old industry names with a long history of strong antivirus protection – Norton and McAfee – have recently separated from their enterprise businesses, Symantec and McAfee Enterprise. They still offer strong security, but their dependence on the enterprise company’s intellectual property bears watching. Norton in turn is merging with Avast, so more will play out there.
ESET is another consumer antivirus vendor boasting strong enterprise security test scores. Its full-featured Premium edition starts at $60 for 1 device, with each additional device costing $10.
And finally, they’re more of a secure Wi-Fi 6 network router than an endpoint antivirus tool, but our top two overall cybersecurity vendors – Palo Alto Networks and Fortinet – now offer home and small business security solutions for those seeking the highest security possible. Not cheap – Palo Alto’s Okyo starts at $349 a year – but that might be a small price to pay for peace of mind. See all our picks for The Best Wi-Fi 6 Routers Secure and Fast Enough for Business.
The biggest takeaway from all this is that top-notch security is making its way down to the consumer market, and that’s very good news indeed.
Also see our picks for Best Enterprise Detection and Response (EDR) Tools.
Your guide to antivirus software
An antivirus (AV) solution is essential for scanning, detecting, preventing, and deleting malware when protecting your devices. While many consumer devices today come with standard antivirus software, a growing number of internet-enabled systems, like IoT devices, are being manufactured with light security. SMB organizations with a limited number of devices are a vital audience for standalone AV solutions, while enterprise organizations in need of advanced AV protection are adopting endpoint detection and response (EDR).
AV software offers real-time protection, on-demand scanning, and a preventative background shield and guard to optimize protection against most malware.
History of antivirus software
Like so many advancements, the 1980s was a period of birth and development for antivirus software. As the number of devices grew steadily and then rapidly towards the turn of the century, AV solutions emerged as the most common type of endpoint security. Early providers of antivirus software included McAfee, Anti4us, Avira, Avast, Symantec, and Kaspersky.
The 2000s saw the innovation of anti-rootkit functionality with F-Secure’s BlackLight. A few years later, cloud-based antivirus software entered the scene with McAfee’s Artemis and AVG’s Protective Cloud Technology. As new technologies have entered the market, antivirus software as a standalone product has taken a backseat to more comprehensive security solutions in recent years. But what remains true is that AV software is an essential tool and part of every developed cybersecurity infrastructure in the world.
Also Read: Top Vulnerability Management Tools
What is antivirus software?
Antivirus protection means automatic detection and elimination of existing threats and added security in identifying new threats. Most AV software includes general capabilities, while enterprise solutions can go much further for protective features. General functions for antivirus software include:
- Scanning devices, directories, and files for malicious software or patterns
- Scheduling automatic scans at optimal user time
- Initiating scans on specific files, drives, and programs
- Removing or cleaning malicious code detected
- Updating users about actionable threats
- Monitoring the device’s overall health or performance
How does antivirus software work?
Whenever you insert a USB drive, open an email, browse the web, or download a program, your antivirus software is completing scans in real-time. AV software uses a connected database of identified malware types to determine if there’s any presence of malware on your device. This detection method is known as signature detection or specific detection as the AV compares program signatures to find matches. While the signature malware database can help stop known threats, the new viruses created every day tend to be the most significant threats. Antivirus also software scans for malicious patterns worth further investigation.
Also Read: Best Kaspersky Alternatives
Antivirus software uses three core detection types to contain, quarantine, or mark programs for deletion when identified as malware.
|Specific detection||Scans for known malware against database|
|Generic detection||Scans for malicious patterns or malware parts against database|
|Heuristic detection||Scans for unknown viruses with suspicious file structure detection|
Advancements in antivirus software also offer the ability to execute the program in a virtual environment known as sandboxing. By exporting the suspected malware before its activation to an isolated, third-party environment, antivirus software can run the program without affecting the real-world network or assets.
Detection Using Machine Learning and Data Mining
Related to heuristic detection, which scans for unidentified viruses that resemble existing file structures containing malware, the latest approach in threat hunting is machine learning and data mining to enhance detection abilities. Advanced AV software can extract file features that inform whether the program is malicious or benign without executing programs.
Rootkits are one of the most dangerous forms of malware, offering full-featured administrative access to a computer. Besides the hazardous level of havoc a rootkit can create, they’re also often hidden from the list of running processes and therefore hidden from users and AV software. While antivirus solutions can scan for rootkits, this feature is not universally available. With administrative-level control, rootkits can alter the operating system, make AV programs ineffective, and much more.
Testing Antivirus Vulnerabilities
Cybersecurity is a game of building, testing, developing, and testing again. Several labs, including SE Labs, AV-Test Institute, MRG-Effitas, and AV-Comparatives, publicly release their antivirus software test results.
Fight back against viruses
Viruses, or malware, are built to be self-executed, change device behavior without user knowledge, and replicate themselves. Viruses can replace execution code for legitimate programs with their execution, so the end user unwittingly starts the malicious program. A virus’s ability to replicate can endanger the user’s device and software further or move to other devices and network-level. Even when malware is benign, its presence can still waste computer memory used by critical applications.
Since the start of internet-connected networks, hackers have built malware that can crash your system, delete data, or worse. How the malware behaves or what functionality it targets determines the type of virus. Virus types include boot sector, file infector, multipartite, master boot record, and macro viruses.
Free vs. premium antivirus software vendors
Anyone who lived through the turn of the century knows how big antivirus software was for personal computers. For a generation of consumer and business devices, it was an additional must-have expense, while in recent years, manufacturers have leaned towards pre-installed and recommended channel partner software. Today, several free and premium AV software products are available for download right from your web browser.
No-Cost AV Software
Free antivirus software, especially for small organizations, can be a workable solution. Looking back at eSecurityPlanet’s reporting on free AV software, we list features that one could expect more than a decade ago, including real-time shields and auto-sandboxing, boot-time scanning, web filtering, link scanning, and a browser toolbar. A look at the most popular free AV software today, like Microsoft Defender, shows these features and more continue to be added for maximizing protection.
Paying for AV Software
Organizations managing an inventory of devices or working across multiple environments are better served by a premium antivirus solution. Though free alternatives are better than ever, premium AV software means more features like advanced password management, VPN access, and configuration functionality.
Deploying antivirus software
When organizations work with multiple platforms and operating systems, having virus protection software and pattern updates is critical. As noted, plenty of devices will have an antivirus solution pre-installed. When migrating to a new AV solution, organizations should uninstall existing antivirus software and make way for its enterprise-ready cousin. A second consideration requires evaluating network inventory and preemptively placing AV software where malware risk is highest.
Don’t Run Dual AV Solutions
The combination of multiple antivirus solutions running on the same device can wreak havoc. While scanning your machine, AV programs monitor and report what they find, and from a binary perspective, they can look like a virus themselves. When multiple AV solutions are running, they will eventually find each other. From there, it’s a chase to the finish line to block and remove each other.
The competing antivirus programs will also fight over detected viruses. When one AV solution can successfully quarantine malware, the other AV may be at a loss and continue reporting the problem though the threat is nonexistent. Collectively, the use of multiple antivirus software programs results in redundant operations that waste system memory, diminish the operating system’s effectiveness, and cause file corruption.
Threat-Based Placement of AV Software
If you’re familiar with Zero Trust or microsegmentation, this deployment method will sound familiar. Just like microsegmentation places firewalls between critical segments that need added protection, a technique of AV implementation is first identifying where viruses are most likely to enter the device or network. This deployment route means analyzing data about your inventory, network, and infection sources to see where the most significant threats exist for segments and the network. Knowing what devices and segments are most at risk, administrators typically place AV software at desktops, email servers, file servers, or web servers.
Bottom line: antivirus software
AV software is a foundational part of any security framework, but full-featured security doesn’t end with AV software. You need to do all the other things to keep your data safe, like complex passwords that aren’t reused (including on your home router), update your devices regularly, avoid insecure public networks, and for heaven’s sake, ignore suspicious emails, attachments, messages, texts, and links.
eSecurity Planet’s AV software methodology
Our views are influenced by the development of the endpoint detection and response (EDR) market. EDR is like antivirus software on steroids for businesses. We’ve studied around 10,000 data points to compare the best EDR products, so we can tell you what the best consumer antivirus products are that have a stellar enterprise pedigree – some of that high-end research and development will make its way down to consumer products.
EDR products face the most strenuous testing in the security market, with MITRE the most rigorous evaluation a cybersecurity product can face. One round of MITRE testing, for example, basically measured how well an endpoint security product can stop an attack by Russian state-sponsored hackers. You may never need that level of protection, but with all the insecure connections and applications just waiting to be hacked, you probably need better security than you think.
A handful of the highest-scoring vendors in those EDR tests also have well-regarded consumer antivirus software, and four of those comprise our top AV software choices, with Trend Micro and ESET up there too. These consumer AV tools don’t have all the sophisticated security of high-end enterprise products. However, you’re still benefiting from that high-end research and development, and they offer nifty features of their own.
Sam Ingalls contributed to this research report