Anti-Malware Software – How to protect yourself from malware

The most important facts

  • The term malware refers to different types of malicious software
  • Cyber criminals are constantly improving their malware, making it more complex and intelligent
  • Mobile devices are increasingly becoming the focus of malware attacks
  • The best protection against malware is the combination of anti-malware and safe user behavior

The winners

Among the anti-malware programs, we are once again this year awarding first place to Bitdefender Antivirus Plus, because the antivirus software delivers the most coherent overall package in the fight against a wide range of threats from the Internet. The antivirus program impresses above all with its efficient and fast scanning functions, which also detect and eliminate the latest types of intruders. Numerous additional tools – such as phishing protection and a password manager – guarantee optimal protection for the PC system online, too.

The Norton Security Suite takes second place in our comparison, partly because of its ease of use. The software scores points for its intuitive control panel, which is also perfect for computer beginners and everyday users.

Third place in our test is awarded to McAfee AntiVirus Plus. Despite some shortcomings in terms of “performance”, the software impresses with its built-in firewall, which provides a solid shield against viruses and malware. In addition, McAfee provides customer-focused support to help people with questions and problems.

1. Malware Threats

Whether surfing the Internet, checking your e-mail inbox or trying out a new browser game recommended by your colleague – the danger of malware can be lurking everywhere. Neither individuals nor companies are fully protected against attacks by cybercriminals.

But what exactly is malware? How and to what extent does it cause damage and, above all, how can one protect oneself against it? We investigate these and other questions in our search for the best anti-malware software. Because – even if no 100% protection against malware attacks can be guaranteed – every security measure helps to reduce the probability of becoming a victim of an attack and to guarantee a certain degree of security.

The term “malware”

In general, the term “malicious software” refers to a malicious program designed to perform undesirable actions on a user’s computer. Other used terms for malware – or in German malware – are also junkware or Evilware. This is a generic term that covers various types of malicious software, such as viruses, Trojans, spyware and rootkits. Depending on the type, the different programs work differently and have different tasks. For example, the danger of a virus is to modify other – otherwise harmless – programs so that the harmful virus is also executed when they are used.

Malware trends in 2018

A continuous trend in the past few years has been Ransomware, i. e. software that encrypts the data of users and thus blackmails them. Cyber criminals are asking users to pay money to get back to their own files. However, it is not uncommon for victims to be denied access to their data despite payment. Once the blackmailers have the money, they don’t care about anything else. In May, Ransomware WannaCry made worldwide headlines with hundreds of thousands of Windows computers in 150 countries in no time at all.

Antivirus software vendor McAfee, in a report titled “Threat Forecasts for 2017,” predicts that the threat from Ransomware will continue to increase until mid-year and slow to decline thereafter.

It is particularly worrying that cybercriminals are increasingly personalised in their attacks. While the majority of attacks have so far been automated according to the watering-can principle, new types of malicious software enable targeted targeting of individual users. Some Ransomware allows attackers to search for compromising information. They threaten to publish them if they don’t get what they want. This is mostly money, and more and more often also in the form of cryptocurrencies such as Bitcoin and Monero – digital money that works without banks and helps blackmailers to remain anonymous.

2. What does Anti-Malware-Software do?

The task of anti-malware software is to detect and remove malicious software. Anti-Malware software is available as a stand-alone solution. Manufacturers of antivirus programs, however, want to offer their customers comprehensive computer security solutions, which is why almost all of them also integrate anti-malware software into these products.

How does Anti-Malware software protect?

Anti-Malware software works like a virus scanner against known threats. Using specific features described in a signature, the software detects malicious programs and deletes them from the hard disk. That’s why it’s so important that virus scanners and anti-malware software are always up to date: during the update, these signatures for newly discovered malware download from the manufacturer’s server.

A heuristic analysis should detect unknown malware by means of general characteristics. This can work, but due to the nature of the matter, it does not offer 100% certainty. No one can predict the tricks that malware developers will use to smuggle their code onto the computers of their unsuspecting victims in the future.

Manufacturers are also trying to use special functions to take preventive action against certain harmful mechanisms. The quality and scope of these functions vary depending on the manufacturer. For example, there is Ransomware protection that actively combats file encryption or sandboxes – small virtual computers in the computer, so to speak – in which it is safe to test whether a program causes damage.

Is there a difference between antivirus programs and Internet security suites?

Anti-malware software has a very narrow focus: it is concerned with malware, but not with viruses or phishing attempts. But such software has a niche existence.

In practice, security software manufacturers try to offer antivirus solutions that cover all aspects of computer security. That makes sense, too. Anything else would mean locking the front door with three locks and at the same time leaving the back door wide open. The security solutions are always software packages that deal with everything from firewalls and real-time scanners to phishing protection on all fronts against dangerous software and cybercrime. Among the software tested here, we focused on their capabilities in the area of detection and removal of malware.

3. Malware Types

Theoretical considerations about viruses are almost as old as information technology itself. The malware problem became really acute only with the possibility of information exchange between many computers through the Internet. The many different applications of computers made it possible to develop a wide variety of damaging programs. The collective term for this is “malware”. We present the most common ones here and explain their field of application and their properties.


This oldest of all malware programs copies its natural model and also pursues largely the same purpose with its existence: reproduction. This requires host computers in which the virus can spread undetected. This can damage the contents of the hard disk or even the hardware. A characteristic feature of computer viruses is that they do not actively spread, but are first brought into the system by downloading a file or using an exchangeable medium.

Internet Worms

The next step in the evolution of viruses are worms that proactively spread, for example by sending themselves via an email program.

Trojan Horses

The perfidious strategy of this type is to bait with apparent usefulness so that the malware itself is installed.


Spyware is spying on a user’s behavior. The information collected will either be sold to third parties or suitable advertisements will be placed. The spreading mechanism is often that of the Trojan horse: The spyware lures with useful features and toolbars to allow the user to install the program on his PC.


If Ransomware, a so-called blackmailer Trojan, is on a hard disk, it blocks access to important data by encrypting it. The victim is then asked to pay ransom for the release. Even if he pays, most of the time the data remains under lock and key.


Keyloggers are also designed for economic and personal damage. They monitor the keyboard entries on the PC and thus determine passwords for services such as bank portals or social networks.


In recent years, rootkits have become very popular. These are malicious programs that are buried deep within the system at a level where they have access to all the important functions. In this way, they can also bypass or disable anti-virus programs that should actually detect the malware. In this way, intruders steal and transmit interesting data for third parties.
Plenty of new malware for mobile devices
In addition, smartphones are increasingly becoming the focus of hackers who want to receive access data for online banking and important data. The malware is therefore designed similarly to those for PCs and corresponds to Trojans, spyware and viruses. A particularly nasty trick from malware on mobile phones: You send SMS messages to premium numbers that are subject to a charge and result in surprisingly high telephone bills.

4. How to get infected with malware

Loveletter caused ten billion dollars of damage, a computer worm that spread worldwide in the early 2000s. Attached to an e-mail with the subject “ILOVEYOU” was a seemingly harmless text file, but behind it there was a script. It forwarded the worm to the addresses in the e-mail program, deleted JPEG files and replaced some file types on the hard disk with copies of the worm. In our infographics we have collected the most dangerous viruses of all time.

As a result of the discovery of vulnerabilities, such as those used in this case, not only the behavior of antivirus programs has been modified. Users themselves are also learning and are more aware of certain risks than before.

The daily updates that annoy the user with antivirus programs convey the same message: between the developers of malware on the one hand and users with antivirus software on the other, there is a constant arms race. In this way, new mechanisms are constantly being discovered that use malware to spread. The most common ones are the following:

E-mail attachments

Loveletter is just one example of the dangers posed by e-mails. Not only worms that destroy data can be found here, but also Trojan horses and other pests can gain access to the PC in this way. However, today the threat is a little less than it was back in the days of Loveletter.


Browsers and their add-ons have vulnerabilities that malware can exploit. Websites can either be designed specifically for this purpose, or hackers hijack the pages of popular domains to spread pests. Without the user noticing it, software installs itself on the PC. This method called Drive by Download has become more and more popular in recent years and is now one of the most widespread.

Careless behaviour

A common third way of catching malware is mainly used by Trojans and spyware. These pretend to be ordinary programs whose installation benefits the user. Spyware is often used as a toolbar in browsers to monitor surfing behavior and can be used for advertising purposes, for example. Most of them are free programs that offer useful functions. However, this method has its origins in the illegal copies of music, games and software offered by file sharing services and pirated copy sites. But even in the time before the Internet they were already distributed, on floppy disks and CDs.

All knowledge about the sources of infection is of little use if no conclusions are drawn from the risks. For this reason, in the following section we will now provide some tips on how to behave when using Internet services and what to look for.

5. Ways of protection against malware

No security software can provide absolute protection. In an interview, Brian Dye, former Symantec vice president and now responsible for security at Intel, admitted that only 45 percent of malware is detected by antivirus software. This is because the scanners of the protection programs can usually only react if the signatures of viruses are already known and reported to the developers.

With some precautions, users can reduce the risk of infection:

Keeping software up to date

All programs, especially browsers and operating systems, need regular updates. Vulnerabilities are often only detected after a while and must be eliminated to prevent hackers and malware from exploiting them.

Caution when opening e-mails and attachments

If the sender is unknown, e-mails should remain closed, but at least users should not open their attachments and links. However, fraud can also be intentional in the case of apparently known origin. If the input of sensitive data such as account and access data is required, it is possible that a phishing e-mail may be sent here.

Follow the correct path in the browser

Wherever users need to log in with a password, they should make sure they are on the original site. A good indicator are security certificates such as TSL or SSL. You can recognize an encrypted connection to an SSL-certified page by the fact that the URL in the address bar begins with “https”. Many current browsers will also display a small green padlock next to the address bar.

Use Secure Passwords

Every user should change his or her passwords regularly and consider a new one for each service. Even if access should be hacked, the rest are still safe.

Restricted access

Even if it is convenient to always be logged into the operating system with full access rights, the administrator account should only be used to install software. This procedure is already part of the system with the new Windows 10 and for some settings the default account is not sufficient with administrative rights. This prevents malware from accessing system files.

6. This is how we test

If you want to protect your computer from malware and other threats, you are now faced with an extensive selection of good products, each with its own special features and strengths. However, not all programs on the market are able to offer the user absolute top protection, while they are particularly well suited for this in terms of user-friendliness, for example, for amateurs and beginners. For all computer users looking for the right anti-malware software, we have tested and evaluated the best programs based on our results. Readers will find a lot of information about the various advantages and disadvantages of the different software in the respective product reports.

Various aspects have a significant influence on the efficiency of antivirus software. A reliable protection program detects and eliminates even the latest dangers without compromising other functions in the system. The user interface should also be clear and intuitive, so that navigating through the functional areas is easy. Finally, prospective customers should pay attention to the customer service department, which provides the necessary assistance in case of questions and problems.

In our tests, we try not only to present the specific advantages and disadvantages of antivirus programs, but also to support prospective customers in their individual purchase decision. Users looking for the most appropriate antivirus program should take a look at the test reports and the detailed data sheet.

The currently best and most popular antivirus programs are tested in all four rating categories. The average of all individual grades is finally calculated into an overall score, which is the basis for our ranking. In our test, we evaluate each product according to the following four criteria:


In the first column we evaluate how extensive the protective shield of a program is. This evaluation criterion is initially examined by the scan system. Added to this is the speed of the scanning capabilities. On our test computers, we perform a complete scan of the hard disk several times and measure the average time it takes the anti-malware software to scan. The Kaspersky Anti-Virus and Malwarebytes Premium programs, which scan data volumes of 40 and 100 gigabytes each in less than 10 minutes, achieve above-average results.

In our reviews, we also examine which additional useful features the protection packages provide. First of all, we consider whether the software contains a reliable anti-phishing system for analyzing malicious websites. Particularly well-equipped antivirus programs – such as Norton Security – also have an online banking tool and a firewall for the security of online transactions. Readers will also find out how these tools work in practice and what advantages they offer in the field of security. Applications for experienced users such as a data shredder for the final deletion of sensitive files are also rewarded with plus points.


Even the most reliable shield quickly becomes a nuisance when it overloads the computer’s performance and leaves only a small amount of capacity for other applications. Under the test criterion “Performance”, we first observe whether the security suite causes disturbances or delays in the system, for example, an extension of the boot time when the PC is booted. We also compare the burden on computer resources. Interested parties can find out how many percent of the CPU and how many megabytes of RAM are used when scanning the system. If the software is equipped with a real-time scan, we also inform you about the resource load during a normal web search. The McAfee AntiVirus Plus protection program sets itself apart from the competition. With a usage of about 40 percent of the CPU, its scan functions prove to be extremely resource-saving. An additional evaluation point is the software activation: We analyze the entire installation process from the download of the program to the creation of the user account. In addition, we collect the most important information on the technical requirements and compatibility of the respective anti-malware programs.


Efficiency in the fight against viruses and malware is not the only indicator of good anti-malware software. The feature hierarchy should also be simple and clear, so that operation is easy for newcomers to the computer. In the third evaluation criterion, we concentrate on the control panel of the software and take a close look at its design and structure. Some particularly user-friendly programs – such as Panda Antivirus Pro – make it easier to navigate through the various functional areas thanks to their clear start menu.

It is always advantageous if individual functions are provided with a short explanation, as long as they are not sufficiently self-explanatory and intuitive. We also focus on the nature and frequency of all software notifications. Annoying advertisements are completely out of place in a paid program and lead to a devaluation. If the user does not want to be disturbed during his work or game session, ideally a “do not disturb” mode, which prevents all pop-ups, provides the necessary peace and quiet.

Help and Support

Both computer novices and PC professionals may encounter problems and complications when using the software, which they cannot solve on their own. In order to assist users in any emergency situations, most programs first of all offer an internal help area with useful links to online instructions or technical support. In this evaluation criterion, we assess both the quantity and quality of the information contained therein. The ESET NOD32 software offers a particularly large number of help options, while the BullGuard Antivirus help button triggers fewer storms of enthusiasm in our test.

In this category we also examine the direct contact channels to support. For quick and targeted solutions, some vendors provide a team of software experts who can be reached via hotline and live chat. Often an e-mail address is also available to help those seeking help with questions about the use of the program. In our test, we contacted the customer service of the various software manufacturers either by phone or e-mail. Readers will find out in the respective test reports whether the customer service responded to our inquiries in a friendly, competent and targeted manner or whether they fed us a standard message.