Antivirus Software – Reviews and Price Comparisons

The most important facts in brief

  • Antivirus programs protect private and particularly sensitive data.
  • The protection software prevents the spread of pests.
  • However, general preventive measures taken by users are essential.
  • Antivirus programs should not cause a loss of computer performance.
  • Every year, viruses and other viruses cause billions of euros in damage.

The best Antivirus Software

A comparison of the different products reveals the following picture: As the best virus scanner, we once again selected Bitdefender Antivirus Plus in the test this year, because it provides the most coherent overall package in the fight against many different threats from the Internet. The protection program impresses above all with its reliable scanning functions, which detect and eliminate even the latest types of intruders. Numerous additional tools – such as phishing protection and a password manager – offer maximum security for the computer system, even in online mode. Due to its ease of use, the Norton Security Suite is ranked second in our comparison. The virus software scores highly in the test with its clear and concise control panel, which is also perfect for computer beginners and everyday users. Third place in our test is the McAfee AntiVirus Plus protection program. Despite the only partially satisfactory results in terms of “performance”, the virus software proves to be a solid shield against malware thanks to the built-in firewall. In addition, McAfee offers generous support to help people with questions and problems.

1. Essential protection for every computer

Virtually every computer system is now connected to the Internet, which means that computers and sensitive data sets are constantly exposed to a significant risk. The World Wide Web remains the biggest source of danger. However, the perfidious aspect of malware is its arbitrariness – very rarely, attacks occur according to a recognizable and predictable pattern. Rather, the propagation occurs at random and therefore usually pursues very different goals. The classic virus is usually just a small variation of malware – in the process manager’s secrecy, completely different codes can be used to steal passwords, spy on online banking data or carry out blackmail.

The damage it causes could hardly be more extensive and varied. The list of damages includes, among other things, the following:

  • Loss of sensitive and vital data
  • Failure of the system to function due to overload
  • Destruction of system components
  • network failure
  • Inconsiderable increase in outgoing data volume due to a Trojan’s incessantly sending spam mail or collecting information

Global consequential damage caused by malware

According to an analysis by the independent test laboratory AV-Test, a total of approximately 600 million types of malware were registered on the World Wide Web last year, almost 150 million more than in 2015, and by April 2017 the American institute had already detected more than 20 million new infections. According to an annual analysis by the Russian software company Kaspersky Lab for 2016,31.9 percent of Internet users’ computers fell victim to at least one World Wide Web malware attack.

For each individual PC user, it is important to combat these intruders in order to prevent the rapid and uncontrolled spread of the virus. Otherwise, countless computers would be infected within a few days, resulting in billions of euros in financial losses.

The Slammer worm is responsible for a loss of 1.2 billion US dollars. Due to the random infestation of IP addresses, the small pest spread within a very short time in large parts of the Internet. The potential risk of unknown e-mails and their attachments is pointed out by the pest MyDoom. This worm infected more than 300,000 systems after just one day via email and the Internet, causing an estimated $38 billion in damage. Hacker attacks with billions of captured user accounts (Yahoo) are no longer a threat scenario, but reality.

Malware often also causes financial damage

It is all the more worrying that some of these attacks only become public years after the crime has been committed. The potential threat of malware is therefore not a marketing strategy dramatised by the manufacturers of antivirus software, but a real and ubiquitous threat.

The most serious damage occurs by chance

In fact, the extensive damage is rarely within the expectation horizon of malware developers – it is rather due to errors in the source code. Compared to legal programs, this rarely goes through an extensive test phase within a mature test environment to eradicate last errors. Often it is the lack of compatibility that leads to serious errors.

A virus scanner should therefore not only protect against viruses, Trojans and hackers, but also effectively combat spam, phishing and spyware. The reasons for purchasing antivirus software are therefore obvious.

Reasons for a virus scanner

  • protects against destruction or theft of important data
  • cleans an already infected system of malware
  • Provides essential protection against digital attacks
  • provides a secure online banking environment
  • Protects e-mail traffic against phishing attempts
  • Prevents malware from occupying and unnecessarily consuming network and Internet resources

Even a harmless virus can cause financial damage, be it for the cost of retrospective virus control or for network downtime during removal.

Although today’s operating systems are better protected against viruses than they were ten years ago, the list of viruses and worms that infect computers every day is enormously long. It’s no secret that the number of computer viruses is steadily increasing, so a virus scanner is indispensable in today’s world.

2. Six reasons for choosing an antivirus program

Today, computers play an enormous role in people’s lives and accompany many of them not only at work but also in their leisure time. They control numerous (working) processes and thus often make it easier to organize and coordinate all aspects of daily life. For this reason, it is all the more astonishing how negligently a large number of users still deal with the topic of malware. While hardly anyone would voluntarily expose themselves to real viruses and other malware, most computer users seem to prefer playing with fire. Therefore, everyone should think about the absolute necessity of an antivirus protection program or an Internet security software.

That’s why you need antivirus software!

In the meantime, almost every user stores sensitive and private data on the computer, which is rarely intended for the general public. In addition to personal films and pictures, this often includes documents and passwords. However, if viruses gain access to the system, it is not always possible to trace exactly what happens to the respective data records. For example, there is a danger that private videos and photos could get onto the Internet, spread out of the Internet in no time at all and fall into the wrong hands. Users who don’t care whether their private pictures can also be seen by neighbours and colleagues, put their money into high-quality camera equipment – all the others prefer to invest in a good antivirus program.

The second aspect moves in similar waters: once a system has been infected with viruses, it usually takes a great deal of time and effort to remove all the malware. Viruses often implant themselves in system-relevant files and directories in order to spread from here to the rest of the system. At this point, the only thing that often helps is to restart the system, which in turn leads to the loss of all data records and also takes a lot of time. Here too, they are better advised to protect themselves with antivirus software.

Most hacker attacks are often motivated by monetary intentions. By extorting protection money, data theft or credit card fraud, criminals try to get the money of careless users. Instead of helping hackers earn a secure income through carelessness, users should rather support companies that actively combat such fraudsters. Whoever buys an antivirus program therefore also contributes to the fact that companies have more financial means to act against criminals.

If friends and family are close to your heart, you can also show them this in the form of good antivirus software. The lively exchange of information via Messenger and social networks such as Facebook, Twitter and Co. Often photos, videos, telephone numbers, addresses or even bank details change the owner. If your own computer is contaminated, users endanger not only their own data but also the information they share with friends. Worse still, if friends share files via download, computer worms can easily spread to new systems.

Once pests have settled in the computer, they usually spread rapidly. By sending links and content to third parties, other PCs that are not protected by antivirus programs also run the risk of becoming infected. In this way, many computers fall victim to the malware within a very short period of time and the range of activities of hackers is constantly expanding. A spread can only be prevented by timely detection and treatment of the viruses.

When infecting the computer with computer worms, it is not uncommon for criminals to use the computer without the owner’s knowledge for their own activities. In such a case, proof is often very difficult and, above all, lengthy. Since it is not possible to trace all the steps in detail, there may be subsequent problems with the judiciary. Users who want to avoid this risk would rather take effective countermeasures in advance.

3. Free versus payed virus scanners

If you are looking for a new antivirus program, you will quickly notice that many manufacturers often offer a free version of their virus scanners. This raises the question of course, why you should invest money in a protection program that is also available as a free virus protection program. Of course, such a question can never be answered as a blanket answer with “yes” or “no” – however, users should consider some basic criteria before deciding whether to use a free antivirus program:

Free-of-charge virus scanners usually only provide basic protection – especially in direct comparison with the pay-per-view version of the same manufacturer, there are often huge differences in the detection rate and the additional features of the programs. Accordingly, freeware rarely has protection mechanisms that can analyze the behavior of unknown Trojans. Instead of taking into account both special and virus-typical behavior, these are based on exact, already known code sequences.

Another crucial point is the update behavior. While paid programs perform several updates daily, freeware programs are often limited to update intervals in the 24-hour cycle.

However, the effectiveness of a protection program does not only depend on the engine or the search mechanisms used. End users themselves also play an important role in the continuous improvement of the program, since these enormous amounts of data supply and use the programs in the real environment – only here can zero-day exploits be identified and combated effectively.

For this reason, many developers offer a free alternative to their antivirus programs. On the basis of this information, they actively research improvements and update their virus databases on a daily basis. Free antivirus programs and their users are the test persons to further develop the virus scanners.

Furthermore, users of free virus programs usually have to live with the fact that advertisements regularly ask for the purchase of the paid version. These advertising blocks are not only annoying, but often also contain so-called drive-by downloads that install unwanted programs such as toolbars.

Paid antivirus software offers many advantages

As a rule, free virus programs perform better than Windows’ own protection programs, but they have many disadvantages compared to their paid counterparts. Most of the time, free anti-virus software lacks useful functions such as a firewall, additional browser protection or a spam filter. In addition, regular advertisements can disrupt users quickly. Another major drawback of free anti-virus programs is the large update intervals. Free antivirus programs offer more passive protection, while paid antivirus software actively provides a secure environment.

4. Additional security features for antivirus programs

The simple virus scanner, which comes with free antivirus programs or Internet Security Suites, no longer offers sufficient PC protection against threats such as data theft or treacherous blackmailer Trojans. The manufacturers of anti-virus software have therefore equipped their security programs with various additional features that comprehensively secure the PC system when surfing the Internet.

The additional security features that users of an antivirus program benefit from are shown in the following section.

Security for online banking and shopping

Over the last few years, it has become more and more common to carry out bank transactions or purchases online. However, the transmission of sensitive data such as bank accounts, credit card data, passwords, addresses, clear names and birth dates carries a high risk. Hackers can intercept the data and conduct their own business with fake identity at the expense of bona fide Internet users. Modern antivirus programs provide more security here by transferring payment transactions to a protected browser. In this mode, the data is protected against hacker access. In addition, good anti-virus software checks the security of the website and warns against fake payment websites.

Firewall for network security

The firewall prevents hackers from accessing the personal PC system over the network. The security module filters incoming and outgoing data traffic between the PC and the Internet. Especially in WLAN networks, the firewall offers an invaluably important security barrier. If you want to use public WLAN networks on the go with your notebook, a reliable firewall makes it invisible to other surfers. For these reasons, a firewall is an essential part of a good virus scanner.

Spam protection

The email inbox is a classic gateway for viruses, Trojans and phishing attempts. Reliable antivirus software scans incoming emails for suspicious hyperlinks and attachments. It also filters out unwanted mails so that they never get into the inbox.

Phishing protection

Many current antivirus programs can connect to the current Internet browsers in the form of an add-on. Through this link, the virus scanners check the search results on Google and Bing as well as displayed links for their security. The digital security guard immediately blocks links with phishing or Trojan suspicion. For some antivirus programs, this protection also extends to social networks.

Ransomware Protection

The so-called “extortion Trojans” are a new form of malware that appeared quite often on the radar of IT security experts in 2016. The malware blocks personal folders on the hard disk and threatens to release them only after payment of a ransom. The known security packages are now ready for this threat. Persons can specify folders to be monitored by the anti-virus software with this special virus scanner and protected against unauthorized encryption.

Rescue mode

Viruses and rootkits that have settled in the boot sector will not be removed while Windows is running. In these cases, people can execute a “rescue mode” with good virus protection programs. While the computer restarts, the virus scanner removes the remaining Trojans from the PC.

5. Antivirus software for different operating systems

Under Windows, a reliable virus protection program is an essential standard feature of the PC. All antivirus software comparison programs are therefore compatible with the following versions of Windows:

  • Windows 7
  • Windows 8 and 8.1
  • Windows 10

Some anti-virus programs even still support the outdated versions Windows XP and Windows Vista. Since Microsoft has discontinued support for these operating systems, users are well advised to upgrade to a current version anyway.

How secure is Windows Defender?

Since Windows Vista, Microsoft has integrated its own antivirus tool, Windows Defender, into its operating system. In 2016, the independent IT security test institute AV-Test tested this virus scanner on Windows 10 for its security performance in detail. The programme delivered a better result than in previous years. However, in the category “Protection” the Windows Defender earned only 3.0 out of 6 points. This leaves the Microsoft tool significantly behind the best Windows virus scanners. Windows users who really want to reliably protect their PCs against malware need a separate security software.

Do I need antivirus software for Mac OS?

Apple’s Mac OS operating system is generally considered to be much more secure against malware attacks than the Windows systems. On the one hand, Mac’s own self-protection works very efficiently with gatekeeper, sandbox and Xprotect. On the other hand, the known cyber attacks on OS X are not by far as high in numbers as on Windows. However, since the Mac system is not completely secure, some security software vendors also offer antivirus programs for Mac.

Is a virus scanner for Linux worth it?

The Linux operating system is of no interest to hackers and offers hardly any target for malware, since programs and scripts from the network cannot start automatically on this platform. Uncertainty factors here are inexperienced users and their carelessness – no security software can prevent damage here. A virus scanner or an Internet security system is only worthwhile on Linux if Windows systems have to be checked.

Virus protection for mobile devices

Smartphone and tablet have become popular everyday companions of many consumers in recent years. People are storing more and more private data such as addresses, logins and photos on their small computers. Banking- or fin-tech apps are even used by some users to process their financial transactions via the smartphone. Since most consumers only take care of virus protection programs for their PCs, mobile devices are a security vulnerability that is barely noticed. So it’s no wonder that cybercriminals are increasingly targeting smartphones and tablets.

However, the manufacturers of antivirus programs have recognized this development. Many of them now offer a suitable antivirus app. These applications allow anyone to encrypt communication, securely store important data and verify apps before installation. On the positive side, the detection of malware on mobile devices is at an average level of 98.9 percent. A false alarm is virtually non-existent. In addition, most virus scanners running in the background have little effect on the performance of smartphones and tablets.

Which operating systems need antivirus protection?

The Google operating system with its open source code makes Android smartphones particularly vulnerable. Android also has the world’s largest market share of 70 to 80 percent, compared to iOS and Windows Phone. This makes this mobile operating system even more interesting for cybercriminals.

An overview of the features and security features of antivirus apps is provided by our comparison of the best Android virus scanners.

Another risk is that Android users can get their apps not only from the Google Play Store, but also from other sources. If you are too reckless, you might download malware in the form of apps to your phone. In comparison, iOS with its closed architecture and Apple’s App Store is a little better protected against malware. Antivirus software does not necessarily require iPhone users. With its Marketplace, Microsoft is also oriented towards the secure App Store.

7. How does antivirus software work?

The reasons for an antivirus program should be well known. But how do such programs actually work and what protection do they really guarantee the user?

An antivirus software corresponds to the immune system of a computer, which should detect and destroy all intruders such as viruses, worms or Trojan horses at an early stage. In theory, this task is quite simple. However, in view of the highly adaptable and infectious programmes, it is not a matter of course that this protection is 100% effective at all times. The only remedy is usually a combination of different detection methods.

The classical virus detection

Signature-based detection (also called reactive detection) should be the backbone of any antivirus program. The security software scans the source code of any program for malicious code and compares it with signature databases. If specialists now detect and identify new types of threats, the manufacturers of antivirus software immediately provide appropriate signatures that guarantee effective protection. However, missing database updates inevitably lead to ineffectiveness of the program. Unfortunately, it is not possible to keep pace with the rapid growth of new malware by registering virus signatures, which is why so-called proactive technologies need to be used.

The reactive methods

Since many computer worms are also able to reproduce their source code, they can slip through the safety net to defend themselves. Thanks to the proactive technology, antivirus programs and internal security suites are able to find the appropriate antidote even against unknown infections. In particular, the following three tools of proactive technology have stood their ground in the fight against new types of malware in antivirus programs:

Heuristic Analysis

Using heuristics, antivirus programs are able to search for common features such as unusual commands or conspicuous program code to quickly identify new threats. If several such characteristics are identified, the application will be stopped immediately by the antivirus program. In principle, the heuristics resemble signature-based recognition – however, the use of suspicious features instead of known virus signatures leads to a higher error rate. The name of this method is derived from the research area of heuristics. The aim is to achieve practicable results despite the lack of information. True to the principle of “trial and error”, the focus is not on the optimal solution, but rather on the simplicity of the application.

Sandbox Technology

A sandbox simulates a computer inside a computer. In this isolated environment, the virus software tests a questionable application. The application in question is executed and analyzed for its behavior. Because the Sandbox expects a typical behavior for a file to be executed, the antivirus program sounds an alarm with a minimal deviation.

Behavior analysis

Analogous to the sandbox and heuristics, behavior analysis detects and blocks malware by means of typical behavior patterns. In contrast to sandbox technology, however, this analysis takes place on the real computer in real time. If a conspicuously high number of suspicious actions or violations are detected, the program intervenes immediately. This is also the difference to the sandbox and the heuritic methodology. While those are active before the execution of an application, the behavior analysis only intervenes after the program has been started. This does not prevent an infection, but only limits it and prevents major damage caused by the antivirus program.

8. The computer is infected! What to do now?

The virus scanner sounds an alarm and reports a find. Most antivirus programs offer to move the affected file to the quarantine folder to separate it from the system. The user can then decide whether to remove or repair the file. If the existing antivirus software does not find the malware or is blocked in its function, the following tips can help:

Removing malware using the control panel

In the best case, the malware can be removed via the Windows control panel. To do this, the user accesses the Control Panel from the Start menu. Here he selects the menu item “Programs”. There he will find a list of all installed applications.

If there is an unknown program listed here that was added only recently, there is a high probability that it is the malware. A click on the “Uninstall” button should remove the malware. The user should then install an antivirus software and perform a complete system scan.

Starting Windows in Safe Mode

If the virus is hiding in the boot sector, it can help to start the PC in safe mode. To do this, the user presses the F8 key during the startup process and then selects the corresponding start mode. In this mode, the computer only loads the most necessary commands. After this startup process, the user can reactivate the virus scanner. If necessary, the malware can also be removed in this mode from the Control Panel’s program list.

Using an additional online antivirus tool

Some PC malware is programmed in such a way that it blocks the existing virus scanner, e. g. under Windows. In this case, a free antivirus tool can help. Well-known manufacturers such as Bitdefender, Kaspersky, Avira or Malwarebytes provide free analysis tools for emergencies on their websites. With such a tool, some unwanted programs can be identified and removed. After installation, the antivirus tool scans the computer for malware and, if desired, deletes the detected programs.

With very persistent malware, the PC user will not be able to avoid completely reinstalling Windows. In case of uncertainties and problems, it is better to ask an IT expert for advice, as he or she can clean the computer of viruses and worms and rebuild the system.

9. This is how we test

Many antivirus programs exist. However, not all of them are able to offer the user truly reliable protection. With this large selection of products, it is a great effort for users to obtain comprehensive information about all available software and its advantages and disadvantages. To help computer users find the right antivirus software, we have tested the most promising providers and compared our results with each other. Readers will find extensive information about the protective effects of the various antivirus programs in the respective product reports.

Various aspects have a decisive influence on the quality and efficiency of security software. A good protection program quickly detects and eliminates even the latest threats without compromising other computer functions. The user interface should also be clearly and intuitively designed so that navigating through the various functional areas is easy. Last but not least, users should pay attention to the support offered, which in case of questions and problems will at best provide assistance in various ways. In order to evaluate the products fairly and objectively, we have examined each antivirus program according to four criteria:

In our comparison, the best and most popular antivirus programs currently in existence pass through all four rating categories. The average value of the individual test results is finally calculated to an overall score, on the basis of which our ranking results. We try not only to present the specific advantages and disadvantages of antivirus programs, but also to support potential customers in their individual purchase decisions. Users looking for the most specific antivirus program to suit them should take a look at the detailed test reports and the detailed data sheet.


The main purpose of an antivirus program is to ensure the security of the system. In the first section we therefore assess how efficiently and extensively the protective shield of a program is designed. The criterion initially examines the scanning system. Based on the test results of well-known test laboratories such as AV-Test and AV-Comparatives, we document the reliability of the various search tools in our reports. We collect information on how the independent institutes evaluate the different virus software and which shortcomings their tests perform. For a scanning system, not only its efficiency but also its speed is of great importance. This is why we carry out a complete scan of the computer system on our test PC several times and measure the average time required by the antivirus software for the scan. F-Secure Anti-Virus and Malwarebytes Premium, which examine an SSD hard disk with data volumes of 40 and 100 gigabytes in less than five minutes, are the top results.

Our test also examines the question of which useful additional features enhance the basic package. In our assessment, we first consider whether the antivirus software has a successful phishing scanner for analyzing fake emails and websites. Particularly well-equipped anti-virus programs – such as Bitdefender Antivirus Plus, Avira Antivirus Pro or Norton Security, for example – bring along a firewall and an online banking tool that increase security for online transactions. Interested parties can find out how these tools work in practice and what advantages they offer here. Special tools for computer experts also add value to this criterion. These include, among other things, a data shredder or data eraser, which are essential for the final, irreversible deletion of unnecessary or confidential data.


Even perfect antivirus protection quickly becomes a nuisance if it overloads the computer’s performance and leaves hardly any capacity for other tasks. The second criterion “Performance”deals with the performance of antivirus software and its effects on the system. First of all, we check whether the security software causes noticeable delays in the system, such as a reduction in the startup speed. When assessing the products, we also take into account the burden on computer resources. For example, we measure in the test how much percent of the CPU and how many megabytes of RAM are used for a system scan. If the programs are also equipped with a real-time scan, the test reports also provide information about the resource requirements of a normal web search. In this respect, ESET NOD32 Antivirus stands out from the competition. With a utilization rate of around 40 percent


The fight against viruses and Trojans is by no means the only indicator of successful antivirus software. The feature hierarchy should also be simple and logical, so that even less experienced users can operate the program intuitively. In the third evaluation criterion, we examine the control panel of the antivirus software in the test and evaluate its design and structure. Particularly user-friendly programs – such as F-Secure Anti-Virus or Avast Pro Antivirus – enable quick navigation to the various functional areas via their clear start menu. If individual functions are not self-explanatory, it is also desirable that they are accompanied by a brief explanation. Since of course newcomers also want to use the program, the training phase should be as short as possible. At the same time, however, it is important for experienced users to be able to adapt their shield to their individual wishes and priorities. We also focus on the type and frequency of system notifications. Annoying advertisements or other pop-up windows have no place in a paid anti-virus program and lead to a devaluation. A “Do not disturb” mode that prevents notifications, on the other hand, ensures undisturbed work or play sessions on the computer.

Help and Support

Both newcomers and professionals may encounter problems when using antivirus software that they can’t solve on their own, or may have questions about features that they don’t want to be quite clear about. For this reason, most programs offer an internal button with a link to an online tutorial or FAQ section. In our test, we evaluate not only the quantity but also the quality of the information contained therein. The antivirus software Norton Security offers a particularly large number of understandable articles, while fewer storms of enthusiasm are triggered in our test by the support provided by the Panda Pro team.

In this category we also evaluate the direct contact channels to support. For a quick and targeted solution, some providers provide a team of experts who can be reached via hotline and live chat. In addition, there is often an e-mail address where people seeking help can ask questions about their product. In our test we contacted the customer service of the various software manufacturers either by phone or e-mail. Readers will find out whether the support responded to our suggestions with helpful advice or whether it fobbed off with standard answers (or even links to FAQs) in the corresponding test reports.