The Best Antivirus Utilities for 2016

[Halcyon.]

Keeping a New Year's resolution like cutting back on Candy Crush or exercising more is tough, because you have to stick with it every day. How about something easier? Resolve to install antivirus protection on all of your PCs. Once you've taken care of that task, you're done! For the rest of the year, the antivirus does all the work. And next year, you can simply resolve to renew your protection. How easy is that?

I did say antivirus, but in truth it's unlikely you'll get hit with an actual computer virus. Malware these days is about making money, and there's no easy way to cash in on spreading a virus. Ransomware and data-stealing Trojans are much more common, as are bots that let the bot-herder rent out your computer for nefarious purposes. Modern antivirus utilities handle Trojans, rootkits, spyware, adware, ransomware, and more. PCMag has reviewed three dozen different commercial antivirus utilities, and that's not even counting the many free antivirus tools. Out of that extensive field we've named four Editors' Choice products. Nine more commercial antivirus utilities proved effective enough to earn an excellent four-star rating, and another seven earned three and a half stars.

Of course, we're reviewed many more, but those antivirus utilities that received scores of less than three stars don't qualify for inclusion in this "best of" listing.

Almost all of these products are traditional, full-scale, antivirus tools, with the ability to scan files for malware on access, on demand, or on schedule. A couple are outliers, tools meant to enhance the protection of traditional antivirus. As for just relying on the antivirus built into Windows 8.x or Windows 10, that may not be the best idea. In the past, Windows Defender has performed poorly both in our tests and independent lab tests, though it did score a win in September and again in October. Maybe Microsoft's slump is ending?

Listen to the Labs
I take the results reported by independent antivirus testing labs very seriously. The simple fact that a particular vendor's product shows up in the results is a vote of confidence, of sorts. It means the lab considered the product significant, and the vendor felt the cost of testing was worthwhile. Of course, getting good scores in the tests is also important.

I follow six labs that regularly release detailed reports: West Coast Labs, Virus Bulletin, ICSA Labs, Dennis Technology Labs, AV-Test Institute, and AV-Comparatives. Tests by the first three are based on simple threat-recognition, while the last three attempt to simulate real-world malware-attack scenarios. I've devised a system for aggregating their results to yield a rating from 0 to 5.

Hands-On Antivirus Testing
I also subject every product to my own hands-on test of malware blocking, in part to get a feeling for how the product works. Depending on how thoroughly the product prevents malware installation, it can earn up to 10 points for malware blocking.

My malware-blocking test necessarily uses the same set of samples for months. To check a product's handling of brand-new malware, I test each product using 100 extremely new malware-hosting URLs supplied by MRG-Effitas, noting what percentage of them it blocked. Products get equal credit for preventing all access to the malicious URL and for wiping out the malware during download.

Some products earn absolutely stellar ratings from the independent labs, yet don't fare as well in my hands-on tests. In such cases, I defer to the labs, as they bring significantly greater resources to their testing.

Multi-Layered Antivirus Protection
Antivirus products distinguish themselves by going beyond the basics of on-demand scanning and real-time protection. Some rate URLs that you visit or that show up in search results, using a red-yellow-green color coding system. Some actively block processes on your system from connecting with known malware-hosting URLs or with fraudulent (phishing) pages.

Software has flaws, and sometimes those flaws affect your security. Prudent users keep Windows and all programs patched, fixing those flaws as soon as possible. The vulnerability scan offered by some antivirus products can verify that all necessary patches are present, and even apply any that are missing.

You expect an antivirus to identify and eliminate bad programs, and to leave good programs alone. What about unknowns, programs it can't identify as good or bad? Behavior-based detection can, in theory, protect you against malware that's so new researchers have never encountered it. However, this isn't always an unmixed blessing. It's not uncommon for behavioral detection systems to flag many innocuous behaviors performed by legitimate programs.

Whitelisting is another approach to the problem of unknown programs. A whitelist-based security system only allows known good programs to run. Unknowns are banned. This mode doesn't suit all situations, but it can be useful. Sandboxing lets unknown programs run, but it isolates them from full access to your system, so they can't do permanent harm. These various added layers serve to enhance your protection against malware.

Bonus Features
Firewall protection and spam filtering aren't common antivirus features, but some of our top products include them as bonus features. In fact, some of these antivirus products are more feature-packed than certain products sold as security suites.

Among the other bonus features you'll find are secure browsers for financial transactions, secure deletion of sensitive files, wiping traces of computer and browsing history, credit monitoring, virtual keyboard to foil keyloggers, cross-platform protection, and more. You'll even find products that enhance their automatic malware protection with the expertise of human security technicians. And of course I've already mentioned sandboxing, vulnerability scanning, and application whitelisting.

What's Best?
Which antivirus should you choose? You have a wealth of options. Kaspersky Anti-Virus (2016) and Bitdefender Antivirus Plus 2016 invariably rate at the top in independent lab tests. A single subscription for McAfee AntiVirus Plus (2016) lets you install protection on all of your Windows, Android, Mac OS, and iOS devices. And its unusual behavior-based detection technology means Webroot SecureAnywhere Antivirus (2015) is the tiniest antivirus around. (Yes, 2015. We'll test the next version as soon as it's ready.) We've named these four Editors' Choice for commercial antivirus, but they're not the only products worth consideration. Read the reviews of our top-rated products, and then make your own decision.

Multi-Layered Antivirus Protection
Multi-Layered Antivirus Protection Antivirus products distinguish themselves by going beyond the basics of on-demand scanning and real-time protection. Some rate URLs that you visit or that show up in search results, using a red-yellow-green color coding system. Some actively block processes on your system from connecting with known malware-hosting URLs or with fraudulent (phishing) pages.

Software has flaws, and sometimes those flaws affect your security. Prudent users keep Windows and all programs patched, fixing those flaws as soon as possible. The vulnerability scan offered by some antivirus products can verify that all necessary patches are present, and even apply any that are missing. You expect an antivirus to identify and eliminate bad programs, and to leave good programs alone. What about unknowns, programs it can't identify as good or bad? Behavior-based detection can, in theory, protect you against malware that's so new researchers have never encountered it. However, this isn't always an unmixed blessing. It's not uncommon for behavioral detection systems to flag many innocuous behaviors performed by legitimate programs.

Whitelisting is another approach to the problem of unknown programs. A whitelist-based security system only allows known good programs to run. Unknowns are banned. This mode doesn't suit all situations, but it can be useful. Sandboxing lets unknown programs run, but it isolates them from full access to your system, so they can't do permanent harm. These various added layers serve to enhance your protection against malware.

Bonus Features
Firewall protection and spam filtering aren't common antivirus features, but some of our top products include them as bonus features. In fact, some of these antivirus products are more feature-packed than certain products sold as security suites.

Among the other bonus features you'll find are secure browsers for financial transactions, secure deletion of sensitive files, wiping traces of computer and browsing history, credit monitoring, virtual keyboard to foil keyloggers, cross-platform protection, and more. And of course I've already mentioned sandboxing, vulnerability scanning, and application whitelisting.

What's Best?
Which antivirus should you choose? You have a wealth of options. Kaspersky Anti-Virus (2016) and Bitdefender Antivirus Plus 2016 invariably rate at the top in independent lab tests. A single subscription for McAfee AntiVirus Plus (2016) lets you install protection on all of your Windows, Android, Mac OS, and iOS devices. And its unusual behavior-based detection technology means Webroot SecureAnywhere Antivirus (2015) is the tiniest antivirus around. We've named these four Editors' Choice for commercial antivirus, but they're not the only products worth consideration. Read the reviews of our top-rated products, and then make your own decision.