Antivirus on Windows 8/8.1 compared

Antivirus on Windows 8/8.1 compared

Summary: Lab tests on 25 consumer and 9 business products show how each protect against threats, affect system performance and how often they generate false positives.

TOPICS: Security, Windows 8

Independent test lab AV-Test has completed a series of tests for antivirus/anti-malware products on Windows 8 and 8.1.

They compared both business and consumer solutions. For each, they tested with the then-current version last November and December to increase confidence in the numbers. They compared the business solutions to Microsoft System Center Endpoint Protection and the consumer solutions to Microsoft Windows Defender.

For each, AV-Test generated scores for protection, performance and usability. Each score ranges from 0 to 6 and are added to make the Total score.

Protection is defined by how well they blocked known and unknown malware. Products with a score of 6 blocked 100 percent of malware or very close to it. Performance is a measure of the product's impact on the system speed, but AV-Test provides no details on how the numbers were calculated. Usability is a function of the number of false positive detections in various situations; "Usability" is perhaps not the right word for it, but it's a valuable metric nevertheless.

Below are the scores for the business solutions tested.

Product Protection Performance Usability Total
Bitdefender Endpoint Security 5.1 & 5.3 5.5 6 6 17.5
Fortinet FortiClient 5.0 4.5 2 6 12.5
F-Secure Client Security 11.00 6 4.5 5.5 16
Kaspersky Lab Endpoint Security 10.1 6 5 6 17
McAfee VirusScan Enterprise with EPO 8.8 5 3 5.5 13.5
Microsoft System Center Endpoint Protection 2012 0 5.5 6 11.5
Sophos Endpoint Security and Control 10.3 4 3 6 13
Symantec Endpoint Protection 12.1 5.5 3.5 6 15
Trend Micro Office Scan 10.6 6 5.5 6 17.5

The stand-out business products are from Bitdefender, Trend Micro and Kaspersky, with F-Secure not far behind. Bitdefender did not received a 100% score for detection, but it was very close. Trend Micro, Kaspersky and F-Secure fell short in system performance impact, but not by much.

Here are the consumer products:

Product Protection Performance Usability Total
AhnLab V3 Internet Security 8.0 1.5 3 5 9.5
Avast Free AntiVirus 2014 3 5.5 6 14.5
AVG Antivirus Free Edition 2014 4 5.5 5.5 15
AVG Internet Security 2014 4.5 5 5.5 15
Avira Internet Security 2014 6 5.5 6 17.5
Baidu Antivirus 1.6 3.5 3 6 12.5
Bitdefender Internet Security 2014 6 6 6 18
BullGuard Internet Security 14.0 5.5 4.5 5.5 15.5
Comodo Internet Security Premium 6.3 5.5 3.5 4 13
ESET Smart Security 7.0 5.5 3 6 14.5
F-Secure Internet Security 2014 6 5.5 5 16.5
G Data InternetSecurity 2014 6 5 5 16
K7 Total Security 13.1 2.5 3.5 4.5 10.5
Kaspersky Lab Internet Security 2014 6 6 6 18
Kingsoft Antivirus 2013 3.5 0 6 9.5
McAfee Internet Security 2014 5.5 3.5 5.5 14.5
Microsoft Windows Defender 4.3 0 5 6 11
Microworld eScan internet security suite 14.0 6 3.5 5.5 15
Norman Security Suite Pro 10.1 4 2 4.5 10.5
Panda Security Cloud Antivirus FREE 2.3 6 3.5 6 15.5
Qihoo 360 Internet Security 4.2 5.5 5.5 5.5 16.5
Symantec Norton Internet Security 2014 6 3 6 15
Tencent PC Manager 8.5 2.5 5 5.5 13
ThreatTrack VIPRE Internet Security 2014 3.5 3 5.5 12
Trend Micro Titanium Maximum Security 2014 6 3.5 6 15.5

Bitdefender and Kaspersky get perfect scores, followed by Avira, F-Secure, Qihoo and G Data. Many products get a 6 in usability but are otherwise unremarkable or poor, including Kingsoft which gets a 0 on performance and 3.5 on protection. Nine products got a 6 on protection, the most important category, but some of them affect system performance negatively.

The two graphs below show the percentage of malware blocked by each product in December testing.



Topics: Security, Windows 8

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Egads!

    So Windows Defender is the worst of the lot with a 0 protection score!!! Looks like I need to go back to using AVG.
    • Actually...

      it blocks around 75%.. not that I care.. I haven't used any AV since Windows 98SE and been fine... as long as you don't visit funky sites and use the more well known sites for porn and torrents your pretty safe... I have been infected once recently (was my own fault of being a little to careless) but I just enabled Defender (yes I manually disable Defender, one of the first things I do after a fresh install) and it picked it up and cleaned it right away.
      • No, actually...

        Your knowledge of of how malware spreads seems to come from the days of Windows 98SE, too.

        Vast majority of malware attacks spawned from legit sites
        Drive-by attacks not just from porn and warez sites, new Google data shows.
        Pyrrho of Elis
      • Djk2

        Man, you are an endangered specie..LOL!
      • What Pyrrho Said

        While you are correct in saying the USER is the #1 defense on keeping a system secure, you are way off base in saying infections only come from porn and hackers and unsafe sites. I have a friend with your same mindset - thought he was above such problems... hadn't used an anti-virus product since 98SE etc. etc. Yup, guess who got hit with a big old piece of malware that totally hosed his system. Had to reformat and reinstall the OS.
        • Yup

          Yup, that's exactly what happened to me. I was waaaay to lax about security on my old XP machine, didn't run anti-virus AND used an account with Admin rights as my default login account. Got hit by a drive-by and wound up with a machine so badly infected I gave up trying to clean it and just wiped it and performed a fresh install. That was the last time I ran without anti-virus.

          The only silver lining in the whole mess was that I took the opportunity to upgrade the laptop to Windows 7, since I was re-formatting anyway.
      • Ref: Actually...



        Rob Berman
      • Nowadays you install

        free software you have to watch out for malware - browser Hijackers, Search engines reporting your computer usage to marketeers and home page hijackers. Even Adobe and Oracle installs can install things you don't want.
      • Safe, ha ha, safe.. He said safe, ha ha..

        Just like those people who think their AV software is working and is great. They think that because it never catches anything. Then they have their eyes opened when someone runs a scan with something like MalwareBytes or Kaspersky or ESET and they see all the malware that is on their rig.

        Flipping ID10Ts
        • I agree

          I agree, the only defense that has ever worked for me it which was recommended to be by employees of Microsoft in 2012. Now I've got it running at my sister's home as well as nieces and nephews. Everyone is pleased (and uninfected)
      • My Boss Used to Think That Way

        He did not want to run a/v because it "slows down" his computer. He brought his laptop into work and caused over $10 million in damage to a 100,000 user workforce with the Nimda virus. He said he was very careful.....

        Don't ever associate your computer with work. EVER!
      • While I tend to agree...

        Porn sites and other traditionally horrible web traps are hardly the most dangerous places on the web anymore. Lyric sites, fake charitable organization sites, click jacking, misleading bitly links, and comment links tend to be some of the biggest issues that people face who I work with. Also, a lot of reputable sites get hijacked, and even if it is for a brief amount of time, it can cause all sorts of issues.

        Still, I agree that antivirus is sort of the last step of security, and is more of an added bonus rather than actual protection. Common sense, having a password, running a current OS and browser, having a proper firewall on your network, keeping auto network discovery off and your (all be it crappy) software firewall on, and leaving the UAC on (and paying attention to it when it is set off!) are far more effective at preventing viruses in the first place. Running at least a basic AV client is just icing on the cake. Defender is not nearly as bad as this 'report' makes it out to be, but it certainly isn't going to help you if you do not practice due diligence in the first place. But removing basic AV that is built into the OS and has no impact on the performance of your machine is just stupidity.
  • Let's not forget that AV sucks when facing NEW malware

    Study by Imperva:

    " Today's antivirus apps ARE 'worse at slaying hidden threats' "

    "Antivirus software a waste of money for businesses, report suggests
    Poor detection means that free programs offer better value "
    • Extremely good at catch brand new viruses

      Some AV prgs do an EXCELLENT job at catching/stopping brand new viruses. So much so that
      WebRoot doesn't even have "virus definitions" any more. You never have to wait while "new definitions download". It just analyzes everything in real-time.
      • They can only catch what they recognize.

        Variants of old viruses are not new viruses.

        It is impossible for any virus scanner to catch a new virus.
        • Heuristic scanning

          Actually, heuristic scanning can be very good at detecting new viruses based on monitoring their behavior as they run on your computer. All AV's I've ever used have had thresholds; files within a certain range were sent in to be scanned by the company. Files above a certain range were automatically removed. I've never had that result in a false positive, but I have seen it stop a few things.
          • Again, if the virus has been identified, then its "behaviour"

            is known, then heuristics can identify variants.

            A truly new virus will pass every known test.
          • Not sure you understand

            Heuristics are based on what an process is doing, not on defs. Even if a legit apps does things a heuristic monitor does not like, it triggers it.

            Reputation analysis is another layer altogether.
            Rann Xeroxx
          • And all I'm saying is that it will NOT identify new viruses

            That cannot be denied.
          • No, heuristic methods CAN identify new viruses

            They check the CPU instructions that a program is executing and look for specific sequences. For example, there are specific calls into system DLL libraries that must be called in order to escalate privileges. There are quite a number of such calls that a virus must use if it is to insert itself into startup, stay resident and run in the background, etc. Heuristic approaches look for these red flag coding sequences.

            Also, they check for code sequences that attempt to exploit known vulnerabilities. Many times a virus will try to attack multiple vulnerabilities, knowing that there are machines out there. that have not applied all current patches.