Top 5 Best Antivirus Software of 2019
Compare the best brands
- Protection 100% 100%
- Speed 100% 100%
✓ 30-day money-back & 24/7 support
✓ Award-winner in all independent tests
Read our full BitDefender Review
- Protection 100% 100%
- Speed 93% 93%
✓ 60-day money-back & 24/7 support
Read our full Norton Review
- Protection 98% 98%
- Speed 88% 88%
✓ 30-day money-back & 24/7 support
Read our full BullGuard Review
- Protection 97% 97%
- Speed 85% 85%
✓ 30-day money-back & 24/7 support
Read our full Panda Review
- Protection 93% 93%
- Speed 84% 84%
✓ 30-day money-back & 24/7 support
Read our full McAfee Review
The Best Antivirus of the Year
Millions of users around the world trust BitDefender Antivirus Plus as the industry leader in antivirus technology.
BitDefender Antivirus Plus 2019
Trusted by over 500 million users around the world
✓ The Best and Fastest Antivirus Protection
✓ Award-Winner in All Independent Tests
✓ 30-Day Money-Back Guarantee
“Product of the Year” – SoftwareLab.org
Also recommended by:
How We Test
Below we explain which factors go into the calculation of our editors’ rating, what each of these factors means, and the data sources we use
How We Test
Purchasing the right antivirus software is important.
Therefore we want to be 100% transparent about the data and method we use to select the best antivirus software.
We use 6 factors to select the winning software. All factors matter, but not all are equally important. Therefore, the impact they have on the final score varies. All factors, and the impact they have, can be seen here:
- Protection from Malware 50% 50%
- Impact on Performance and Speed 15% 15%
- Devices & Features 10% 10%
- User Reviews 10% 10%
- Value for Money 10% 10%
- False Positives 5% 5%
Further below, we will explain each of the factors in detail. But first, we would like to highlight where our data comes from:
The data for Protection, Performance, and False Positives, comes from AV-Test and AV-Comparatives. These are the two internationally recognized leaders in antivirus testing.
The data for the User Reviews comes from TrustPilot and the Google Play Store. Trustpilot is the most trustworthy platform in the world when it comes to the collection of objective and verified user reviews.
And the Google Play Store is the app store for Android, the most used operating system for mobile phones. It has one on of the largest database of software reviews globally.
The data for Value for Money comes from the vendor directly. These are the protection features offered and the price requested.
The data for Supported Devices also comes from the vendors directly.
Protection from Malware
Protection from malware makes up 50% of the total score
The most important feature of any cybersecurity product is, of course, the protection from malware.
Malware is a collective term which stands for a large number of cybersecurity threats, including viruses, ransomware, spyware, adware, phishing and more. In order to protect you effectively from such a diverse range of attacks, the most advanced antivirus software use three different protection methods. Below we provide more detail on each method.
All antivirus providers featured in this comparison have been tested in-depth on each of the methods.
Signature File Detection:
Signature file detection is the most classic form of malware detection. Using this method, antivirus software scan files for traces of malicious code, called digital signatures. This scanning behavior is why many people refer to antivirus software as virus scanners.
A digital signature is a unique pattern that allows security tools to recognize malware. Imagine it as the equivalent of a fingerprint a burglar would leave. Only in this case, it is a digital fingerprint left by malware in its attempt to cause damage to you or your devices.
These digital signatures are stored in a database containing hundreds of millions of malware samples. Whenever a new malware threat is uncovered by a cybersecurity company, it is added to the database.
This method of malware detection is reliable, fast, easy to operate, and scalable. However, it is not perfect. As it relies on cybersecurity companies to first recognize new threats and then updating the malware samples in the database, this method is useless against brand new malware. It is always one step behind new attacks.
Therefore, cybersecurity companies have developed a second form of file detection.
Heuristic File Detection:
Heuristic file detection is the evolution of signature-based detection. It allows antivirus tools to identify malware that have not been seen before and have not been added to any database.
It does so by looking for behavioral patterns that are typical of malware, rather than at malware signatures. Once a file is flagged as having suspicious behavior, there are generally two ways the antivirus software would move forward with its analysis:
File Emulation: Also known under the term “sandbox testing”. In this method, the antivirus software will allow the malware to operate in a safe environment called the sandbox. This is often a virtual machine where the malware can cause no harm, and the antivirus can analyze it in more detail.
In the sandbox, the potentially dangerous file is analyzed for common malicious patterns. These include rapid replication attempts, file overwrites, or any attempt to hide certain files. If any of these patterns are detected, the antivirus software takes further action to eliminate the threat.
Genetic Signature Detection: New malware are often a slightly adjusted form of existing malware. This allows the creator to reuse its malware without triggering signature-based detection.
In genetic signature detection, however, antivirus software compare the source code of potentially dangerous files with the source code of known malware. If there is a significant overlap between the two, the antivirus software takes further action to eliminate the threat.
User-Focused Protection Features:
Next to the two methods described above, there is a third way in which antivirus programs protect users from malware. Rather than a specific method, it is a collection of features designed to protect users from downloading malware or visiting dangerous websites.
If you think about it, this is the natural evolution of the cybersecurity industry. As both malware and anti-malware become increasingly sophisticated, cybercriminals look for other weak links in the chain. And often this weak link is us, the users.
The tools to protect users are varied. But some of the most common include:
Web advisors that flag suspicious or dangerous websites before you visit them.
WiFi security advisors that recommend you to avoid specific WiFi networks or use a VPN when connecting to them.
Password managers that help you create and store unique and highly secure passwords.
Hardened browsers that open encrypted web browsers when you attempt to access online banking or payment tools.
Impact on Performance and Speed
Performance impact makes up 15% of the total score
Performance impact stands for the influence of the antivirus on the operating speed of the device. Every antivirus tool requires a certain amount of resources to run, impacting the operating speed in some way. However, some do so in much more dramatic ways than others.
Performance impact can be measured in a variety of ways. The most common are the impact on download times, load speeds and the resources required to run the program in the background.
Devices and Features
Supported devices makes up 10% of the total score
In this factor, we analyze which operating software the antivirus support, and which features they offer per operating software. In many cases, the cybersecurity companies build full security suites for Windows, but offer significantly less for their antivirus for Mac, Android, and iOS.
There are some exceptions to this rule, however. And that is exactly what this factor is about.
A note on iOS:
All of the antivirus programs in this list have dedicated security apps for Windows, Mac, and Android, which is great. Two of them, however, don’t have dedicated apps for iOS.
Although it is true that Apple has designed iOS to be incredibly safe, users still fall into phishing traps, use unsafe passwords, or are tracked by their internet service provider.
Therefore, having a web advisor, password manager or VPN, is just as valuable on iOS as on any other operating software.
User Reviews make up 10% of the total score
User reviews are incredibly important as they reflect not only the product quality, but also the customer service of the companies.
As customer reviews have turned into a powerful marketing tool, it is often difficult to know which reviews to trust.
In order to get access to high quality and verified user reviews, we have consulted the Google Play Store and TrustPilot. These are the largest and most trustworthy user review databases currently available and publicly accessible.
Value For Money
Value for Money makes up 10% of the total score
Considering the amount of harm malware can cause, and how much this can end up costing, the price of an antivirus should not be the most important factor in your consideration. That being said, it definitely does matter. As all antivirus providers in this list offer excellent protection, there is no reason to pay more for an overpriced product. To research this factor, we have analyzed the pricing strategy of the various cybersecurity companies in each market they are available, and compared it to the protection and features offered.
False Positives makes up 5% of the total score
False positives are instances in which antivirus software flags a clean file as malware. All antivirus programs do this to some degree, as they are a common byproduct of heuristic file detection. Some cybersecurity products, however, produce considerably more false positives than others. Although this does not pose a security threat, it can be annoying in day to day usage.
AV-Test is a German based test laboratory that specializes in cybersecurity. It uses state-of-the-art technology and one of the largest malware databases in the world to run its tests. We consult AV-Test’s findings in the calculation of the protection and performance scores.
AV-Comparatives is an Austria based test laboratory that has been running cybersecurity tests since 1999. It is well-known to build real-world test scenario’s in which all three protection layers of the antivirus software are fully utilized. Like AV-Test, we consult AV-Comparatives findings to calculate the scores in the protection and performance categories.
TrustPilot is one of the largest and most trustworthy user review platforms in the world. Its mission is to bring businesses and people together and allow them to engage in meaningful ways. Over 200.000 businesses have been reviewed in Trustpilot by more than 45 million reviews.
The Google Play Store is the app store for Android, the most used mobile operating system in the world. The Google Play Store has one of the largest software review databases in the world.
Tech enthusiast and founder of SoftwareLab. He has degrees in Engineering and Business, and has been active in the analysis of software, electronics and digital services since 2013.
Frequently Asked Questions
Below we have summed up the most commonly asked questions surrounding the topic of cybersecurity and the best antivirus software.
Antivirus software helps you in the fight against all forms of malware. The software both prevents and cures, meaning it helps you avoid the installation of new malware, as well as removes malware that already exists on your device.
It does this by scanning your system using the signature and heuristic file detection methods described in the previous section, and by offering you a wide range of user-focused protection features, such as anti-phishing, password managers, and web advisors.
Classically, malware was used to describe any type of software that could infect your device and cause harm. Usually, this harm included slowing down your device, stealing sensitive information, or show you unwanted ads.
In the modern era, where cybercriminals not only create malicious software, but also attempt to manipulate users into providing them with information, malware has become a much broader term.
It is now loosely used to describe many forms of cybercriminal activity. Both the actual malicious software, as well as the various manipulation attempts.
Types of Malware
Below we describe many forms of malware, as well as a range of surrounding terms that are not classically considered malware, but are still important to know. The terms are ordered alphabetically, rather than in frequency of occurrence.
AdWare is software installed on your device, designed to show you advertisements in pop-up or toolbar form. These are adware at its most harmless. Other versions will track your internet use or even monitor your keystrokes to steal sensitive data. AdWare can be removed by dedicated anti-adware software or any of the top antivirus software.
Botnet stands for Bot Network and is sometimes referred to as a zombie army. It is a network of a large number of devices that have been infected by malware and can be controlled remotely by a hacker. The purpose of a botnet is staging DDoS attacks, stealing sensitive data or spreading further malware.
When software, hardware or a network has a particular vulnerability, and a hacker makes use of it to hijack the system, we speak of an exploit. The hacker often uses a piece of code or software to take control. Usually, the vulnerabilities are discovered post-mortem when hackers have already hijacked the system and caused damage.
A computer virus is a piece of code or software installed on your device without your permission and knowledge. Computer viruses range from annoying to incredibly destructive. They are designed to spread automatically between computers and networks and include all types of malware. Famous examples are CryptoLocker and Storm Worm.
A computer worm is a form of self-replicating malware that can slow down your computer by incredible proportions. It is usually spread through email attachments and file sharing networks.
Hacking is the manipulation of a computer and its network, often for malicious purposes. By using malware that alters the data that passes through the network, a hacker can access the information on the system. Using any form of malware to achieve a goals is considered hacking.
Cybercrime is any form of digital crime executed by using the internet or electronic devices. In the age of the internet, cybercrime is one of the most common forms of crime and increasing year-on-year. It comes in two major forms: Single attacks in which sensitive data is stolen, and continuous crimes such as extortion and cyberbullying.
Usually, when a mainstream website is unreachable or incredibly slow, it is suffering a DDoS attack, which stands for Distributed Denial of Service attack. A DDoS attack is executed by overwhelming a website with internet traffic from thousands of devices. These are usually devices infected by malware and controlled remotely, also known as a Botnet.
Identify theft happens when someone steals your tax information, credit card data or passport details, and impersonates you. The criminal in question either opens up a new account in your name, such as a mobile phone contract, or uses your existing account, such as your internet banking credentials, to pay for products and services.
Keyloggers are a specific type of spyware that records the information you type on your device, allowing criminals to track your activity and steal passwords, credit card numbers, bank details and more.
Phishing messages are schemes to trick people into revealing personal information, such as credit card details, bank account numbers or passwords. Often, phishing attacks come in the form of emails pretending to come from real organizations like your bank or PayPal, requesting you to validate or update information.
Ransomware, also known as rogueware or scareware, locks your device until you pay a ransom fee to unlock it. Some of the biggest ransomware attacks in recent history, such as WannaCry, Petya, Locky, Cerber, and CryptoLocker, have made headlines globally.
A rootkit is a piece of malware that provides administrative access of your device to a hacker. It is often hidden deep within the operating software, from where it can offer remote control to your device. Rootkits are used for a variety of purposes, from relatively harmless to you personally, such as staging DDoS attacks, to serious forms of identity theft.
An internet scam is a general term used to describe various kinds of fraud. In each of them, the scammers attempt to make you give up personal information or pay for a product you will never receive. Common scams include the Nigerian scam emails, make-easy-money scams, dating site scams and Craig’s list scams.
Social engineering is the concept of exploiting people into giving up important personal information such as credit card details or passwords, or grant access to an IT system. It usually involves appealing to a person’s greed, vanity, curiosity, altruism, or fear of authority. As the weakest link in the chain here is the person themselves, even the best antivirus software have a hard time protecting you from it.
Spam describes the unwanted emails and messages that (poorly) advertise a product or service. These are often messages sent in bulk, with little or no personalization. The best antivirus software all have spam filters built in, as do most modern email clients.
When a hacker pretends to be someone else in order to spread malware, steal sensitive information or gain access, we speak of Spoofing. IP Spoofing means sending a message from a trusted computer (/ IP address). Email Spoofing means designing the email, and email address, to seem legitimate. And DNS Spoofing means the modification of the DNS of a domain, in order to reroute the traffic to a specific IP address.
Spyware is used by hackers to steal all sorts of personal information. It analyzes which websites you visit, records your browsing history and steals personal and financial information such as bank details or credit card numbers. A common form of spyware are keyloggers which track the information you type.
When a hacker adds a malicious piece of SQL (Structured Query Language) code to an input field of a website, which usually requests a username and password, we speak of an SQL attack. The SQL code is designed to read, create, delete or alter data in the database of the website. Either to gain access to the website itself or to steal sensitive information.
A Trojan Horse is a piece of malware that masks itself in an email or download, pretending to be something fun, useful or helpful, while in practice downloading other malicious software such as ransomware, spyware or adware onto your device. The most famous Trojan is called Zeus.
Software vendors frequently release new products or products updates. When such a product or update contains a cybersecurity vulnerability, that neither the software vendor nor the cybersecurity companies know off, we speak or a zero-day vulnerability. A zero-day exploit means someone taking advantage of this vulnerability.
Below you can find all the sources we have used in our analysis