How We Test Antivirus Software in 2023

By Tibor Moes / Updated: September 2023

How we test antivirus software in 2023 //

How We Test Antivirus Software

In an era where our digital lives play an ever-growing role in our daily routines, it’s essential to secure our data from cyberattacks.

With numerous antivirus software on the market, all claiming to offer the best protection, how can one make an informed decision?

In this guide, we aim to clarify our comprehensive testing method for antivirus software, shedding light on how these tools work, the importance of regular testing, and the parameters we consider in our assessments.


When we test antivirus software, we break our test down into multiple parts, where each has a different weight on the final score:

  • Malware protection – 30%
  • Security features – 30%
  • Speed impact 10%
  • False positives – 10%
  • Price – 10%
  • Company reputation – 10%

Each aspect is tested using rigorous, real-world simulations and industry-standard benchmarks to ensure accurate results.

Security features beyond malware protection include web protection, firewall, password manager, VPN, parental controls, identity theft protection, secure cloud storage, anti-ransomware, and dark web monitoring. These are all tested in detail, as they are essential elements of modern and comprehensive security suites.

Don’t become a victim of cybercrime. Protect your devices with the best antivirus software and your privacy with the best VPN service.

How Antivirus Works and Why Testing Matters

Signature-Based Detection

Antivirus software is like the immune system of your digital world, fighting off malicious agents. The first line of defense, signature-based detection, works by identifying known threats. It compares files and programs against an extensive database of ‘signatures’ – unique bits of code in known malware. This method is effective against established threats but falls short when facing new, unidentified malware strains.

Heuristic Analysis

To combat unknown malware, antivirus software employs heuristic analysis. This technique scrutinizes the characteristics and behaviors of files and programs, looking for suspicious patterns typical of malware. It enables the detection of new or modified malware that may not have a known signature. However, heuristic analysis can sometimes lead to false positives by misidentifying benign software as malicious.

Behavior-Based Detection

For even more proactive protection, behavior-based detection monitors the activities of programs in real-time. This method focuses on the actions of software, identifying malicious activity such as unauthorized data access or modification. It is particularly effective at detecting previously unseen threats like zero-day exploits, but its downside is the potential for increased false positives.

Why Testing Matters

With the ever-evolving landscape of cyber threats, the efficacy of antivirus software can’t be taken for granted. Testing allows us to measure the real-world performance of these programs, identifying strengths and weaknesses in their detection capabilities and overall functionality.

Regular testing encourages antivirus developers to continually improve their products, leading to safer digital environments for us all. Testing also provides consumers with reliable, evidence-based information, helping them to choose the antivirus software best suited to their needs.

Elements We Test and Their Weight in our Score

In the following sections, we delve into the specifics of our testing process, from evaluating anti-malware protection to assessing the impact on system performance.

Anti-malware Protection (30%)

The core function of any antivirus software is its capacity to identify and neutralize malware threats. Consequently, we give significant weight to anti-malware protection in our testing methodology, comprising 30% of the total score.

In-House Testing

Our rigorous in-house testing procedure aims to push antivirus programs to their limits, exposing them to hundreds of distinct malware samples. We introduce these malware pieces via USB to the test PC, then monitor how the software responds. This test gauges the malware scanner’s ability to detect various forms of malicious files accurately and comprehensively.

Beyond the scanning of dormant files, we also simulate active attacks. We execute malware files and initiate ransomware attacks, investigating if the antivirus software’s real-time protection is effective in halting these threats. These tests mimic real-world scenarios, offering valuable insight into how well an antivirus tool can secure your system against aggressive cyber threats.

AV-Test Results

Alongside our in-house evaluations, we consider third-party testing results, specifically those from AV-Test, an independent IT security institute. AV-Test’s exhaustive analysis offers additional data points, augmenting the depth and robustness of our assessment. They run comprehensive protection tests across different platforms, including Windows, Mac, and Android.

By comparing our findings with AV-Test results, we ensure our scoring is as accurate and reliable as possible, providing you with an extensive, rounded perspective on each antivirus software’s protection capabilities. In our mission to provide trusted, evidence-based reviews, this collaborative approach allows us to affirm or challenge our findings, resulting in a more dependable, unbiased evaluation.

Security and Privacy Features (30%)

Antivirus software provides more than just malware protection; they often come with an array of additional security and privacy features. Each of these components enhances your overall cyber protection, guarding against various types of online threats. Together, these elements constitute 30% of our overall antivirus software score. Here’s how we assess them:

Web Protection (Anti-Phishing)

Web protection safeguards users from harmful websites, including phishing sites that masquerade as legitimate entities to steal personal information. We assess this feature by visiting known phishing sites and watching if the antivirus software alerts the user or blocks access.


A robust firewall controls network traffic, blocking unauthorized access to your computer while permitting outbound communication. We examine the firewall’s strength by running intrusion tests, determining how effectively it shields your system against unsolicited connections and potential network-based attacks.

Password Manager

A password manager securely stores and manages your passwords, reducing the risk of using weak or duplicate passwords. To test this feature, we evaluate the manager’s ability to generate, store, and auto-fill complex passwords, as well as its overall user-friendliness.

Virtual Private Network (VPN)

A VPN provides an encrypted connection to the internet, protecting your privacy by concealing your IP address and location. We test VPNs by checking their speed, encryption technology, server locations, and whether they successfully hide our IP address.

Parental Controls

Parental controls allow parents to monitor and limit their children’s online activities, contributing to a safer internet experience. We test this by setting up filters and restrictions, then attempting to bypass these controls, checking their effectiveness and ease of use.

Identity Theft Protection

Identity theft protection monitors various data points, such as your credit reports or public records, alerting you to potential identity fraud. We evaluate this feature by reviewing the types of data it monitors, alert responsiveness, and remediation support in the event of identity theft.

Secure Cloud Storage (Cloud Backup)

Secure cloud storage offers a safe space to back up important data, protecting it from loss due to malware or hardware failure. We assess this feature based on storage capacity, ease of use, and the security measures in place to protect your stored data.


Anti-ransomware tools prevent ransomware from encrypting your files, holding them hostage for a ransom payment. We evaluate this by initiating ransomware attacks on our test systems, checking the software’s effectiveness in preventing these attacks.

Dark Web Monitoring

Dark web monitoring scans dark web marketplaces and forums for your personal information, warning you if it appears on these platforms. We gauge this feature by checking how well the antivirus software tracks various personal data types, including email addresses, Social Security numbers, and credit card information.

Speed Impact (10%)

While antivirus software serves to protect, it should not interfere significantly with your system’s performance. Hence, we consider speed impact, which refers to how much an antivirus slows down a computer during common tasks like downloading, uploading, opening files, and browsing the web.

For this analysis, we utilize AV-Test’s performance tests as our guide. These tests measure the time taken to perform standard tasks with the antivirus software enabled and compare it to the time it takes without the software. This gives us an accurate reading of the software’s impact on system speed. The lighter the footprint on your system’s performance, the better the score.

False Positives (10%)

Another critical factor we assess is the occurrence of false positives, instances where benign software is mistakenly flagged as malicious by the antivirus. A high rate of false positives can lead to frustration, unnecessary worry, and potentially the accidental removal of safe, important software.

We derive our analysis from AV-Test’s usability tests, which provide a benchmark for false positive rates. These tests include scenarios where antivirus software scans software installations, file copies, and daily usage, observing whether it incorrectly flags safe actions as threats. A lower rate of false positives garners a higher score in our evaluation.

Price (10%)

Finally, the price of the antivirus software is a vital consideration. Good value for money is crucial in ensuring that comprehensive digital protection is accessible to a wide range of users. We take into account not just the base price, but also what is included in the package. Features, multi-device compatibility, and customer support are among the factors evaluated against the cost.

In our price evaluation, we also highlight the differences between the first and second year’s prices. Some providers offer attractive discounts for the first year as an introductory offer, with prices significantly increasing for subsequent years. By noting these differences, we aim to ensure our readers can make an informed decision, aware of the long-term costs of their chosen antivirus software.

Ownership and Reputation (10%)

In the realm of digital security, trust is paramount. The reputation and ownership of antivirus software companies carry substantial weight in determining their reliability. Unfortunately, as highlighted by the Avast scandal where user data was sold via a subsidiary, not all companies prioritize user privacy and integrity.

This has led us to incorporate the ‘Ownership and Reputation’ criterion into our evaluation process, accounting for 10% of the total score. We delve into the company’s history, looking for any instances of unethical conduct, data breaches, or violations of user trust.

We also examine their data handling practices, privacy policies, and commitment to transparency. This includes where the company is based, as this can impact data privacy laws applicable to them. A company with a proven track record of prioritizing user security and privacy will score higher in this category.


Choosing the right antivirus software is a crucial step in safeguarding your digital life. It requires a comprehensive understanding of various aspects, from malware detection capabilities to the impact on system performance, false positives rate, pricing, and the reputation of the company itself.

Through our meticulous testing process, we aim to provide an in-depth, holistic evaluation of antivirus software, helping you make informed decisions that meet your specific needs. In the ever-evolving landscape of cybersecurity, we remain committed to keeping you updated, ensuring you can navigate the digital world safely and confidently.

How to stay safe online:

  • Practice Strong Password Hygiene: Use a unique and complex password for each account. A password manager can help generate and store them. In addition, enable two-factor authentication (2FA) whenever available.
  • Invest in Your Safety: Buying the best antivirus for Windows 11 is key for your online security. A high-quality antivirus like Norton, McAfee, or Bitdefender will safeguard your PC from various online threats, including malware, ransomware, and spyware.
  • Be Wary of Phishing Attempts: Be cautious when receiving suspicious communications that ask for personal information. Legitimate businesses will never ask for sensitive details via email or text. Before clicking on any links, ensure the sender's authenticity.
  • Stay Informed. We cover a wide range of cybersecurity topics on our blog. And there are several credible sources offering threat reports and recommendations, such as NIST, CISA, FBI, ENISA, Symantec, Verizon, Cisco, Crowdstrike, and many more.

Happy surfing!

Frequently Asked Questions

Below are the most frequently asked questions.

What are the most crucial factors you consider when testing antivirus software?

Our testing methodology considers various critical aspects. We heavily weigh anti-malware protection and additional security features, each contributing 30% to the total score. We also factor in the software’s speed impact, false positive rate, price, and the company’s ownership and reputation, each comprising 10% of the final score.

Beyond protecting against viruses, what other features should good antivirus software have?

While malware protection is central to any antivirus software, additional features significantly enhance overall security. These include web protection, firewall, password manager, VPN, parental controls, identity theft protection, secure cloud storage, anti-ransomware, and dark web monitoring. Good antivirus software should ideally incorporate these features for comprehensive digital protection.

Why is the ownership and reputation of the antivirus software company important?

The company’s reputation and ownership are key indicators of their commitment to user security and privacy. A company with a strong reputation usually signifies a history of reliable, ethical practices and robust security products. On the contrary, companies with a dubious past, like the Avast scandal where user data was sold, can raise red flags about data privacy. Therefore, understanding a company’s reputation and ownership helps ensure that your data is in trustworthy hands.

Author: Tibor Moes

Author: Tibor Moes

Founder & Chief Editor at SoftwareLab

Tibor has tested 39 antivirus programs and 30 VPN services, and holds a Cybersecurity Graduate Certificate from Stanford University.

He uses Norton to protect his devices, CyberGhost for his privacy, and Dashlane for his passwords.

You can find him on LinkedIn or contact him here.