When I get no help from the labs, my own hands-on malware protection testing becomes vitally important. To start the basic protection test, I simply open a folder containing a collection of malware that I’ve gathered, curated, and analyzed myself.
For many antiviruses, the minimal access required when Windows Explorer checks a file’s name, size, and creation date for display is enough to trigger an on-access scan. For others, the trigger involves copying samples to a new location. And in a few cases, such as Guardio, nothing happens until I download the samples from an online source.
Then there are those like Avast, AVG, McAfee AntiVirus, and Emsisoft that wait until a process launches to check it for malware. That means a bit more work for me, as I must launch every single sample. Fortunately, Emsisoft caught almost 90% of the samples immediately at launch. Each such detection triggered a slide-in notification from the antivirus, along with a Windows error message stating that the file contained a virus. Most of the items that did manage an initial launch got caught as they continued to install and act.
(Credit: Emsisoft/PCMag)
Emsisoft detected 98% of the samples, either immediately on launch or later in the process. Malwarebytes and Webroot achieved 99% detection, while McAfee and UltraAV scored 100%; the rest scored lower than Emsisoft.
Detecting malware is one thing; fully blocking its installation is another. An antivirus must prevent the installation of any executable files and allow no more than 20% of non-executable junk to get full credit. Here, Emsisoft fell a bit. In most cases where it didn’t wholly block malware execution, it allowed the installation of one or more malware-related executables. With 98% detection, its highest possible score would be 9.8 points, but its incomplete malware blocking knocked that down to 9.4.
Because gathering and analyzing a new selection of malware takes a long time, I can’t refresh the collection often. To see how each antivirus handles up-to-the-minute malware, I use a feed of recent malware-hosting URLs generously provided by MRG-Effitas.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
As I go down the list, launching each URL, I discard any that are already defunct. For those that are still viable, I note whether the antivirus blocks access to the URL, eliminates the malware payload, or simply fails to react. When I have 100 data points, I run the numbers.
(Credit: Emsisoft/PCMag)
Emsisoft boasts two distinct defenses in this realm. The browser-independent Web Protection checks URLs against a local blocklist that’s updated every 15 minutes and prevents all access from any browser or other program, sliding in a notification so you’ll know what happened. The Browser Security extension (for Firefox, Chrome, Edge, and other Chromium-based browsers) checks unknown URLs against Emsisoft’s online database and diverts dangerous access attempts to an explanatory page.
Based on prior experience, I dug into File Guard settings and changed the Scan Level from the default to Thorough. Among other things, this ensures that Emsisoft checks files on download rather than waiting for attempted execution.
(Credit: Emsisoft/PCMag)
Emsisoft blocked 32% of the malware-hosting URLs and wiped out another 67% during the download process. Its total protection score of 99% beats the 93% it achieved in its last test. Norton and UltraAV also scored 99% in this test, while Avira, Guardio, and Sophos Home Premium managed 100% protection.
