User Feedback AVG Ultimate

Software
AVG Ultimate
Installation
5.00 star(s)
Installation Feedback
Installation is simple, one-click install via Live (Online) installer.
It takes roughly 2 minutes with the package download and the product is installed with the lastest database.

Prior to the AVG/Avast setup, it is recommended that you run a removal tool for other antivirus packages installed in the past.
List of removal tools can be found here:
https://malwaretips.com/threads/removal-tools-for-common-antivirus-packages.105323/
Interface (UI)
5.00 star(s)
Interface Feedback
See bellow
Usability
5.00 star(s)
Usability Feedback
See bellow
Performance and System Impact
5.00 star(s)
Performance and System Impact Feedback
See bellow
Protection
5.00 star(s)
Protection Feedback
See bellow
Real-time file system protection
5.00 star(s)
Internet Surf protection
5.00 star(s)
Proactive Intrusion protection
5.00 star(s)
Network protection
5.00 star(s)
Pros
  1. Lots of great features
  2. Low impact on system resources
  3. Lightning fast scans
  4. Highly configurable
  5. Easy to use
  6. Ransomware protection
  7. Effective malicious URL blocking
  8. Virus signatures are updated very often
  9. Excellent scores in independent tests
  10. Great value
  11. Effective malware removal
  12. Well designed, clear interface
  13. Multiple layers of protection
Cons
  1. Includes links to paid-for components
  2. Nags about purchasing other version
Software installed on computer
More than 30 days
Computer specs
See configuration for details
Recommended for
  1. All types of users
Overall Rating
5.00 star(s)
Disclaimer
  1. Any views or opinions expressed are that of the member giving the information and may be subjective.
    This software may behave differently on your device.

    We encourage you to compare these opinions with others and take informed decisions on what security products to use.
    Before buying a product you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

McMcbrad

Level 23
Oct 16, 2020
1,252
AVG Ultimate provides a group of apps for Windows, Mac, iOS and Android.
One license provides access to a vast multitude of features, that one-by-one might be costly.
Are these features enough bang for the buck?

1606165726027.png

1606166089270.png

  1. Avast Web Shield​

    Processes all traffic coming over HTTP and encrypted HTTPS connections, using URL detection algorithms to protect against phishing as well as full content filtering to stop malware.
  2. Static Scanner​

    Analyzes code and binary objects prior to execution, using machine learning and various detection methods, including PE structure analysis, linker analysis, unpacking/de-obfuscation, and similarity, fuzzy, and algorithmic matching. Based on the analysis, our fast and efficient static scanner then characterizes the file as benign or malicious.
  3. Emulators​

    Two emulators (one for scripts and one for binary files) protect against zero-day malware and vulnerabilities as well as increasing resilience to malware sample modifications. These provide full emulation of the native computing environment, including a virtual CPU, virtual RAM, and virtual OS together with its subsystems. Features are collected during emulation and malware is then blocked according to our unique rule engine.
  4. Avast DeepScreen​

    Utilizing a full virtual machine, on which a cloned version of the user’s OS tests the suspicious files, DeepScreen uses machine learning algorithms to identify similarities with known malware families. The hypervisor-assisted virtual machine connects to the Avast cloud engine to utilize threat intelligence gathered from our entire user base.
    We combine virtualization of suspicious applications and deep instrumentation to see at the high level, as well as at an instruction level, what the examined program is trying to do. Based on an observed behavior model using machine learning algorithms, we are able to identify similarities with known malware families. By peeling off layer by layer with deep dynamic introspection, the generic unpacker component is able to unveil known malware samples that could be hidden in heavily obfuscated and encrypted ones. During this process, our cloud engine utilizes threat intelligence gathered from our entire user base to assess all software samples.
  5. Avast CyberCapture​

    Activates automatically, when needed, to prevent the rarest and most sophisticated malware from infiltrating a user’s system. CyberCapture locks down and submits potentially malicious files, including all the associated metadata, to the clean-room environment of our Avast Threat Labs, while informing the user and keeping him engaged throughout the process. Advanced algorithms and Avast’s experts inspect the suspicious files in this most advanced layer of security. CyberCapture analyzes over 20,000 unique files every day.
  6. Behavior Shield​

    Monitors the system for suspicious activities while programs are running. Behavior Shield captures unusual behavior on the device (works on both PCs and Android smartphones) such as attempts to terminate the Windows Update or Firewall services, inject system-level processes, or use the camera without user-initiated activity. Once evaluated as malicious, it is able to automatically stop the activity, undo the operation, and quarantine the objects in question.

Our advanced Artificial Intelligence system uses machine learning to automatically collect and extract data from our entire user base — then trains every security module. After finding a new malware sample, our products are automatically updated with new models, providing crucial, up-to-the-second protection.

Training the Avast machine learning engine​

Sophisticated threat prevention in today’s world does not rely on a single machine learning engine that provides a silver bullet to all cyberattacks. Instead, it is a combination of multiple ML engines that work hand-in-hand to defend against attacks. The engines work across devices (both on the cloud and on PCs and smartphones), they use static and dynamic analysis techniques, and they are deployed in many of the layers of our defense engine.

In order to evaluate new and unknown threats, we’ve built a unique and sophisticated machine learning pipeline that allows us to rapidly train and deploy malware detection models within 12 hours. We also employ advanced techniques like deep convolutional neural networks (Deep CNN) to enhance our malware detection models. New security threats can appear suddenly, and take new and unknown forms; in such situations, our ability to update our models rapidly ensures our users remain protected.
AVG Internet Security provides the same protection that Avast does - I've already described here: User Feedback - Avast Premium Security 20.9
I'll shed a bit more light on how I perform my tests in this review though.

To conclude how good protection is, I test a product continuously for 14 days.
To perform the test I use samples and links collected from several sources, such as any.run, hybrid analyses, malwarebazaar and others. I have several emails that have been breached and registered in not-so-trustworthy websites, so these receive a vast amount of phishing emails. I analyse relations on VirusTotal and discover more and more malware, and links.

Every day the test includes:
  • 5 Phishing Links
  • 5 Malicious Links
  • 5 Malware Executables (*.exe files)
  • 5 Malicious Word/Excel Documents
  • 5 Scripts that abuse Windows processes
  • 5 Loaders that rely on PowerShell. I do not download these, but rather copy and paste the code into PowerShell.
  • Few Java malware files (*.jar)

I do not handpick links, but I specifically choose samples that are more difficult to detect (evasive, compressed, packed etc.). It's not necessary for these samples to be 0-days, but they should be prevalent.
Test has 2 outcomes - success (everything blocked) or failure (something has been missed)
A product must block everything to be successful.
It's not necessary for the malware sample to be deleted - for example blocking a loader from downloading any additional files is good enough.
At the end I use Hitman Pro, Norton Power Eraser and RogueKiller, as well as various utilities such as Process Explorer to establish whether everything has been blocked (when behavioural blocker has been involved.
In case of ransomware, products that support Secure Folders should keep the selected folders unencrypted.
I discard PUPs from the test, due to the fact that different vendors have different understanding of what's PUP. I consider misleading applications a form of malware.

As a last stage of the test I usually register a service, a scheduled task and auto-run pointing to a malware sample and containing malicious PowerShell code. I perform a scan and then check whether everything has been removed.

From time to time I can come up with other tests. These will be discussed in separate threads.

AVG protection and removal have both been successful on my tests.
The AVG behavioural blocker is usually very effective against file-less malware, as well as Java Malware, which is where other products typically fail.
Ransomware Shield, Sensitive Data Shield, Webcam Shield and Password Protection Shield have all been designed to handle non-process threats and support strict modes that may get around code injection as well.
Most of the products on my test remove scheduled tasks and auto-run entries, with few exceptions. AVG and Avast successfully remove the fake services I create.
AVG has a quick reaction time on blacklisting files and links. It usually takes 2-3 minutes after downloading a malware sample from a link not-yet-blocked to be blacklisted.
Same is with samples detected by CyberCapture and behavioural blocker (IDP).
AVG Impact on idle
1606205657797.png


AVG Impact on Deep Scan
Screenshot (4).png


Measured average CPU usage during browsing: 2-4%
AVG provides much better interface than their parent company (Avast). It uses a blend of dark grey and green, and all tools/settings are organised/easy to find.
1606206371808.png

1606206398585.png

1606206430098.png

1606206469951.png

1606206496618.png

1606206529959.png

1606206569986.png

1606206591897.png

1606206623467.png

1606206782659.png

1606206886574.png

1606207034605.png

1606207350620.png
Ransomware protection has a strict mode, which may get around code injectors.
Password Protection Shield secures credentials stored in Chrome, Firefox, Edge, Opera and AVG/Avast Secure Browser. It doesn't allow any 3-rd party apps to access folders, where credentials are stored.
Low-level web blocker stops all apps, and not just browsers from connecting to untrusted websites.
Sensitive Data Shield auto-detects files of interest (plane tickets, employment files, etc) and blocks access or modification by untrusted apps. It also manages account privileges, so other users can't read them.

The product offers highly-configurable and pretty solid firewall:
1606210307975.png
1606210391359.png
1606210416786.png
1606210456761.png

1606210490010.png
1606210527196.png
1606210574807.png
1606210629469.png
AVG alerts are infrequent, though a bit more frequent than other products. They frequently include ads for other AVG apps, though permanent silent mode can be activated in settings.
They are raher free of complicated tech-terms.

The product lags a log viewer, so if you are looking to preview past events, that won't be possible. Kaspersky, Bitdefender and Trend Micro offer very detailed logging.

Help files haven't been updated in ages and include references to features, already long gone. Some features have been renamed by Avast, but they are still listed with their old names.
There is a reference for example to Anti-Spam component, whilst there is no such component at all. There are references to non-existing settings.
1606208199207.png
1606208222002.png
1606208242890.png
1606208272992.png
1606208295804.png


Speed Test <No VPN>
1606208707611.png


Speed Test <VPN:Same Country>
1606208836352.png


Speed Test <VPN: High Distance>
1606208982653.png
1606209126324.png



I normally don't do this kind of software (TuneUP and CleanUP), but this one offers solid features that I like.
It's able to put software "to sleep". This involves stopping software services, auto-run entries and scheduled tasks - not that this can't be achieved manually, but it's much more convenient doing it with one click. Launching a program from this list "wakes it up" and then once it's closed, it goes back to sleep again.
1606209219284.png
1606209252381.png
1606209289077.png
1606209321819.png


One-click maintenance removes broken shortcuts, which I find really annoying in start menu or recently used files.
1606209397658.png


For older HDDs, disk defragmenter is offered, which is quite effective.
AVG Password Protection app appears only after the product has been activated. It's not a password manager, but rather a scanner for weak passwords and breaches.
1606209660658.png
1606209676958.png
1606209695487.png
1606210137033.png
AVG Ant-Track aims at preventing online tracking by randomising hardware ID.
1606209889570.png

CONCLUSION:

AVG Ultimate offers a solid bundle of security, performance optimisation, VPN and Anti-Tracking.
Not all apps have to be installed, by default AVG Internet Security is downloaded and everything else is optional.
People looking for less bloated security might be better off getting AVG Internet Security Alone.
Users who just want to get rid of malware may try AVG free.

Important to note is that purchasing AVG through a reseller means you can’t add subscription to your online account. You won’t be able to use AVG VPN on iOS without that.
 
Last edited:

McMcbrad

Level 23
Oct 16, 2020
1,252
Last edited:

McMcbrad

Level 23
Oct 16, 2020
1,252
Very well written. Wish there is a way to get old settings back. On geek:area, there is nothing much except the one setting that you can tweak the behaviour blocker (known threats / detected threats)
There are several nice settings:

1606230122974.png
1606230140382.png
1606230163841.png
1606230190984.png
1606230231635.png
1606230258270.png
1606230296139.png


And there is a vast multitude of settings in the firewall area, shown in the review.
It's definitely not Eset, but it doesn't need to be. All needed settings are there.
 

miyagi

Level 1
Jul 7, 2013
21
Great detailed review as always McMcbrad! Always enjoy and learning new things from your long hours of analysis. Thank you for sharing your thoughts amongst us. Really appreciate it. :) (y)

As for the VPN on iOS device, so there is no way to use it other than buying directly from AVG.com? Kind of confused on that one. Can't you add your activation code into your new AVG account and login that way?
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Great detailed review as always McMcbrad! Always enjoy and learning new things from your long hours of analysis. Thank you for sharing your thoughts amongst us. Really appreciate it. :) (y)

As for the VPN on iOS device, so there is no way to use it other than buying directly from AVG.com? Kind of confused on that one. Can't you add your activation code into your new AVG account and login that way?
Your license will appear in the account only if you purchase directly (that goes for Avast too).
Otherwise, subscription doesn’t appear there and you can’t activate AVG VPN for iOS.
You can still activate all other products for iOS, as well as all products for Windows, MacOS and Android.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Another thing I’ve noticed is AVG and Avast behave weird on installation and post-install (before reboot) if there have been other AVs, not removed properly. If AVG is the first AV after clean Windows install, there are no issues, but if there are other programs remnants, UI for example, might fail to launch. Running a removal tool for all other security products ever installed is recommended before AVG/Avast setup.

This is due to incomplete uninstall routines that frequently leave various drivers behind. After a Panda uninstall for example, 5 drivers remain in C:\Windows\System32\Drivers and C:\Windows\SysWOW64\DriverStore
 

McMcbrad

Level 23
Oct 16, 2020
1,252

I've posted a list of removal tools in this thread.
 

XLR8R

Level 4
Jan 20, 2020
151
On Android yes, on iOS, nope.



Yes, it works.
But it still doesn’t go into your account and the iOS products can’t be activated via a key.
Hey, contact AVG customer support, tell them you're having this problem and that you need to get this key linked to your AVG Account, they'll get it done (they're a bit slow though). Then you can use it on iOS just fine.
 

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,727
We will have to wait for his review, should be out any day now... 🤔
We talked about KIS protection with @McMcbrad on another thread and we agreed that KIS in the @Harlan settings (similar to Trusted Application Mode) is better than Norton in all categories. So, KIS fully deserves the highest scoring in protection (I am not fully convinced about AVG).:)(y)
 
Last edited:

McMcbrad

Level 23
Oct 16, 2020
1,252
Hello @Andy Ful ,
I did not test AVG against custom-made scripts (apart from the ones in “How well are you protected against Emotet”), as I was to busy working on other custom threats.
However, every maldoc and every script that I downloaded was either blocked by static/dynamic analyses or by behavioural blocking (IDP). It might have some sort of exclusions if scripts are made by user. Not entirely sure on that. I tested AVG against java malware as well and it was the winner together with Kaspersky. AVG blocks C&C servers very quickly which leaves no space for loaders to work.
I tested ransomware protection against few custom ransonwares that I’ve made and nothing managed to encrypt my system.
I tested the Password Protection shield with RATs (orcus, Nanocore, NJRAT) and I couldn’t steal anything.
When I discoverer the IceRat (klip.exe) AVG was one of the few to block the download (only AVG and Kaspersky).
Rest was again blocked by IDP.

All in all, I’ve downloaded an enormous amount of malware (I’be been testing Avast and AVG for 2-3 months) and have compiled some myself - AVG has always blocked everything. It also blocks links and files once they are related to malicious activity very quickly, in a matter of minutes. I didn’t see any FPs.

I tested malware removal many times and due to the fact that IDP (ex-Norton AntiBot) had a very effective removal framework from the start, AVG journals all actions, dropped files and registry entries, and removes them.

Of course compared to Kaspersky, it can’t win. Kaspersky is a mighty titan for advanced users (on all my test impenetrable), but for people who don’t have the knowledge to manage Application Control, don’t like that as a concept or just don’t like Kaspersky, AVG is the closest alternative. Also, what I didn’t like in Kaspersky is that active malware removal triggers too many alerts that might scare novice users, whilst AVG is far easier to use.
 
Last edited:

toto

Level 4
Verified
Oct 15, 2014
162
(I’be been testing Avast and AVG for 2-3 months)
Have you noticed any difference protection wise or performance wise between Avast and AVG?
I recently installed Avast Free with only file protection, web protection and behaviour blocker just to see how it worked with my laptop and I really like how light it feels. I'm guessing they're about the same in all respects but never tried AVG before.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Have you noticed any difference protection wise or performance wise between Avast and AVG?
I recently installed Avast Free with only file protection, web protection and behaviour blocker just to see how it worked with my laptop and I really like how light it feels. I'm guessing they're about the same in all respects but never tried AVG before.
They share the same design (by design I mean program code design, not UI) as well as same databases, cloud and protection features. They have the same performance impact and same protection.
 
Top