The best Home AV protection 2021-2022

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,209
Real-World tests include fresh web-originated samples.
Malware Protection tests include older samples (several days old) usually delivered via USB drives or network drives.


Real-World Triathlon 2021-2022: SE Labs, AV-Comparatives, AV-Test (7548 samples in 24 tests)

-------------------Missed samples
Norton 360..................12..... =
Avast...........................13..... +
Kaspersky....................18..... =

Microsoft...................*27.5.. =
McAfee ........................37.... +

Avira ............................43.... =

Comparison with the period 2019-2021:

  • no significant changes in protection ( = )
  • significant improvement in protection ( + )

Real-World Biathlon 2021-2022: SE Labs, AV-Comparatives, AV-Test (6748 samples in 16 tests)
-------------------Missed samples
Norton......................6
Bitdefender .............9
Avast........................10
Kaspersky................13

TrendMicro..............13
Microsoft...............*22.5

McAfee....................23
Malwarebytes.........26

Avira........................30


Malware Protection Biathlon 2021-2022: AV-Test, AV-Comparatives (270634 samples in 16 tests)


-------------------Missed samples
Norton 360.............1........ =
McAfee...................3....... +
Bitdefender.............5

Avast....................15........ +
Kaspersky.............28....... =

Microsoft............. 30....... =
Avira ....................45....... =
Malwarebytes.....173
TrendMicro ........623....... -

Comparison with the period 2019-2021:

  • no significant changes in detection ( = )
  • significant improvement in detection ( + )
  • significant decrease of detection ( - )

Why two years period?
The results of any single test made by SE Labs, AV-Test, or AV-Comparatives are useless for comparing AVs. In most cases, the statistical errors allow only saying that the group of 10 first AVs can be awarded. This follows from a too-small number of tested samples. I noticed that even a period of one year is not sufficient.


Some thoughts about these results:
  • The entries with the same color cannot be differentiated due to statistical errors.
  • The differences between several AVs are very small and they can hardly be noticed by the home user.
  • In some cases, the differences can disappear by tweaking the AV settings.
https://malwaretips.com/threads/the-best-home-av-protection-2019-2020.106485/post-927440
https://selabs.uk/consumer/
https://www.av-comparatives.org/news-archive/
https://www.av-test.org/en/antivirus/home-users/
 
Last edited:

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
843
Good summary of results Andy 👍 Everyone hangs sh*t on Norton, but the tests prove that it's pretty good 🎩when you average out the tests.

Kaspersky, Avast and Bitdefender score good too 🍀, they are always there or there abouts. McAfee and Microsoft *meh* OK but not great 💾
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,209
Please note, that the Real-World statistics in this thread cannot differ between Norton, Bitdefender, Avast, Kaspersky, and Trend Micro.
We can conclude that Norton can be indeed the top AV because it uses Download Insight (reputation file lookup) in default settings. This can produce many false positives. Similar results (and false positives) can be seen for any popular AV when using Edge with enabled SmartScreen + PUA + SmartScreen for Explorer.
The difference between Norton and other AVs is that Norton uses file reputation lookup in default settings, but other AVs do not. Anyway, blocking files by Norton is probably the most usable as compared to other solutions.

There are also stronger possibilities (more false positives), for example:
  • tweaked Comodo (@cruelsister settings),
  • tweaked Kaspersky (KIS in @harlan4096 settings),
  • tweaked Microsoft Defender with Smart App Control on Windows 11,
A similarly strong protection to Norton can probably apply:
  • Microsoft Defender with advanced settings (ASR rules, etc.),
  • Avast with enabled Hardened Mode.
They can use file reputation lookup similarly to Norton, but only for EXE files.

Post edited for more clarity.
 
Last edited:

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,656
Love it when you do it every year 👏
Can you also add ESET into this? According to Marcos from ESET, the test performed by AV-Test for home and business products are identical so they take part in only one (to save money probably). The protection level should also be identical. I used both and they are the same in default settings.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,209
According to Marcos from ESET, the test performed by AV-Test for home and business products are identical so they take part in only one (to save money probably).

The tested samples are probably the same in AV-Test, but often the settings used in the Consumer tests are slightly different and many vendors use a different AV in Business tests compared to Consumer tests. For example, the Malwarebytes results are different in the Consumer tests compared to Business tests (April 2022). Furthermore, AV-Comparatives uses different sets of samples in the Consumer and Business tests. So, it is not possible to make consistent statistics for Eset.
 

Andrezj

Level 6
Nov 21, 2022
248
Please note, that the Real-World statistics in this thread cannot differ between Norton, Bitdefender, Avast, Kaspersky, and Trend Micro.
We can conclude that Norton can be indeed the top AV because it uses Download Insight (reputation file lookup) in default settings. This can produce many false positives. Similar results (and false positives) can be seen for any popular AV when using Edge with enabled SmartScreen + PUA + SmartScreen for Explorer.
The difference between Norton and other AVs is that Norton uses file reputation lookup in default settings, but other AVs do not. Anyway, blocking files by Norton is probably the most usable as compared to other solutions.

There are also stronger possibilities (more false positives), for example:
  • tweaked Comodo (@cruelsister settings),
  • tweaked Kaspersky (KIS in @harlan4096 settings),
  • tweaked Microsoft Defender with Smart App Control on Windows 11,
A similarly strong protection to Norton can probably apply:
  • Microsoft Defender with advanced settings (ASR rules, etc.),
  • Avast with enabled Hardened Mode.
They can use file reputation lookup similarly to Norton, but only for EXE files.

Post edited for more clarity.

  • tweaked Microsoft Defender with Smart App Control on Windows 11
this config outperforms other solutions
to maintain this security configuration, user has to stick to windows stack of installed products
introduction of third party software is not supported at this time
 

legendcampos

Level 6
Verified
Aug 22, 2014
286
Effitas (https://www.mrg-effitas.com/ ) also does tests but focused on business software, there is also the Virus bulletin (Virus Bulletin :: Home) that tests and publishes your articles.

It's good to have several test options, in addition to home tests to have a conclusion. But I think that in the real world new attacks, new samples are always emerging and it may end up being not so accurate in detections, there will never be a 100% secure protection. So is an antivirus really necessary?
 

zkSnark

Level 5
Verified
Well-known
Jan 13, 2019
203
Effitas (https://www.mrg-effitas.com/ ) also does tests but focused on business software, there is also the Virus bulletin (Virus Bulletin :: Home) that tests and publishes your articles.

It's good to have several test options, in addition to home tests to have a conclusion. But I think that in the real world new attacks, new samples are always emerging and it may end up being not so accurate in detections, there will never be a 100% secure protection. So is an antivirus really necessary?
In Effitas tests, Symantec Endpoint has performed better than others. Is Symantec Endpoint different from Norton Security?
 

Andrezj

Level 6
Nov 21, 2022
248
So is an antivirus really necessary?
for non-security minded\geek user, default allow antivirus\internet security suite is a necessity and the absolute best solution for them
such users are best served by automation that makes decisions for them (instead of relying upon the user to make a decision or exert efforts to figure things out)

But I think that in the real world new attacks, new samples are always emerging and it may end up being not so accurate in detections, there will never be a 100% secure protection. So is an antivirus really necessary?
with this reality, security software vendors cannot keep their protections current with the fast pace of new attack methods, variations on old attacks, malware polymorphism, etc
not only that, but vendors do not get their protections quite right 100% of the time and\or the user will unravel the protection - especially decision-making by non-security geeks and deliberate unsafe user behaviors
a security geek that thinks can only reach one conclusion after critically analyzing all the facts about security software - the only solution that provides the greatest level of security:
  • the microsoft enterprise method of blocking everything not vetted by default
  • applying least privilege and least functionality system-wide
  • blocking known vulnerable processes by default
  • do not allow users to install software
it is absurd that the default configuration of windows is an administrator account, and that is the account that all home device users typically use
furthermore, it is absurd that relatively few home users know how to configure a standard user account
the users that need the most stringent security to stay safe, are exactly the ones who do not get it

the paradigm of "users that want to use stuff" and doing what they want on digital device is obsolete by any rational, common sense measure
yet this will never change
 

legendcampos

Level 6
Verified
Aug 22, 2014
286
for non-security minded\geek user, default allow antivirus\internet security suite is a necessity and the absolute best solution for them
such users are best served by automation that makes decisions for them (instead of relying upon the user to make a decision or exert efforts to figure things out)


with this reality, security software vendors cannot keep their protections current with the fast pace of new attack methods, variations on old attacks, malware polymorphism, etc
not only that, but vendors do not get their protections quite right 100% of the time and\or the user will unravel the protection - especially decision-making by non-security geeks and deliberate unsafe user behaviors
a security geek that thinks can only reach one conclusion after critically analyzing all the facts about security software - the only solution that provides the greatest level of security:
  • the microsoft enterprise method of blocking everything not vetted by default
  • applying least privilege and least functionality system-wide
  • blocking known vulnerable processes by default
  • do not allow users to install software
it is absurd that the default configuration of windows is an administrator account, and that is the account that all home device users typically use
furthermore, it is absurd that relatively few home users know how to configure a standard user account
the users that need the most stringent security to stay safe, are exactly the ones who do not get it

the paradigm of "users that want to use stuff" and doing what they want on digital device is obsolete by any rational, common sense measure
yet this will never change
I think the user is more exposed through data collection with advertising companies than with the virus itself. Microsoft is hammering on this key that should collect your data, your location and everything and still say it's for your security and privacy which is not true, it's just my opinion.
 

Andrezj

Level 6
Nov 21, 2022
248
At some point why bother using a PC at all...
windows was not developed for home users, it was created for enterprises where every workstation is domain-joined and there is an administrator in control
windows home is just an oem agreement and an additional source of income for microsoft, however when it comes to security microsoft is mainly focused on paid enterprise clients
not only that, least functionality is required under many regulations and needed to obtain cybersecurity insurance
home users that embrace the protection model have no problem with it
enterprises have no problem with it

"users that want to use stuff" are the ones who have a problem with it
you can have your freedom to do whatever you want, and convenience\usability, but that will ALWAYS come at the expense of greatly reduced security
it is completely unrealistic to expect that anybody - microsoft, security vendors - can keep anybody safe under such circumstances
 

Andrezj

Level 6
Nov 21, 2022
248
the user is more exposed through data collection with advertising companies than with the virus itself.
this is 100% correct, but this is a forum where most members are hyper-focused on security of localhost
lots of playing with security software, trying different settings configurations, testing against malwares, watching youtuber tests

when it comes to non-security geek users that download stuff, they are extremely likely to infect their devices
as far as data breach, it happens so often that it is just as troublesome
 

Andrezj

Level 6
Nov 21, 2022
248
under the way society works, there is no "right" or "wrong" way or choice to be made by a user in how they use or protect their system
technically, there is a spectrum of usability and protections from "usability is the priority or little protection" to "usable, but requires user knowledge & effort, complete device lockdown"
for a home user, it is up to the device owner to decide, and with that billions of security holes are punched into matrix

users should use whatever security that works for them to the extent that they will keep using it
unfortuantely, "minimum security" or "unknown security" are what many users follow
 
  • Like
Reactions: simmerskool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,209
  • tweaked Microsoft Defender with Smart App Control on Windows 11

to maintain this security configuration, user has to stick to windows stack of installed products
introduction of third party software is not supported at this time
I tested it with several 3rd party software without any issues. The main requirement is that the software must use signed EXE and DLL files. It is possible to use this config with popular unsigned applications, but then auto-updates must be turned off and the installers that update applications must be submitted to Microsoft for whitelisting.
 

Andrezj

Level 6
Nov 21, 2022
248
I tested it with several 3rd party software without any issues. The main requirement is that the software must use signed EXE and DLL files. It is possible to use this config with popular unsigned applications, but then auto-updates must be turned off and the installers that update applications must be submitted to Microsoft for whitelisting.
i know sac works with popular software, but what i meant by "not supported" is that users will have to do work
you know, users do not like having to do work submitting files for whitelisting
no users decisions, no user work - but sac does not "support" this
 
  • Like
Reactions: simmerskool

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,209
i know sac works with popular software, but what i meant by "not supported" is that users will have to do work
you know, users do not like having to do work submitting files for whitelisting
no users decisions, no user work - but sac does not "support" this
In practice, this can be close to the truth, because many 3rd party (signed) applications use one or more unsigned DLLs. So, they are not fully signed. For now, the users do not know which applications are fully signed to be supported by SAC.
Anyway, SAC supports any properly signed application (all EXE and DLL files must be signed). I think that in the year 2023, the number of properly signed applications will increase significantly. If so, then the usability of SAC will also increase.
 

legendcampos

Level 6
Verified
Aug 22, 2014
286
Na prática, isso pode estar próximo da verdade, porque muitos aplicativos de 3ª parte (assinados) usam uma ou mais DLLs não assinadas. Então, eles não estão totalmente assinados. Por enquanto, os usuários não sabem quais aplicativos estão totalmente assinados para serem suportados pelo SAC.
De qualquer forma, o SAC suporta qualquer aplicativo devidamente assinado (todos os arquivos EXE e DLL devem ser assinados). Penso que, no ano de 2023, o número de candidaturas devidamente assinadas aumentará significativamente. Se assim for, então a usabilidade do SAC também aumentará.
That's true, with each update are adding more programs and files related to those allowed, these days back had said that firefox had been receiving blocking alerts with some Dlls, I have install again and i have not had alert since.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top