The advent of Windows 8 is having a profound effect on user interface design. Hyperlinks and small buttons are out; big, touch-friendly panels are in. Avast! Free Antivirus 8 is the latest of many antivirus products to exhibit a Windows 8 redesign, along with some interesting new bonus features.
The biggest panel in the updated main window displays overall security status. It’s not just color-coded red and green—a happy or unhappy face emphasizes the message. You will find that not all of the other panels actually function in the free edition. Clicking on the Firewall or SafeZone (sandbox) panel brings up an offer to “Activate” the feature by purchasing avast!’s security suite.
For a complete view of avast!’s commercial offerings, click the Market tab. Here you can purchase a variety of security tools for PC, Android, and Mac. This is also the place to sign up for a free credit alert service.
Some Installation Challenges
The product installed without incident on most of my malware-infested test systems. Ransomware on one system completely blocked access to the desktop, even in Safe Mode. Tech support advised opening Task Manager and killing a specific process. Doing so didn’t bring back the desktop, but it allowed me to install avast! and run a full scan, which wiped out the ransomware.
On another test system, malware actively killed avast!’s installer and its associated process. After a few back-and-forth emails, the agent suggested remote assistance. After verifying that remote assistance would be available to any user, I agreed.
We couldn’t use the Remote Assistance feature built into avast!, since the product could not install, but a third-party remote tool did the job. Even so, the malware repeatedly deleted the remote control tool, the avast! installer, and various other tools that the support agent brought to bear on the problem. It took the agent a couple hours of intense work to get avast! properly installed on this system.
Rating the Install Experience
For some years, I’ve scored antivirus products on their ability to remove malware in general and separately on their ability to remove malware that uses rootkit techniques to hide malicious activities. My latest malware collection doesn’t include enough rootkit samples to reasonably report a separate rootkit score, so I’ve turned my thoughts to another facet of antivirus competence.
There’s a wide variation in the way antivirus products handle cleaning up malware-infested systems. Quite a few examples of modern malware actively fight back against installation of security software, or prevent successful scanning. I’ve devised a rating system to reflect how well products handle this kind of resistance.
If the product installs and runs without incident on all my test systems, it gets five stars. If malware does manage to cause trouble, but the installer works around it, that’s still good for five stars.
Quite a few vendors offer secondary cleanup tools to handle installation problems. These may come in the form of a rescue CD, a command-line no-install scanner, or a threat-specific cleanup tool. If the use of such ancillary tools allowed all my installations to complete successfully, that’s worth four stars.
Sometimes the only recourse is to let tech support remote-control the affected system, to diagnose and actively fix whatever problem is preventing the antivirus from installing or running correctly. This can be very effective, but it’s also intrusive, requiring significant attention from the user. If completing the test requires remote-control support, or a very lengthy series of email exchanges, I’ll award three stars.
When remote-control support takes hours, it becomes a real time-waster for the user. You can’t necessarily walk away and let the tech do the work. You’ll frequently have to reboot the system, or supply specific information, or resume the connection. If getting any of my test systems working takes over an hour, I knock the score down to two stars.
In some cases, even with all the help tech support can offer, the product just never does install or scan correctly. If a product simply can’t function on any one of my test systems, it’s down to one star. And yet, that’s not the lowest possible rating. Sometimes the cleanup process renders a system totally unusable. Perhaps it won’t boot at all, or the keyboard doesn’t work, or it can no longer connect to the Internet. If tech support can’t solve this kind of collateral damage, if running the product effectively “killed” a test system, that product gets zero stars.
On this basis, avast! takes two stars for installation, because I had to spend over an hour with a support agent performing remote-control tech support.
An antivirus product that has just been installed is at a disadvantage. Any malware already present on the system has had a chance to dig in, hook into Windows, and otherwise prepare itself to resist removal. When avast! discovers evidence of such a threat, it offers to run a boot-time scan. This lets it start scanning before Windows has fully loaded, which generally means it gets in before any malware has loaded.
On half my test systems, avast! requested a boot-time scan before the full scan. On the other half, it asked for the boot-time scan after the full scan. Every system got both a normal full scan and a boot-time scan. Each took about 25 minutes on my standard clean test system, which means a full cleanup by avast! took almost twice as long as the current average.
A boot-time scan that finds malware traces won’t finish without your intervention. By default, it halts and waits for you to tell it whether to delete, quarantine, repair, or ignore the item, or perform that action for all found items. For testing, I always chose the “Move all to Chest” option, avast!’s way of saying quarantine all items.
Even after doing that, you may not be finished. If the boot-time scan encounters malware in the Windows folder, it will ask for confirmation before taking action. You can say yes or no to the current action, or yes to all actions. It’s possible to pre-configure the boot-time scan to make “Move to Chest” the default, but you’ll still have to answer this secondary confirmation.
When I started this review, my avast! contact accidentally gave me a pre-release copy rather than the final, shipping release. The pre-release lacked some code to prevent deletion of essential Windows files even when infected. As a result, it rendered two of my test systems unbootable. After we figured out what was wrong, I had to throw away my results and start fresh with the correct, final code.
Decent Malware Cleanup
Avast! is the first product I’ve tested using my latest collection of malware samples, so I can’t make an absolutely direct comparison with other recent products. It detected 75 percent of the samples and scored 5.8 points for removal. The score would have been higher, but in a number of cases avast! left executable traces behind, some of them actually running.
Malwarebytes Anti-Malware 1.70, Norton AntiVirus (2013), and Kaspersky Anti-Virus (2013) all detected 89 percent of my previous malware collection. The top score for malware removal, 7.1 points, went to Malwarebytes.
Tied for second place, Comodo Internet Security Complete 2013, Norton, and Webroot SecureAnywhere Antivirus 2013 all scored 6.6 points.
Again, the malware collections aren’t the same, but avast!’s 5.8 points is a bit above the average malware removal score for the previous group. As noted earlier, because installation required hours of remote-control assistance, I gave avast! two stars for installation experience. Products like Malwarebytes, Webroot, and Bitdefender Antivirus Plus 2013, which installed with little or no help from tech support, earned five stars.
For a full explanation of my malware removal test methodology, see How We Test Malware Removal.
avast! Free Antivirus 8 malware removal chart
Decent Malware Blocking
When I tried to re-download my new collection of malware samples, avast!’s various “shield” component sprang into action. It blocked access to the malware-hosting URL for 56 percent of the samples and caught another 32 percent during the download process. Interestingly, it blocked one sample based on reputation, reporting it as “very new or very rare” and advising against the download. 88 percent blocking of malicious downloads is better than most, though VIPRE Internet Security 2013 blocked 100 percent of the previous collection.
Next, I opened a folder containing existing samples, downloaded previously. The on-access scanning component in many antivirus products can be triggered even by the minor file access that occurs when Windows Explorer displays the file in a list. Avast!’s didn’t trigger until I clicked on each file, but it wiped out almost 80 percent of them at that point.
Avast!’s malware detection notifications stack up within a single notification window, so as not to overwhelm the user. Using left and right arrows you can flip through and view them all, though most users will probably dismiss them all at once.
The antivirus didn’t do so well when I launched the malware samples that weren’t eliminated right away. It completely missed more than half of them, and one that it did detect managed to plant a couple malware executables on the test system. Interestingly, a couple of those whose already-downloaded instances slipped past avast!’s file-based protection were blocked at the URL level by the website shield.
Avast! detected 86 percent of the threats and scored 8.5 points for malware blocking. That score is a bit below the average of products tested using my previous collection. Webroot detected 100 percent of those and scored 9.9 points. SecureIT (2013) came close, with 97 percent and 9.7 points. As noted, my current collection doesn’t include enough rootkit samples to merit a separate rootkit-blocking score. For an explanation of my malware-blocking tests, see How We Test Malware Blocking.
avast! Free Antivirus 8 malware blocking chart
Decent Lab Results
Seeing a pattern here? As in my own tests, avast!’s scores with the independent antivirus labs are good, overall, but not tip-top. West Coast Labs and ICSA Labs both certify avast!’s technology for virus detection, and it earned VB100 certification in nine of the last ten tests by Virus Bulletin.
AV-Comparatives runs two kinds of on-demand scanning tests, one using fully updated malware definitions and one using old definitions (to simulate detection of zero-day malware). In both tests, avast! rated ADVANCED+, the highest rating. However, in this lab’s whole-product dynamic test avast! rated just STANDARD. That’s still a passing grade; it’s just not the top rating.
AV-Test puts products through a set of static and dynamic tests that rate its ability to repair malware damage, protect against malware attack, and do both without hindering usability. A product can earn six points in each category, with a total of 11 points needed for certification. In the two most recent tests, avast! rated a comfortable 14 points, well above the minimum.
These are definitely good scores. However, others have done even better. Bitdefender rated ADVANCED+ in all tests by AV-Comparatives, for example, and with 17 of 18 possible points it also took the top score from AV-Test.
Web Reputation and Phishing Protection
Some companies use characteristics like where a site is hosted or how often it’s been seen to develop a kind of “reputation” score. Avast!’s Web Reputation relies on the company’s vast network of users for a literal reputation score. A toolbar button in your browser displays green, yellow, or red to show that the current site is safe, iffy, or dangerous. The icon’s three bars let you know how many responses went into that rating. Simple!
Avast! also marks up search results in popular search engines, so you can steer clear of unsafe sites. You can dig in for additional detail, including whether the site has been flagged with any of five positive and five negative attributes. Want to join in? Click an overall rating, check off any attributes that seem appropriate, and click the Vote button.
In testing, though, I had a hard time finding any websites that weren’t marked as safe, and I didn’t find a single one that had any attribute flags. In addition, I’m not entirely sure the general public can be a reliable source of website safety information.
Avast!’s phishing protection is a separate, parallel service. If you’re about to visit a fraudulent website, it displays a warning page instead. You can turn back (recommended), visit the site anyway, or report a false positive. Oddly, during testing, every site that avast! flagged as fraudulent got a clean bill of health from the Web Reputation system.
Last time I tested avast!, its antiphishing detection rate was among the lowest; this time around it’s closer to the middle. Its detection rate lagged 55 percentage points behind antiphishing champ Norton, and 27 points behind the SmartScreen Filter component of Internet Explorer 8. On the plus side, avast! and Internet Explorer complement each other; a combination of the two would have scored just 20 percentage points behind Norton.
The article How We Test Antiphishing explains exactly how I find phishing samples and come up with these scores.
avast! Free Antivirus 8 antiphishing chart
Hackers and malware writers frequently manage significant security breaches by taking advantage of vulnerabilities in the operating system, the browser, or some other significant software component. In many cases, just keeping everything up to date would have been enough to prevent the breach. New in this edition, avast!’s Software Updater checks for unpatched vulnerabilities.
You can run a full Software Updater scan any time you like. Even if you don’t, avast! will run one in the background and pop up to warn you of any problems. In most cases, you can click a button to fix the problem. It’s a nice feature.
Avast!’s commercial products include a sandbox feature that you can use at will to run possibly-dangerous programs without risking permanent damage to your system. There’s no manual sandbox control in the free edition, but if it detects a suspicious program it will automatically sandbox it, for your protection. Just about all of my hand-written analysis tools got flagged as suspicious, which is actually not unreasonable.
Your typical Browser Cleaner wipes out browsing traces such as history entries and temporary files, so nobody else can snoop your browsing habits. Avast!’s Browser Cleaner, new in this edition, focuses instead on toolbars.
Many modern software installers include the option to install an unrelated toolbar, often with the boxes checked by default. You can wind up with so many toolbars that they impact the visible size of the websites you’re visiting. It’s not terribly difficult to disable or remove the ones you don’t want, but Browser Cleaner automates the process for Internet Explorer, Firefox, and Chrome.
Hey, It’s Free!
Millions of people all over the world rely on avast! Free Antivirus 8 for protection. That’s great, because the large user-base helps avast! stay current with new malware. On the other hand, both in my own tests and in independent lab tests its ability to remove malware and block new infestations isn’t up there with the best. You won’t go wrong using it, and the new Software Updater may save your bacon. But while you’re checking out free antivirus, you should also consider our Editors’ Choice in that category, AVG Anti-Virus FREE 2013.
More Antivirus reviews:
|Tech Support||Forum, social sites, support web site, and free phone support for US.|
|OS Compatibility||Windows Vista, Windows XP, Windows 7|
Copyright © 2012 Ziff Davis, Inc