I’m seeing quite a few antivirus products where the user interface is precisely the same as that of the corresponding security suite, except that some features are either grayed out or replaced by an invitation to upgrade. BullGuard Antivirus (2014) ($29.95 direct) has joined that trend; just two of the seven security component panels on its main window are immediately available. The rest require an upgrade. What you do get is complete antivirus protection and, somewhat surprisingly, antispam. Both do a good job, albeit slowly at times.
There’s another trend, probably driven by Windows 8, for antivirus product user interfaces to go for a simpler and more streamlined look. BullGuard looks like it might be a participant in this trend, but in truth its previous edition was even simpler, with just two big buttons labeled Scan and Status. Perhaps that was just too minimalist. The current UI definitely gives more information to the user.
Quite a few modern antivirus products display security component status in panels that slide in and out of view. Bitdefender Antivirus Plus (2014), for example, shows four at a time, but lets you juggle them so your favorite four are the ones that initially appear. It’s still possible you might not notice that Bitdefender offers more panels than what you see. To get around that problem, BullGuard takes the unusual step of cutting off the rightmost panel halfway. That does make it clear that you can slide something more into view, but it looks rather odd to me.
Impressive Lab Results
BullGuard participates in testing with most of the labs that I follow, though they don’t submit their technology for certification by ICSA Labs or West Coast Labs. Out of the last 12 tests by Virus Bulletin, BullGuard entered ten and received VB100 certification for malware detection in all of them. It earned ADVANCED+, the top rating, in two malware detection tests by AV-Comparatives.
AV-Comparatives also tested the ability of a previous version of Bitdefender to thoroughly remove malware that it detected. BullGuard earned an ADVANCED rating, the second highest rating.
Real-time protection tests aim to measure how well an antivirus product would work in a real-world situation. In the protection segment of AV-Test’s three part test, BullGuard took 6.0 points, the maximum. It rated STANDARD in the real-world dynamic test by AV-Comparatives, with no false positives in any of that lab’s tests. Low false positives also contributed to a 5.5 (of 6.0) point score in the AV-Test’s usability test.
This latest edition claims to be significantly lighter in its use of system resources than in the past. AV-Comparatives rated an earlier edition ADVANCED for performance, but AV-Test gave it just 3.5 points, out of a possible 6.0. I reserve performance testing for full security suites, not antivirus, but I can’t say I noticed any slowness other than in the spam filter (more about that later). For a full explanation of how I interpret the various lab tests, see How We Interpret Antivirus Lab Tests.
BullGuard Antivirus (2014) lab tests chart
Average Malware Blocking
Thanks to my buddies at MRG-Effitas, I now have access to a nearly real-time feed of the latest malicious URLs. For testing purposes, I sift out the thousands of URLs that point directly to executable malware files and check what happens when I try to download them. Will the antivirus block all access to the URL? Will it quarantine the file during or immediately after download? Or will it simply miss these very new malware samples?
Despite being less than a day old, I find that many of the URLs are already “dead,” returning just an error message. I keep plugging away until I’ve accumulated a hundred or so live samples.
I used this test for the first time when reviewing avast! Free Antivirus 2014. Avast! blocked 79 percent of the samples; in the vast majority of cases it prevented all access to the malicious URL. Given I had never performed this test before, I couldn’t say whether 79 percent is a good score.
Well, after checking BullGuard, I think 79 percent seems pretty good. BullGuard blocked 10 percent of the samples at the URL level, reporting in detail about the problems found on the site. It blocked another 20 percent either by interrupting the download or by immediately quarantining the downloaded file, for a total of 30 percent.
BullGuard fared better in my usual malware blocking test. When I opened a folder of samples, it very quickly wiped out over 80 percent of them. It handled a folder containing hand-modified version of those files in exactly the same way; my tweaks didn’t fool it.
Unfortunately, when I launched the files that weren’t wiped out on sight, it missed some, and it allowed others to install executable files despite nominally blocking their installation. Its 94 percent detection rate overall is good; it could have earned 9.4 points had it blocked every detected item perfectly. But those missed executables and other traces dragged it down to 8.9 points, right in the middle of the pack.
Had it managed 9.4 points, BullGuard would have joined a multi-way tie for top score among products tested with my current malware collection. Among those sharing the glory are Avira Antivirus Suite (2014), F-Secure Anti-Virus 2014, and AVG AntiVirus FREE 2014. The article How We Test Malware Blocking explains how I conduct and score this test.
BullGuard Antivirus (2014) malware blocking chart
In a few cases, BullGuard flagged a file as suspicious, rather than malicious, and gave me three choices: allow it to execute, quarantine it, or report it as a false positive. It treated several of my hand-coded analysis tools the same way, leaving me wondering whether choosing quarantine every time was reasonable.
For a sanity check, I installed 20-odd PCMag utilities, none of them digitally signed and all of them hooking deeply into Windows in potentially suspicious ways. BullGuard left them alone, correctly refraining from calling any of them suspicious. And really, my programs are pretty suspicious. They exist nowhere but on my test system and perform actions like launching malicious URLs. I concluded that quarantining files considered suspicious by BullGuard is the right thing to do.
Much-Improved Phishing Protection
Given that BullGuard only blocked browser access to 10 percent of the malicious URLs in my new test, I didn’t expect it to do well in my phishing test. After all, both tests use URLs that are extremely new, too new to be caught by simple blacklisting.
I must say, I was pleasantly surprised. BullGuard caught a lot of the frauds, diverting the browser to a page that explained just what happened. Its detection rate came in 12 percentage points below Norton’s; last year’s version lagged by 26 points. Being down by only 12 percent puts BullGuard ahead of nearly three quarters of the antiphishing products I’ve tested.
It’s worth noting that a few products have actually scored better than Norton in this test. Kaspersky PURE 3.0 Total Security and Bitdefender top that list, both beating out Norton by 3 percentage points. To learn more about how I locate the very freshest phishing URLs and conduct this test, see How We Test Antiphishing.
BullGuard Antivirus (2014) antiphishing chart
Spam Filtering Built In
Like Trend Micro Titanium Antivirus+ 2014, BullGuard includes built-in spam filtering in the entry-level antivirus rather than reserving it as a security suite feature. BullGuard’s spam filter integrates with Microsoft Outlook, Outlook Express, Windows Mail, Thunderbird, or Incredimail; those using a different email client will need to define a message rule that diverts messages with [BGSpam] in the subject into a spam folder.
There’s also an option, available for supported email clients only, to divert bulk mail into its own folder. In testing, I found this folder contained almost entirely spam; legitimate bulk mail mostly wound up in the Inbox. And yet, I also found a few individual, non-bulk, valid messages in that folder. For analysis purposes, I lumped the contents of this folder in with the spam folder, the same way I treat “probable spam” from other products.
The spam filter works fine right out of the box, but if you wish, you can train it using a folder full of valid mail and another full of mail that’s definitely spam. I skipped the training step, figuring few users would bother with it.
BullGuard automatically whitelists any addresses to which you send mail, and also whitelists cc’ed recipients of mail addressed to a trusted correspondent. You can manually whitelist or blacklist addresses or entire domains. My testing relied strictly on the spam filter’s ability to identify spam from content, with no whitelist or blacklist.
As usual, I downloaded a month’s worth of messages from a real-world, spam-infested email account. BullGuard pulled down over 5,000 messages in about 90 minutes, which I initially took to mean the filtering process didn’t slow the download much. However, at second glance I realized that it was still busily moving messages from the Inbox to a “SpamFilter” folder, and moving some of those to the spam folder. It took 3.5 hours more before it finished the job. Even downloading just 30 messages the next day, I had to wait for the filtering to finish. By my calculations, downloading and filtering mail with BullGuard took over four times as long as with no spam filter. Wow!
That slow-but-steady filtering paid off in the end; BullGuard only let 4.3 percent of spam into the Inbox. However, it did mistakenly throw 1.2 percent of valid personal mail out along with the spam, and over half of the valid bulk mail wound up either in the spam folder or in the somewhat-confusing bulk mail folder.
I’d suggest turning off the bulk mail feature and carefully watching for valid mail in the spam folder. With a little training I think BullGuard can do a good job. On the other hand, antispam Editors’ Choice Cloudmark DesktopOne Basic 1.2 is completely free, and it didn’t slow mail download appreciably.
For an explanation of how I rate antispam accuracy, see How We Test Antispam.
BullGuard Antivirus (2014) antispam chart
No-Hassle Malware Cleanup
When you launch BullGuard’s antivirus scan it simply displays a progress bar in the antivirus panel of the main window. Once the scan is complete, you can just click a button to fix any malware problems it found. If you actually have an interest in the process, you can view details during the scan and optionally review found items before cleanup.
In the past I’ve found that some malware samples actively resist installation of security software, or render the infested system unbootable. BullGuard’s Linux-based rescue CD can wipe out malware even when you can’t boot Windows, and its online scanner may succeed against malware that won’t allow an installation of the local antivirus.
In the event tech support must be called in to help with installation, or with getting a full scan completed, the product contains built-in diagnostics; standalone diagnostic tools are also available. If all else fails, tech support can remote-control the problem PC to manually diagnose and remediate the malware problem. That service is free, though a paid premier service level is also available.
A full scan with BullGuard on my standard clean test system took almost 40 minutes. That’s not bad, though the average for a first scan among current products is 28 minutes. A repeat scan with BullGuard finished in just over 13 minutes. A repeat scan using Kaspersky Anti-Virus (2014) took just five minutes, while even the initial scan with Webroot SecureAnywhere Antivirus (2014) came in under five minutes.
The independent antivirus labs do like BullGuard, and it’s definitely easy to use. Its phishing protection has improved quite a bit since the last time I tested it. And the user interface is probably an improvement over the hyper-minimalist previous edition.
On the other hand, it didn’t display the best performance in my standard malware blocking test or in my new malicious URLs test. Spam filtering is a nice bonus, but the separate filtering of bulk messages seems confusing to me, and the filtering process imposes a massive slowdown on downloading of email. I’d advise trying Norton AntiVirus (2014), Webroot SecureAnywhere Antivirus (2014), or Bitdefender Antivirus Plus (2014). Each has its own strong points, and all three are Editors’ Choices for antivirus.
Copyright © 2012 Ziff Davis, Inc