McAfee AntiVirus Plus 2013 review

McAfee's developers are serious about the "Plus" in McAfee AntiVirus Plus 2013. In addition to basic antivirus functionality, it offers firewall protection, vulnerability scanning, system cleanup, and more. Its SiteAdvisor toolbar beat out all others in phishing protection. However, the core antivirus technology doesn't score as well as many in independent tests and PCMag's own tests.
Photo of McAfee AntiVirus Plus 2013

Some antivirus products strictly handle the core issues of cleaning malware from infested systems and preventing any further attacks. McAfee AntiVirus Plus 2013 handles the basics plus firewall protection, website reputation with antiphishing, and a number of other useful tools. It’s not the very best at fighting existing malware infestations, but its wealth of bonus features may offset that weakness.

Many security vendors sell antivirus products in packs of one or three licenses. McAfee’s 2013 line takes a different approach. You get your one license for $49.99, then add as many additional licenses as you want for $15 apiece.

If you’re familiar with earlier versions of this tool, you’ll find the new user interface to be quite a departure. Last year’s antivirus used a narrow, compact form for its main window. This year it’s morphed into a much bigger window, with large, touch-friendly buttons for Windows 8 compatibility. A separate Navigation Center offers alternate mouse-friendly access to all features; it’s the only way to launch a few advanced features.

Difficult Installation
At one point in the installation process, McAfee’s installer announces, “Please wait while we clean threats on your computer so your installation will be trouble-free.” If only that were true! In fact, getting McAfee installed on my 12 malware-infested test systems was a real nightmare.

On eight of the systems, it did install and run with a few minor problems. I had to run the scan in Safe Mode on one system, because malware interfered. Another didn’t install correctly at first, but worked fine after a full uninstall and reinstall.

One of the test systems can only in Safe Mode, because a ransomware program demands money to enable normal Windows bootup. McAfee will scan in Safe Mode, but it can only install under normal Windows. McAfee’s Stinger tool targets specific Trojans and other malware that can interfere with the full antivirus. Stinger got rid of the ransomware, but after installation McAfee wouldn’t update. A session with live chat support and remote assistance solved that one.

The activation and update processes failed on another system because malware actively blocked access to McAfee’s websites. Stinger didn’t help on that one, so I booted from McAfee’s CleanBoot Recovery Disc and ran a full scan. That solved the problem.

Tough malware on a third system blocked installation. I ran Stinger and Cleanboot to no avail. After a lengthy remote assistance session, the support agent passed me along to Tier 2 support. Tier 2 eventually escalated my case to a free session with McAfee’s Virus Removal Team. They eventually solved the problem, but wow, it took a lot of time.

That wasn’t the worst, though. After McAfee installation, the fourth system lost all connectivity to the Internet. Stinger and Cleanboot didn’t help. With no connectivity, I couldn’t get remote assistance. I had to stay on the phone with tech support, following the agent’s instructions, for more than two hours to solve the problem.

It’s true that you’d only experience this frustration once, at the initial installation. Webroot SecureAnywhere Antivirus 2013 managed to install on the exact same test systems with only one minor hassle. Norton AntiVirus (2013) encountered the same problems McAfee did, but its built-in AutoFix along with Norton Power Eraser and the Norton Bootable Recovery Tool worked through the problems.

Average Malware Cleanup
After all that effort to get the product installed, I would have been pleased to at least see super results in my malware removal test. Unfortunately, just as with last year’s version, McAfee turned in a so-so performance in this test. In fact, its 5.3 point score for overall malware removal is exactly the same as the 2012 version got using my previous malware collection. A score of 5.3 is also the average for products tested with my current collection.

None of the products I’ve tested do a perfect job cleaning up malware, but the best ones do quite a bit better. Norton and Webroot both scored 6.6 points in the overall malware removal test. Kaspersky Anti-Virus (2013) , Daily Safety Check Home Edition , and AVG Anti-Virus FREE 2013 all managed 6.5 points.

Rootkits try to avoid detection by subverting Windows mechanisms that would allow programs to “see” them. Based on my results, this kind of trickery can totally backfire. Norton, Kaspersky, Bitdefender Antivirus Plus 2013 , and several others detected 100 percent of the threats that use rootkit technology. Kaspersky earned the top score of 9.4 points for rootkit removal; FixMeStick 2013 came close with 9.2 points. McAfee’s 4.0 points is well below the average of 6.0 points.

For a detailed explanation of my testing technique, see How We Test Malware Removal.

McAfee AntiVirus Plus 2013 malware removal chart

Better at Blocking Attacks
Naturally I had no trouble installing McAfee on my clean test system, and it mostly did a good job of blocking malware attacks on that system. It was especially effective at preventing download of malware by blocking access to the malware-hosting site. It even blocked a number of URLs that aren’t currently active but definitely did host malware in the past. In a few cases it didn’t block the URL but did eliminate the file before the download could finish.

One way or another, McAfee blocked 91 percent of the malware downloads. That’s quite good, though Norton, Trend Micro Titanium Antivirus+ 2013 , and VIPRE Internet Security 2013 all blocked 100 percent.

Next I opened a folder containing the same set of malware samples, downloaded previously. McAfee quickly wiped out nearly 90 percent of those. I also checked its reaction to a folder containing hand-modified versions of the same samples. For each sample, I changed the name, tweaked some non-executable bytes, and appended nulls to change the file size. Most antivirus products detect almost all the same files, tweaked or not. Surprisingly, McAfee missed almost two-thirds of the hand-modified files.

To complete the test, I launched the handful of samples that weren’t wiped out on sight. It identified one of them as a “Potentially Unwanted Program” and asked permission to remove it. The rest installed without hindrance, including one rootkit-enabled keylogger. McAfee detected 89 percent of the samples and scored 8.9 points, a fraction above the current average of 8.8., Webroot has the best malware blocking score among current products with a near-perfect 9.9 points.

Rootkits are designed to resist removal, so it’s best to ensure they never get installed in the first place. Over three quarters of current products detected 100 percent of the rootkit samples, and almost half earned a perfect 10 points for rootkit blocking. McAfee detected 80 percent and scored 8.0 points for blocking installation of rootkits. See the article How We Test Malware Blocking for full details on how I test malware blocking..

McAfee AntiVirus Plus 2013 malware blocking chart

Lab Results Good, Not Great
In testing by various independent labs, McAfee earned good ratings. West Coast Labs and ICSA Labs both certify McAfee’s technology for both virus detection and virus removal; West Coast adds Platinum certification. It achieved VB100 certification in five of the last six tests by Virus Bulletin.

AV-Comparatives rated McAfee ADVANCED+, the highest rating, in a test of its ability to detect malware on demand. However, in a lengthy test of the product’s ability to defend against real-world fresh threats, McAfee earned a STANDARD rating, the lowest passing grade.

McAfee also received certification for antivirus protection under Windows 7 and Windows XP from AV-Test. A product needs to earn 11 points for certification, with six points possible for protection, repair, and usability. In the latest Windows 7 test, McAfee barely made the grade, with exactly 11 points. It scored just two points for repair (malware cleanup), which matches my experience.

While McAfee’s test scores are decent overall, top-ranked products like Bitdefender, F-Secure, and Kaspersky do much better. For more details about the independent labs that I follow, see How We Interpret Antivirus Lab Tests.

McAfee AntiVirus Plus 2013 lab tests chart

Bonus Firewall
If you can’t afford a full security suite, we recommend antivirus and firewall as a minimum level of protection. With McAfee, you get both.

I attacked a test system using port scans and other Web-based tests. McAfee correctly stealthed all ports and resisted those attacks. When I tried to disable it using techniques that could be embedded in a malicious program, it did a decent job of self-protection. I couldn’t halt its processes using Task Manager, and its Registry configuration settings are protected against external change.

However, McAfee’s protection doesn’t extend to all of its essential services. I easily disabled eight of its essential services; it protected the other four. The main window still reported “Your computer is secure,” but attempting tasks like launching a scan triggered error messages. I’d like to see it protect all essential services, not just some.

In its default “Smart Access” mode, the firewall automatically configures Internet access for all programs, determining whether they’re allowed incoming and outgoing connections. For programs that aren’t at the top trust level, it enables the new NetGuard technology. NetGuard works to contain ‘bots and other network-centric threats by blocking access to risky Internet addresses.

The 2013 edition is supposed to have improved protection against malware that tries to evade program control by manipulating or masquerading as a trusted program. Leak test utilities demonstrate these evasion techniques without adding a malicious payload. When I ran ten leak test utilities, McAfee detected exactly one. Since it was not malicious, the firewall allowed it to access the Internet.

High-end firewalls do their best to block exploits, Web-based attacks that take advantage of vulnerabilities in Windows, the browser, or other applications. When I attacked the McAfee test system using the Core IMPACT penetration tool, it detected roughly a third of the exploits. Norton Antivirus doesn’t include a full firewall, but its exploit protection blocked every single attack at the network level, before any of them even reached the test system.

While McAfee’s firewall isn’t as powerful as what you’d get with Norton Internet Security (2013) or Kaspersky Internet Security (2013) , it still does a good job. It’s a definite bonus.

SiteAdvisor Better Than Ever
The SiteAdvisor toolbar, installed along with McAfee AntiVirus, rates websites and search results as good, iffy, or dangerous. Purchased by McAfee some years ago, SiteAdvisor was among the first Web reputation toolbars. I’ve always been impressed with the level of detail SiteAdvisor provides about why it rates a site as dangerous. With the 2013 product line, McAfee has raised the bar with new features and improved protection against phishing sites.

There’s a whole category of Facebook malware that works by convincing you to click on what seems to be an interesting link. In some cases, clicking that link on a friend’s page will allow the malware to post a similar status on your own page. Other times the link leads to a drive-by download that will install full-scale malware. New in the 2013 edition, SiteAdvisor marks up links found on your social networking pages, not just in search results.

SiteAdvisor gauges a site’s safety using several measures. Hosting malware is definitely a no-no, but sending a lot of spam will also drag down its reputation. A site that links to numerous dangerous sites is likely dangerous itself. Processing all of these criteria can take time, especially the test for a spammy site.

Phishing sites, sites that try to trick you into giving up security credentials or other private data, don’t exist long enough for SiteAdvisor’s standard analysis. Their owners take them down within days or even hours. In the past, SiteAdvisor hasn’t scored well at all on my antiphishing test. Last year its detection rate was 45 percent behind Norton’s.

This year McAfee promised improved phishing protection, and they totally delivered. When tested using real-world extremely new phishing sites, McAfee’s detection rate was 4 percent better than Norton’s, making it the only current product to beat the consistent phishing champion.

Most security suites promise phishing protection, but few deliver. Two thirds of current products don’t even protect as well as Internet Explorer 8′s built-in SmartScreen Filter. I’m very impressed with the new, improved SiteAdvisor. For information on how I obtain super-fresh samples and perform this test, see How We Test Antiphishing.

McAfee AntiVirus Plus 2013 antiphishing chart

Still More Bonus Features
That firewall isn’t the only bonus you get with McAfee AntiVirus Plus—there’s a lot of “Plus” here. If you’ve got McAfee products installed on multiple computers in your home network, you can use the My Home Network feature to track security status for all of them from one computer. If there’s a problem, in many cases you can fix it remotely.

McAfee’s QuickClean works to improve system performance by getting rid of useless files. It can also clear away browser traces that might allow someone to snoop on where you’ve been surfing. While it can also clear out the deleted and sent items folders in popular email clients, these options are disabled by default. If you really want to, you can view the junk files it found before proceeding with deletion.

As you probably know, deleting a file in Windows just sends it to the Recycle Bin, where a snoop could find it. Even if you empty the Recycle Bin, the file’s data remains on disk until overwritten. If forensic recovery of a sensitive file might cause you problems, just right-click the file and use McAfee’s shredder to securely and irreversibly delete it.

New in this edition, McAfee will scan for security vulnerabilities in Windows and other programs. After running a vulnerability scan, you can view what was found and allow McAfee to install necessary updates.

If you’re the type who really likes to know what’s going on, you’ll appreciate the Traffic Monitor page. Here you can view a graph of incoming and outgoing network traffic, either for the system overall or for specific programs. There’s also a pie chart to show you the programs that are using the biggest amounts of bandwidth.

The Navigation Center offers links to other informative McAfee resources. You can bring up the interactive threat map and drill down for current information about malware and spam, or about cyber-attackers and cyber-victims. If McAfee reports that it wiped out a specific threat, you can look it up for details in the Virus Information Library. And for true security geeks, HackerWatch tracks the very latest security incidents.

A Nice Package
McAfee AntiVirus Plus 2013 offers more features than many antivirus products. Its bonus features include a firewall, a system cleaner, a vulnerability scanner, and more. The SiteAdvisor Web reputation tool now marks up links on social networking sites, and its phishing protection is simply the best.

It’s true that McAfee didn’t score all that well on my malware cleanup test, or in some of the independent lab tests. If the wealth of bonuses inspires you to install it on a system that may not be malware-free, consider running a free cleanup-only tool like Comodo Cleaning Essentials first. That should help you avoid installation nightmares like what I encountered.

Looking just at the antivirus protection itself, ignoring the bonuses, it’s clear that you can do better than McAfee. Norton AntiVirus (2013) would be a better choice, as would Webroot SecureAnywhere Antivirus 2013; both have earned Editors’ Choice status. For that matter, AVG Anti-Virus FREE 2013, our Editors’ Choice for free antivirus, outperformed McAfee in both of my hands-on tests. You’ll have to decide for yourself what’s most important.

More Antivirus reviews:

Specifications
Tech Support Phone, chat, and email.
OS Compatibility Windows Vista, Windows XP, Windows 7
Type Business, Personal, Professional

Verdict
McAfee's developers are serious about the "Plus" in McAfee AntiVirus Plus 2013. In addition to basic antivirus functionality, it offers firewall protection, vulnerability scanning, system cleanup, and more. Its SiteAdvisor toolbar beat out all others in phishing protection. However, the core antivirus technology doesn't score as well as many in independent tests and PCMag's own tests.
Published under license from Ziff Davis, Inc., New York, All rights reserved.
Copyright © 2012 Ziff Davis, Inc