The line between simple antivirus and full-on security suite continues to blur, as some vendors load up entry-level antivirus tools with features more typically found in a full security suite. For example, McAfee AntiVirus Plus 2014 ($49.99 direct; $69.99 for three licenses) adds a powerful firewall and a number of useful security tools. In testing, it was better at blocking malware attacks on a clean system than at hunting down and destroying existing malware infestations.
McAfee’s large main window devotes large panels to four important functional areas: Virus and Spyware Protection, Web and Email Protection, McAfee Updates, and Your Subscription. Smaller panels represent Data Protection and Backup and PC and Home Network Tools. The display is just fractionally misleading, in that this product doesn’t actually include backup and the link to “firewall and anti-spam settings” reveals that anti-spam isn’t present either. To get those features you’ll need McAfee’s actual full-scale security suite.
A separate “navigation” view simply lists all of the product’s numerous features along with links to settings, reports, and online resources. If you know what you want to do but don’t know where to find it in the program’s user interface, this view is a godsend.
CleanBoot to the Rescue
On over half of my malware-infested test systems, my initial McAfee installation failed to complete successfully, for one reason or another. Tech support recommended that I run McAfee’s CleanBoot rescue disk, a Windows-based bootable antivirus.
For all but a couple of the problem systems, CleanBoot totally did the job. Once I got McAfee installed I ran a full scan. Interestingly, every full scan after a CleanBoot scan found nothing at all, suggesting that CleanBoot incorporates McAfee’s very latest technology. I mention this because the bootable rescue systems offered by many vendors run in retro text-only mode, and a subsequent full scan often finds traces missed by the bootable solution.
On one system, a virtual fistfight between McAfee and malware sucked up all the CPU cycles. Tech support took some very detailed diagnostic logs and, after quite a bit of back and forth, supplied a one-off solution. Another system lost all connectivity after its full scan. I supplied diagnostic files requested by tech support and they came back with a fix. Overall I give McAfee three stars for installation experience; it would have been four except for the very lengthy repair process on the CPU-impaired system.
CleanBoot seems to have exactly the malware-fighting power of the McAfee antivirus, packaged in a bootable form that doesn’t have to contend with malware running alongside it. That being the case, I’d suggest running a CleanBoot scan before any attempt to install McAfee on a system that’s’ not guaranteed clean.
Decent Malware Removal
With installation problems solved, I went on to run a full scan on each of my twelve malware-infested test systems. McAfee missed a fair number of the resident samples, and didn’t remove all the executable traces of some that it did find. In a few cases, I found a malware process still running after supposed cleanup. With a 75 percent detection rate and 5.9 points overall for cleanup, McAfee is in the middle of the pack, much as it was in last year’s test.
It did beat out Trend Micro Titanium Antivirus+ 2014 by a tenth of a point. However, Bitdefender Antivirus Plus (2014) managed 83 percent detection and 6.6 points against the same collection of samples.
Tested with my previous collection of malware, Webroot SecureAnywhere Antivirus 2013 also scored 6.6 points. Top score among that group was 7.1 points, earned by the free, cleanup-only Malwarebytes Anti-Malware 1.70.
Cleaning up the mess when malware has already invaded is clearly a tough task. For an explanation of how I set up this type of test, please see How We Test Malware Removal.
McAfee AntiVirus Plus 2014 malware removal chart
Very Good Malware Blocking
When an antivirus tool can get its processes installed and running before malware shows up, it has a much better chance of keeping the system clean. McAfee works hard to block infection at many levels, starting with the Internet, source of most malware infections.
I always check a product’s Web-based protection by trying to re-download my current malware collection. Of course, many of the URLs are either no longer valid or only sporadically active. Sometimes well over half simply return an error message. I noted with interest that McAfee blocked almost all of these URLs, even those not currently working, and blocked a few others immediately on download. One way or another, it blocked 90 percent of the URLs. Trend Micro blocked 95 percent, and Norton blocked 100 percent, but in both cases the sample set was smaller due to non-functioning URLs.
Of course, malware could enter the PC via other means. To check the next level of protection I opened a folder containing already-downloaded instances of the same samples. It took a little while, but once McAfee started grinding through it eventually eliminated almost 90 percent of them. It caught a few more when I launched the survivors. McAfee detected 92 percent of the samples and scored 9.2 points for malware blocking, which is quite good.
The best score among products tested with this same malware collection is 9.4 points, shared by AVG AntiVirus FREE 2014 and Ad-Aware Free Antivirus+ 10.5. Tested with my previous collection, Webroot earned an impressive 9.9 of 10 possible points. For a run-down on the way I test each antivirus’s malware-blocking capabilities, see How We Test Malware Blocking.
McAfee AntiVirus Plus 2014 malware blocking chart
SiteAdvisor and Phishing Protection
Powerful protection against malware-hosting websites is just one benefit of McAfee’s SiteAdvisor toolbar. For many years, SiteAdvisor has been crawling the Web, looking for sites that host malware, spew spam at visitors, or otherwise prove to be undesirable.
SiteAdvisor marks up your results on popular search websites using red, yellow, and green icons for dangerous, iffy, or safe websites. A grey icon means the site hasn’t yet been analyzed. You can click on the icon for a popup with a bit more detail, or click on the popup to view SiteAdvisor’s very detailed report. The report may show such things as what malware the site hosts, how much spam it sent (with examples) and links to known bad sites. You’ll also find that SiteAdvisor marks up links on your Facebook page.
In recent years, SiteAdvisor’s mission has expanded to include steering users away from phishing sites—fraudulent websites that attempt to steal login credentials for banks, auction sites, even online gaming sites. When tested last year, SiteAdvisor proved remarkably accurate, with a detection rate four percentage points higher than that of consistent antiphishing champ Norton.
I’m not sure what changed, but it didn’t do nearly as well this year, especially against the very newest phishing sites. Perhaps the fraudsters have just gotten smarter? This time around, McAfee’s detection rate lagged 38 percent behind Norton’s. That’s still in the top third of current programs. Note that I’ve stopped comparing products with the antiphishing built into Internet Explorer 8′s SmartScreen Filter; my testbed requires IE8, but the best phishing protection is found in IE10.
For a full explanation of how I locate potential phishing URLs, select the valid ones, and test phishing protection, see How We Test Antiphishing.
McAfee AntiVirus Plus 2014 antiphishing chart
Good Scores from Independent Labs
I like to get a sanity check for my hands-on testing by checking what sort of scores a product gets from the independent testing labs. McAfee participates with all the major labs and earns good scores overall. West Coast Labs and ICSA Labs certify it for virus detection and cleaning; West Coast goes on to award it platinum checkmark certification. In 80 percent of recent tests it earned VB100 certification from Virus Bulletin.
For the most part, those tests simply challenge each product to scan a large collection of files and identify the bad ones. They have some dynamic elements, but nothing like the read-world dynamic whole-product test performed by AV-Comparatives. This lab’s researchers continually capture the very newest malware and test how well each of twenty-odd products protects against it. Every few months they announce results. McAfee earned an ADVANCED rating in this test, a cut above the STANDARD passing grade. McAfee also earned ADVANCED in AV-Comparatives’s on-demand scanning test.
AV-Test rates antivirus products in three areas: protection against malware attack, low performance impact, and general usability (which includes low false positives). With six points possible in each category, the theoretical maximum is 18 points. To pass certification, a product needs at least 10 points and can’t score zero in any category.
McAfee averaged 13.5 points in the two latest rounds of testing. That’s good enough to pass, but others have done quite a bit better. Bitdefender took 17 points in one test and 17.5 in the other. With 16.5 and 15.5, Kaspersky Anti-Virus (2014) also performed well. To learn more about the testing labs that I follow, see How We Interpret Antivirus Lab Tests.
McAfee AntiVirus Plus 2014 lab tests chart
Most vendors reserve firewall protection for their full security suite; not McAfee. They’ve packed a powerful firewall right into the entry-level antivirus. I prodded the firewall using port scans and various other Web-based tests; it defended the test system exactly as it should.
Preventing attack from outside is one facet of a firewall’s job; the other is foiling any attempt at betrayal from within. Firewalls typically exercise control over which programs can access the Internet and the local network. Early firewalls simply reported on each program attempting a connection and asked the user to make a decision. I know, I know, it makes no sense. The user isn’t trained to make that decision!
Intelligent firewalls like those found in Norton Internet Security (2013) and Kaspersky Internet Security (2014), handle all such decisions internally. Norton configures permissions for known good programs and carefully monitors what unknowns do, taking action if an unknown proves malicious. Kaspersky rates each program’s trust level and applies progressively greater limitations as the trust level decreases.
McAfee belongs with these other brainy firewalls. In its default Smart Access mode, it consults McAfee’s Global Threat Intelligence database to make all the decisions about what sort of network permissions to give each program. If you’re a glutton for punishment, you can switch it to Monitored Access, meaning the firewall will ask you for the final decision on each new program. Even if you do choose to make the final decision yourself, the Smart Advice feature will let you know what action McAfee would recommend.
For testing, I enabled Monitored Access and launched a few guaranteed-unknown programs, verifying that McAfee popped up asking whether to let them access the Internet. Next I tried a collection of leak tests—programs designed to make an Internet connection without triggering program control. The Intrusion Detection system caught about half of them, and when I re-enabled the real-time antivirus it wiped out the rest.
Intrusion Detection also helped when I attacked the test system using exploits generated by the Core Impact penetration tool. It blocked just under 20 percent of the exploits. Real-time protection kicked in for another 10 percent, identifying and eliminating files that exploits dropped on the test system. None of the exploits actually penetrated security.
Note, though, that other antivirus products with firewall protection have done better. Trend Micro’s Firewall Booster actively blocked over half of the same exploits, and Norton blocked every single one, identifying about a fifth of them by name.
All the protection in the world won’t help if the bad guys can turn it off or disable it programmatically. I couldn’t just set “protection=off” in the Registry, as McAfee protects its Registry settings against tampering. Killing off processes with Task Manager likewise didn’t work. However, only four of McAfee’s 14 (fourteen!) services were protected; I managed to stop and disable the other ten. You’d think they’d protect them all.
I’m impressed overall with McAfee’s firewall. Norton’s antivirus includes exploit protection but not a full firewall. Trend Micro relies on Windows Firewall, adding a “firewall booster.” McAfee has actually included a full-scale intelligent firewall that rivals (or betters) what you’d get in many suites.
My Home Network
Chances are good that your household includes multiple PCs. By setting up the My Home Network feature, you can arrange to monitor and manage all of them from one central location.
When you first launch it, My Home Network displays the status of your wired or wireless network and lists all the devices it sees attached to the network. Each device gets an icon representing a PC, a router, attached storage, and so on. You’ll see a McAfee shield icon on any PCs that have McAfee installed. Once you establish trust by entering the same password on each McAfee-equipped PC, you’ve enabled remote monitoring and configuration.
The remote management is designed for real computers on a real network; I couldn’t quite get it configured to connect my virtual PCs on a virtual network. I can see this as a very useful feature, though, more so than Norton’s monitor-only equivalent.
More Bonus Tools
Most people know that when you delete a file it just goes to the Recycle Bin, and even if you delete it permanently, the data is still lying around on disk until some other file overwrites it. Forensic recovery tools can often get back a deleted file, so if you want to delete a super-secret file beyond the possibility of recovery you need help.
McAfee’s Shredder will securely delete everything in the Recycle Bin, in Temporary Internet Files, or in any folder you choose. You can choose five levels of security, from Quick to Complete. Each level overwrites the file’s data more times than the previous before deleting it, and hence takes more time. Most users should be fine with the default Basic level.
The QuickClean component will scan your computer for unnecessary files that just waste space. These include temporary files, broken shortcuts, and lost file fragments, among others. You can optionally set it to delete useless and erroneous Registry entries. For privacy, QuickClean can wipe your browsing history, and even clear sent and deleted items from certain email clients.
When the scan is complete, QuickClean lets you view what was found. You can cancel the cleanup at this point, if desired, but you can’t pick and choose which items will be cleaned, nor can you reverse the process if it somehow cleans more than it should.
Many modern malware attacks specifically target known vulnerabilities in Windows or in popular programs like Microsoft Word or Adobe Flash. McAfee’s vulnerability scanner checks your operating system and applications to identify and install any missing security updates.
Want to learn more about security and security threats? From the Navigation page you can quickly view a report on recent security activity. This page also offers links to McAfee’s online virus information library, an interactive Threat Map, and the HackerWatch hack-tracking website.
A Wide-Ranging Solution
With phishing protection and a top-notch firewall joined to essential antivirus protection, McAfee AntiVirus Plus 2014 could serve as a bare-bones security suite (as long as you don’t need parental control or spam filtering). Its collection of bonus tools like QuickClean, shredder, and My Home Network just make it seem more suite-like.
McAfee did earn an excellent score in my malware-blocking test, but other products have rated better with the independent labs. Bitdefender Antivirus Plus (2014) in particular earns excellent marks from the independent labs, while McAfee’s scores are only good. Webroot SecureAnywhere Antivirus 2013 is almost impossibly small and aced our hands-on malware blocking test. And Norton AntiVirus (2014) protects against malware and other threats at many, many different levels. These three are our current Editors’ Choice products for antivirus, but if you prefer McAfee’s feature set, go ahead and use it.
Copyright © 2012 Ziff Davis, Inc