When your PC is possessed by diabolical malware, you may feel the only hope for salvation is exorcism by a tough antivirus program. Thirtyseven4 Antivirus 2013 ($29.95 per year direct; $59.95 for three licenses) would seem a likely choice. After all, the company’s mission is to “glorify God by using the gifts He has given us [and] … provide the most secure product line available to our customers at fair and honest prices.” Alas, my tests show that in this battle of Good against Evil, the wrong side wins.
It wasn’t for lack of trying on Thirtyseven4′s part. In addition to the basic antivirus scanner, the product includes separate scanners for rootkits and general malware, as well as a boot-time scanner that runs before Windows has fully started. The company’s website also offers a number of free tools for wiping out rogue antivirus programs and other specific types of malware.
During the install process, Thirtyseven4 runs a scan for active malware. On ten of my 12 malware-infested test systems it found and neutralized malware. This allowed the installation to continue, although one system needed to reboot first.
One of my test systems is restricted to running in Safe Mode, because ransomware takes over regular Windows. Thirtyseven4 won’t install in Safe Mode, so tech support advised me to download and run their Rogue Remover utility. Rogue Remover wiped out the ransomware and allowed for full installation.
The install process did seem to take rather longer than most, and the mandatory Quick Update after installation was anything but quick. However, the experience was much better than spending hours on phone and live chat with tech support, as I did with McAfee AntiVirus Plus 2013.
The full scan wiped out a couple of important Windows files on one test system. That missing file disabled many programs including my browsers and Thirtyseven4 itself. Tech support recommended using System Restore to go back before the problem occurred, or recover from the original Windows disk. Like many real-world users, I don’t have a Windows disk, though. And to save space my virtual machines have System Restore disabled. Fortunately their other suggestion, copying the missing file from another system with the exact same Windows version, saved the day.
Full cleanup on another system wiped out an infected keyboard driver, which made working with the system rather awkward. I solved that one by using Device Manager to uninstall and then “rediscover” the keyboard. While either of these problems might have vexed Joe User, solving them wasn’t too difficult. I’ve had much bigger collateral damage problems with other antivirus products.
Four Scans, Poor Results
With Thirtyseven4 installed, I launched a basic full scan on all twelve systems. Just for my own information, I recorded what the product’s score would have been at this point. Then I went on to run the rootkit scan, the malware scan, and the boot-time scan on each of the twelve systems.
Yes, getting through all the scans took quite a while. On my standard clean test system, the basic antivirus scan took 20 minutes and the rootkit and boot-time scans each took 15 minutes. Add about one minute for the antimalware scan and you get 51 minutes. That’s a good bit longer than the current average of less than 30 minutes, and there’s a lot more hands-on work from the user needed.
Running the additional scans did pay off. The rootkit scan found one sample and the antimalware scan found three. The boot-time scan detected some samples that other scans had missed and also cleaned up more traces of some already-found scans.
After four different scans, you might expect an impressive score. You’d be disappointed. Thirtyseven4 detected 66 percent of the threats and scored 4.6 points. That’s well below the current average of 5.4 and way below the top score of 6.6 points, shared by Norton AntiVirus (2013) and Webroot SecureAnywhere Antivirus 2013.
Despite including a separate scanner specifically aimed at detecting and removing rootkits, Thirtyseven4 didn’t handle my rootkit samples very well. Between the various scans it detected 60 percent of the rootkit threats and scored 5.8 points. On the plus side, it did a good job cleaning up those that it managed to detect. However, almost a third of products tested with this same sample set detected 100 percent of them. Kaspersky Anti-Virus (2013) earned the top score for rootkit removal, 9.4 points. FixMeStick 2013 came close, with 9.2 points.
Checking my notes, I found that without the additional scans this antivirus would have scored 3.5 points for malware removal overall and 2.2 points specifically for removal of rootkits. There’s no getting around it—for full security you need to run all of the scans.
For a full explanation of my malware removal test, see How We Test Malware Removal.
Thirtyseven4 Antivirus 2013 malware removal chart
Better Malware Blocking
Thirtyseven4 includes browsing protection, to help you avoid dangerous websites. In testing, I observed it blocking a Trojan from communicating with its home base, so I know it works. However, when I tried to re-download my current malware collection it didn’t block any of the URLs directly. It did manage to block 67 percent during the download process. That’s decent, but F-Secure Anti-Virus 2013 blocked 90 percent and McAfee got 91 percent.
When I opened a folder containing those same samples, downloaded previously, the realtime protection component of Thirtyseven4 eliminated over three quarters of them immediately. Interestingly, when confronted with a folder containing hand-modified version of the same threats it recognized on sight, Thirtyseven4 missed 44 percent of them. I didn’t change the files much, just changed the name, appended nulls to change the file size, and tweaked a few non-executable bytes. This might indicate an antivirus engine whose signatures are too strict.
In general, Thirtyseven4 seemed to recognize malware samples immediately on sight or not at all. When I launched those that survived the initial culling, it just detected two, and one of those managed to install and run despite the antivirus’s resistance. In all, Thirtyseven4 detected 82 percent of the threats and scored 8.0 points for malware blocking. Only two recent products scored lower, AhnLab V3 Click and Anvi Smart Defender. At the other end of the scale, Webroot scored a near-perfect 9.9 points.
Thirtyseven4 also scored 8.0 points for rootkit blocking, the best score possible with a detection rate of 80 percent. Nearly three quarters of current products detected 100 percent, though, and over a third scored a perfect 10 in the rootkit blocking test. For a full run-down on my testing technique, see see How We Test Malware Blocking.
Thirtyseven4 Antivirus 2013 malware blocking chart
Little Help from the Labs
None of the independent antivirus labs include Thirtyseven4 in their testing, but some do test Quick Heal, the partner that supplies Thirtyseven4′s antivirus engine. Both West Coast Labs and ICSA Labs certify Quick Heal for virus detection; West Coast also certifies it for virus removal. In the last ten Virus Bulletin tests, Quick Heal achieved the VB100 rating seven times.
I always like to see results from AV-Test and AV-Comparatives, as their tests cover a broader range of antivirus functions. The AV-Comparatives real-world dynamic test is a particular favorite of mine. Unfortunately, they can only test so many products, and neither includes Quick Heal.
Firewall, Of Sorts
Thirtyseven4 nominally includes a firewall, but it’s not the kind of firewall I usually see. It doesn’t stealth all system ports, and it doesn’t attempt to control how programs can access the network or Internet. There are no settings beyond the main on/off switch.
So what does it do? According to the company, it “blocks intruder events and programs that attempt to exploit various vulnerabilities.” When I ran my port scans and other Web-based tests, though, I didn’t see any active protection by the firewall.
To check how well it protects against exploits, I attacked the test system with 30 exploits generated by the Core IMPACT penetration tool. On the plus side, when it did detect an exploit it clearly identified the attack by name. However, of the 30 exploits it only detected five. None of the others managed to penetrate security—a successful exploit depends on hitting exactly the right version of the victim software. By contrast, Norton (the antivirus, not the suite) detected all of the exploits I threw at it, blocking them at the network level so no attacking files ever reached the test system.
Fortunately, this firewall protection is just a bonus, not the central function of the program. It certainly doesn’t hurt anything. Just don’t turn off Windows Firewall.
Other Bonus Features
The program’s Tools page contains a wide assortment of useful, security-related tools. It’s where you go to find the rootkit and malware scans, or to create a bootable emergency disk. You’ll also find a “Track Cleaner” that will wipe out traces of your computer and browser usage, to preserve your privacy.
Modern malware often tweaks system settings to cause trouble for anybody trying to study or remove it. You may find that REGEDIT won’t launch, for example, or that Command Prompt has been disabled. The Hijack Restore function resets a wide variety of system and security settings to safe, default values.
Much like the USB Vaccine feature found in Panda Antivirus Pro 2013, Thirtyseven4′s USB Drive Protection protects any USB drive’s autorun capability from manipulation by malware. This protection travels with the USB drive, so once you’ve protected a drive you can use it anywhere.
For those who really need to dig into the nitty-gritty, Windows Spy will display all kinds of details about any window on the screen. Just drag the special cursor and drop it onto the window you want to analyze. System Explorer goes deeper, with details about running processes, IE toolbars, startup programs, and more. Unless you’re truly an expert you should leave these tools alone.
Make Another Choice
Once you get past the attractive user interface, there’s not a lot to like about Thirtyseven4. It takes longer to install than many, though its preinstall scan did manage to head off most problems. Scanning is a lengthy, four-part process, and you really must run all four scans. Even with four scans, it did a poor job in my malware cleanup test, and its malware blocking results weren’t much better. All the bonus features in the world don’t matter if the main job isn’t getting done.
Bitdefender Antivirus Plus 2013, Norton AntiVirus (2013), and Webroot SecureAnywhere Antivirus 2013 all cost $10 more than Thirtyseven4. They’re also all PCMag Editors’ Choice antivirus tools. If you can’t afford to spend that extra $10, consider AVG Anti-Virus FREE 2013, which also outperforms Thirtyseven4.
More Antivirus reviews:
|Tech Support||Free phone support during US business hours.|
|OS Compatibility||Windows Vista, Windows XP, Windows 7, Windows 8|
|Type||Business, Personal, Professional|
Copyright © 2012 Ziff Davis, Inc