We’ve all been told that it’s smart to have antivirus software on our devices, whether on smartphones, tablets, laptops, or computers, but do we know why? What exactly does antivirus software do? And where do we start when it comes to picking antivirus software?
As the name implies, antivirus software protects devices from viruses and malware, but modern antivirus software is more than just a malware scanner. It does so much more, all in the name of protecting us from the latest cyberthreats.
In this guide, our experts will explain exactly what antivirus software does, how it works, and how to choose the right antivirus from the ocean of options available. Keep reading to learn more.
What Is Antivirus Protection?
In a nutshell, antivirus software preventatively detects, neutralizes, and then gets rid of malware. Most antivirus do that by scanning devices and comparing files with regularly updated databases of malware and viruses. However, modern antivirus solutions can also detect suspicious behaviors of files and programs to detect potential malware that is not yet in any databases.
That being said, no antivirus software is 100-percent accurate, but by keeping their databases and behavior-based detection up-to-date, the best antivirus software is your best bet against cyber attacks.
One of the first questions people ask regarding antivirus software is if antivirus is still necessary on all devices. To that, we say ‘yes.’ Although some systems are less prone to malware than others, offer protection against other types of cyberthreats. With all the dangers floating around cyberspace, that kind of protection is necessary.
For a closer look at why a specific platform needs antivirus protection, check out these guides:
Antivirus Software Features
Now that you have an idea of what antivirus protection is, let’s break down exactly how antivirus works and what it scans for.
What Does Antivirus Software Scan For?
Antivirus software scans for a few things both on-demand and on-access. While an on-access scanner, or OAS, runs in the background of your device, an on-demand scanner, or ODS, only scans when you “demand” a scan manually or schedule scans in advance. But what exactly is the software scanning for, in the first place?
Malware: Malware is an umbrella term that covers a number of different types of cyber threats, including ransomware, adware, and spyware. At its core, though, malware is designed to access people’s devices without their consent or awareness. Once they’ve gained access, malware is used to steal people’s personally identifiable information, which can be used for identity theft, or simply to mess with their settings. Malware can be in the form of computer worms, which are programs that duplicate themselves throughout a network to collapse it. Computer works can exist in email messages or attachments, which is why you should never click on unknown emails. There’s also trojan viruses, malware that’s disguised as legitimate software, just like the Trojan horse, that lets hackers access and control devices, so antivirus can stop hackers. From there, the different types of malware break down as follows:
Spyware: Spyware refers to programs that infect devices and collect the user’s information, like their bank and credit card information, names, and more. One type of spyware is keyloggers, which record keystrokes to steal credentials.
Ransomware: People aren’t the only things that can be held ransom; devices can be held ransom, as well, if hackers hijack into a computer and block access until a ransom is paid.1
Scams: There are many sorts of scams on the internet, and antivirus software doesn’t catch them all. Those that involve the use of malicious websites or attachments, however, such as those that come from junk mail, can easily be caught by the best antivirus software. Here are two types of scams in particular that most antiviruses keep an eye out for:
- Phishing: In a nutshell, phishing is a form of email fraud that occurs when emails contain malicious attachments to dangerous websites or downloads.2
- Pharming: Pharming is similar to phishing in that it involves fake websites and malicious code. However, rather than contacting users via email, pharming occurs when that malicious code is inserted directly onto a computer or server, bringing users to fake websites without them clicking anything.
Spoofing: Spoofing happens when a person pretends to be someone else to get a user’s credentials so they can access their systems, steal information and spread malware. This can be done through email, websites, texts, GPS, and other methods. Note that antivirus software doesn’t monitor for the act of impersonation itself, but rather, the malware spoofers use to infect their victims’ computers.
Remote access attacks: Next to last, remote access attacks are malicious actions that target either one or an entire network of computers. Rather than affecting the computers themselves, these attacks find the machine’s vulnerable points to view and steal data, introduce malware and viruses, and more.
Viruses: Finally, a virus is any malicious code or program that attaches itself to legitimate files or programs and corrupts data, harming the software itself.
Note: Remote access attacks are also known as remote exploit attacks.
How Antivirus Software Prevents Cyber Threats
Now that you know everything to be concerned about when it comes to cyber threats, here’s exactly how antivirus software can stop them from happening in the first place.
- Reactive file scanning: Before you open any new file, antivirus software scans it against a database of known malware.
- Complete system scans: On top of that, the software will also scan entire devices for compromised data, although this process takes much longer than scanning individual files.
- Web browsing protection: Files aren’t the only things that can contain viruses. The best antivirus software will also scan URLs and web pages for potential risks.
- Real-time prevention: Not only will antivirus software scan for threats on-demand, but it’ll also do so automatically and constantly to prevent malware from taking shape.
- Rapid infection and threat removal: If the antivirus software finds malware, it’ll quarantine the malicious files in a safe folder, letting the user review them manually.
- Threat detection rates: When it comes to antivirus software, the chance of it detecting threats is entirely dependent on its database. Each company maintains its own database of malware, which they update constantly, known as a known-threat database. The detection rate is how accurate the software labels clean files versus potential threats, taking into consideration false positives and false negatives. Companies like AV-TEST, NSS Labs and A.V Comparatives are independent and verified labs that can vouch for these rates, as they test antivirus software on multiple devices and operating systems.
How Antivirus Software Detects Cyber Threats
We know that antivirus software uses a database of malware to look out for your device, but just how does it detect threats?
- Behavior-based detection: These days, most antivirus software uses behavior-based detection in addition to signature analysis, which we detailed below. Behavior-based detection looks for code that can make changes to devices without permission, or anything that seems suspicious. Unlike signature analysis, behavior-based detection doesn’t rely solely on a database of known malware but can also detect new malware.
- Signature analysis: Signature analysis, in comparison, compares the signature or “fingerprint” of threats to their malware databases. However, if the threat isn’t already in the database, then signature analysis cannot detect it on their own, which is why so many softwares have switched to a behavior-based method.
- Heuristic-based scanning: This type of scanning detects something called “polymorphic viruses,” essentially malware with code that changes to avoid detection.
- Machine learning: In order to identify threats, machine learning processes files’ data to detect patterns using computing power.
- In-memory scanning: In-memory scanning just means that potential threats are examined after they’re already on a computer or device.
- Sandboxing: Finally, sandboxing means running new programs on a closed-off ‘sandbox’ so that if they turn out to be hiding malicious code, they can’t infect the rest of the device.
Antivirus Software Extras
Along with the main features of antivirus software, many companies bundle this software with other services, including VPNs, identity theft protection, parental controls and more. However, you may have to pay more, if the antivirus software is available on its own.
- Parental controls: Parental controls typically let parents control what their children are seeing online, what they can search, and how much they’re using certain devices.
- Firewalls or network protection: Firewalls scan not only devices for threats, but also their entire networks; these are usually bundled with antivirus software for free, although sometimes they’re included only in more advanced packages. In essence, network protection scans your network for devices and alerts you of any potential invasions.3
- Secure browser: Secure browsers differ from software to software, but at the minimum, they’ll make sure that you don’t go to any malicious websites or click on malicious attachments.
- Password manager: Password managers will store all of your usernames and passwords in an encrypted vault. They will also perform a password audit and generate new passwords for any that are old, weak or repeated.
Pro Tip: Is your password good enough to truly protect your account? Use our free password strength checker to find out.
- Encrypted cloud storage: Some packages include a finite amount of encrypted cloud storage for any type of file that contains sensitive information.
- System performance optimization: In order to boost your browsing speed and keep all of your programs up to date, some software offers optimization tools, although we generally believe that these are unnecessary to pay extra for. Instead, set your preferences to update software automatically, and manually clean out your files to clear up some space.
- Identity theft protection: Some software also offers identity theft protection, software that will scan key criminal and financial areas for your credentials. Sometimes, this program also includes identity theft insurance.
- VPN: Last but not least, VPNs are Virtual Private Networks that hide devices’ private IP addresses and encrypt their web activity, making them less susceptible to hacking. Learn more in our best VPN review.
Antivirus Software Pricing
Most antivirus companies charge for their software. The cost of antivirus depends on the software’s features, the number of devices it covers, and the length of your subscription. Based on what we’ve seen, annual subscriptions cost around $50, or roughly $4 per month. However, there are also companies that offer free antivirus software. Check out our list of the best free antivirus to learn more about their features, limitations, and whether or not a free antivirus software will work for you.
In the table below, you’ll see how much a year-long subscription to the most popular antivirus software costs. We also included links to our review and pricing pages for each, where we go into detail about what these antivirus subscriptions include.
|Antivirus reviews||Antivirus pricing pages||Price range for a one-year subscription|
|Malwarebytes review||Malwarebytes pricing||$59.99 – $99.99|
|AVG antivirus review||AVG pricing||$39.48 – $42.48|
|Norton antivirus review||Norton pricing||$19.99 – $39.99|
|Vipre antivirus review||Vipre pricing||$32.99 – $52.99|
|Bitdefender antivirus review||Bitdefender pricing||$29.99 – $44.99|
|Trend Micro review||Trend Micro pricing||$29.95 – $69.95|
|Webroot review||Webroot pricing||$23.99 – $65.98|
|Avast antivirus review||Avast pricing||$34.68 – $44.28|
|ESET review||ESET pricing||$39.99 – $149.99|
|McAfee review||McAfee pricing||$39.99 – $89.99|
|Kaspersky review||Kaspersky pricing||$26.99 – $56.99|
How We Test Antivirus Software
There’s only one way to truly test antivirus software, and that is to infect your device with malware and see if the antivirus is capable of detecting it. That is risky, of course, which is why our team of cybersecurity experts devised a method to safely test antivirus software on our computers. We also draw results from reputable third-party testing institutions.
- Malware: To see how well the software detected malware, we use test results from AV-TEST, which displays results for the most “widespread and prevalent” malware in terms of a percentage detected.
- Viruses: We test out the virus detection ourselves using five different file types that contain viruses, which we download but do not open. Then, we run the software’s full device scan to see how many of the viruses it detected, which we compare to the results of over 40 other softwares.
While antivirus software can appear intimidating and confusing, it’s actually a lot less complicated than you probably make it out to be (and our antivirus how to pages can help you along the way). Plus, once you download the software and turn on automatic scans, there’s very little work that you’ll have to do in terms of upkeep, making antivirus software fall into the “set it and forget it” variety of services. As long as you don’t turn off antivirus, you’ll be protected.
Frequently Asked Questions
Still have some important questions regarding antivirus software in general? We’re happy to answer your questions.
What is the best free antivirus?
The best free antivirus software is AVG. Its free plan covers one Mac and detects spyware, ransomware, malware, viruses, and unsafe downloads, attachments and links. It also scans networks for threats.
Is it worth paying for virus protection?
It is worth paying for virus protection if you want coverage on all of your devices and detection for things like phishing. Usually, free subscriptions have some limits compared to paid versions, such as on the amount of devices connected or the types of threats detected.
What is the best antivirus for Windows 10?
The best antivirus software for Windows 10 is Trend Micro, which costs either $29.95 for one year or $59.90 for two years. The software scans your device for malicious behaviors and has a firewall booster as well.
Does Windows 10 come with virus protection?
Windows 10 does come with virus protection in the form of Windows Security Microsoft Defender Antivirus, built into their devices from the start .The software scans your computer for malware, security threats and viruses and updates itself automatically with the latest threat prevention. However, if you want to use a different antivirus software, Microsoft Defender Antivirus will be shut down automatically.
BBVA. (2019). Antivirus software guide: what are they for and how to use them.
Indiana University. (2020). About spam.
Kaspersky. (2020). What to Look for In an Antivirus Software: Choosing Protection for an Android, Mac or Windows System.