To find out if today's suites are worth the commitment, we chose ten products--a combination of new and established offerings--to run through a gauntlet of performance and usability tests (for more details, see our expanded chart).
We looked at four factors: performance (malware detection and speed), features, design (ease of use), and price. The packages ranged from $40 to $80 for first-time software purchases with a year of updates; subsequently you'll have to pay a renewal fee ($25 to $60 per year). In regard to performance, remember that security software is only as good as its last update, which can contain tweaks to its engine as well as new malware signatures. As for features, the products were relatively consistent, though some had useful add-ons.
To assess design, we looked at how simple the suites were to install, how easy their features were to find, and how well the software explained its options. We also evaluated malware warning alerts to determine whether the dialog boxes provided enough information to let you make an educated decision about what to do next. Above all, we looked at performance, determined by how well each suite detected and blocked incoming threats as well as by how effectively it cleaned up malware already on a system. We contracted with German research company AV-Test.org, which threw more than 174,000 worms, viruses, back-door programs, bots (aka zombies), spyware components, Trojan horses, and adware samples at each suite. In addition, AV-Test.org analyzed each suite's heuristics (its ability to detect as-yet-unidentified malware), as well as each firewall. We also checked how fast each could perform a full security sweep of our test system and how much running it slowed down our apps in our WorldBench 5 tests.
Though our testing was extensive, we didn't fully evaluate behavior-based detection. The Microsoft, Panda, and Zone Labs suites offer this technology, which can identify a new threat by the actions it takes (for example, if a program tries to make suspicious Registry changes). This feature can offer a viable supplement to signature-based detection, but testing it thoroughly proved too unwieldy for this review.