Focus on Devices
The Windows product hasn’t visibly changed much since last year. Its large main window displays your security status and offers access to important components. As before, you can click the Navigation link for a simple list-style view of all available features, with links. However, this main window is no longer the product’s home screen.
When you click the Home icon, you see a page representing all of your security installations, with the device you’re using at the top. When you click the button to protect more devices, it generates an email message with links for the Windows, Mac, and mobile versions. For all platforms except iOS, it automates linking the new installation with your account; iOS requires you to enter a (supplied) activation code.
Another button launches a search of your network, locating devices that you could protect, but that don’t yet have McAfee software installed. McAfee makes it really, really easy to install protection on every device you own.
Your other protected devices show up on this page, and you can click to view their status or, for mobile devices, their location. If one device’s settings aren’t right, you’ll see it here, but you can’t reach out and, for example, turn on a turned-off malware scanner.
McAfee AntiVirus Plus (2016) Devices
Very Good Lab Results
McAfee participates in testing with almost all of the labs I follow, and its scores range from good to excellent. The company stopped participating in tests by Virus Bulletin some years back, but ICSA Labs and West Coast Labs both certify McAfee’s technology (though not this specific product) for malware detection and removal.
The maximum possible score in AV-Test Institute’s three-part evaluation is 18 points. McAfee managed 17.5, losing a half-point in the performance category. In the basic malware-detection test by AV-Comparatives, McAfee took an Advanced+ rating, the best rating, and also earned Advanced+ in the performance test. This lab’s whole-product dynamic test aims to exercise all elements of a security product’s protection. McAfee would have gained Advanced certification in that test, but false positives pulled it down to Standard.
McAfee AntiVirus Plus (2016) Lab Tests Chart
Researchers at Dennis Technology Labs capture real-world malicious websites and use playback technology to challenge antivirus tools with the exact same attack. It’s a grueling process that takes weeks. Products can earn certification at many levels, AAA, AA, A, B, or C; McAfee took AA certification.
McAfee’s test scores beat out most of the competition. Bitdefender Antivirus Plus 2016$29.96 at BitDefender and Kaspersky Anti-Virus (2016)£29.99 at Kaspersky UK are among the few that have done even better in independent lab tests.
See How We Interpret Antivirus Lab Tests
McAfee’s lab test results are very good, but I also like to see for myself exactly how each product handles keeping a system free of malware. For one simple test, I start by opening a folder of malware samples. McAfee picked off 86 percent of those samples almost immediately. In a couple cases, it identified the sample as “Potentially Unwanted,” and asked my permission before removing it.
I keep a second set of samples, hand-modified versions of the main set. I change the filename for each, append nulls to change the file size, and tweak a few non-executable bytes. When I opened the folder containing these tweaked samples, McAfee failed to recognize almost half of those whose originals it deleted on sight, which is a bit surprising. Quite a few products I’ve tested in this way are unfazed by my simple tweaks.
McAfee AntiVirus Plus (2016) Malware Blocking Chart
Next, I launched the few samples that survived the initial purge, giving the antivirus a chance to detect and eliminate them as they try to install. Overall, it detected 89 percent of the samples and earned 8.8 of 10 possible points. Those are precisely the same scores achieved by Kaspersky and Panda Free Antivirus (2016)Free at Panda Security in this test.
McAfee AntiVirus Plus (2016) Main Window
Of all the products tested using exactly the same sample set, Bitdefender has done best, with 93 percent detection and 9.3 points. In the previous round of testing, with a different sample set, Webroot SecureAnywhere Antivirus (2015)$19.99 at Webroot managed a perfect 10 points.
McAfee’s WebAdvisor builds on the foundation of the venerable SiteAdvisor, and it showed its strength in my malicious URL blocking test. When I tried to browse to very new malware-hosting URLs supplied by MRG-Effitas, McAfee’s download checker reported “Woah, that download is dangerous!” for almost all of them. A handful got past that stage but were picked off by the regular real-time antivirus.
With 91 percent protection, McAfee displaces Trend Micro Antivirus+ Security 2016£19.95 at Trend Micro UK as the top scorer in this test. That’s especially impressive given that the current average is just 39 percent protection.
See How We Test Malware Blocking
Phishing Protection and More
The WebAdvisor component also did a great job steering the browser away from phishing sites, fraudulent sites that try to steal login credentials. Like all the best antiphishing products, it doesn’t just rely on a blacklist. It actively checks pages for signs of phishing. In my testing, I would occasionally see a page start to load, only to be replaced by a very clear warning that the site “may try to steal your information.”
For this test, I repeatedly gather URLs that have been reported as fraudulent but not yet verified and blacklisted. I launch each URL in five browsers simultaneously, one protected by Symantec Norton Security£34.85 at Amazon, one by the product under testing, and one apiece using only the built-in protection of Chrome, Firefox, and Internet Explorer.
Once I had gathered data for 100 verified fraudulent URLs, I compared the detection rates. I use Norton as a touchstone, because it’s been a reliable top performer for years. McAfee’s detection rate lagged just 2 percent behind Norton’s, meaning it beat out almost every other product. Kaspersky came in just 1 percent behind, and Bitdefender actually beat Norton by 2 percent. The worst performers fall significantly behind the browsers’ built-in protection; McAfee outscored all three.
WebAdvisor does mark up search results and social media pages to flag dangerous links, but it’s more than just a better SiteAdvisor. As noted, it checks all downloads for malware. It also warns about risky behaviors such as going online with the real-time antivirus turned off. It’s an impressive enhancement to McAfee’s product line.
McAfee AntiVirus Plus (2016) Antiphishing Chart
See How We Test Antiphishing
Given that modern Windows versions include a firewall that’s effective at blocking outside hack attacks, some vendors have dropped firewall protection from their full-bore security suites. McAfee skews the other way, including firewall protection in the basic antivirus. You’ll also find firewall protection in Webroot and Panda Antivirus Pro 2016$43.99 at Panda Security, and naturally in Check Point ZoneAlarm Free Antivirus + Firewall 2016Free at ZoneAlarm.
When I hit the firewall with a host of port scans and other Web-based tests, McAfee totally did its job. It put all ports in stealth mode, so there not even visible to outside attackers. Of course, Windows Firewall does that too; this test is only significant if the third-party firewall fails.
McAfee AntiVirus Plus (2016) Firewall
Early personal firewalls were notorious for inundating the user with confusing popup queries about what Internet and network permissions each new program should receive. McAfee’s Traffic Controller defaults to Smart Access mode, meaning it makes its own decisions about application permissions. For testing purposes, I need to see what the firewall is doing, so I set it to Monitored Access. It correctly recognized my hand-written browser as an unknown and popped up a large window to let me block access, allow it once, or allow it always.
Leak test programs exercise sneaky techniques used by malware to evade this kind of program control. I turned off the antivirus component and tried a collection of leak tests, with unclear results. One failed to function, with no notice from the firewall. Another got nabbed as a Trojan, even though real-time protection was turned off. I didn’t actually see the firewall detect leak test activity.
Exploit attacks attempt to compromise your security using security holes in Windows, the browser, or popular applications. They’ll typically fail on a fully patched system, but some firewalls block them at the network level regardless. Norton in particular fends off such attacks at the network level.
I attacked the McAfee test system with about 30 exploits generated by the CORE Impact penetration tool. It didn’t block them at the network level, but it wiped out the malicious payload for a third of them, identifying most by name.
When I tried to disable McAfee’s protection by tweaking settings in the Registry, I found that it protected its settings against changes. I tried to terminate its 11 processes, but got “Access Denied” for all but one. Then I took aim at McAfee’s 13 essential Windows services. I managed to reconfigure eight of them to be disabled at startup. Sure enough, after reboot, those eight services couldn’t function.
My McAfee contact explained that the other five services, the ones I couldn’t disable, represent the product’s core. He did admit, though, that protecting all of them would be a good idea. In any case, I was surprised to see the product reporting that “Your computer is secure” with so many components disabled.
If you dig deep, you’ll find a ton of options for firewall configuration. A feature called Net Guard lets you allow Internet access to iffy programs but deny them “risky” connections. Intrusion Detection offers additional protection against hack attacks (though it’s turned off by default). You can view all of your networks and configure them as Home, Work, Public, or Blocked. I suspect, though, that few users will actually look at these.
When you delete a file, it just goes to the Recycle Bin, where a snoop (or a cop) could find it. Even if you empty the Recycle Bin, the deleted file’s data remains on disk, potentially accessible to recovery software. McAfee’s Shredder lets you securely delete sensitive files, preventing any kind of forensic recovery.
You can right-click any file or folder and choose Shred—easy! From within the program’s main interface, you can choose to shred the Recycle Bin, the Temporary Internet Files folder, or any file or folder you choose. You can also choose how many times McAfee overwrites the file’s data before deletion. Quick, Basic, Safe, Comprehensive, and Complete shred levels overwrite data one, two, five, seven, and 10 times respectively.
Clicking My Network lets you view the devices on your network. For those that have McAfee protection installed, you can set up a trusted relationship by entering the same password on both. Once that link is established, you can monitor security status remotely, and fix problems with a click.
Quick Clean cleans up useless files and traces of your browsing history. On finishing a scan, it displays a summary of what it found. You can dig in for details, if you like, but most users will just proceed to the cleanup phase. If you like, you can set it to clean up automatically on a weekly or monthly basis.
The Vulnerability Scanner checks for missing Windows patches, and for outdated programs. Its report indicates the severity of each vulnerability, and in most cases it offers automatic installation of updates. On my test system, it found nothing to update. And yet, when I launched Chrome and checked the version, it updated itself. Firefox, too.
But wait, there’s more! On the Navigation page, you’ll find a number of useful links and features. You can view a Security Report, either a summary or the nitty-gritty details. The Threat Map offers a visual representation of current malware activity. Clicking HackerWatch takes you to a McAfee-run anti-hacker community site. On the Virus Information Library page you can view the hot threats, or look up a malware name you heard in the news.
For any Macs you own, you can install the Mac edition of McAfee Internet Security. Even though its name suggests a security suite, this product is actually less full-featured than McAfee Antivirus on Windows.
On a Mac, McAfee detects and quarantines malware in real time, scans all downloads (including email attachments), and warns about apps that lack proper Apple certificates. The firewall component prevents your Mac from connecting to risky servers and known botnets. It enhances the firewall protection built into OS X.
In Safari or Firefox (but not Chrome), McAfee’s WebAdvisor blocks access to phishing sites and other dangerous links. It can also mark up search results and social media links, flagging any that are iffy or just plain dangerous.
That’s about the extent of McAfee’s protection on a Mac. After seeing the wealth of useful features available in the PC edition, I feel a little sad for Mac users. They get protection, yes, but only the essentials.
Your McAfee AntiVirus subscription lets you install McAfee Antivirus & Security Premium on all of your Android devices. We’ll have an updated full review of the Android product soon.
McAfee naturally scans for Android malware on demand, and it automatically scans new apps. It also rates the privacy risk level for all of your apps. You can tap an app to see just what privacy-related permissions it requires, and also see any related ad libraries. McAfee also lets you lock any app with a PIN. If you share your device, perhaps with a child, you can define profiles that show and hide apps based on who’s using the device.
McAfee AntiVirus Plus (2016) Android
Anti-theft protection includes the expected remote locate, lock, and wipe, as well as the ability to sound an alarm. These are all managed through McAfee’s online portal. If the phone is missing, you can turn on continuous tracking for one hour or six hours. Doing so will get you a map of the phone thief’s travels, at the expense of running down the battery faster.
Speaking of battery power, McAfee’s Battery Optimizer helps you make the most of what you’ve got. If you choose Extend, it shuts down apps and turns off settings that use too much power. When I tried it, it offered to shorten the screen-blank timeout, turn off Auto Sync, and turn off Wi-Fi. A bit drastic, that last! You can also choose to reduce the amount of memory in use by closing apps, and de-clutter your device by removing junk from storage.
The app can back up your contacts to online storage; you can also view them from the online portal. It offers Web Protection so you can surf safely, and warns if you connect to Wi-Fi hotspots that are encryption-free or otherwise risky. And, as with the Windows product, you can check on your protected devices and activate protection for more right from the app. A handy tab on the home screen slides out a quick overview of your security status.
Protection for iOS Devices
Apple keeps iOS locked down pretty tightly, which means it’s really difficult to write iOS malware. It’s also really hard to write iOS anti-malware, and in fact, McAfee’s iOS app doesn’t include that function.
So what do you get under iOS? McAfee backs up your contacts and makes them available to you online. From the same online portal, you can locate or wipe the device, or trigger a noisy alarm. In testing, I found that the remote control features for an iOS device didn’t work. My McAfee contacts confirmed an intermittent problem.
You can also copy photos into McAfee’s secure vault, or snap photos directly into the Vault. Nobody can view the photos in the vault without entering your 6-digit PIN. When you move photo into the Vault, McAfee reminds you to delete the unsecured originals.
That’s the extent of iOS protection. It’s not a lot. In fact, McAfee gives the iOS app away for free. The only reason to install this app from your McAfee Antivirus subscription is the ability to see and manage all your devices in one place.
A New Era?
The basic antivirus protection in McAfee AntiVirus Plus is better than ever, and, as always, it packs along a huge number of useful bonus security features. But the thing that really puts it over the top is the new pricing scheme. For not much more than some competitors charge for three licenses, or even one, McAfee gives you unlimited licenses. You can install protection on every iOS, Android, Mac OS, and Windows device you own, and manage them all centrally. Will this be the start of a new trend in licensing?
That’s enough to propel McAfee into the winners’ circle. It shares our Editors’ Choice honor with Webroot SecureAnywhere Antivirus (2015), whose beyond-tiny process uses a unique behavioral detection method, and Kaspersky Anti-Virus (2016) and Bitdefender Antivirus Plus 2016, both of which routinely take top marks in independent lab tests.