Going without antivirus protection is just asking for trouble.
You could pick up a nasty virus, have your bank accounts hacked by a trojan, or find your important documents locked by ransomware.
Setting up antivirus protection is a must, but you don’t have to stop there.
A full-scale security suite offers protection on many other levels.
Kaspersky Internet Security takes an award-winning antivirus and adds firewall, spam filtering, parental control, a VPN, and more.
Furthermore, all these security components do their jobs well.
This suite lists at $79.99 per year for three licenses or $89.99 for five licenses.
First-time users can often get a significant discount.
You can use your licenses to protect Windows, macOS, or Android devices.
Norton 360 Deluxe costs $99.99 per year for five cross-platform licenses, but that also includes five no-limits VPN licenses.
With Kaspersky, you pay $4.99 per month or $29.99 per year to remove the VPN's limitations.
At $119.99 per year, McAfee Total Protection looks quite expensive by comparison.
However, that subscription lets you install McAfee security on every Android, iOS, macOS, and Windows device in your household.
Kaspersky's spacious main window features a big status banner across the top.
If there's a configuration problem it offers a link to set things right; if not, it may still have some recommendations.
There are six big button panels labeled Scan, Database Update, Safe Money, Privacy Protection, Protection for kids, and My Kaspersky.
Below these is a button to bring up a menu of more tools, and a gear icon at bottom left to open Settings.
Features Shared With Free Protection
This suite overlaps most security features found in Kaspersky Security Cloud Free, though the free product models itself on Kaspersky Security Cloud, not on this suite or on the commercial Kaspersky Anti-Virus.
I'll summarize the security features shared with Kaspersky Free here.
Please read that review for full details.
All four of the independent antivirus testing labs I follow include Kaspersky in their regular reports.
In the latest set of reports, Kaspersky earned perfect or near-perfect scores in every test.
My aggregate score algorithm gives Kaspersky an overall lab rating of 9.7, with 10 being the maximum possible.
Bitdefender Internet Security did even better, with 9.9 points, though only three of the four labs included it in their latest reports.
The System Watcher behavioral detection component aims to catch malware, including ransomware, that gets past other protective layers.
For testing, I turned off the regular antivirus protection and hit the test system with a dozen real-world ransomware samples.
System Watcher only missed one, a simple screen-locker ransomware, and that sample caved to Kaspersky’s dedicated lock-breaker keystroke.
Kaspersky took 9.3 of 10 possible points in my hands-on malware protection test, a score that’s good, but not great.
However, when my results don't jibe with the labs, I defer to the work of the dozens of dedicated researchers in the labs.
Webroot detected 100 percent of these samples and scored a perfect 10 points.
G Data Internet Security took second place among products tested with my current malware collection, earning 9.8 points.
Tested with my previous malware collection, Malwarebytes, Sophos, and Windows Defender also took 9.8 points.
When I challenged Kaspersky to protect against malware downloads from a hundred recently discovered malware-hosting URLs, it either blocked access to the URL or eliminated the download 81 percent of the time.
That’s a so-so score; it did better last time around.
In their own latest tests, McAfee, Sophos, and Vipre all managed 100 percent protection, while Bitdefender, Trend Micro Internet Security, and several others managed 99 percent protection.
In my last review, Kaspersky's Web Anti-Virus component proved adept at detecting phishing frauds.
It managed 100 percent detection in my hands-on antiphishing test, and the macOS product matched that score.
This time around, the score was markedly lower, with different detections by the Windows and macOS products.
That was enough of an anomaly that I ran the test again, yielding a better score for Windows, 96 percent detection.
Trend Micro scored 100 percent in its last phishing test, and a half-dozen others did better than Kaspersky.
All of Kaspersky's security products come with a free, bandwidth-limited edition of the Kaspersky Secure Connection VPN.
You can use 200MB of bandwidth per day on each device, or 300MB if you’re logged in to My Kaspersky.
At the free level, you don’t get to choose the server location—the VPN make that choice for you.
Bitdefender’s products offer a limited VPN that’s extremely similar.
And no wonder, as both are powered by Hotspot Shield, our current winner for fastest VPN.
If you want to lift the bandwidth cap and take control of which VPN server you use, you must pay Kaspersky an extra $4.99 per month.
Other bonus features include an on-screen keyboard to foil keyloggers and a markup system to flag dangerous links in search results.
Clicking More Tools brings up pages of additional tools, many of which are not available to users of the free edition.
Among the tools that don't require a premium purchase are a file shredder, a rescue disk, a simple vulnerability scan, and several tools designed to clean and optimize your PC.
Kaspersky Anti-Virus also overlaps the free edition’s features.
The big plus to paying for it is that you get full-scale tech support, via phone or live chat.
Users of the free edition must rely on FAQs and forums.
If you ever run into trouble, that live chat support can be a lifesaver.
See How We Test Security Software
Safe Money
Kaspersky’s free utility marks quite a few features with a shield icon, indicating that these are reserved for paying customers.
Among these is Safe Money.
When you navigate to a banking site or other sensitive website, Kaspersky offers to open that site in the Safe Money protected browser.
By default, once you've accepted that offer, it always opens that site in the protected browser.
Bitdefender's Safepay feature works in much the same way.
A green border around the browser, along with a semi-transparent overlay notice, reminds you that you're in this special, protected mode, in a browser that's isolated from other processes.
It even foils screen-scraping spy programs.
You can open the notification area icon's menu and choose from a list of sites you've visited with Safe Money, to quickly revisit any of them.
Firewall and Application Control
The earliest personal firewalls developed (and deserved) a reputation for bombarding the user with incomprehensible queries.
“NatashaFatale.exe wants to connect to IP address 2606:4700::6811:6563 using port 8080.
Allow / Block? Once / Always?” Most users lack the knowledge to answer that question with confidence.
Some users always click Allow.
Others always click Block, until doing so causes a problem, at which point they switch to Allow.
Kaspersky cuts the uninformed user out of that interaction, handling application control internally.
Using data from the Kaspersky Security Network database, the application control system flags each application as Trusted, Low Restricted, High Restricted, or Untrusted.
Untrusted apps simply don't get to run.
Others that aren't in the Trusted category can run, but with limited access to sensitive system areas.
It's not uncommon for application installers to bundle additional products, items you didn't request.
As part of its job, Application Manager automatically clears checkboxes offering additional software and suppresses installation steps that include ads or bundled items.
It works something like the Bundle Protection feature in Reason Core Security.
Of course, a firewall also must protect your system against attack from the internet.
To check that feature, I hit the test system with about 30 exploits generated by the CORE Impact penetration tool.
Kaspersky detected and blocked 84 percent of the exploits, identifying about a quarter of those using the official CVE tracking number.
Even the missed exploits didn't breach security, since the test system has all security patches, but it's good to see that Kaspersky is on the alert for such attacks.
In its own recent test, Bitdefender detected 74 percent of the exploits, which is still better than almost all competitors.
Norton 360 Deluxe routinely scores in the mid-80s, but Kaspersky seems to be catching up.
I did observe that in every case the Web Anti-Virus component took credit for the catch, not the Network Attack Blocker.
Your security protection is worthless if a malicious program or script can turn it off.
Kaspersky's self-defense proved effective when I attacked it using potential malware code techniques.
There's nothing significant exposed in the Registry.
I couldn't just set Security Enabled to False.
I couldn’t kill its two core processes, nor the two Safe Kids processes.
I did succeed in terminating the VPN, but it came right back.
Digging into Kaspersky’s essential Windows services, I managed to disable the password manager and VPN.
However, trying to do the same to the antivirus and other protective services just got an Access Denied message.
Of course, a malicious program couldn't even try these attacks without getting past every other layer of protection.
While not precisely part of firewall protection, the Network Monitor component gives tech-savvy users insight into just what applications are using bandwidth.
A live graph charts overall inbound and outbound traffic, and a list of actively connected programs breaks down that usage, showing who's using what.
If you turn it on and find it baffling, don’t worry.
You can safely ignore it.
Some Features Removed
Kaspersky’s security products have been around for many, many years.
Over the years they accrete new security features.
And from time to time, Kaspersky removes dated and little-used technologies.
One such is Trusted Application Mode, which used to show up in the Manage Applications page of Tools.
I mentioned that Kaspersky flags applications by trust level and puts limits on those that are anything but fully trusted.
In Trusted Applications Mode, any app with a less-than-perfect trust level can’t run at all.
This whitelist-based protection is similar in some ways to that of VoodooSoft VoodooShield.
The main difference with VoodooShield is it applies its rules only when the computer is at risk, such as when it's connected to the internet.
The thing is, enabling Trusted Application Mode was complicated.
It involved an hours-long scan and analysis, followed by the user’s careful review of its findings.
With this mode active, it should be impossible for malware to run on your system, even brand-new zero-day attacks.
But it could also block perfectly valid programs.
And probably not one consumer in a thousand actually used it.
A few other features also departed with the release of the current product line.
The IM Anti-Virus scanned all files arriving via instant messaging, but the proliferation of IM types made upkeep difficult.
In any case, the regular real-time protection system would catch a malicious file before it could do any harm.
And the backup system in Kaspersky’s top-level suites no longer invites users to store backups on their personal FTP servers.
Bitdefender performed a similar purge in its latest product line.
Few consumers made use of the elaborate system for timing startup programs and adjusting when they’d start, so the developers simply removed it.
The Disk Cleanup component, which simply listed huge files that you might want to delete, is also gone.
And Bitdefender no longer offers its extra-cost AI-based Premium Parental Control.
Optional Spam Filter
If you use a web-based email system like Yahoo or Gmail, you probably don't see a lot of spam, because it gets filtered out by the provider.
Likewise, if your email comes through your workplace most spam gets filtered out at the mail server.
Kaspersky's spam filtering is turned off by default, but you can turn it on by clicking the Settings gear, clicking Protection at left, and scrolling down to Anti-Spam.
Kaspersky checks email coming from both POP3 and IMAP accounts, marking up spam and possible spam by modifying the subject line.
Its filter has three modes, Recommended, High, and Low.
As you might expect, setting it to High blocks more spam but might also discard valid mail.
Changing the setting to Low goes the other way, possibly allowing more spam but avoiding the possibility that you'll lose an important message to the spam filter.
That's it for basic settings.
Advanced Settings come with a warning that they’re meant only for advanced users.
If you dare to open them, you get a few more options, but not the overwhelming number of pages that come with spam filtering in Check Point ZoneAlarm Extreme Security.
You can change the subject line label it uses to flag spam.
You can configure a list of blocked phrases or obscene words, meaning any message containing them should be considered spam.
Finally, you can manage lists of allowed and blocked senders.
For most users, the default settings should be fine.
Parental Control
Like spam filtering, parental control is a feature that many people don't need.
In years past, Kaspersky offered a somewhat dated but full-featured parental control system in this suite.
It had content filtering, time scheduling, personal data protection, and even game control based on ESRB ratings.
More recently, Kaspersky Safe Kids takes over the parental control job.
What you get, though, is the free, feature-limited version of Safe Kids.
Don’t dismiss it too quickly; this free edition does more than the limited parental control found in some suites.
As with Kaspersky Security Cloud Free, a shield icon identifies features that require a premium upgrade.
You get a content filter that lets you either block access to specified categories or display a warning before the child visits a matching site.
Likewise, you can set a daily limit on device usage and either warn when time's up or block further usage.
(Setting a weekly schedule for usage is a premium feature).
Finally, you can ban or time-limit specific apps.
In testing, we discovered that the content filter needs help from its browser extension to handle HTTPS sites.
A porn site that uses an HTTPS connection will slip right through an off-brand browser, as will a...
