What does it take to promote a simple antivirus to security suite status? Firewall and spam filtering are among the popular additions, and Avast Internet Security has both of those.
It also adds ransomware protection to prevent modification of important files, and a sandbox feature that experts can use to examine suspect files.
However, some users may be put off by the many apparent bonus features that turn out to require an extra fee.
Honest, Objective Reviews
Daxdi.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services.
Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
An Avast suite subscription costs $59.99 per year, or (more practically) $79.99 for three licenses.
That's a popular price point; Bitdefender, ESET, Kaspersky, and Trend Micro all go for the same.
You pay $89.99 per year for McAfee Internet Security, but that subscription lets you install protection on every device in your household.
Astute readers may notice the absence of Avast Pro Antivirus in this discussion.
That product is on the outs, and not promoted for new installations—though existing users can renew.
When you click a non-free component in the free antivirus, it prompts you to upgrade to this suite.
Appearance-wise, this suite looks almost identical to the free antivirus product.
The main Status page features a big notification saying, "You're protected," with a button to launch a Smart Scan.
A simple menu down the left side lets you view features related to Protection, Privacy, and Performance.
The main difference is that suite-specific features aren't locked away.
Features Shared With Avast Free Antivirus
Avast Free Antivirus comes with Avast's full arsenal of malware protection, plus a useful collection of bonus features.
It's one of our Editors' Choice products for free antivirus, and naturally this suite includes all the same protective features.
You can read my review of the free antivirus for a deep dive on the features shared by both products.
I'll summarize my discoveries here.
Lab Test Results Chart
Malware Protection Results Chart
Phishing Protection Results Chart
All four of the independent testing labs that I follow track Avast closely.
It earned 17.5 of 18 possible points in tests by AV-Test Institute, and it achieved an Advanced+ rating (the highest possible rating) in all four tests by AV-Comparatives.
SE Labs certified it at the AA level, the second-best of five certification levels.
And it passed both rigorous tests imposed by MRG-Effitas.
I use an algorithm to map all scores onto a 10-point scale and generate an aggregate result.
Like Avira, Avast came in at 9.6 points, with results from all four labs.
Kaspersky retains the overall lab-test crown, with a perfect 10 points.
Bitdefender came in next, with 9.9 points, though its omission from the latest MRG-Effitas tests means its score derived from just three of the four labs.
Avast earned 8.9 points in my own hands-on malware protection test.
That's good, but several products did even better.
Tested against the same collection of samples, Cylance, F-Secure, Norton, and McAfee all managed 9.3 points.
Webroot SecureAnywhere Internet Security Plus earned a perfect 10 points, but that achievement used my previous sample set, so it's not directly comparable.
To get insight into how well each product handles the very latest malware problems, I start with a feed of malware-hosting URLs discovered by MRG-Effitas within the last few days.
Avast directed the browser away from 62 percent of the 100-odd URLs and wiped out the malware download for another 29 percent.
Its total of 91 percent protection is good.
However, Symantec Norton Security Premium and McAfee both managed 99 percent protection in this test.
Phishing websites don't attempt to plant malware on your system or subvert vulnerable applications.
Instead, they try to trick you, the user, into blithely giving away your precious login credentials.
To this end, they imitate sensitive websites such as banking sites, shopping sites, even gaming and dating sites.
It just takes one unsuspecting victim to make the whole charade worthwhile.
Avast's web-based protection really went to town on my freshly gathered phishing sites.
It correctly identified 98 percent of them as frauds, steering the browser to safety.
AVG scored exactly the same (no surprise, given that it uses the same engine); ZoneAlarm and Trend Micro Internet Security(39.95 3 PCs / 1 Year at Trend Micro Small Business) also managed 98 percent.
However, even that estimable score doesn't receive the antiphishing prize.
Bitdefender edged out Avast with 99 percent, while Kaspersky and McAfee managed 100 percent protection.
See How We Test Security Software
Other Shared Features
Clicking the Smart Scan button on the main window launches a multifaceted system scan.
It checks browser add-ons, scans for active malware, identifies performance issues, seeks out for network security problems, flags software that lacks security patches, and warns about weak passwords.
That scan took about 10 minutes in testing, while a full system scan for malware needed more than two hours to complete, which is a good bit longer than average.
The Wi-Fi Inspector crawls your network (Wi-Fi or wired) and lists all found devices.
In a modern household, full of Internet of Things devices, the list can be quite long.
It displays its findings visually, with the router at the center surrounded by concentric circles.
Devices that have connected most recently show up in the innermost circles.
And it flags any possible network security problems.
This feature works in much the same way as the free and separately available Avira Home Guard and Bitdefender Home Scanner utilities.
Implemented as a browser extension for Chrome and Firefox, Avast's password manager component handles all the basics.
It captures credentials as you log in to secure sites, and offers to replay them when you revisit those sites.
It handles multiple sets of credentials for the same site, and two-page login forms don't give it trouble.
Avast doesn't offer a complete form-fill system, but it will fill credit card data in web forms.
You won't find advanced features like secure password sharing or two-factor authentication, but it takes care of the essential tasks of a password manager.
The Online Security feature, also implemented as a browser extension for Chrome and Firefox, adds another layer of defense against malicious and fraudulent websites.
It marks dangerous links in search results pages.
You can use it to actively block ad trackers and other trackers from gathering information about your online activities.
Its SiteCorrect feature kicks in when you misspell a popular domain name, keeping you safe from typosquatting sites.
You've heard again and again how important it is to install all security updates.
But keeping everything up to date can be so frustrating! When you launch an app, you want to use it, not spend time on a suggested update.
Avast's Software Updater component works in the background to locate apps with missing security patches; you can also manually run a scan whenever you like.
Just click the button to automatically install all found updates.
Of course, it could be even easier; if you turn on Automatic Updates it all happens totally without user interaction.
But there's a catch; turning on that feature requires an upgrade to the Avast Premier mega-suite.
This component is just fine without full automation.
Even though you've paid for a security suite, quite a few of the components still require an additional fee for full functionality.
In a couple cases, you really don't need the Pro edition.
As noted, you don't get fully automated software updates without upgrading to Software Updater Pro, but the free edition does almost everything.
A Pro subscription for the password manager component adds only minor goodies, among them 24/7 tech support, fingerprint login on mobile, and breach notification.
Other components just don't work without an upgrade, however, and some of them reserve this news until you've already invested time in them.
For example, when you launch Cleanup Premium, it scans your system for useless and erroneous items that it can delete to free up resources.
It's only when you click the button to resolve problems that you learn about this component's separate license fees.
As with Cleanup Premium, the upsell for Driver Updater doesn't appear until after you've gone through the scanning process, which is frustrating.
On the Privacy page you'll find an icon for Avast's SecureLine VPN utility.
Flipping the VPN's switch to On reveals that you don't yet have full access to this feature.
You can enable a 60-day free trial, which is nice.
But eventually you must pony up a substantial extra subscription to use the VPN.
As noted earlier, the Online Security component includes the option to actively block ad trackers and other trackers that try to profile your online activities.
AntiTrack Premium goes beyond the basics, but I'm not yet sure just how.
Clicking Learn More simply brings up a page showing that you must upgrade to Avast Premier in order to use the feature.
A couple more features are also locked behind the same upgrade requirement.
Going for the Avast Premier mega-suite unlocks the Data Shredder, which deletes files securely, to foil even forensic recovery.
It also lets you use the Webcam Shield spyware protection tool.
So, just what do you get by upgrading from the free antivirus to the full security suite? For starters, the suite adds a robust two-way firewall component.
That's the heart of most suites—antivirus plus a personal firewall.
For firewall testing, I use a physical PC that's configured to connect through the router's DMZ port, which effectively connects it directly to the Internet.
When I challenged the test system with port scans and other web-based tests, it correctly put all the ports in stealth mode, so external attackers can't even see them.
This is no great feat, given that Windows Firewall alone can do it.
It's only relevant if a product fails to do what the built-in firewall can.
The other major task for a personal firewall is making sure programs don't abuse their access to your network and internet connections.
The firewall components in Norton and Kaspersky configure permissions for known programs and keep an eye on unknowns, making their own security decisions.
I approve; relying on the user to make important security decisions is a bad idea.
Other firewalls handle unknowns differently.
For example, adaware antivirus total defaults to just allowing all traffic.
Panda allows outbound connections but blocks unsolicited inbound connections.
For program control, Avast defaults to a mode called Auto-decide, meaning that (like Norton) it makes its own decision about each new program.
For testing, I tried switching to Ask mode.
Doing so didn't result in a spate of popups about internal Windows components, because Avast had already created rules for those components in Auto-decide mode.
When I tried to get online using a browser that I coded myself, Avast first ran a quick analysis on the never-before-seen program.
After vetting the program as safe, it asked whether to allow or deny its access to the internet.
Avast, unlike many competitors, defines five levels of network access, but only a true firewall expert should consider switching away from the default level the firewall suggests.
If you click deny when you meant allow, or vice versa, you can open the full list of applications and correct your mistake.
This list also shows all the application rules that Avast's Auto-decide mode created on its own.
If you dig deeper into the firewall's settings, you can find extremely complex rules that even I wouldn't consider editing.
Leave these alone!
Protecting against network-based attempts to exploit vulnerabilities in the operating system or important apps is not precisely a firewall function, but it's often included.
Exploit defense isn't something Avast attempts, as I verified in past reviews.
As part of my firewall evaluation, I check to make sure a malware coder couldn't simply turn off protection.
I couldn't find any chinks in Avast's armor.
It protected its Registry settings against modification, and when I tried to terminate its processes, I got the message "Access Denied." The same happened when I tried to disable its essential Windows services.
Neither could I simply stop the services; doing so triggered a confirmation popup that required user permission.
Although it doesn't block exploits at the network level, this is a sturdy firewall.
If you leave its program control components in Auto-decide mode, it will do the job without a plethora of popups.
Any time malware slips past your security product's real-time protection, it's bad.
However, in most cases the malware doesn't enjoy its freedom for long; the antivirus company quickly pushes out an update to smack down the zero-day offender.
But that's no help if the malware has already encrypted your important documents.
Like many competitors, Avast offers an additional layer of ransomware protection.
The Ransomware Shield component blocks all unauthorized modification of files in protected folders, and you can bet a ransomware attacker isn't on the authorized list.
By default, Ransomware Shield protects the Desktop, Pictures, and Documents folders for all users.
You can add or remove folders from the protected list.
You can also add to the list of protected file types, useful if your important data files don't fall among the default types.
When a program tries to modify any protected file, Ransomware Shield checks it against its cloud database of known clean programs.
If the program comes back as unknown, you get a notification, and you can choose to block or allow the app.
That means you can easily give the go-ahead if Avast blocks the brand-new photo editor you just installed.
But if the warning is unexpected, you should block the app, and run a full scan for malware.
Bitdefender Internet Security and Trend Micro offer similar protection against unauthorized file changes.
Panda takes the concept farther, blocking unknown programs from even reading data in protected areas.
For a sanity check, I tried modifying text files in the Documents...