Do you remember those simple days when all you needed was one antivirus program for the (single) family PC? Yeah, those days are long past.
The modern household teems with devices, PC, Mac, and mobile, and they all need protection.
Fortunately, one license for McAfee AntiVirus Plus lets you install McAfee security software on every Windows, macOS, Android, and iOS device in your household.
Windows users get such a wealth of features that the Windows edition could almost qualify as a security suite, and the Android edition is likewise loaded.
Features are sparser on macOS and iOS, but iOS users get more than many companies offer.
It's an excellent value, and it did very well in some of our hands-on tests.
You pay $59.99 per year for unlimited McAfee licenses.
That's rare.
Most competing companies offer one-, three-, five-, or 10-license subscriptions.
For example, about the same subscription price as McAfee’s gets you 10 Sophos licenses, three Kaspersky Anti-Virus licenses, and just one Norton license.
Roughly $40 per month gets you a one-device license for many antivirus products, among them Bitdefender, Webroot, and Trend Micro.
Price-wise, McAfee has the competition beat.
You may see descriptions on the McAfee website or on product boxes that mention 10 licenses.
Don't worry; you really do get unlimited licenses.
My McAfee contacts tell me that when lining up against other product boxes in a store, "unlimited" confuses some customers, so they display the number 10 instead.
For those strange birds who genuinely want to protect just one PC, McAfee makes a one-license, Windows-only version available at the typical price of $39.99 per year.
Given that another $20 takes you from one measly license to a cornucopia of unlimited licenses, it doesn't seem an attractive offer, and indeed McAfee doesn’t promote this edition in the US.
I should point out that with a free antivirus you effectively have an unlimited license.
Kaspersky Security Cloud Free is an especially interesting example because, like McAfee, it offers cross-platform support.
You can install it on all your Windows, Android, or iOS devices (but not Macs).
In addition to antivirus protection, you get a subset of the bonus security features found in the full-blown Kaspersky Security Cloud.
Getting Started With McAfee AntiVirus Plus
To install McAfee on a Windows computer, you first go online and activate your license key.
If you set up automatic renewal during the process, you get a Virus Protection Pledge from McAfee.
That means if any malware gets past the antivirus, McAfee experts promise to remotely remediate the problem, a service that normally costs $89.95.
In the unlikely event that the experts can't clear out the malware, the company refunds your purchase price.
Norton offers a similar promise, as does Check Point ZoneAlarm Extreme Security.
With that housekeeping out of the way, it's time to download and install the product.
I was pleased to find that the installer didn't require handholding from me.
Once installation is complete, the product shows off what it can do.
It offers to run a scan, check for outdated applications, remove tracking cookies, and more.
McAfee's main window features a security status indicator at left, with a list of your protected devices below.
A menu across the top breaks down product features into five main pages: Home, PC Security, PC Performance, My Privacy, and My Info.
Buttons at the bottom of the Home screen let you quickly launch a scan, remove cookies, boost application speed, and check for missing app patches.
Note that the macOS edition looks extremely similar.
The main differences are due to the reduced feature set on the Mac.
Lab Results Both Good and Bad
All four of the independent testing labs that we follow include McAfee in their periodic reports.
That’s a good sign.
It means that they all consider it a significant product, worthy of their testing efforts.
The actual test results range from perfect to poor, though.
Testing experts at AV-Test Institute rate antivirus products on how well they protect against malware, how light a touch they have on performance, and how little they interfere with usability by wrongly flagging valid programs and websites as malicious.
An antivirus can earn six points each for Protection, Performance, and Usability, for a maximum of 18 points.
McAfee did just in the latest test report.
Seven others earned a perfect score, among them F-Secure Anti-Virus, Kaspersky, Norton, and Trend Micro.
Researchers at SE Labs use a capture and replay system to hit multiple antivirus tools with identical web-based attacks.
Products can receive certification at five levels, AAA, AA, A, B, and C.
In the latest round of testing, almost all the tested products received AAA certification, McAfee among them.
Other products that reached the AAA level include Kaspersky, Microsoft, Norton, and Trend Micro.
AV-Comparatives regularly publishes a variety of tests; we follow four of them.
Products that pass a test receive Standard certification.
Those that achieve exceptional success can earn an Advanced or Advanced+ rating.
McAfee participates in three of the tests, and earned one Standard, one Advanced, and one Advanced+ certification.
Bitdefender holds an Advanced+ rating in the latest reports from all four tests, while Avira managed three Advanced+ and one Advanced.
Where most of the labs report results across a range of values, MRG-Effitas takes a different approach.
Products that don’t achieve near-perfect results simply fail.
One of this lab's regular tests challenges products with a full range of malware, while the other focuses on banking Trojans.
These tests are tough.
Over a third of tested products failed one or the other.
Along with Trend Micro, McAfee failed both.
At the other end of the spectrum, Avast, Bitdefender Antivirus Plus, ESET, Norton succeeded in both these tests.
We've devised an algorithm that maps all the lab scores to a 10-point scale and yields an aggregate score.
With 8.8 of 10 possible points, McAfee earned the second lowest score of products tested by all four labs.
It beat out Trend Micro’s 8.6 score, but didn’t quite top Microsoft Windows Defender Security Center, which scored 8.9.
Looking just at those products with all four labs reporting, Kaspersky and Norton AntiVirus Plus did best, with 9.7 points, and Avast’s 9.6-point score is also quite good.
Bitdefender scored 9.8 points, but its results come from just three labs.
Mcafee Gets Good Malware Protection Test Scores
In addition to checking results from the independent testing labs around the world, we put every antivirus product through our own hands-on malware protection testing.
Some of the products we test don’t show up in reports from any of the labs, making hands-on tests essential.
Even for a product like McAfee, tested by all four labs, this process gives us a chance to experience antivirus protection in action.
We start by opening a folder containing a collection of malware samples that we collected and manually analyzed, so we know just what damage they can do.
For many antivirus products, the minimal access that occurs when Windows Explorer checks the file's name, size, and so on is enough to trigger an on-access scan.
McAfee doesn't scan until the sample launches, so we tried launching them in batches of three or four.
Tested with the newest malware collection, McAfee caught 85 percent of the samples immediately on launch.
In most cases we saw a Windows error message flash past, followed by a notification that McAfee quarantined a threat.
In a couple cases, it removed the virus from an infected file while leaving the now-clean file intact.
That left four percent of the samples that got past their initial launch.
Each of these ran to completion without interference from McAfee.
Overall, McAfee detected 96 percent of the samples and scored 9.6 points.
That’s quite a good score for McAfee, better than the company scored in my last few tests.
Of products tested using my current malware collection, only G Data, with 9.8 points, and Webroot SecureAnywhere AntiVirus, with a perfect 10 points, did better.
It takes a long time to analyze a new set of samples, so we don't change to a new set often.
For a view on how antivirus products handle current in-the-wild malware, we use a feed of the latest discoveries from MRG-Effitas.
This feed is simply a list of malware-hosting URLs discovered in the last few days.
We feed the list into a small program that launches each and lets us easily note whether the antivirus blocked access to the URL, eliminated the malware download, or did nothing.
McAfee's WebAdvisor component blocked 44 percent of the URLs, displaying for most a big red warning calling the page very risky.
In a few cases, a yellow notification called the page slightly risky.
For another 56 percent of the sample URLs, McAfee quarantined the download, announcing "Woah, that download is dangerous." (Yes, it says "woah," like the dog Snowy in the popular Tintin children’s books.) Interestingly, both these figures are within one percent of McAfee’s scores when previously tested, even though the selection of malware-hosting URLs is completely different.
One way or another, McAfee defended against 100 percent of the malware downloads, a perfect score.
Sophos and Vipre Antivirus Plus share that perfect score, with Bitdefender and G Data close behind at 99 percent.
After installing a new antivirus, you should always run a full scan.
When last tested, McAfee’s full scan took hours and hours, vastly longer than most.
This time it completed a full scan in 72 minutes, only slightly longer than the current average.
A repeat scan finished in a sprightly 24 minutes due to optimization during the initial scan.
It’s true that some competing products have gained even more speed in the repeat scan test.
Trend Micro went from 44 minutes to six minutes, for example, and ESET NOD32 Antivirus went from 66 minutes to seven minutes.
Fabulous Phishing Protection
To create a Trojan that steals a user’s account credentials, a malware coder must find a way to slip past layers of antivirus protection and the operating system’s own security features, which is no small feat.
It’s a lot easier to just bamboozle the user into giving away those credentials.
Phishing fraudsters create duplicates of secure sites and spread links through spam, malicious ads, and the like.
Bank sites, online gaming, dating sites—no secure site is immune.
If you log in to the fake, you’ve handed your account over to the fraudsters.
Such sites quickly wind up blacklisted, but the malefactors simply pop up new ones.
Because phishing pages are ephemeral, we test using the very newest reported phishing sites, scraped from websites that track them.
We make sure to include those that have been reported but haven't yet gone through analysis.
This puts pressure on the antivirus to heuristically examine web pages and detect frauds without relying on an always-outdated blacklist.
We launch each URL simultaneously in four browsers, starting with one protected by the product in testing.
The other three depend on protection built into Chrome, Firefox, and Microsoft Edge.
We run through hundreds of reported phishing URLs, discarding any that don't connect for one or more of the browsers, and any that aren't verifiable credential-stealing frauds.
McAfee aced this test with 100 percent detection, beating out the competition.
Bitdefender and Norton took 99 percent in their own latest tests.
Coincidentally, we tested Trend Micro at the same time as McAfee, using the same samples.
Trend Micro detected a respectable 96 percent, the same score as Kaspersky.
Scores in this test are all over the map, with almost two-thirds of the products failing to outperform one, two, or even three of the browsers.
At the winners’ end of the scale, McAfee and five others scored 97 percent or better and beat out all the browsers.
Ransom Guard
Ransom Guard, McAfee's ransomware protection component, doesn't have any visible presence.
It's just another layer of real-time protection.
If regular protection doesn't recognize a brand-new ransomware attack, Ransom Guard watches its behavior.
At the first faint sign of an attempt to encrypt files (what McAfee calls "file content transformation"), Ransom Guard makes protected copies of those files and cranks ups its vigilance.
When it reaches a firm decision that the program is truly ransomware, it quarantines it and restores the files from backup.
Trend Micro Antivirus+ Security does something similar.
When possible, we simulate the zero-day possibility by turning off real-time protection, leaving only the ransomware component active.
But as with Trend Micro, turning off real-time protection also disables Ransom Guard.
We did find a way to impose a small challenge on Ransom Guard.
We keep hand-modified versions of every sample, to test the flexibility of on-sight malware recognition.
McAfee’s regular protection caught all the ransomware samples at launch, but it didn’t handle the modified samples quite as well.
Out of a dozen samples, two launched but didn’t do anything—no encryption behavior for Ransom Guard to detect.
The regular real-time protection caught five before they could launch, identifying them as generic malware.
McAfee identified exactly one of these samples as ransomware, without invoking Ransom Guard.
It caught two more after they launched and before they could do any harm.
That leaves three ransomware samples, one standard file encryptor, one whole-disk encryptor, and one screen locker.
Unfortunately, all three of these ran to completion, doing their dirty deeds right under McAfee’s nose.
We turned to KnowBe4's RanSim, a ransomware simulator for another take on McAfee’s ransomware-fighting skills.
This tool runs 10 scenarios that emulate common ransomware behaviors, along with two benign encryption techniques.
McAfee initially quarantined RanSim's launcher and data collection components.
We restored them, added them to the exclusions list, and tried again.
McAfee did block all 10 of the scenarios, but its pop-up notifications just called them suspicious, with no message from Ransom Guard.
It's hard to see Ransom Guard as a success.
Last time we checked with a McAfee contact about the non-appearance of Ransom Guard, we were told that "This is an evolving technology, still being tuned to balance false positives and false negatives." We can hope...
