How we test antivirus and security software

Testing security suites isn't glamorous, but effective software can be all that keeps you from an infected machine. Here's how CNET determines security suite performance.

The best antivirus software available does more than just stop computer viruses, it also addresses the myriad and complex modern threats that you'll encounter. Indeed, from the merged antivirus and anti-malware detection engines to enhancing online privacy controls, security suites are an essential part of Windows and Mac desktop life. And just like driving a car without wearing a seatbelt, you shouldn't try to get by can get by without using antivirus software just because you can.

Because of their long history of deleterious consequences to system performance, security suites deserve closer scrutiny than any other category of software.

Of course, it's important to look at how effective security suites are at stopping the bad guys. Any security suite, that can't hold up its responsibility to ensure your computer's protection isn't worth your time. Yet, there's another factor to consider. No matter how effective a security suite is, if it slows down your system too much you're not going to want to use it.

Avast Free Antivirus

Test environment

CNET currently tests security suites on a Dell XPS desktop running a 3.2GHz Core i7 processor with 8GB of DDR3 RAM, an Nvidia GeForce 8400 GS PCI-Express graphics card with 512MB of memory, a 1TB Western Digital hard drive (WDC3200AAKS), and Windows 7 Ultimate 64-bit SP1. Once we install the antivirus software that we're testing, we make sure it has the most recently available updates, including the latest virus definitions. We test using the antivirus program's default settings.

System performance testing

CNET Labs tests several areas of security suite performance in-house: boot time, shutdown time, scan time, MS Office performance, iTunes decoding, and media multitasking. We also use a synthetic benchmark called Cinebench, which taxes the system's CPU and GPU.

System-performance impact test Actively scanning a system for viruses can have an adverse affect on overall system performance, as the antivirus engine competes with other applications for system resources.

When performing regular real-time scans, most of today's combined antivirus/anti-malware scan engines are sophisticated enough to relegate the additional overhead they introduce to the background and don't significantly affect the performance of other applications. Performing deep scans, on the other hand, often requires enough of the available system resources for the antivirus engine to have a noticeable effect on the performance of other applications.

Deep scanning is when the security suite scans every file located on all partitions found on each drive. This series of tests measures how much performance degradation selected applications suffer when a deep scan is taking place. We first run the three tests listed below, before an antivirus application is installed. We then install the antivirus app and run the same tests again -- this time while the antivirus program is performing a deep scan of the system.

Trend Micro Premium Security 2013, with an interface optimized for Windows 8. Trend Micro

iTunes MP3-encoding test Using iTunes, we time how long it takes to convert 19 320Kbps MP3 tracks to 128Kbps AAC files, totaling 169MB. This test almost exclusively exercises a system's CPU capabilities. Apple iTunes supports multithreading, so desktops with multicore CPUs are likely to perform better than comparable systems that use CPUs with fewer cores or single-core CPUs.

Multimedia multitasking test We use Apple's QuickTime to convert a high-definition source video using QuickTime's "Movie to iPod" selection. The source file is an H.264-encoded, 30fps, 1,920x1,072-pixel, 302MB MOV file. While the video conversion takes place in the foreground, iTunes converts a group of 128Kbps MP3 files into 128Kbps AAC files.

This test's score is based on how long it takes a system to perform only the QuickTime conversion. The iTunes conversion taking place in the background is designed to significantly increase the overall CPU workload and to create a true multitasking environment. The test exercises nearly every major subsystem, including the CPU, the memory, and the hard drive. Desktops with multicore CPUs are likely to perform better than comparable systems that use CPUs with fewer cores or single-core CPUs.

The next test utilizes Microsoft's Word 2003, Excel 2003, and PowerPoint 2003 from Microsoft Office 2003.

It starts with a macro running in Word, which performs a number of functions on a document, such as searching and replacing, changing font sizes, and creating columns. Once the Word macro completes, Excel launches and runs a macro, which performs functions on a spreadsheet, such as editing formulas and creating charts. Next, PowerPoint runs a macro, which adds graphics and text and moves images around on three different presentations. As soon as the test starts, a file copy also starts in the background, copying from one set of folders on the system's hard drive to another set of folders on the same drive. The resulting folders total 2.57GB in size. Once the copy completes, the 2.57GB folder is then compressed into a single 2.04GB ZIP file, also in the background.

This test's score is based on how long it takes a system to perform all of these tasks. Time is kept until the last task completes.

AVG AntiVirus Free 2013

This test exercises nearly every major subsystem, including CPU, memory, and hard drive. Desktops that have multicore CPUs are likely to perform better than comparable systems that use CPUs with fewer cores or single-core CPUs.

Cinebench is a 3D rendering test based on Maxon's 3D animation application, Cinema 4D. This test focuses on a system's CPU capabilities, but hits the GPU as well. Cinebench supports multithreading for up to 16 CPU cores, so desktops with multicore CPUs are likely to perform better than comparable systems that use CPUs with fewer cores or single-core CPUs.

Scanning speed test Using the antivirus software, we scan the entire test system and time how long takes to complete the process. The quicker it takes the antivirus program to scan the folder -- relative to other antivirus applications -- the more efficient the program is at scanning files. Apart from the antivirus software itself, the system is virtually the same at the time of testing for each antivirus application.

Boot speed test We time how long the system takes to boot from a full powered-off state until Windows starts and the antivirus software finishes loading. The quicker it takes the system to finish booting and loading the antivirus program -- relative to other antivirus applications -- the less impact the app has on boot time.

We are currently testing "wake from sleep" as well, although inconsistent scores have made it difficult to tell whether these suites actually do affect your computer's ability to wake from sleep. Therefore, we don't include it in our final determinations.

Efficacy testing

CNET looks to independent testers for security suite efficacy for a number of reasons. Maintaining a test "zoo," as they're called, is prohibitively complex.

First, it is highly risky to maintain a computer loaded with the latest malware and viruses in an environment where practically every other computer around it is connected directly to the Internet. The chance of accidentally letting malware loose on an intranet is too big of a risk for us to take.

Second, modern-day virus-makers have learned how to avoid the signature-based detections that used to foil them. That means testing must involve virus families, which means a much more nuanced testing process.

Since testing for effective virus removal is already accomplished by several independent testing organizations, CNET has opted to rely on their publicly published efficacy benchmarks to determine which suites are the best at stopping malware.

Currently, we use AV-Test and AV-Comparatives. While we would not be opposed to accepting a third testing organization to use as well, we haven't found one to be consistent enough and public enough with their testing methodology to rely on.

We currently test Mac and Android security suites using prepublished benchmarks from AV-Test and AV-Comparatives. CNET does not perform in-house testing of security suites for those operating systems.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

MacBook Pro running slow?

Speed up your MacBook by adding more RAM with these quick and easy steps.