If you’ve been using computers a long time, you know very well that you need to install antivirus protection on all your PCs. But these days, you also need security (antivirus and more) on your Macs, and on your Android and iOS devices. Well, one license for McAfee AntiVirus Plus lets you install McAfee security software on every Windows, macOS, Android, and iOS device in your household. That’s very handy! Yes, Windows users get a lot more features than those on other platforms, but it’s still quite a deal.
That unlimited McAfee license goes for $59.99 per year. Few other companies offer unlimited licenses. The Panda Protection Advanced security suite protects all your Windows and Android devices for $34.99 per year, while the more feature-rich Panda Protection Complete goes for $74.99 per year. You pay $99.99 per year for unlimited installations of Total Defense Unlimited Internet Security, which gives you security suite protection for PCs and Android devices and antivirus for Macs. Most other competing antivirus products sell as one-, three-, or five-license subscriptions.
For those odd ducks who really, truly want to protect just one PC, McAfee makes a one-license, Windows-only version available for $39.99. It’s a surprising offering (for just $20 more, you get unlimited licenses), but my McAfee contacts say they get enough sales to keep offering this limited edition.
To install McAfee on a Windows computer, you first go online and activate your license key. If you set up automatic renewal during the process, you get a Virus Protection Pledge from McAfee. That means if any malware gets past the antivirus, McAfee experts promise to remotely remediate the problem, a service that normally costs $89.95. In the unlikely event that they can’t clear out the malware, the company refunds your purchase price.
With that housekeeping out of the way, it’s time to download and install the product. The installer took a while, but didn’t require hand-holding from me. Once installation is complete, the product shows off what it can do. It offers to run a scan, check for outdated applications, remove tracking cookies, and permanently delete files in your Recycle Bin. It also shows how to contact tech support, in case you’re having trouble getting off the ground.
With last year’s release, McAfee redesigned the user interface for its Windows product line. The new interface has a menu at the top that breaks down product features into five main pages: Home, PC Security, Identity, Privacy, and Account. Down the left side there’s a security indicator for your local computer as well as a list of your other protected computers, and a button to extend protection to more devices. This year the macOS edition got the same makeover, so the two desktop editions look very similar.
Better Lab Test Results
Over the past few years, McAfee’s scores from the independent testing labs have had some ups and downs. In the latest batch of results, things are looking up.
The researchers at AV-Test Institute rate antivirus products on how well they protect against malware, how light a touch they have on performance, and how little they interfere with usability by identifying valid programs and websites as malicious. An antivirus can earn six points each for Protection, Performance, and Usability, for a maximum of 18 points. Since the start of 2016, McAfee’s total score has ranged from 14.5 to 17, with Protection scores as low as 3.5. This time around it swept the field, all sixes, for a perfect 18 points. Avira and Kaspersky also took 18 points; Bitdefender weighed in with 17.5.
AV-Comparatives runs a large number of tests, of which I follow four. Products that pass earn Standard certification. Those that achieve exceptional success can earn an Advanced or Advanced+ rating. McAfee participates in three of the tests, and took two Advanced+ and one Advanced rating. That’s pretty good, but Bitdefender and Kaspersky earned Advanced+ in all four tests.
MRG-Effitas takes a different approach to scoring tests. Basically, products either achieve near-perfect results or they fail. One of this lab’s tests challenges products with a full range of malware, while the other focuses on banking Trojans. In all of 2016, McAfee only passed one of these tests. It did the same in 2017. The latest results still have McAfee failing the banking test, but in the general malware test it managed Level 1 certification, meaning it blocked every single infestation. Kaspersky and Bitdefender passed the banking test and also took Level 1 certification. Avast and ESET passed, with Level 2 certification, meaning some malware attacks initially succeeded, but got wiped out within 24 hours.
McAfee’s scores seem to be getting steadily better, and my contacts at the company say this trend will continue. I hope so!
Malware Protection Good
In addition to checking results from the independent testing labs around the world, I put every antivirus product through my own malware protection testing. I start by opening a folder containing a collection of malware samples that I have manually analyzed, so I know just what they do. For many antivirus products, the minimal access that occurs when Windows Explorer checks the file’s name, size, and so on is enough to trigger an on-access scan. McAfee doesn’t scan until the sample launches, so I tried launching them in batches of three or four.
Unlike most antivirus products, McAfee doesn’t pop up a notification when it quarantines a threat. It silently quarantines the file and adds a note to its history log, but the most you may see is a brief Windows error message. The only time I can see this being a problem is if you unsuspectingly downloaded a Trojan, thinking it was valid, and McAfee wiped it away with no explanation. If the malware arrives without your participation, say, as a drive-by attack, eliminating it silently makes sense.
Like Bitdefender, Cylance, and F-Secure, McAfee detected 93 percent of the samples. Just for a sanity check, I looked at which samples each product missed; they weren’t the same. McAfee completely blocked every threat it detected, for a total of 9.3 points, a top score with this malware collection, shared with Cylance and F-Secure. Tested with my previous collection, both Norton and Webroot SecureAnywhere AntiVirus achieved a perfect 10 points.
It takes me a long time to analyze a new set of samples, so I don’t change to a new set often. For a view on how antivirus products handle the very latest malware, I use a feed of the latest discoveries from MRG-Effitas, a list of malware-hosting URLs discovered in the last day or two. I use a small program that launches each in Internet Explorer and lets me easily note whether the antivirus blocked access to the URL, eliminated the malware download, or did nothing, and also mark those that, despite being new, are already defunct.
McAfee’s WebAdvisor component only blocked 10 percent of the URLs, but it whacked another 87 percent by quarantining the malware downloads. That 97 percent score is very good, bested only by Symantec Norton AntiVirus Basic, with 98 percent, and Bitdefender, with 99 percent.
When you have effective real-time protection, scanning the whole computer becomes less important, but you really should do it once, immediately after install. I found that a full scan of my standard clean test system took an unprecedented two hours and 45 minutes, even longer than IObit Malware Fighter Pro‘s two hours and three minutes. In theory, a second scan should have run faster due to optimization, but it didn’t seem to. I stopped the repeat scan at 90 minutes. My McAfee contact noted that they see from 25 to 55 percent speedup in subsequent scans, so I may have stopped too soon. I’m accustomed to more dramatic change, like nearly two hours for the first scan and 15 for the second (Norton), or 22 minutes for the first scan and just one minute for the second (F-Secure).
Fabulous Phishing Protection
A malware coder must know the ins and outs of operating systems, in order to slip past protection and steal data, remotely control the computer, or whatever nefarious aim is wanted. A phishing fraudster, on the other hand, only has to fool hapless users into logging in on a replica of some secure site. If you fall for these frauds, you’ve handed your credentials to the fraudster. Phishing sites quickly wind up blacklisted, but the perps just shut them down and create new ones.
Because they’re ephemeral, I test using the very newest reported phishing sites, scraped from websites that track them. I look for those that have been reported but haven’t yet gone through analysis. This puts pressure on the antivirus to heuristically examine web pages and detect frauds without relying on an always-outdated blacklist.
I launch each URL simultaneously in four browsers. One is an Internet Explorer instance with SmartScreen Filter turned off, protected by the product in testing. The other three use protection built into Chrome, Firefox, and Internet Explorer. I try for 100 verified phishing URLs, discarding any that don’t connect for one or more of the browsers, and any that don’t actually attempt credential theft.
Scores in this test are all over the map, with almost half the products failing to outperform one, two, or even three of the browsers. Kaspersky recently set a record, achieving a perfect 100 percent protection score. That record didn’t stand long, as McAfee also managed 100 percent.
Phishing is platform agnostic. If the fraudsters can convince you to give away credentials on your gaming console’s browser, they’re just fine. But phishing protection can differ on different platforms. For example, Kaspersky Internet Security for Mac, tested with the same samples as the Windows edition, only blocked 84 percent. McAfee’s macOS antivirus, tested simultaneously with the Windows edition, also blocked 100 percent, making it the top scorer on the macOS platform.
New Ransom Guard
This edition of the product adds a new feature called Ransom Guard, inspired, I’m told, by my suggestion last year. If real-time protection doesn’t recognize a brand-new ransomware attack, Ransom Guard watches its behavior. At the first faint sign of an attempt to encrypt files (what McAfee calls “file content transformation”), Ransom Guard makes protected copies of those files and ups its vigilance. When it reaches a firm decision that the program is truly ransomware, it quarantines it and restores the files from backup. Trend Micro Antivirus+ Security does something similar.
When possible, I simulate the zero-day possibility by turning off real-time protection, leaving only the ransomware component active. But as with Trend Micro, turning off real-time protection also disables Ransom Guard. And real-time protection already eliminated all my ransomware samples.
I turned to KnowBe4’s RanSim, a ransomware simulator. This tool runs 10 scenarios that emulate common ransomware behaviors, along with two benign encryption techniques. McAfee initially quarantined RanSim’s launcher component. I restored it and tried to run a test, but McAfee quarantined both the launcher component and the data collection component. I added both to the exclusions list and tried again. Success! Ransom Guard blocked all 10 of the scenarios. However, it also blocked the two benign scenarios. If that were to happen with a valid encryption program (unlikely) you could just exclude it from scanning.
Real-time protection did eliminate my ransomware samples, but I keep a second set of samples, hand modified to have a different filename, a different file size, and a few non-executable bytes changed inside. I normally use them to test the flexibility of on-access scan systems, which McAfee doesn’t use. For one more try at real-world testing, I tried launching those modified ransomware samples.
The results weren’t all positive. It detected one modified Cerber variant as ransomware, but let another Cerber run to completion and encrypt files in the Documents folder. Real-time protection wiped out the rest without naming them ransomware. This feature is a nice addition, but needs some tuning.
Most security companies reserve firewall protection for the full-blown security suite, but McAfee puts it right in the standalone antivirus. In testing, the firewall correctly stealthed all ports and resisted the web-based attacks I threw at it. Since the built-in Window Firewall can do the same, this test is only significant if a third-party firewall fails it.
Those of us who’ve been around long enough remember the early personal firewalls, with their incessant, incomprehensible queries. Microsfot.exe wants to connect to URL 18.104.22.168 on port 8080; allow or block? Who knows! Like Norton, Bitdefender, and others, McAfee doesn’t rely on the untrained user to make these decisions. In its default Smart Access mode, the firewall makes those decisions internally. If you get nostalgic for popups, you can dig into the settings and change Smart Access to Monitored Access, but really…don’t. Yes, there are tons of ways to configure and fine-tune the firewall, but the average user should just leave them alone.
Not being an average user, I did play with some of the settings. I turned on Monitored Access and noted that the firewall correctly asked what to do when my hand-coded browser tried to get online. I was mildly surprised to find that it also asked about Windows Defender SmartScreen. Note that the similar feature in the macOS edition, Application Control, dropped out of the current edition due to “a business decision, based on usage relative to the cost of maintenance.”
I enabled Intrusion Detection and hit the test system with 30-odd exploits generated by the CORE Impact penetration tool. As before, none of the exploits succeeded in infecting the fully patched test system, but the firewall took no active part in exploit defense.
Firewall protection isn’t much use if a malware coder can craft an attack that disables it. As part of my firewall testing, I attempt to disable protection using techniques that a coder could implement. I didn’t find any way to turn off protection by tweaking the hundreds of keys and thousands of values McAfee adds to the Registry, so that’s good.
I tried to kill off the software’s 17 processes (up from 14 last year), but it protected them all. Four of its essential Windows services were also protected, but I managed to stop and disable the other two, including the WebAdvisor service. When a service is disabled, it doesn’t restart on reboot. And, indeed, after reboot WebAdvisor didn’t function. Clearly the developers know how to protect processes and services. Why not extend protection to all of them?
The My Network page lists all the devices it sees on your network, identifying those it can by name and listing the IP address of others. It shows online/offline status and displays those that have McAfee protection in color. You can set up a trust relationship between multiple Windows boxes using My Network, which allows you to monitor and even configure security remotely.
My Network has been around for many years. There’s another, newer feature that takes the concept to the next level. If you click the button the Protect more devices button on the Home screen, you get three choices: PC or Mac; Smartphone or tablet; and Unprotected devices. This last choice lists the devices on your network that could benefit from McAfee protection but don’t yet have it. If you don’t see all the devices you expect, give it time. It turns out that McAfee waits as much as 24 hours before populating the list.
Some hackers devote their time to finding security holes in popular apps or even operating systems, and creating attacks that breach security using these holes. Opposing them, software companies try to patch these holes as quickly as they can. But you, the user, must do your part by installing those security patches. McAfee’s Vulnerability Scanner reports on products that need update.
Like Avast Premier and Avira Total Security Suite, it automates the update process when it can. Just click the Install Updates button and sit back. If it can’t automate an installer or two, you’re still better off for the ones it did fix automatically.
Deleting a file in Windows just sends it to the Recycle Bin, and even when you bypass or empty the bin, your deleted file data remains on your disk, subject to forensic recovery. The Shredder tool overwrites files before deletion, to foil forensic recovery. Five shred types range from Quick (which overwrites file data once) to Comprehensive (which runs a whopping 10 overwrite passes). You can shred the Recycle Bin, or Temporary Internet Files, or any file or folder you really want permanently deleted.
Secure deletion is especially important when used in conjunction with a file encryption tool like the File Lock component of McAfee Total Protection. If you don’t thoroughly delete the plaintext originals, they could be recovered using forensic software or hardware. Kaspersky Total Security goes farther, automatically offering to shred the originals after an encryption job.
Cleanup and Speedup
What used to be called QuickClean is now just an option on the My Privacy page. It still scans your computer for cookies and temporary files. These both use up valuable disk space and potentially provide a snoop with information about your browsing and computer use habits. When it has found tracking cookies and other junk files, it reports how much space you could save by cleaning up. It doesn’t list them, like QuickClean did, but in truth, there wasn’t much you could do with that list.
New in this edition is a feature called PC Boost. I couldn’t find it at first, as the PC Performance tab doesn’t appear when McAfee is running in a virtual machine. That makes sense; I always use a physical test system for my suite performance tests. When I installed McAfee on a test laptop, PC Performance showed up.
This component has two parts, “Speed up apps” and “Speed up browsing”. To speed up apps, PC Boost runs in the background looking for apps that need more resources as they load, and gives them what they need. McAfee reports lab results showing an average six percent faster load. It also diverts extra resources to whatever app your actually working with. Per McAfee’s own tests, this enhanced app performance from 11 to 14 percent. I don’t have any easy way to verify these features, but you don’t have to do anything to get whatever benefit may accrue from speeding up apps.
The feature to speed up your browsing feature is rather limited. It only works in Google Chrome, so I installed Chrome on my test system. Then I had to add the McAfee Web Boost Chrome extension, whose purpose is to stop auto-play videos from launching. I will admit, it does work. The video even displays the overlay Paused by McAfee Web Boost. I don’t know how many times I’ve been startled by a loud video playing unexpectedly on a page. And if you wish, you can exempt videos on any site from Web Boost’s activity. I like the idea, I just don’t like that it’s limited to Chrome.
I’ve written a full and separate review of McAfee AntiVirus Plus on the macOS platform; I’ll refer you to that for details. It’s not truly a different product; you still get protection for all your Windows, macOS, Android, and iOS devices. But you don’t get quite a much on the Mac.
A high point of the review is that it managed 100 percent protection against phishing attacks, the same as the Windows edition. It also did much better detecting and removing Windows malware than in its last review. The user interface of the current edition updates to match the Windows version. However, the simple firewall no longer includes Application Control, and McAfee has no current lab scores for Mac-specific malware protection. For a full evaluation, please read my review.
Android users get a new, simplified user experience in the latest version, with all the same features and more. You can’t see it, but the AV engine now uses machine learning to head off the newest threats.
The new interface focuses on a big Scan button, with buttons for four of the many other features below. Swipe up for a list of your McAfee-equipped devices, color-coded to show security status. You can click for a more detailed look at status, though you can’t fix any security problems remotely. Tap the menu at top left for access to all features.
Android Lab Results
The testers at AV-Test Institute offer Android security apps up to six points each for effective protection and low false positives, with an extra point available for valuable extra features. Like almost all the other products in the latest test, McAfee took the full 13 points.
Reports from AV-Comparatives simply list the percentage of Android malware thwarted. McAfee’s 99.6 percent looks good, but F-Secure and Kaspersky took 99.9 percent, and Trend Micro and Bitdefender both walked away with a perfect 100 percent.
At MRG-Effitas, they chose to report separately on early detection and on detection at the time of installation. Kaspersky and Trend Micro took 100 percent in both categories. McAfee came close, with 97.5 percent for early detection and 97 percent for detection at install.
Scan Two Ways
When you tap the big Scan button, McAfee scans to make sure your Wi-Fi is secure and quickly checks your apps. You can also choose a deep scan that looks at preinstalled apps, files, and messages. Both scans ran in seconds on the Motorola Moto G5 Plus I use for testing.
To get full advantage of McAfee’s Android anti-theft features, you need to give the program access to your camera and location. As with most such services, you must also give McAfee Device Administrator status, so it can remotely wipe a hopelessly lost device. Activate the SIM tracking feature and you’re ready to go. Well, almost. McAfee advises creating a list of buddies who’ll get notification if the device is lost or stolen, and who also can help you if you forget your PIN.
With these features configured, you can deal with a lost or stolen phone from the McAfee online console. Click on the device that’s in trouble and enter the PIN you defined on that device. If you’ve just misplaced the device around the house, you can make it sound an alarm. If the situation is worse, click I Lost My Device, which locates the device on a map.
Only when you click the It’s Still Lost option do you get the scary options to wipe the phone’s data or reset it to factory settings. Here you can also choose to track its location for a month, and to back up your personal data to the McAfee cloud. Other features include: Thief Cam, which, like the Mugshot feature in Kaspersky, snaps a photo after multiple failed attempts to unlock the device; an automatic location message when the battery is very low; and automatic locking on removal of the SIM card.
App Lock and Kid Mode
Like Bitdefender, McAfee offers an App Lock feature that locks your most sensitive apps behind a six-digit PIN. A sneak thief picks up your unlocked phone still won’t be able to read your email or place orders on Amazon, as long as you’ve locked them up.
Parents these days give unhappy kids their phones to placate them. Sure, a nice streaming cartoon will calm kids down, but you really don’t want them getting into other apps. Kid Mode is like the inverse of App Lock. Instead of locking certain apps, it locks everything and only allows access to the apps you specify. Apps outside the list aren’t merely locked; they vanish from the home screen.
McAfee’s Android solution doesn’t stop with security; most of these additional features appear when you tap the menu icon at top right. The Storage Cleaner looks for junk files, app data, and data files that you could delete to gain storage space. Memory Booster frees up memory allocated to apps that aren’t in use. Safe Web keeps you safe from dangerous websites, like WebAdvisor on Windows. Safe Wi-Fi warns when you connect to an unsecured hotspot. You can back up your personal data to the cloud. The Battery Booster takes control of screen brightness and sleep timeouts to save battery. Privacy Check reports on the permissions required by your apps and flags any that seem out of line.
McAfee does include a call blocking feature that lets you whitelist or blacklist certain numbers. I couldn’t test this, as my test device is not provisioned for cellular service. I do know that such features typically don’t work in modern Android versions. Kaspersky’s similar feature even warns that it may not work.
New in this edition, McAfee can track your data usage and warn if it’s approaching. You set the monthly cap and tell McAfee what day today is in the billing cycle. That lets it track progress and warn when you use too much. As you can see, this a very complete Android security suite.
Protection for iOS Devices
As on Android, McAfee on Apple has a simplified, streamlined user interface. However, the feature set is sparse by comparison. It has the same big scan button, which scans the system and the Wi-Fi network for threats. But it’s not entirely clear what happens during the system scan. On Android, it clearly says sit’s scanning for viruses, and shows a completion percentage. I did find its forced portrait orientation a little annoying, given the sparse use of screen space.
You get Safe Web for iOS devices too, but you have to set it up. For iOS, McAfee implements Safe Web as a VPN connection. Note, though, that the setup clearly says, “Safe Web isn’t an actual VPN, we’re just set up that way.” For a sanity check, I tried to visit a couple phishing sites from the macOS test that hadn’t been taken down. Safe Web correctly blocked them.
My McAfee contact confirmed that if you install an actual VPN it will supersede the Safe Web proxy VPN. Also, some browsers deliberately evade Proxy VPNs, so McAfee works specifically with Safari, Chrome, Firefox, and Opera Mini.
The Anti-Theft component is more complete than most iOS offerings. It locates your device on a map, and you can use it to sound a loud alarm to find a nearby device. Be warned; the alarm sounds like a screaming woman. Another button puts a message on the device instructing the finder to contact you and return it. You can remotely back up your contacts to the cloud (if you remembered to enable this feature on the iPad first).
I was surprised to find a Wipe option; that’s not something you usually find in an iOS antitheft app. It turns out that invoking this option simply wipes your contacts.
The final piece of the iOS puzzle is the media vault. When you enable this feature, it moves your media to encrypted storage. It warns at setup that you must move files out of the vault before uninstalling McAfee, or risk losing them. You enter and confirm a six-digit PIN and give McAfee access to your photos. Now you can move photos into the vault, or snap new photos directly to the vault, bypassing the regular Photos app.
That’s it for McAfee on iOS, but it’s more than some companies offer.
McAfee AntiVirus Plus hasn’t always gotten the best marks from the independent labs, but it seems to be improving. It’s still not up to the near-perfect scores of Bitdefender Antivirus Plus and Kaspersky, but McAfee did score well in our malware protection tests, and it aced our phishing protection test with 100 percent success. You get the most comprehensive protection when you install it on Windows. The Android edition is also quite full-featured, but you get less protection under macOS and still less on iOS devices. In an eclectic household with a mix of platforms, its unlimited licensing is a very good deal.
However, if what you need is antivirus protection for a defined number of PCs, you’ll do better with one of our other Editors’ Choice products. As noted, Bitdefender Antivirus Plus and Kaspersky Anti-Virus are the darlings of the independent labs. Norton Antivirus Basic extends excellent antivirus protection with a powerful Intrusion Detection System. And Webroot SecureAnywhere AntiVirus is the tiniest antivirus around. Your choice should depend on exactly what you want to protect.