Is antivirus protection sufficient, or do you need a full security suite? McAfee’s current holistic approach leans strongly toward the latter, encouraging you to go beyond mere antivirus and fire up a McAfee suite. Where McAfee AntiVirus Plus (the company’s previous basic antivirus) offered cross-platform coverage for unlimited devices, the new McAfee AntiVirus, reviewed here, is strictly a one-PC antivirus. With that comprehensive coverage gone, McAfee is no longer an Editors’ Choice winner for antivirus. That honor goes to Bitdefender Antivirus Plus, with its many security features—including a VPN—and perfect scores from independent testing labs.
My McAfee contacts made it very clear that AntiVirus Plus is not at the end of its life. It just isn’t available for a new purchase anymore. McAfee will continue supporting existing customers “for the time being.”
The company strongly encourages new customers to enter at the suite level, choosing either McAfee Total Protection for a fixed number of licenses or the unlimited license subscription to McAfee+. At its higher pricing tiers, McAfee+ also comes with a comprehensive identity theft service.
Don’t go looking for this antivirus on McAfee’s website. It’s only sold through third-party partners such as Amazon and Best Buy, where it lists for $49.99 per year. Most antivirus utilities charge less for a one-license yearly subscription. For example, Bitdefender, Emsisoft, ESET NOD32 Antivirus, Trend Micro, Webroot, and ZoneAlarm all go for just under $40.
That’s it for McAfee’s pricing scheme. If you want to protect three computers, you buy three licenses—or you switch to a McAfee suite. This is an uncommon model, though Trend Micro and Webroot work the same way. Most antivirus companies offer volume discounts for three, five, 10, or even more licenses. The average per-device price for a three-license subscription is about $18, less than half the one-device average. At five licenses, the average drops to $13, and at 10 licenses, it’s below $9.
When it was available, McAfee AntiVirus Plus ran users $64.99 per year to protect all the devices in their households. With its departure, the only unlimited license antivirus I cover is Panda Dome Essential, which, while not billed as strictly an antivirus, occupies the antivirus position in Panda’s lineup. Panda charges $113.99 for that unlimited license. Every time you install protection on another device, you lower the per-device price.
Of course, with a free antivirus like AVG AntiVirus Free, you effectively have unlimited licenses. Avast One Essential, a stripped-down version of Avast One, costs nothing and protects all four popular platforms. These two are our Editors’ Choice winners in the free antivirus realm.
To install McAfee, you first go online and activate your license key. If you configure your account for automatic renewal, you get a Virus Protection Pledge from McAfee. That means if any malware gets past the antivirus, McAfee experts promise to remotely remediate the problem, a service that normally costs $89.95. In the unlikely event the experts can’t clear out the malware, the company refunds your purchase price. Norton offers a similar promise, as does ZoneAlarm Extreme Security.
With that housekeeping out of the way, it’s time to download and install the antivirus. I am pleased that the installer didn’t require handholding from me. Once installation is complete, the antivirus starts protecting you right away.
McAfee’s appearance is still evolving, though it retains a useful banner across the top that either reports “Everything looks good!” or offers a suggestion for improving your security. A couple of versions ago, this banner sat above three large panels titled PC, Web, and Identity. At the time of my previous review, these were replaced by six panels: Check your Protection Score, Antivirus, Tracker Remover, Protect More Devices, Browser Security, and Secure Apps. The current edition still features six panels, but their titles are mostly different: Antivirus, My Subscription, Update app, General Settings, Quarantined Items, and Real-Time Scanning.
You also find a row of icons down the left side that can expand to a left-rail menu. Clicking Home brings you back to the home screen, and My Protection opens a list of core antivirus tasks, such as launching or scheduling a scan and checking what’s in quarantine. The remaining menu items trend toward housekeeping topics: Account, Help, Settings, and Feedback.
I follow four independent antivirus testing labs that regularly publish reports on their findings. Three of the four currently include McAfee when they round up antivirus utilities for testing, which is a good sign. It means that they consider it significant and worthy of their testing efforts. At present, McAfee holds perfect scores from all three labs.
Testing experts at AV-Test Institute rate antiviruses on how well they protect against malware, how light a touch they have on performance, and how little they interfere with usability by wrongly flagging valid programs and websites as malicious. An antivirus can earn six points each for Protection, Performance, and Usability, for a maximum of 18 points. McAfee reached a perfect 18 in the latest report from this lab, as did Avast, AVG, and Bitdefender.
Researchers at SE Labs use a capture and replay system to challenge multiple antivirus tools with identical web-based attacks. Each antivirus can earn certification at five levels: AAA, AA, A, B, and C. In the latest round of testing, all the tested programs received AAA certification, McAfee among them. Other antiviruses that reach the AAA level in the latest reports include Avira, Microsoft, and Webroot AntiVirus.
AV-Comparatives regularly publishes a variety of tests; we follow three of them. Those apps that pass a test receive Standard certification. Those that achieve exceptional success can earn an Advanced or Advanced+ rating. McAfee is one of the half-dozen that earn Advanced+ in the latest results from all three tests.
McAfee’s success in the tough tests put on by MRG-Effitas has been uneven in the past. Where most tests report results across a range, these are effectively pass/fail, and McAfee racked up a few failures in the past. However, this lab didn’t put McAfee to the test in its latest report. Among those that passed both stringent tests are Norton AntiVirus and Bitdefender.
I’ve devised an algorithm that maps all the lab scores to a 10-point scale and yields an aggregate lab score from 0 to 10. Of course, when all the scores are perfect, like McAfee’s, the result is a perfect 10. The only competitor with an arguably better score is Bitdefender AntiVirus, which earned perfect scores from four labs. Keep in mind, though, that analyzing these lab tests is only a part of our evaluation.
In addition to checking results from independent testing labs, I put every antivirus through my own hands-on malware protection testing. Some programs I test don’t show up in reports from any of the labs, making hands-on tests essential. Even for one like McAfee, certified by three labs, this process gives me a chance to experience antivirus protection in action.
I start by opening a folder containing a collection of malware samples that I have collected and manually analyzed so I know just what damage they can do. For many real-time antivirus components, the minimal access that occurs when Windows Explorer checks the file’s name, size, and so on is enough to trigger an on-access scan. McAfee doesn’t scan until the sample launches, so I had to launch each one and watch how the antivirus reacted.
Tested with the newest malware collection, McAfee caught almost all the samples immediately on launch. In most cases, I saw a Windows error message appear and vanish, followed by a notification that McAfee quarantined a threat. It caught most of the remaining samples after launch. With 95% detection and 9.4 of 10 points, McAfee ties with Webroot among antiviruses tested using the current sample set. Malwarebytes Premium tops this group, scoring 9.8 points. Guardio and PC Matic Home also get 9.8 points, but both required me to modify the test, as Guardio only examines files when they’re downloaded into Chrome, and PC Matic blocks files based on a default-deny allowlist system.
It takes a long time to collect, curate, and analyze a new set of samples, so I don’t change to a new set often. To see how each antivirus handles the latest in-the-wild malware, I use a feed of the latest discoveries from MRG-Effitas. This feed is simply a list of malware-hosting URLs discovered over the last few days. I feed the list into a small program that launches each URL and makes it easy to record whether the antivirus blocked access to the URL, eliminated the malware download, or did nothing. I continue launching samples until I have data for 100 verified malware-hosting URLs.
McAfee’s WebAdvisor component blocked access to 53% of the malware-hosting URLs, identifying some as Risky and others as merely Suspicious. I can’t imagine a sensible user demanding to continue to a page their antivirus labeled Suspicious, so I counted both types as successful diversions.
The remaining URLs reached the download stage, at which point McAfee slid a banner into the browser announcing its intention of scanning the download “just to be safe.” In almost every case, it asked permission to block a download that looked dangerous—I always gave it permission. Overall, McAfee blocked 46% of the URLs at the download stage, for a total of 99%—better than the 93% it scored when I last tested it.
Malwarebytes and G Data also scored 99% when last tested. Only five antiviruses scored better than McAfee—Guardio, Norton, Sophos Home Premium, Trend Micro, and ZoneAlarm all earned a perfect 100%.
After installing a new antivirus, you should always run a full scan. The time for that initial scan varies quite a bit. This time around, McAfee needed two hours and 50 minutes to complete its initial full scan, one of the slowest times in recent reviews and an hour longer than the current average. Optimization during that initial scan allowed a repeat scan to finish much faster, an hour and 20 minutes. McAfee’s default quick scan claims to take from five to 15 minutes, and indeed, it scanned my test system in five.
In theory, you only need that drawn-out full scan once, as real-time antivirus should handle new threats. However, as a second tier of protection, McAfee schedules a weekly full scan. You can switch to scanning every two weeks or once a month, or you can create your own custom schedule.
Devising a Trojan for stealing user account credentials requires a malware coder to invent techniques for slipping past layers of antivirus protection and the operating system’s own security features. That’s no easy task, and it’s just the start. The Trojan still needs code to locate those credentials and phone them home. It’s a lot easier to just hoodwink the user into giving away their credentials. Not only that, phishing is platform-agnostic. Any device that has a browser—whether it’s a Chromebook or a smart toaster—can be your downfall. Even if you’re well-trained in spotting these scams, it just takes one lapse.
Phishing fraudsters create sites that masquerade as sensitive sites and spread links through spam, malicious ads, and the like. Bank sites, online gaming, dating sites—no secure site is immune. If you log in to the fraudulent website, you’ve handed your account over to the fraudsters. Such sites quickly wind up blacklisted, but the malefactors simply spin up new ones.
Because phishing pages are ephemeral, I test using the newest reported phishing sites, scraped from websites that track them. In addition to known and verified frauds, I make sure to include those that have been reported but haven’t yet gone through analysis. This puts pressure on the antivirus to heuristically examine web pages and detect frauds without relying on an always-outdated blacklist.
I launch each URL simultaneously in four browsers, starting with one protected by the antivirus in testing. The other three depend on protection built into Chrome, Firefox, and Microsoft Edge. I run through hundreds of reported phishing URLs, discarding any that one or more of the browsers can’t reach and any that aren’t verifiable credential-stealing frauds.
McAfee’s WebAdvisor routinely aces this test, scoring at or near 100%. When last tested, though, it dropped to a still-decent 94%. This time around, it’s back in the winner’s circle, once again exhibiting 100% detection. It shares that honor with Avast, Guardio. Norton Genie, Trend Micro, and ZoneAlarm. TMcAfee’s macOS edition also scored 100% when tested against the same samples.
McAfee’s ransomware protection component doesn’t have any independent presence. It’s just another layer of real-time protection. According to McAfee, if regular protection doesn’t recognize a brand-new ransomware attack, the antivirus watches its behavior. At the first faint sign of an attempt to encrypt files (what McAfee calls “file content transformation”), it makes protected copies of those files and cranks up its vigilance. When it reaches a firm decision that the program is truly ransomware, it quarantines it and restores the files from backup. Trend Micro Antivirus+ Security does something similar.
When possible, I simulate the zero-day possibility by turning off real-time protection, leaving only the ransomware component active. But as with Trend Micro, turning off real-time protection also disables the ransomware component.
Even so, I found a way to put this feature to the test. I keep hand-modified versions of every sample, which I use to check the flexibility of on-sight malware recognition. I created a new set of tweaked samples, different from all previous sets and thus never precisely seen before. McAfee didn’t eliminate these instantly at launch, giving the behavior-based ransomware protection a chance to show its mettle.
Out of a dozen samples, McAfee caught five as ransomware, identifying one of those by name. It tagged another six with the phrase Real Protect, the name of the component that discovered them. And it flagged one as generic malware.
If you’re keeping score, that only comes to 11. One of the hand-modified ransomware samples ran completely unhindered by McAfee. Note that this is different from my usual ransomware testing, in which all other protective layers are disabled. This happened with McAfee firing on all cylinders. The ransomware encrypted thousands of files, from the contents of the Documents folder to shortcuts on the desktop.
In this simple test, McAfee demonstrated that it can block most ransomware attacks, even when the sample is hand-modified to evade detection. However, the fact that it missed one tweaked sample, even with all antivirus components active, is worrying.
Most security companies reserve firewall protection for the full-blown security suite, but McAfee puts it right in the standalone antivirus. New since my last review, the firewall integrates with the built-in Windows firewall. Specifically, it checks outbound network traffic while leaving the built-in to handle inbound traffic. That leaves Windows firewall in charge of stealthing ports and resisting attacks from the web, tasks it handles well.
Those of us who’ve been around long enough remember the early personal firewalls, with their maddening, incomprehensible queries. SpecialMaster.exe wants to connect to URL 104.18.253.68 on port 8080; allow or block? Once or always? Consumers just aren’t qualified to answer those questions. Some always allow access. Others always choose block—until they break something, at which point they switch to allow. It’s not an effective system.
In previous editions, McAfee’s default was Smart Access mode, meaning it made all decisions about allowed network permissions. If you really wanted an old-school experience, you could dig into the settings and switch to Monitored Access, but I always advised against doing so. That’s no longer a worry, as the current firewall uses neither mode. Rather, it leaves this protection to the built-in Windows firewall. What McAfee does is block attempts by your apps to connect with risky sites. I couldn’t manage to see this in action, as such attempts were blocked by McAfee WebAdvisor.
Firewall protection isn’t much use if a malware coder can craft an attack that disables it. As part of regular firewall testing, I attempt to disable protection using techniques that a coder could implement. I found McAfee’s Registry presence much reduced since previous reviews, down from thousands of values to dozens. Some were protected against modification, others weren’t, but I found no way to turn off or damage protection by tweaking Registry data.
At my last review, McAfee had 14 processes visibly running, and I couldn’t terminate any of them. The process count is down to four, which is surely more efficient. I did manage to kill off the user interface, but it came back immediately when I clicked its notification area icon, so no worries there. The number of Windows services is also down, from eight to three. I found that I could stop the WebAdvisor service and set it to start up disabled, but the other two resisted. A reboot verified that I killed WebAdvisor. Clearly, the developers know how to protect processes and services. As I’ve said in numerous previous reviews, why not extend protection to all of them?
If you haven’t looked at McAfee’s antivirus for several years, you’ll find the landscape quite different. For starters, it no longer attempts to find and fix missing security patches; you’ll have to take care of that yourself. The App Boost and Web Boost features, admittedly less important to security, have also departed.
McAfee has long boasted a network feature called My Home Network. In years past, it included the ability to pair McAfee-equipped computers for remote management and to identify devices on the network that lacked McAfee protection. Remote management fell by the wayside more recently, and the current antivirus no longer includes My Home Network.
You might think the Tracker Remover feature would aim to keep web ads and trackers from profiling you, but what it really did was clean up traces of your computer and browsing activity. The secure deletion File Shredder, which allowed you to delete sensitive files beyond the possibility of forensic recovery, has also been removed.
McAfee’s Protection Center and Protection Score aim to encourage proper security behavior by rewarding users with a higher score. When I last reviewed the antivirus, I noted that many of the recommended behaviors weren’t available to those not at the suite level. In the current standalone antivirus, there’s no connection to the Protection Center.
It’s understandable that McAfee would choose to remove features that don’t get a lot of use or that are difficult to maintain. However, if you were one of those who did make use of the now-vanished features, their disappearance is sure to disappoint.
You’ve seen that WebAdvisor can steer the browser away from both malware-hosting websites and phishing frauds. The browser extension can also color-code results in popular search engines, letting you see before even clicking whether a site is safe, dangerous, or untested.
By default, McAfee only marks up results obtained using its own Secure Search engine, which it actively advises you to install. If you’d rather keep using Google, DuckDuckGo, or some other popular engine, you need to make a small settings tweak. Click the toolbar icon for the WebAdvisor extension, click the home icon at the top, and scroll down to choose “Tell me if a search result is safe in any search engine.”
You don’t have to make any changes to get notifications of dangerous links on your social media pages. By default, WebAdvisor marks up Facebook, Instagram, Linkedin, Reddit, Twitter, and YouTube. You can turn this feature on or off from the same WebAdvisor settings page, but I’d suggest you leave it on.
Ransomware attacks can be shocking, even frightening. Cryptojacking is much more subtle. You visit a website, and it coopts your system resources as part of a distributed system that mines for Bitcoin or some other cryptocurrency. Bear in mind that there’s nothing illegal about mining for Bitcoin. Mining is where Bitcoin and other cryptocurrencies come from. The problem comes when a website or program covertly hijacks your computer’s resources to mine currency for someone else. While WebAdvisor used to let you fine-tune its cryptojacking detection, it now simply rolls that protection in with defense against other types of risky sites.
McAfee AntiVirus earns high marks from the independent testing labs and from our own hands-on tests. However, its feature set is limited compared with its predecessor, McAfee AntiVirus Plus. Many longtime features have been removed, for one. And where the Plus edition protected all your devices on all platforms, the current antivirus is strictly Windows, with no volume discount for multiple PCs. If you truly need no more than protection for one Windows PC, it’s an excellent choice. Otherwise, look to our Editors’ Choice antivirus, Bitdefender Antivirus Plus, which earns perfect scores from four testing labs around the world and has a feature set that outdoes many security suites.
When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.
Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my “User to User” and “Ask Neil” columns, which began in 1990 and ran for almost 20 years. Along the way I …
PCMag is obsessed with culture and tech, offering smart, spirited coverage of the products and innovations that shape our connected lives and the digital trends that keep us talking.