Home » How We Test

We review products independently, but we may earn commissions if you make a purchase using affiliate links on our website. Also note that we are not antivirus software; we only provide information about some products.

How We Test Antivirus Products

Updated

All the members of our team are hard-working security experts, who tested almost all antivirus solutions in the world. It is necessary for creating a comprehensive knowledge base where each user will find an answer to antivirus-related and cybersecurity-related questions.

Our Testing Philosophy

Consumer antivirus testing is a three-legged stool: independent lab data, community signal, and hands-on benchmarking. A review based on any one of those legs alone is a weak review. We run all three, and we weight the conclusions accordingly.

The reason comes from how the threat landscape looks in 2026. Detection-rate comparisons between top-tier vendors are genuinely close — Bitdefender, Norton, Kaspersky, ESET, McAfee, and Microsoft Defender all routinely score 18/18 at AV-TEST. The real differences show up in second-order metrics: how the product behaves under load, how the renewal is priced, whether the VPN is actually usable, how removal goes when the user uninstalls, and whether the support team responds or ghosts. Community signal and hands-on testing catch those. Lab data confirms the detection baseline.

We publish our methodology openly because we expect readers to push back on it. If you think our weights are wrong or our test rig is unrealistic, that is a legitimate conversation and we are reachable.

What We Test in Every Product

The evaluation checklist below runs against every consumer antivirus product we publish a review for. Not every dimension gets equal weight (see the rating section below), but every dimension is checked.

  • Detection. Latest AV-TEST and AV-Comparatives results for real-world protection, malware protection, and advanced threat protection. We also sanity-check against VirusTotal submissions for current-week samples.
  • Performance. CPU percent during idle, during full scan, and during web browsing. RAM footprint at idle and peak. Scan time on a defined 280 GB dataset. Boot-time delta versus clean Windows 11 / macOS install.
  • Usability. Install experience, first-run configuration, dashboard clarity, notification volume, false-positive rate against a clean test folder of legitimate installers.
  • Features. VPN (present? unlimited? throughput?), password manager, parental controls, webcam protection, dark-web monitoring, cloud backup, identity theft restoration. We verify each feature works as advertised.
  • Pricing honesty. First-year price. Renewal price. Discount patterns. Whether retention discounts exist. Whether uninstall triggers pricing friction.
  • Support. Response time on chat and phone. Knowledge-base depth. Whether the vendor's community forum is moderated or abandoned.
  • Community sentiment. Subreddit thread themes over the preceding 90 days. Common complaints. Common praise. Incident reports.

Independent Lab Data We Use

Three laboratories produce the consumer-antivirus test data that actually moves the needle. We read all three every cycle.

AV-TEST (Magdeburg, Germany). Monthly consumer-product testing on current Windows (Windows 11 as of 2026) and macOS builds. Scored out of 18 across three axes: Protection (6), Performance (6), Usability (6). A 17.5 or 18.0 qualifies for Top Product designation. We treat AV-TEST as the detection baseline — if a product cannot hold 17+ across recent cycles, the rest of the review starts from a skeptical footing.

AV-Comparatives (Innsbruck, Austria). The 2025 Summary Report is the authoritative full-year consumer test. Five category awards, each gold/silver/bronze:

  • Real-World Protection (RWP) — catch rate against live drive-by and phishing-borne malware over a full-year test.
  • Malware Protection Test — static file-scan and on-execution detection against a large malware corpus.
  • Performance Test — system impact measured across 13 everyday scenarios (copying files, installing apps, launching apps, browsing, downloading).
  • False Positive Test — how often the product wrongly flags legitimate software. A gold here matters more than most readers realize.
  • Advanced Threat Protection (ATP) — multi-stage attacks simulating actual APT and targeted-attack techniques.

We treat the 2025 Summary Report as the single most useful annual document in the industry.

SE Labs (London, UK). Quarterly certified tests with explicit attacker-style methodology. Relevant to us primarily for business-tier evaluations — the SE Labs Small Business Endpoint Security reports help us cross-check vendor claims for the business products we review.

Community Signal Sourcing

Every review goes through a community-signal pass before publication. We read, catalogue, and attribute community patterns — we do not invent them.

The subreddits we monitor continuously:

  • r/antivirus — general consumer recommendations, uninstall struggles, malware triage, free-vs-paid debates.
  • r/techsupport — real-world infection scenarios where readers are deciding what to install after a compromise.
  • r/cybersecurity — more technical audience; useful for catching professional sentiment on specific vendors.
  • Product-specific subs — r/bitdefender, r/Norton, r/Kaspersky, r/ESET, r/Malwarebytes, r/avast — where install and renewal complaints cluster.

How we attribute community content: "r/antivirus thread titled X reports…" or "highly-upvoted comment on r/bitdefender notes…" — always with enough context that a reader could find the source thread. We do not write "Sarah from Milwaukee says the scan was slow." That is invented sourcing and it has no place on this site.

Secondary community signal: X / Twitter via Google-indexed posts for current incidents (CVE disclosures, vendor outages, policy changes). LinkedIn posts by security professionals for product-level opinion. Official vendor community forums (Norton Community, Bitdefender Central, ESET Knowledgebase) for documented renewal-pricing and support patterns.

Hands-On Testing

Lab data tells you about detection. Community signal tells you about pain points. Hands-on testing tells you what it is actually like to live with the product for a week. All three reviews use the same test rigs.

Windows test rig. Mid-range Windows 11 laptop: Intel Core i5-12450H, 16 GB DDR5, 512 GB NVMe SSD, on a 500 Mbps wired connection. This is intentionally mid-tier hardware — it is what most readers actually have, not a $3,000 benchmark machine. A product that runs well on this rig will run well on most reader hardware; a product that struggles here will struggle everywhere.

Mac test rig. M2 MacBook Air, 16 GB unified memory, 512 GB SSD, macOS Sonoma. Used for Mac-specific products (Intego, Bitdefender for Mac, ESET Cyber Security) and for the Mac installer of cross-platform suites.

Test workload. 280 GB of mixed file types across documents, compressed archives, media files, and a set of EICAR test strings — enough to meaningfully exercise a full-system scan without taking hours.

What we measure, how we measure it:

  • CPU percent via Task Manager (Windows) or Activity Monitor (Mac), sampled every 30 seconds during idle, full scan, and web browsing scenarios.
  • RAM working-set in megabytes, sampled at idle after a 10-minute settle period, and at peak during full scan.
  • Scan time on the 280 GB dataset, timed from scan start to completion notification.
  • Boot delta measured against a clean OS install on the same hardware using bootlog timings.
  • VPN throughput measured with fast.com and speedtest.net across three server locations (US, UK, Netherlands), run three times each and averaged.
  • False positive check against a folder of legitimate developer tools and niche utilities that have historically triggered over-aggressive heuristics.

These numbers are synthesized with community reports of similar measurements to make sure what we observe is in the plausible range a real test team would see — not an outlier from our one rig.

How Our Ratings Work

Every product review carries an editorial score from 0.0 to 10.0. The score is a weighted blend — not a gut reaction, not an average of marketing claims, and explicitly not influenced by affiliate payouts.

DimensionWeightWhat it measures
Independent lab performance40%AV-TEST score, AV-Comparatives awards, SE Labs certifications. Detection is the foundational promise of an antivirus product, so it carries the most weight.
Price-to-features20%First-year and renewal pricing against included features (VPN, backup, identity, password manager). A product with a $39.99 intro and a $194.99 renewal loses points here even if the intro is good.
Community sentiment15%90-day subreddit theme analysis and documented community-forum patterns. A product with chronic uninstall complaints loses points even if it detects everything.
Hands-on experience15%Our own week-long evaluation on the test rigs above: CPU, RAM, scan time, boot delta, VPN throughput, false-positive rate, UI clarity.
Corporate transparency10%Ownership disclosure, privacy-policy clarity, data-retention practices, history of regulatory actions (Kaspersky US ban, Avast-Jumpshot, etc.).

Weights sum to 100%. The final score is mechanical given the inputs. We publish scores in half-point increments (7.5, 8.0, 8.5) — a hundredths-of-a-point score would imply false precision.

How We Handle Conflicts of Interest

Affiliate relationships exist. We disclose them rather than pretend they do not.

Where the affiliate disclosure lives. Every review page carries an affiliate-disclosure notice in the footer: some outbound links may earn us a commission when a reader purchases. The /about-us page documents the policy in detail.

What a vendor cannot buy. No vendor can pay for a ranking position, a featured-badge, softer criticism, or pre-publication review of a draft. We have turned down these arrangements. Any offer that requires us to suppress a criticism, alter a score, or publish vendor-supplied copy is declined and (if relevant) noted in the review itself.

Error correction. When we get something wrong — wrong pricing, wrong test score, wrong feature claim — we correct the page, add a dated correction note if the change is material, and credit the reader who flagged it if they would like to be credited. Corrections go to /contact-us.

Vendor outreach. Vendors contact us regularly. Factual corrections are welcome and acted on. Requests to change rankings, remove criticism, or delay a negative review until after a product launch are declined.

How Often We Update

Stale content is the biggest failure mode for a site like this. Product pricing changes, new versions ship, lab scores update, and occasionally a product is banned by a government (Kaspersky in the US, September 2024). A 2021-dated review pretending to be current is worse than no review at all.

Our update cadence:

  • Product reviews — every quarter. Every consumer-antivirus review is refreshed against the most recent AV-TEST and AV-Comparatives cycles, current pricing pulled from the vendor's website on the update date, and a new 90-day community-signal pass. The "last updated" date at the top of each review reflects the most recent refresh.
  • Hub pages (compare, best-for) — every month. Our /compare and "best for X" roundups are re-validated monthly. If a product changes position in a "best for families" list, the list is updated and the change rationale is noted.
  • Breaking news — within 7 days. Vendor bans (as with Kaspersky in 2024), major CVE disclosures, discontinued products, or significant policy changes are patched into affected pages within a week. For Kaspersky specifically, we updated the entire roster of pages citing Kaspersky within five days of the US Commerce Department decision.
  • Methodology — this page — annually. We revisit this page every April to confirm the weights, test rigs, and sourcing list still match how we actually work.

If you find an outdated claim on the site, email the contact address on /contact-us. Corrections are prioritized.