Free is good: No-cost Panda Software tops AV-Test's rankings of antivirus software

A number of antivirus products caught all the malware the testing lab threw at it. But only a few were free.

Antivirus suites are only as good as their latest tests. And in's latest roundup for July and August, the usual suspects--BitDefender, Kaspersky, McAfee, and Symantec--came out on top.

The same holds true for the free options. If you're a cheapskate, you can download Panda Security's free cloud antivirus and have a good chance that it will catch everything that the shadowy corners of the Web can throw at it--as it did in AV-test's own proving ground.

But if you think that Microsoft's own Windows Defender (or Microsoft Security Essentials in Windows 7) antimalware solution will do the job, you're almost entirely wrong. Microsoft caught less than 80 percent of both the known malware that threw at it, as well as the unknown or so-called zero-day malware that it was tested against. It's like saying your roof will catch 80 percent of the rain--eventually, there's going to be a leak.

Why this matters: It's a good idea to re-evaluate your antivirus solution regularly. Is it up-to-date? Getting the job done? If there are any lessons at all, it's that the big names in the antivirus industry have earned their reputations. Check to see if yours is among them.

There are two major test houses that periodically evaluate major antivirus suites and Internet security services: AV-test and, which recently published its own August rankings, also treats Microsoft as the baseline, claiming that it caught only 85.5 percent of the antimalware samples it was tested against.

The victor? Panda again, which caught every malware sample that AV-comparatives tested against. (Note the high number of false positives, however, meaning that safe files were incorrectly flagged as malware.) The only other suite to do the same was Avira, although it's not clear whether AV-comparatives used the paid Internet Security suite, as did, or the free, standalone antivirus version. also ranked paid antivirus solutions for businesses. Each and every one--BitDefender, F-Secure, and Symantec--caught 100 percent of the tested malware. Microsoft, again, came in dead last, managing only to catch between 74 and 79 percent.

There's absolutely no guarantee that any of the antivirus products that have historically performed well will continue to do so--or will snag the next piece of malware your PC encounters. However, one trend is positive: In a recent, prolonged test by, the traditional antivirus powerhouses continued to do well.

Here are a few points to consider when designing an antimalware strategy for your PC:

  • Microsoft alone doesn't cut it. Whether you consider a paid or free option, you're going to need something else.
  • Historically, paid antimalware solutions like BitDefender, McAfee and Symantec continue to perform well, so the effectiveness of their antivirus protection should be seen as about equal. Other factors may help you decide among these suites, such as support for mobile devices or special security features like McAfee's LiveSafe encrypted cloud storage. 
  • You can get by with free antivirus solutions from Panda and others, but their quality could vary over time.
  • Antimalware, while still useful, still can't block a direct attack on your machine. (A firewall can.) Nor can it prevent you from clicking on a poisoned link sent you by your "Uncle Steve"--or someone posing as him. Consider an Internet security suite for this very reason; here's our evaluation of the 2014 security suites. Otherwise, make sure you have some additional protection besides a simple antivirus solution.

Join the CSO newsletter!

Error: Please check your email address.

Tags Panda SoftwaremcafeesymantecMicrosoftsecuritypanda securitybitdefenderantivirusantivirus software

More about AviraBitDefenderF-SecureKasperskyMicrosoftPandaPanda SecuritySymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Hachman

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place