How we test computer security software

Our method for assessing which software is best for protecting against malware.

Laptop computer screen displaying several malicious popups.

A computer in our internet security testing lab has a tough life. We install a security package, then bombard it with thousands of the worst malware attacks. After that, we reset the computer, install a different package, and do the whole thing again.

Choosing what to test

We aim to test popular security products you’re likely to hear about, plus some you might not be aware of. We want to capture new developments in the market and make sure the products we test will stay available after we publish  our results.

How we test

We install each internet security package on a newly installed and up-to-date Windows 10 PC and use Google Chrome as our browser. For Mac products, we instead use the latest version of Mac OSX and Safari. Any built-in security filters in the browser are switched off. Then the attacks begin.

Overall score

Our overall score for security software includes assessments for:

  • Protection (65%)
  • Ease of use (25%)
  • System impact (10%)


Our protection assessment includes:

  • Web test scenario: the ability to prevent an infection coming straight from the internet. We use real-world malware including targeted and untargeted attacks, covering as many different varieties as we can.
  • USB drive test scenario: the ability to prevent an infection coming from an external drive. This includes an offline test, where the software doesn’t have access to its online database, as well as a standard online test.
  • Anti-phishing: measures how efficiently the software blocks phishing websites. We visit at least 200 URLs and record the percentage of pages that are blocked.
  • On-demand scan: we fill a folder with a large collection of current malware samples, all active in the month prior to testing. Samples include malware targeting other operating systems, such as Android. Then we tell the software to scan that specific folder and determine its rate of detection, both online and offline.
  • False positive test: more than a million clean files are screened, to determine the false positive rate.

We complete this section of the test four times over four months and take an average. This better represents the ongoing protection over the course of a subscription.

Ease of use

We assess the ease of:

  • purchase and installation
  • interface navigation
  • using the firewall
  • malware scanning, including dealing with virus alerts
  • using the help function
  • uninstallation.

System impact

We measure how the security software affects the time it takes to perform tasks such as loading web pages, opening Microsoft Office documents, downloading from the internet and installing software. We also measure the hard drive space and RAM used up by the program.

Ready to choose?

Find out how to find the right software with our buying guide, or see our test results to see which we recommend.