McAfee antivirus software is well known the world over. It is very important when downloading and purchasing antivirus tools that you only download files from websites and companies you 100% trust. This is because computer viruses are spread through file downloads which inject malicious code onto your site.
CleanBoot to the Rescue
On over half of my malware-infested test systems, my initial McAfee installation failed to complete successfully, for one reason or another. Tech support recommended that I run McAfee's CleanBoot rescue disk, a Windows-based bootable antivirus.
For all but a couple of the problem systems, CleanBoot totally did the job. Once I got McAfee installed I ran a full scan. Interestingly, every full scan after a CleanBoot scan found nothing at all, suggesting that CleanBoot incorporates McAfee's very latest technology. I mention this because the bootable rescue systems offered by many vendors run in retro text-only mode, and a subsequent full scan often finds traces missed by the bootable solution.
On one system, a virtual fistfight between McAfee and malware sucked up all the CPU cycles. Tech support took some very detailed diagnostic logs and, after quite a bit of back and forth, supplied a one-off solution. Another system lost all connectivity after its full scan. I supplied diagnostic files requested by tech support and they came back with a fix. Overall I give McAfee three stars for installation experience; it would have been four except for the very lengthy repair process on the CPU-impaired system.
CleanBoot seems to have exactly the malware-fighting power of the McAfee antivirus, packaged in a bootable form that doesn't have to contend with malware running alongside it. That being the case, I'd suggest running a CleanBoot scan before any attempt to install McAfee on a system that's' not guaranteed clean.
Decent Malware Removal
With installation problems solved, I went on to run a full scan on each of my twelve malware-infested test systems. McAfee missed a fair number of the resident samples, and didn't remove all the executable traces of some that it did find. In a few cases, I found a malware process still running after supposed cleanup. With a 75 percent detection rate and 5.9 points overall for cleanup, McAfee is in the middle of the pack, much as it was in last year's test.
Very Good Malware Blocking
When an antivirus tool can get its processes installed and running before malware shows up, it has a much better chance of keeping the system clean. McAfee works hard to block infection at many levels, starting with the Internet, source of most malware infections.
I always check a product's Web-based protection by trying to re-download my current malware collection. Of course, many of the URLs are either no longer valid or only sporadically active. Sometimes well over half simply return an error message. I noted with interest that McAfee blocked almost all of these URLs, even those not currently working, and blocked a few others immediately on download. One way or another, it blocked 90 percent of the URLs.
Of course, malware could enter the PC via other means. To check the next level of protection I opened a folder containing already-downloaded instances of the same samples. It took a little while, but once McAfee started grinding through it eventually eliminated almost 90 percent of them. It caught a few more when I launched the survivors. McAfee detected 92 percent of the samples and scored 9.2 points for malware blocking, which is quite good.
SiteAdvisor and Phishing Protection
Powerful protection against malware-hosting websites is just one benefit of McAfee's SiteAdvisor toolbar. For many years, SiteAdvisor has been crawling the Web, looking for sites that host malware, spew spam at visitors, or otherwise prove to be undesirable.
SiteAdvisor marks up your results on popular search websites using red, yellow, and green icons for dangerous, iffy, or safe websites. A grey icon means the site hasn't yet been analyzed. You can click on the icon for a popup with a bit more detail, or click on the popup to view SiteAdvisor's very detailed report. The report may show such things as what malware the site hosts, how much spam it sent (with examples) and links to known bad sites. You'll also find that SiteAdvisor marks up links on your Facebook page.
In recent years, SiteAdvisor's mission has expanded to include steering users away from phishing sites—fraudulent websites that attempt to steal login credentials for banks, auction sites, even online gaming sites. When tested last year, SiteAdvisor proved remarkably accurate, with a detection rate four percentage points higher than that of consistent antiphishing champ Norton.
I'm not sure what changed, but it didn't do nearly as well this year, especially against the very newest phishing sites. Perhaps the fraudsters have just gotten smarter? This time around, McAfee's detection rate lagged 38 percent behind Norton's. That's still in the top third of current programs. Note that I've stopped comparing products with the antiphishing built into Internet Explorer 8's SmartScreen Filter; my testbed requires IE8, but the best phishing protection is found in IE10.
Most vendors reserve firewall protection for their full security suite; not McAfee. They've packed a powerful firewall right into the entry-level antivirus. I prodded the firewall using port scans and various other Web-based tests; it defended the test system exactly as it should.
Preventing attack from outside is one facet of a firewall's job; the other is foiling any attempt at betrayal from within. Firewalls typically exercise control over which programs can access the Internet and the local network. Early firewalls simply reported on each program attempting a connection and asked the user to make a decision. I know, I know, it makes no sense. The user isn't trained to make that decision!
In its default Smart Access mode, it consults McAfee's Global Threat Intelligence database to make all the decisions about what sort of network permissions to give each program. If you're a glutton for punishment, you can switch it to Monitored Access, meaning the firewall will ask you for the final decision on each new program. Even if you do choose to make the final decision yourself, the Smart Advice feature will let you know what action McAfee would recommend.
For testing, I enabled Monitored Access and launched a few guaranteed-unknown programs, verifying that McAfee popped up asking whether to let them access the Internet. Next I tried a collection of leak tests—programs designed to make an Internet connection without triggering program control. The Intrusion Detection system caught about half of them, and when I re-enabled the real-time antivirus it wiped out the rest.
Intrusion Detection also helped when I attacked the test system using exploits generated by the Core Impact penetration tool. It blocked just under 20 percent of the exploits. Real-time protection kicked in for another 10 percent, identifying and eliminating files that exploits dropped on the test system. None of the exploits actually penetrated security.
I'm impressed overall with McAfee's firewall. Norton's antivirus includes exploit protection but not a full firewall. Trend Micro relies on Windows Firewall, adding a "firewall booster." McAfee has actually included a full-scale intelligent firewall that rivals (or betters) what you'd get in many suites.
Conclusion - A Wide-Ranging Solution
With phishing protection and a top-notch firewall joined to essential antivirus protection, McAfee AntiVirus Plus could serve as a bare-bones security suite (as long as you don't need parental control or spam filtering). Its collection of bonus tools like QuickClean, shredder, and My Home Network just make it seem more suite-like.
McAfee did earn an excellent score in my malware-blocking test, but other products have rated better with the independent labs.