How I Test Antivirus Software

Last updated: July 3, 2026

Author: Neil Brown, cybersecurity advocate

Affiliate disclosure: Neil Brown Reviews may earn a commission when you buy through some links on this site. This does not change the rating formula. It also does not change the exact facts I report. I keep the review process separate from affiliate income.

My plain-English testing promise

I write for people who want safer devices without jargon. Most readers do not want a lab report. They want to know what works, what costs too much, and what is easy to use.

I use a hybrid testing model. I combine my own hands-on checks with data from world-class independent labs. This gives you practical advice backed by hard data.

What I test myself

I spend 20-30 minutes with every product I review. I install the software and go through the setup process. I navigate the main dashboard and look for the scan button, settings, and alerts. I test basic features like the VPN or password manager. I take my own screenshots so you can see exactly what the app looks like today.

A product can have strong protection and still be a poor fit for everyday users. I look at how clear the dashboard is. I check whether the plan limits are easy to understand. I also look at how easy it is to find customer support.

Here is a summary of what I check personally:

Area What I look for
Setup Download, install, account creation, first scan
Dashboard Status messages, scan buttons, settings clarity
Plan clarity Device limits, renewal notes, add-ons, trial terms
Features VPN, password manager, firewall, parental controls
Support Help center, chat, phone options, refund information

What I do not test

I do not run a full malware laboratory. I do not collect live malware samples. I do not test detection rates in a controlled lab environment. No home review site should claim to do this.

For protection and detection scores, I rely entirely on independent experts. These organizations test products at a scale that a small site cannot match.

Where protection scores come from

I use current data from three independent testing organizations.

AV-TEST publishes home-user antivirus results with separate scores for protection, performance, and usability. Each category is scored out of 6 points, for a maximum of 18 points. I use these scores as a primary input for the Protection category in my scoring formula.

AV-Comparatives publishes consumer tests, including real-world protection tests. These tests are designed to reflect everyday attack conditions. I use these results as a secondary check on protection quality.

SE Labs publishes security evaluation reports. It tests products against real-world attack methods. I use SE Labs data where it is available and relevant.

I always note the test period when I use lab data. Lab results can change over time. A product may perform well in one period and less well later. I treat one lab result as useful context, not as the whole story.

Source How I use it
AV-TEST Primary protection score input. I note the test period.
AV-Comparatives Real-world protection context where available.
SE Labs Attack-chain and home anti-malware report context.

How I score products

Every review uses a 10-point overall score. The score is a weighted calculation based on five categories.

Category Weight What it measures Data source
Protection 35% Malware, ransomware, web protection, phishing defense Independent labs (AV-TEST, AV-Comparatives, SE Labs)
Ease of use 20% Setup, dashboard clarity, alerts, beginner fit Neil’s hands-on testing
Features 20% VPN, password manager, firewall, parental controls, identity tools Hybrid (vendor data + Neil’s hands-on checks)
Value 15% Price, device limits, renewal terms, included features Automated pricing and plan research
Privacy and trust 10% Ownership clarity, data practices, regional restrictions Automated privacy and ownership research

The overall score is rounded to one decimal place.

Score Label Meaning
9.0 to 10.0 Excellent A strong choice for the stated use case.
8.0 to 8.9 Very good Worth considering, with clear caveats.
7.0 to 7.9 Good Useful for some users, but not a top pick.
6.0 to 6.9 Fair Limited fit. Consider only in narrow cases.
Below 6.0 Not recommended Avoid for most readers or use with strong caution.

What “Testing In Progress” means

Sometimes a review is published before my hands-on session is complete. When that happens, the review says so clearly. The Ease of Use score shows as “Pending” with a note. The overall score is marked as provisional.

The Protection, Features, Value, and Privacy scores still come from current lab data and product research. Once I finish my hands-on session, I update the page. The provisional marks are then removed.

How I keep pages current

Core commercial pages are checked at least quarterly. Pricing, plan names, product ownership, and lab results can change. When I find a material change, I update the relevant page.

Some products need faster updates. Kaspersky is one example. U.S. restrictions affect whether U.S. readers should consider it. Ownership changes also matter. I note the date of any major update at the top of each page.

Corrections policy

If you spot a factual error, please use the contact route on the About page. I aim to correct clear factual mistakes promptly. Please include the page URL and the exact point that needs review.

Where to go next

If you are choosing antivirus now, start with the best antivirus guide. To compare maintained reviews, visit the antivirus reviews page. You can also read more about Neil on the About page.