I was somewhat surprised to find that a one-year Ashampoo license costs $49.99, 10 dollars more than Emsisoft Anti-Malware 11.0, Bitdefender, and many others. Emsisoft also offers many levels of volume discount prices; switch your order from one license to two and you pay 30 percent less for each; go to three and it's 50 percent. When I filled in larger numbers on the Ashampoo site, it simply priced them out as multiples of the one-license price, no discount. However, my company contact pointed out that there's almost always a deal of the day, or deal of the week, in place, so that "close to none of our customers ever had to pay full retail prices for any of our products."
Like Emsisoft, Ashampoo's main window features a big status panel that's green as long as everything is humming along nicely. If something's not configured correctly, it turns red and offers a button to fix the problem. Four other panels cover scans, quarantine, updates, and bonus tools. Like Emsisoft (I'm going to get tired of saying that!) it echoes these panels in a menu across the top. But unlike Emsisoft, there's hardly anything to configure. Ashampoo's aim is to keep things simple.
In addition to the expected full, quick, and custom scans for malware, Ashampoo includes a separate scan for removable devices. I'm not sure how necessary that is. Some products, notably Panda Free Antivirus (2016), can actually modify your removable devices to prevent infection by autorun-launched malware. That's a more worthwhile feature.
No Help From the Labs
Serious security companies submit their software to independent testing labs. This serves to validate their technology, and also helps them identify any areas that need more work. Certainly it's impressive when a vendor's website can display top-level certification from multiple labs.
Three of the labs that I follow test Emsisoft Anti-Malware, and four of them include Bitdefender Antivirus Plus 2016. Both products score very well. Since Ashampoo licenses technologies from both of these, one might be tempted to assume it would score just as well.
However, the labs themselves make one thing very clear; their results apply only to the tested product, period. I've observed for myself that vendors don't always make proper use of the technology they license, or don't license the entirety of the other vendor's technology.
None of the labs I follow test Ashampoo itself, so for this review I don't have any guidance from the labs. That's a shame. The fact that Kaspersky Anti-Virus (2016) and Bitdefender get such high lab scores gives me plenty of confidence to recommend them.
Impressive Malware Blocking
It was sheer coincidence that I wound up testing Emsisoft and Ashampoo at the same time. I didn't know about the connection until later. And in truth, I wouldn't have guessed it from the way the two behaved in my hands-on malware blocking test.
To start this test, I simply open my folder of samples, which is enough to get some products scanning. If nothing happens, I click on each sample. When that doesn't get a rise out of the antivirus, I copy the samples to a new folder. That's the point where Emsisoft's default real-time protection kicked in. But Ashampoo didn't react at all until I attempted to launch the samples.
On the one hand, a Trojan that's just sitting on disk, never launched, isn't actively harmful. But on the other hand, if your antivirus were to crash or get turned off, and if that Trojan were somehow launched, you'd have trouble. I'd feel safer with an antivirus that doesn't wait until the last minute. And no, you can't configure it to do otherwise.
When I did start launching the samples, Ashampoo caught almost all of them instantly, before they executed a single line of code. This left Windows a tad confused, displaying the message "This file is currently not available for use on this computer," but it was effective.
I was a bit disturbed to find that Ashampoo's default action on detecting malware is to just prevent execution, leaving the file in place. In addition, from time to time Ashampoo displayed the message, "Restarting antivirus engine. Please wait." Did that mean the antivirus was temporarily inactive? Probably not, but it raised my worry level.
I did find that clicking the More Options button afforded me some more sensible choices. Here I could block the file and quarantine it, or block and delete it. But it also gave me the option to allow execution and whitelist the file, or allow and whitelist "this infection." Why would you do that?
My company contact admitted that "this is indeed a possible gateway, especially if the PC is used by an inexperienced user," but that it was necessary due to the possibility of false positives. My own thought is that the antivirus should block and quarantine found malware by default. In the event of a false positive the user can rescue the item from quarantine. For testing, I always chose block and quarantine.
One sample that did manage to launch gave Ashampoo some trouble. The sample itself was a Trojan that looked like a chat application, but once it got running Ashampoo reported behavior suggestive of spyware. I clicked Block again and again, but the warning kept recurring. There was no option to always block the behavior. My only other choices were to allow the action or to whitelist the program. As a tester I had an easy out; I just reverted the virtual machine to a clean state. The average user would be stuck clicking Block over and over again.
On the plus side, Ashampoo tied Webroot SecureAnywhere AntiVirus (2016), with 100 percent detection of the samples. Webroot also earned a perfect 10 points in this test; Ashampoo's 9.8 points is better than any other product tested with my current set of samples or the previous set. Emsisoft scored 9.4 points, which is still pretty good.
Note that this is a big improvement for Ashampoo. Its previous edition, tested against my previous malware collection, earned just 7.5 of 10 possible points, a poor score.
Good Malicious URL Blocking
My malicious URL blocking test revealed the tight connection between Emsisoft and Ashampoo. This test uses malware-hosting URLs very recently discovered by researchers at MRG-Effitas. Since I had both products in hand, I ran their malicious URL blocking tests simultaneously. In almost every case, the products behaved identically. If one blocked access to the URL, so did the other. If one wiped out the file during download, so did the other. And if one did nothing, so did the other.
In addition, both products use a somewhat unusual technique for blocking these dangerous URLs. Most antivirus utilities divert the browser to a warning page. Ashampoo and Emsisoft just block the connection, leaving the browser to display an error message. A transient popup lets the user know what happened.
Ashampoo blocked 67 of 100 samples at the URL level and eliminated another 21 during download, for a total of 88 percent protection. That's pretty good, but Avira Antivirus Pro 2016 recently managed 99 percent protection. Prior to that big win, the highest score was 91 percent, shared by Norton and McAfee AntiVirus Plus (2016).
See How We Test Malware Blocking
Whenever I see an antivirus that reports on suspicious behavior, I immediately wonder if that feature might be triggered by valid programs as well. In some cases, my hand-coded test utilities are seen as suspicious, which is completely reasonable. For example, a program that launched hundreds of malware-hosting URLs, and that's never been seen outside of one particular computer? That's suspicious!
Ashampoo left my tools alone, and let most of my collection of sample valid programs install and run without issue. It did report one sample as suspicious, accusing it of injecting code into other processes. Indeed, this utility has to take control of Windows Explorer somewhat in order to control icon placement on the desktop. But that alone doesn't make it malicious.
In my testing, just two programs triggered suspicious behavior warnings, one malware sample and one legitimate utility. That's not as bad as Emsisoft, which reported suspicious behavior by fully a third of my valid programs, or Comodo Antivirus 8, which warned about as many as five different behaviors for some. I'm just not a fan of behavior monitoring systems that warn about single, simple actions, leaving the user to make the security decision.
Poor Phishing Protection
Ashampoo handles phishing sites (fraudulent sites that try to steal your security credentials) the same way it does malware-hosting sites. It pops up a transient warning and prevents the browser from accessing the site. However, its antiphishing performance left a lot to be desired.
For this test, I gather a large collection of URLs that have been reported as fraudulent but haven't yet been verified and blacklisted. By the time a phishing URL is on the blacklist, it very well may have vanished. Invariably, quite a few of the reported URLs are already dead by the time I try them in testing.
I simultaneously launch each URL in five browsers, one protected by the product under test, one by long-time phish-killer Symantec Norton Security Premium, and one apiece by the protection built into Chrome, Firefox, and Internet Explorer.
In this test, Ashampoo's scores tracked very closely with those of Emsisoft, but slightly lower. Both are among the lowest scores for recent products. Ashampoo's detection rate lagged 79 percent behind Norton's and well over 50 percent behind both Internet Explorer and Chrome. It did beat Firefox, but in my tests Firefox seems to be in an antiphishing slump. Don't rely on Ashampoo for phishing protection. Note that Bitdefender owns the all-time top score in this test; apparently Ashampoo didn't license antiphishing.
See How We Test Antiphishing
Ashampoo comes with six bonus tools, but several of them are too advanced for the average user. As the Tools window warns, each time you launch one of these, the program must restart with Administrator privilege, meaning you'll have to respond to a User Account Control prompt.
The File Wiper can come in handy if you need to delete sensitive information so thoroughly that it can't be recovered even with forensic hardware. By default, it overwrites a file's data seven times with different bit patterns and then deletes it. You can crank it down to three or one overwrites. The technicians I've talked with at DriveSavers say that even a single overwrite makes a file extremely hard to restore. Going the other direction, you can select the Gutmann Method, which overwrites files 35 times.
Naturally the trade-off is time—more overwrites take longer. But even at the highest level, the process didn't take long. I dropped a folder containing 50MB of files onto the File Wiper and clicked Destroy. The process took 25 seconds. Note that many products offering secure deletion don't let the user tweak details like the number of overwrites. ThreatTrack Vipre Antivirus 2016 is an example.
Worried about someone tracking your Internet antics via traces left in the browser? The Internet Cleaner wipes browsing traces for Internet Explorer, Firefox, Opera, Chrome, Safari, and Edge. Data removed includes cookies, caches files, and browser history, among other things. There's an option to exempt certain cookies from deletion; it comes preloaded with URLs for Amazon, eBay, and Ashampoo. Click Delete now and your browsing traces quickly vanish.
Like Norton, Ashampoo includes a tool to manage those programs that launch at startup. Norton reports each program's resource usage, and its prevalence among Norton users. Ashampoo takes a different tack, reporting on the program's average rating by Ashampoo users, if available. You can add your own rating, if you like. It also reports on Internet Explorer plug-ins. To reversibly disable any item from launching at startup, just un-check the box. Of course, the change doesn't take effect until you reboot.
The remaining three tools are for experts, not average users. One of them searches for files on NTFS-formatted drives that contain Alternate Data Streams or ADSes, but points out that while a malicious program may hide data in an ADS, valid programs use them too. Indeed, the only ADS found on my test system was in the Ashampoo installer! The Layered Service Provider Viewer lists all LSPs on your system and flags any that aren't standard. Once again, these may be perfectly valid. My test system necessarily uses two LSPs from VMware. Finally, the Hosts File Checker looks for possible malicious modification of the Hosts file, which overrides the normal mapping of domain names to IP addresses. Geeky!
Great Scores Aren't Quite Enough
Using technology licensed from Emsisoft and Bitdefender, Ashampoo Anti-Virus turned in an excellent score in our hands-on malware-blocking test and a very good score in our malicious URL test. It scored poorly in the antiphishing test, though, and the independent testing labs have nothing to say about it. If you're desperate to use Emsisoft's antivirus technology, you're probably better off getting it directly from Emsisoft, unless you're really excited by Ashampoo's bonus tools.
Better still, choose one of our four Editors' Choice products. Bitdefender Antivirus Plus gets great lab scores; Kaspersky Anti-Virus rates even higher. Webroot SecureAnywhere AntiVirus aced our in-house antimalware test, and it uses an amazingly tiny amount of resources. All three cost less than Ashampoo. You might think at first that McAfee AntiVirus Plus is more expensive, but your subscription lets you install protection on any number of Windows, Mac, or mobile devices. And all four companies are squarely focused on security.