It used to be easier to distinguish between antivirus software and security suites, but these days the lines are blurry. McAfee AntiVirus Plus (2017) not only includes firewall protection and a veritable host of additional security features, it also allows unlimited installations on all of your Windows, macOS, iOS, and Android devices. That sort of multi-platform protection used to be something you'd only get with a suite. McAfee doesn't necessarily score at the top in our tests or independent lab tests, but it's uniquely capable of protecting every device you own.
Compare Similar ProductsCompare
Bitdefender Antivirus Plus 2017%displayPrice%
Kaspersky Anti-Virus (2017)%displayPrice%
Symantec Norton AntiVirus Basic%displayPrice%
Webroot SecureAnywhere AntiVirus (2016)%displayPrice%
Avast Pro Antivirus 2016%displayPrice%
Emsisoft Anti-Malware 11.0%displayPrice%
ESET NOD32 Antivirus 9%displayPrice%
F-Secure Anti-Virus 2016%displayPrice%
Trend Micro Antivirus+ Security (2017)%displayPrice%
Panda Antivirus Pro 2016%displayPrice%
Check Point ZoneAlarm PRO Antivirus + Firewall 2017%displayPrice%
Daily Safety Check Home Edition%displayPrice%
A subscription price of $39.99 per year for one license seems to be the going rate for antivirus tools. Bitdefender Antivirus Plus 2017, Kaspersky, Norton, and Webroot are among the many that sell for about that price. At $59.95 per year, McAfee might seem more expensive, but, as noted, this subscription lets you install protection on every single device in your household, including Windows, macOS, iOS, and Android devices. Far from being more expensive, it's a fantastic bargain.
That multi-device mode influences the way you install the product. You start by redeeming your 25-digit product key online and either adding it to your McAfee account or creating a new McAfee account. After logging in to your account, you can either download the software locally or send an email with a download link to another device.
New with this year's product line, McAfee offers a Virus Protection Pledge. If the product can't remove a virus (or any other kind of malware), tech support will do everything they can, including remote diagnosis and remediation. If they can't fix it, you get your money back. Enabling the pledge does require that you sign up for automatic renewal, but that's not unreasonable. Norton's similar promise requires either direct purchase or automatic renewal, and applies only to the Norton suites, not to Symantec Norton AntiVirus Basic. Check Point also has a guarantee, but only for the top-of-the-line ZoneAlarm Extreme Security.
I should mention that McAfee also makes available a one-device PC-only product called McAfee Antivirus, without the Plus in its name. Apparently there are a few people who prefer paying $39.99 to protect a single PC rather than tossing in another $20 to protect unlimited devices. Go figure!
The installation process has been streamlined, requiring hardly any user interaction. Once the product has installed and updated, you're ready to go. You won't see any significant difference in the user interface. The layout and the gray-green-blue color scheme haven't changed. And as before, you can click the Navigation link to get an alternate main page that offers direct access to all program features.
The real difference is underneath the hood. The latest McAfee product line uses a completely new virus detection and remediation engine, called Real Protect. This engine relies strongly on behavior-based detection to minimize the local signature database and catch zero-day malware. Like Webroot SecureAnywhere AntiVirus, when McAfee encounters a suspicious unknown program, it sends behavioral data to the cloud for analysis, journals the program's behavior, and rolls back all the malware activity if the cloud component decides the program is malicious.
My McAfee contacts supplied the results of an independent performance test comparing last year's edition with the current edition across many different metrics. The tests ran on both a high-performance machine and a relative clunker. It's worth noting that on the clunker, a full system scan and a repeat scan both took longer with the current edition. That matches my experience, since my virtual machine test systems aren't terribly resource-rich. A full scan took almost an hour and a half, nearly twice the current average. Scan speed isn't all that important, though, since you can continue using your PC during the scan. And a second scan finished in just 35 minutes.
So-So Lab Scores, But…
Because I review antivirus products shortly after release, the independent lab test results that I report are always slightly dated. That's usually not a problem, because the vendors keep their antivirus definitions up to date in between major revisions. However, McAfee gradually phased in the new antivirus engine over the past few months, so it's not clear to what extent the labs have tested this engine. The results may change in the next round of testing. And that's a good thing, because the results aren't all great.
The research experts at AV-Comparatives perform a wide variety of tests on antivirus and other security products; I follow five of these. Products that pass a test receive a Standard rating. Those that do more than the minimum needed to pass can earn an Advanced or Advanced+ rating. McAfee participates in three of these five tests, and received one Standard and two Advanced ratings. Bitdefender and Kaspersky both swept the field with five Advanced+ ratings.
For a multi-faceted look at antivirus capability, AV-Test Institute scores products on protection, performance, and usability, assigning up to six points for each. McAfee aces the usability test, meaning it marked few or no legitimate programs and websites as malicious. A minor performance impact earned it 5.5 points in that test. But in the all-important protection test it only managed 4.5 points, for a total of 16. Trend Micro Antivirus+ Security, Kaspersky, and Bitdefender scored a perfect 18 in this test.
To imitate real-world protection as closely as possible, the team at Simon Edwards Labs captures Web-based attacks and uses a replay system to hit each product with the exact same attack. This lab certifies products at five levels, AAA, AA, A, B, and C. McAfee earned certification at the middle-of-the-road A level.
Earlier this year I added a pair of tests by MRG-Effitas to my list. One very specifically measures protection against banking Trojans, while the other attempts a comprehensive selection of active malware types. Where most of the other labs offer a range of scores, this one basically tags protection as perfect, near-perfect, or failed. Like many other products, McAfee failed both of these tests. Due to their pass-fail nature, I've reduced the impact of these tests in my lab score aggregate calculation.
For McAfee, that calculation yielded 7.9 of 10 possible points, which isn't so good. Kaspersky Anti-Virus managed a perfect 10, Norton took 9.7 points, and Bitdefender got 9.4. Once again, though, McAfee's scores don't reflect the brand-new antivirus engine.
Mixed Malware Blocking
McAfee fared quite a bit better in my own hands-on malware-blocking test, but with a couple of odd hiccups. With the advent of the new behavior-focused engine, McAfee no longer scans files on access. Rather, it waits for launch and then either whacks the file immediately if it's a known threat, or tracks its behavior and rolls back malicious actions as necessary. In testing, I did see several samples whose description indicated that they'd been blocked by Real Protect.
McAfee detected 94 percent of my samples and earned 9.2 of 10 possible points, which is pretty good. However, among those it missed were two rather virulent ransomware specimens. One is so nasty I have to cut off the Internet before launching it, or risk a nasty note from my ISP. As for the other, I launched it and watched as it encrypted files in my documents folder and displayed its ransom demand, with no reaction from McAfee. You'd think that kind of behavior would have been noticed.
All of the samples mentioned above are far from zero-day. To get a feel for how antivirus products handle up-to-the-minute threats, I start with a list of very recent malware-hosting URLs supplied by MRG-Effitas, each of which points directly to a malicious executable. I navigate to each URL in turn, discarding any that are already non-functional, and record whether the antivirus blocks the URL completely, destroys the downloaded payload, or sits idly by.
McAfee's WebAdvisor browser extension proved quite impressive. In most cases, it first displayed a banner stating that it was examining the download and then warned that the file was dangerous. A few times the warning didn't appear, the download proceeded, and the real-time protection system scanned and eliminated it. Just once, the WebAdvisor scanned and greenlighted a file, after which the real-time scanner marked it as suspicious. The two protection layers aren't identical, and that's just fine.
Once I got to 100 samples, I quit and ran the numbers. McAfee blocked 85 percent of the malware downloads, the vast majority of them in the browser. That's better than the current average of 70 percent, but quite a few products have done better. When I tested Avira Antivirus Pro 2016, it blocked 99 percent of the URLs completely. Norton's protection rate came in at 98 percent.
So-So Phishing Protection
All the malware protection in the world won't help if you get tricked into giving away your security credentials to a fraudulent (phishing) website. Like most modern antivirus products, McAfee includes a component to detect and block phishing sites. However, its accuracy in my hands-on antiphishing test took a nose-dive this time around.
For this test, I scrape data from a number of antiphishing websites, specifically going for URLs that have been reported as fraudulent but not yet classified and blacklisted. I launch each URL simultaneously on a test system protected by the product under test, in another protected by long-time antiphishing champion Norton, and in three others using the protection built into Chrome, Firefox, and Internet Explorer.
Last year, McAfee's detection rate was just 2 percentage points behind Norton's, and it did a better job than all three of the browsers. That's quite good. The only recent products to actually beat Norton are Bitdefender, Kaspersky, and Webroot.
This time around, though, McAfee lagged a full 44 percentage points behind Norton, 40 percent behind Chrome, and 24 percent behind Internet Explorer. It did beat Firefox, but lately Firefox has made a very poor showing in this test.
The lesson here is simple. Don't turn off your browser's phishing protection. McAfee can still make a contribution any time it catches a fraudster that the browser missed.
The earliest personal firewalls were famous for bombarding users with incomprehensible security questions. Putting the decision of whether or not to allow an unknown program Internet access in the hands of the user turned out to be a bad idea. Most people either always clicked Allow, or always clicked Block until they broke something important, then switched to Allow.
Like Symantec Norton Security Premium, Bitdefender Internet Security, and others, McAfee automatically assigns network permissions to known good programs and keeps an eye on the behavior of unknowns, ready to shut them down if they abuse the network connection. You won't see any sign of program control unless you open Firewall settings and change the Traffic Controller setting from Smart Access to Monitored Access. When I did so, it correctly identified my tiny hand-coded browser as an unknown and asked me whether to allow it online. However, most users should leave this setting at its default value.
The firewall built into Windows handles such tasks as blocking port scans and putting all ports in stealth mode, so any firewall that aims to replace it must take over those tasks. McAfee correctly stealthed the ports and defended against the Web-based attacks I threw at it.
If you dig into the firewall settings, you'll find there are a ton of configuration settings available. You can turn on Intrusion Detection, view and modify program permissions, open ports, and more. But unless you're a network expert, you should take a strict hands-off approach. Likewise, without that expertise you probably won't get much out of the Traffic Monitor.
Norton is one of the few products with an intrusion detection system that blocks exploit attacks at the network level. However, in many products the antivirus component whacks some of the executable payloads. In last year's test, McAfee caught a third of the exploits I hit it with. The change in the antivirus engine cut that detection rate way back. When I hit McAfee with 30 exploits generated by the CORE Impact penetration tool, it actively blocked just two of them. Another two seemed to be blocked when I enabled the Intrusion Detection System. At least, the browser displayed an error message. But since these didn't show up in the log, I can't be sure.
I always check for weaknesses that would allow a malware coder to programmatically disable firewall protection. To start, I comb the Registry to see if there's a simple off switch. Poring through McAfee's more than 750 Registry keys and more than 2,800 registry values, I did find what seemed to be such a switch. However, changing it externally had no effect; it's just an indicator of the current on/off state, not a control.
Out of the 14 McAfee processes I found running, the only one I could kill was the WebAdvisor; all the rest were properly armored. However, as has happened before, I managed to stop and disable eight of McAfee's Windows services. Admittedly these weren't the most essential ones, but it surprised me to see the big green "Your computer is secure" message with so many components disabled.
See How We Test Security Software
I've mentioned the WebAdvisor component's ability to head off dangerous downloads and identify malicious or fraudulent websites. It can also mark search results, flagging sites as safe, iffy, or dangerous using green, yellow, or red icons. Sites that have been actively vetted by McAfee and found super-safe get a special McAfee Secure marker; Norton's SafeWeb does something similar. Note that by default WebAdvisor only marks up results in McAfee's own Secure Search. I advise configuring it to mark results in any search engine.
If you point the mouse cursor at a site-rating icon you'll see a popup with a brief explanation. You can also click a link to get a full report on the site. I did observe that the full report seems less detailed than what used to appear for McAfee SiteAdvisor.
New in this edition, it actively attempts to defend you against typosquatting sites. These sites are deliberately names with slightly misspelled versions of popular websites. For example, when I typed www.paypla.com, it popped up asking if I actually meant PayPal.
My Home Network
As noted, you can install McAfee on all the devices in your network. If your PC is in the office and your kids have their own laptops or PCs, you can use My Home Network to monitor their protection.
When you open this component, it shows all of the devices on your network, along with the computer name for each, or the IP address for other devices. PCs with McAfee installed display a McAfee shield logo. To set up trust between two PCs, you enter a passphrase on one, submit it, and then go enter the same phrase on the other.
Once the trust relationship is established, you can view the other system's status in the network map. If there's anything wrong with the configuration, perhaps because your teen turned off antivirus during an online fighting game, you can remotely fix the configuration. It's a useful feature.
Numerous Bonus Features
For a nominally standalone antivirus, this product looks remarkably like a suite. I'll briefly describe its remaining bonus features.
The QuickClean component scans your system for junk files such as broken shortcuts, file fragments, and temporary files, by default. You can add a few more abstruse categories such as thumbnail caches and memory image files. And you can have it scan the Registry as well. It also wipes cookies, cache files, and history in all of your browsers. You can launch it at will, or schedule it to clean up at regular intervals.
A lot of the data breaches you read about in the news happen because the company or institution failed to keep their systems fully patched. McAfee's Vulnerability Scan seeks out missing security updates for Windows and popular programs. By default, it scans once per week and awaits your permission to install any found updates. You can tweak the schedule if you like, and can also set it to automatically install updates.
You know by now that deleting a file in Windows merely sends it to the Recycle Bin. Even if you skip the Recycle Bin, or empty it, the data for deleted files remains on disk until another file overwrites it. McAfee's file shredder offers four levels of security, Basic, Safe, Comprehensive, and Complete, ranging from a single overwrite before deletion at the Basic level up to 10 overwrites at the complete level. You can shred the Recycle Bin, Temporary Internet Files, or any files of your choice. It also adds a Shred option to the right-click menu for files and folders.
From the Navigation page, you can access a number of online resources. McAfee's Threat Map indicates hotspots for malware and spam using color codes. Connect with the Virus Information Library if you want to learn what threats are prevalent, or get more detail about something the antivirus found. The HackerWatch site is a community for sharing information about the latest Internet threats. If you have a deep and abiding interest in all things security-related, these three tools should prove interesting. If not, well, the map is pretty!
Mac and Mobile
This review focuses on the Windows version of McAfee AntiVirus Plus, but I'll run through what you get for your macOS, iOS, and Android devices too. Note that Mac and mobile support is the same across the entire McAfee product line.
McAfee really wants you to make use of your subscription across all of your devices. To that end, the device management screen includes a button that scans the network and reports on devices that could have McAfee installed, but don't yet.
To manually extend protection to another device, you log into your McAfee account and either download the installer for the current device or send a link in an email message. The link automatically ties the new installation to your account.
Protection on a Mac is quite limited compared to what you get on a PC. It does include a firewall, and protection against the small but growing number of macOS malware attacks. It scans email and IM attachments for malware. As on the PC, WebAdvisor steers your browser away from dangerous sites and marks up search results. That's about it.
Android devices get a good deal more than Mac in terms of protective features. In addition to antivirus and WebAdvisor, you get the ability to remotely locate, track, lock, and wipe your device, with the option to do a remote backup before wiping. You can also back up your data at any time, and restore to the same device or a different device.
If it's just about to run out of power, your Android device transmits its location using the S.O.S. feature. Android security products from Lookout and Bitdefender do something similar. App protection points out too-broad permissions for apps on your device and ranks them by level of privacy sensitivity. McAfee can filter unwanted calls and texts, and its CaptureCam silently snaps a photo of someone who found (or stole) your device. Wi-Fi security warns when you connect to an unsecured hotspot, and actively cuts the connection if it detects shenanigans. There's a battery optimizer to eke out more screen time. It can send notifications to your Android Wear watch, and pair the watch with another device so you don't leave either behind. The feature set is quite extensive.
Those installing McAfee on iOS devices don't get quite as much. There's no antivirus, for starters, which makes sense given the dearth of iOS malware. Wi-Fi security, battery optimization, app protection, WebAdvisor, and call/text filtering are absent. You can locate and wipe the device, but can't lock it or track it in real time. And the backup feature handles contacts only.
On the plus side, the S.O.S. feature works on iOS devices, as does CaptureCam. And you can pair your Apple Watch with an iOS device to get notifications and keep from losing either.
McAfee AntiVirus Plus doesn't always get the best marks from the independent labs.That honor goes to Bitdefender and Kaspersky. It scored high in some of my own hands-on tests, but lower than last year in others. This product's claim to fame is twofold. It has a huge feature set when installed on Windows, and you get unlimited licenses to install protection on your Windows, macOS, iOS, and Android devices. It's that amazingly broad protection that earns McAfee an Editors' Choice for commercial antivirus.
However, if your main aim is to install antivirus on a fairly limited number of PCs, you may do better with one of our other Editors' Choice products. As noted, Bitdefender Antivirus Plus and Kaspersky Anti-Virus are the darlings of the labs. Norton Antivirus Basic extends excellent antivirus protection with a powerful Intrusion Detection System. And Webroot SecureAnywhere AntiVirus is the tiniest antivirus around. Your choice will depend on exactly what you want to protect.