Anybody can download a 30-day trial of the program. The initial download is just a stub that downloads the latest version of the actual software, automatically choosing 32-bit or 64-bit as appropriate. To upgrade to a paid version, you enter your license key on the About page. Quick Heal wants to know quite a bit about you. In addition to an email address, it wants your full name, a phone number, and your country, state, and city. Picking your country and state from a drop down list is common, but I was surprised when choosing California caused the next entry to display a list of every city in California.
Immediately after installation, you're prompted to connect with Quick Heal Remote Device Management. You create an online account, with your email address and a password, and enter the product key again. Then you turn on the feature within Quick Heal, which gives you a one-time password that must be entered back in the online console. This complicated handshake might be a bit daunting for the neophyte user. In any case, the Remote Device Management account is only truly useful for mobile devices.
The components of the program's main window haven't changed, but they're colored and arranged slightly differently. You still see a big banner reporting the system's security status above four panels representing Files & Folders, Emails, Internet & Network, and External Drives & Devices. A News panel now appears at the bottom, with links to educational articles on security.
Mixed Lab Results
When I reviewed the previous version of Quick Heal, it appeared in almost none of the lab tests I follow. Things have changed for the better since then. Quick Heal received certification for malware detection from ICSA Labs. This sort of certification is different from scored lab tests. If a vendor's product doesn't initially achieve certification, ICSA Labs helps the vendor remediate any problems and attain certification.
Quick Heal is now also on the radar of the experts at AV-Test Institute, who evaluate antivirus products three different ways. Naturally they measure how effective the antivirus is at protecting against malware infestation. They rate its effect on system performance. And they calculate a usability score that's highest when the product exhibits the fewest false positives (valid programs or websites flagged as malicious). A product can earn 6 points in each category; Quick Heal got 5.5 in each, for a total of 16.5 points. That's decent, but in this same test Bitdefender Antivirus Plus 2017, Kaspersky, and Trend Micro Antivirus+ Security earned a perfect 18 points.
Quick Heal also now participates in four of the five tests by AV-Comparatives that I follow. A product that simply passes one of this lab's tests earns Standard certification. Those that go above and beyond the minimum needed to pass get certified at the Advanced or Advanced+ level. Quick Heal earned Advanced+ in the performance test and the static file detection test. In a test that measures how thoroughly products clean up malware that all of them detect, Quick Heal took an Advanced certification. And in the important whole-product dynamic test it was certified at the Standard level.
These aren't bad scores, but Avira Antivirus Pro 2016 took an Advanced+ rating in all four of the same tests. Bitdefender and Kaspersky Anti-Virus did the same in all five of the tests that I follow. Overall, though, Quick Heal made a much better showing than when I reviewed it last.
A full scan of my standard clean system took Quick Heal just 36 minutes. That's pretty quick, given that the current average is 45 minutes. It finished a second scan in just 7 minutes, demonstrating some form of optimization during the first scan. Some products take that optimization even further. For example, a repeat scan with F-Secure Anti-Virus 2016 finished in just two minutes.
You can choose to just scan for malware in memory, or to scan a specific drive or folder, if you prefer. For malware that manages to resist the normal scan, you can choose a Boot Time Scan instead, either a full scan or a quick scan of areas where malware commonly lurks. When you reboot the system, the text-only Boot Time Scan goes into action at the very beginning of the boot process, before rootkits and other persistent malware types have had a chance to load.
It's always possible that malware could render your PC unusable, either accidentally, due to bad coding, or on purpose, locking you out until you pay a ransom. Quick Heal does offer screen locker protection in the form of a special keystroke that can break you free from certain screen locking ransomware types. But sometimes you just can't run Windows, or can't run Quick Heal. That's where the Emergency Disk comes in.
As soon as you install Quick Heal, you should click the Tools menu and click Create Emergency Disk. A wizard guides you to download the latest content for the disk, and then handles the task of creating a bootable USB or CD/DVD. I had some trouble booting my test system from the Emergency Disk, which is not surprising given that I test on a virtual machine. It did boot, but then rebooted over and over. I did see enough to know that it boots in to a portable Windows environment, not a Linux variant.
Also on the Tools page is a separate AntiMalware scanner that focuses on edge cases like spyware, adware, fake antivirus, and so on. When I ran this scan it finished in a trice, reporting no malware found.
Some Slipups in Malware Removal
I continued my testing by opening the folder that contains my current set of malware samples. Quick Heal started picking them off right away, eliminating 58 percent of the samples on sight. Others have done much better at this stage of testing. For example, Check Point ZoneAlarm PRO Antivirus + Firewall 2017 killed off 81 percent of the samples on sight, and Trend Micro whacked 94 percent of them.
Next, I launched each sample that survived the initial purge. Every single one of them launched and at least started to install. That's quite different from my experience with McAfee AntiVirus Plus, which so thoroughly quashed execution for most of the samples that it freaked Windows out, causing a "file not found" error. Quick Heal did detect almost all of the samples during installation, for a total detection rate of 94 percent. However, it allowed half of those it detected to plant one or more malware executables on the test system. Those executable files dragged its malware blocking score down to 8.5.
For a different look at Quick Heal's ability to protect against malware attack, I started with a feed of malware-hosting URLs from MRG-Effitas, URLs no more than a day old. I launched each and noted whether Quick Heal steered the browser away from the URL, eliminated the malware download, or sat idly doing nothing.
Out of 100 verified malware-hosting URLs, Quick Heal blocked 92 percent, almost all of them by keeping the browser from ever reaching the URL. That puts it among the top few contenders in this test. Symantec Norton AntiVirus Basic blocked 98 percent of its challenge URLs, and Avira blocked 99 percent.
So-So Phishing Protection
The same Web-level protection that fends off malicious URLs also serves to steer naïve users away from phishing sites, frauds that try to steal login credentials by imitating financial sites or other secure sites. In fact, the warning page that appears in the browser is precisely the same for a malicious URL as for a fraudulent one. However, Quick Heal wasn't quite as effective against the frauds.
Phishing websites are ephemeral, because they quickly get blacklisted and shut down. That doesn't bother the fraudsters; they just open another fake site. But it does mean that I need the very newest phishing URLs for testing. I scrape phishing-oriented websites to capture URLs that have been reported as fraudulent but that haven't yet been analyzed.
The phishing URLs are different each time, and different fraud styles come and go. Rather than report hard detection-rate numbers, I report the difference between product's protection rate and Norton's. Why Norton? For ages it has consistently done a really good job detecting the very latest phishing frauds. It beats almost all the competition; Bitdefender, Kaspersky, and Webroot SecureAnywhere AntiVirus are the only recent products to outperform Norton.
Quick Heal didn't join those products in the top tier. In fact, it lagged 32 percentage points behind Norton, and 24 points behind the protection built into Chrome. It eked out a 5 percentage point advantage over Internet Explorer and handily drubbed Firefox. On the plus side, the previous edition of Quick Heal didn't even offer phishing protection, so this is a big step up.
The first challenge for any third-party firewall is that it must protect the system at least as well as the built-in Windows Firewall. Quick Heal fell down at this step. While it stealthed almost all of my test system's ports, it left the all-important HTML port 80 wide open. In addition, one of my Web-based tests revealed that it let the system respond to what's called a ping echo, a technique used by malefactors to troll the Internet for victims. That's not a good start.
Program control is the other main feature of most third-party firewalls. In Quick Heal this feature is a bit simplistic. Some settings are extreme. At the Low level, the firewall just allows all traffic. At the Block level, it blocks all traffic, including Quick Heal's own. There's also a mode to only allow Internet access for known and trusted programs. When I turned on this mode, trying to go online using my hand-coded tiny browser didn't trigger any kind of warning. It just displayed an error message.
In between all these extremes are firewall levels Medium (the default) and High. At the Medium level, the firewall displays a message when it detects suspicious incoming network traffic. At the High level it warns of suspicious incoming or outgoing traffic. I ran a handful of leak test utilities, but just one of them proved suspicious enough to trigger a warning.
The Intrusion Prevention System is considered a separate feature from the firewall, though they have similar tasks. I didn't see it spring into action when I hit the test system with 30 exploits generated by the CORE Impact penetration tool. However, the antivirus component eliminated the malware payload for almost half of the exploits, identifying most of them by name.
While the firewall's protection may not be top-tier, it's tough, at least. I couldn't find any way a malware coder could disable its protection. Significant values in the registry are protected against tampering. I couldn't find any way to kill its 12 distinct processes. Likewise, all of the nine essential Windows services associated with this program were hardened against anything I could do.
According to the help system, the Browser Sandbox "applies a strict security policy for all untrusted and unverified websites" and can "isolate any possible infection." I had trouble seeing just how this feature works during my last review, but I gamely dug in again, hoping to gain understanding.
This feature is turned off by default, and turning it on requires a reboot. By default, it displays a green border around any Chrome, Firefox, or Internet Explorer border that it's protecting. You can turn the border off, but seeing it is a good reminder. Also by default, it opens downloaded documents in a sandboxed environment.
You can up the protection level by banning the browser from any access to folders you define as confidential, and you can also prevent any browser-related process from making changes in protected folders. For testing, I defined the Desktop folder as confidential and set it to protect the Documents folder.
I uploaded a tiny text editor that I wrote myself to Dropbox, then tried to download it to the desktop on the test system. I got an Access Denied warning—Browser Sandbox at work! I downloaded the file to the Downloads folder instead, then launched it and edited a text file in the Documents folder. I thought Quick Heal should prevent that, but it didn't.
My contacts at the company explained that Browser Sandbox very specifically manages code running in the browser itself, for example, a malicious browser extension or drive-by download. It didn't let the browser download a program to the protected folder, but once the program was downloaded, it wasn't under observation or control by Browser Sandbox. This feature might protect you in some situations, but it's not the same as the hardened browser feature in Bitdefender, Avast Pro Antivirus 2016, and others.
See How We Test Security Software
I mentioned the AntiMalware scanner and the Emergency Disk earlier. The Tools page contains several other items that can be helpful, starting with Hijack Restore. It's not uncommon for malware to tweak your system settings in ways that make removal harder, or reset your browser home page and other defaults to unwanted value. Hijack Restore puts back the defaults for browser settings. It can also fix a raft of malware-induced configuration problems, restoring access to Control Panel, Windows Update, Regedit, Task Manager, and other useful tools.
Track Cleaner deletes traces of computer usage such as most recent file lists, along with cookies, cache files, history, and other traces of Web surfing. It wipes MRU lists for 7-Zip, Acrobat, and Microsoft Office programs, among others. And it sweeps away browsing traces for Chrome, Internet Explorer, Edge, Opera, and Safari (but not Firefox).
Almost all modern malware spreads via the Internet, but there are still some that use infected USB drives as a primary or secondary mode of infection. Quick Heal's USB Drive Protection modifies a USB drive so that, although a malware process can still copy itself to the drive, it can't configure itself to launch automatically when the drive is plugged in. The USB Vaccine feature in Panda Antivirus Pro 2016 and K7 Antivirus Plus 15 works in much the same way.
Disabled by default, Anti-Keylogger claims to prevent capture of your keystrokes. In testing, I found it did not work. I turned off antivirus protection in order to load a popular free keylogger. I typed some random search terms in my browser. And I found that the keylogger totally captured what I typed. In any case, keystroke capture is just one feature of these spy programs. The one I chose also captures screenshots, logs chat activity, records the websites you visit, notes which programs you launch, and more. I'm not impressed with this feature.
The remaining three tools aren't for you. Don't mess with them unless you're an antivirus expert. These are present so a Quick Heal support technician who's remote-controlling your system can use them to get information.
System Explorer displays all running processes, a bit like Task Manager, and it can kill processes like Task Manager. The main difference is that it offers plenty of detail about the selected process. When you drag the crosshairs from Windows Spy onto a visible window, you get a detailed property list for the application that owns that window. And support agents can exclude specific file instructions from the product's scan for troubleshooting purposes.
A Big Improvement
Quick Heal AntiVirus Pro 17 is much better than version 16. It earned decent scores from the independent labs and did well in some, but not all, of our hands-on tests. Its bonus firewall didn't test well, though, and while it offers quite a few bonus features, they're not all top-notch.
I track almost four dozen antivirus products, and from that crowd I've identified five worthy of being designated Editors' Choice. Bitdefender Antivirus Plus and Kaspersky Anti-Virus consistently get top ratings from the independent labs. Symantec Norton AntiVirus Basic does well too, and offers an impressive Intrusion Prevention System. An unusual behavioral detection system makes Webroot SecureAnywhere Antivirus the smallest antivirus around, and it aced my hands-on malware-blocking test. And while it doesn't test out quite as high as the rest, McAfee AntiVirus Plus lets you protect every device in your household, across multiple platforms. One of these will surely be the right antivirus for you.