These days, you can find almost anything bundled into one antivirus or another—firewalls, spam filters, even password managers. At the other end of the spectrum are lean, mean antivirus tools that just focus on the task at hand. TrustPort Antivirus Sphere belongs to the latter group. It does boast several bonus features, but they're all aimed at that core task. Alas, it didn't fare well in my hands-on testing, and the independent labs mostly ignore it.
Compare Similar ProductsCompare
Kaspersky Anti-Virus (2017)%displayPrice%
McAfee AntiVirus Plus (2017)%displayPrice%
Symantec Norton AntiVirus Basic%displayPrice%
Webroot SecureAnywhere AntiVirus%displayPrice%
Bitdefender Antivirus Plus 2017%displayPrice%
Avast Pro Antivirus 2016%displayPrice%
Emsisoft Anti-Malware 11.0%displayPrice%
ESET NOD32 Antivirus 10%displayPrice%
F-Secure Anti-Virus (2017)%displayPrice%
Trend Micro Antivirus+ Security (2017)%displayPrice%
Panda Antivirus Pro 2016%displayPrice%
Check Point ZoneAlarm PRO Antivirus + Firewall 2017%displayPrice%
Daily Safety Check Home Edition%displayPrice%
At $22.95 per year for one license or $29.95 for three, TrustPort is easier on the wallet than most of the non-free competition. Bitdefender, Kaspersky, Norton, Webroot SecureAnywhere AntiVirus, and more than a dozen others charge $39.95 for a single license. However, after working with the product I'm not sure it's a bargain, even at that price.
With the 2017 product line, TrustPort has added "Sphere" to each product name, and changed the user interface considerably. The small main window boasts a horizontal row of five large, square buttons against a dark gray background. A green button toggles the on-access scanner, and another configures the anti-exploit component. There are blue buttons to check for updates, display quarantined malware, and access bonus features.
What you won't see is anything like the big scan button that dominates Trend Micro Antivirus+ Security, Quick Heal, and a few others. The documentation points out that the on-access scanner should take care of any problems, but that there are several ways to launch a scan. You can scan any drive or folder by choosing from the right-click menu, or select from numerous scan possibilities by right-clicking the TrustPort icon in the notification area.
A full scan of my standard clean test system took 63 minutes. That's longer than the current average of 47 minutes, but again, TrustPort encourages users to skip the on-demand scan and rely on the real-time scanner.
Independent antivirus testing labs around the world put multiple products through grueling tests, all designed to identify those that are the most effective. I follow five labs that regularly report on their findings. In most cases, vendors must pay to have a product tested (and reap the reward of learning what areas need work). When a product appears in reports from multiple labs, it means the vendor considered the expense worthwhile, and the labs considered the product significant enough to merit one of their testing slots.
Top antivirus utilities like Kaspersky Anti-Virus and Bitdefender get the highest marks from many labs. If my simple hands-on tests don't seem to align with the lab results, I give the labs more weight.
Alas, there are very few lab results available for TrustPort. It doesn't show up in reports from AV-Test Institute, AV-Comparatives, or SELabs. These three offer the most information about a product's antivirus capabilities.
That leaves Virus Bulletin, with its VB100 and RAP (Reactive and Proactive) tests. I stopped tracking VB100 a while ago, because a single false positive translates into failure. The RAP test skews the other direction detail-wise, offering scores measured in hundredths of a percent. TrustPort's latest RAP score of 85.34 percent is better than average, but that's all the information I have. I can't build an aggregate lab score from one small data point.
Sharp-eyed users may notice that TrustPort uses two antivirus engines, code-named Argon and Xenon. These are licensed from AVG and Bitdefender, respectively. However, the labs state very clearly that their results apply only to the actual product tested, not to any licensee. So only tests of an actual TrustPort product are relevant.
I installed TrustPort on a virtual machine and waited for the necessary initial update. Then I initiated my malware-blocking test by opening a folder full of malware samples. TrustPort immediately started checking them, and quarantining any it found to be malicious. However, the process proved so CPU-intensive that the system was unusable for several minutes. Admittedly, the average user doesn't just open a folder full of malware and shove the antivirus's face in it.
With G Data Antivirus 2017 and some other competitors, you must respond to a popup notification for each detection. TrustPort conveniently stacks up multiple detections in a single popup. The on-access scan eliminated 84 percent of the samples at this point.
I launched each of the remaining samples, taking note of how effectively the antivirus blocked its installation. TrustPort missed a few, but managed to pull its overall detection rate up to 87 percent. Its malware-blocking score was 8.5 of 10 possible points, which isn't great, especially with no stellar lab results to offset it. Webroot, G Data, F-Secure Anti-Virus, and a couple others managed 100 percent detection. Webroot earned a perfect 10 points; G Data and F-Secure came close, with 9.8 points.
My malicious URL blocking test starts with a feed of the latest malware-hosting URLs graciously supplied by MRG-Effitas. These URLs are typically no more than a day or two old. The malware samples aren't zero-day threats by any means, but they're definitely in the wild. I launch each URL and note whether the antivirus kept the browser from reaching the URL, eliminated the malicious download, or did nothing at all. When I've got data for 100 valid malware-hosting URLs, I tally the results.
TrustPort's antivirus is at something of a disadvantage here, as the company reserves Web-based protection against malicious or fraudulent URLs for the security suite products. However, it proved quite vigilant at blocking malicious downloads. In many cases, it identified and blocked the download before I could even hit Save.
That vigilance wasn't sufficient to yield a good score, however. At 70 percent protection, TrustPort is in the lower half of recently tested products. Norton is at the top, with 98 percent protection. Avira Antivirus Pro came quite close, blocking 95 percent of the malware downloads.
For most products, I would proceed to test antiphishing capabilities, comparing the products detection rate with that of Symantec Norton AntiVirus Basic and of the built-in protection in Chrome, Firefox, and Internet Explorer. However, as noted, detection of undesirable websites isn't included in TrustPort's antivirus.
TrustPort devotes one of its five main buttons to the anti-exploit component. By default, this component runs in Silent mode, and the average user will assume that means it's offering exploit protection silently. Unfortunately, it isn't so. The default action in Silent mode is to allow all activity, meaning the anti-exploit component doesn't do anything. If you take it out of Silent mode, it pops up a notification when it detects chicanery, giving you the option to block or allow a specific action, or mark the program involved as trusted.
To evaluate this component, I turned off Silent mode and attacked the test system with about 30 exploits generated by the CORE Impact penetration tool. Not one of them triggered a notification by the anti-exploit component, though the on-access scanner tagged a dangerous payload for 20 percent of them.
It turns out I just didn't understand the meaning of exploit in this context. TrustPort doesn't watch for attempts to exploit specific vulnerabilities in the operating system or popular programs. Rather, it looks for programs attempting to manipulate other programs. For example, it found my hand-written programs that launch Internet Explorer and direct it to malicious or phishing URLs to be highly suspicious.
For a further test, I attempted to install 20 old utilities, programs that work by hooking deeply into the operating system. TrustPort flagged eight of them, giving me the option to allow or deny the suspicious action. Strangely, the checkbox to remember my choice wasn't functional, so the popups just kept coming, in every case. I could end the torture by choosing to trust the program, but I found no other way.
The same menu lets you switch to the application inspector component, disabling anti-exploit. This component aims to foil zero-day and polymorphic malware by preventing malicious behaviors. It prevents modification of sensitive file system and Registry areas, active processes, Windows services, and more. When it detects suspicious activity, it asks you, the user, to decide a course of action. You can allow the program, in which case it becomes trusted, with no limits. You can run it with sandbox-like restrictions. Or you can block it, in which case TrustPort kills the process.
I switched TrustPort to use the application inspector and repeated the test with old utilities. The application inspector flagged six of them for various crimes, among them modifying a protected Registry location, using harmful access privileges, and more. Two other utilities failed to function properly, with no notice from TrustPort. While both anti-exploit and application inspector flagged eight programs, only two programs got zinged by both.
It's possible to dig deep into settings and fine-tune the way these features work, but few users will go beyond the three basic settings. The default silent anti-exploit mode does nothing. The interactive anti-exploit mode blocks activity by some valid programs, and I couldn't end its popup cycle except by trusting the program. And the application inspector also blocks valid programs, but in a different way. After experiencing all three, I'm warming to the do-nothing option.
The Extra Applications button on the main window looks tempting. What could these goodies be? Alas, the average user won't be able to make use of them. Who understands what it means to Prepare BartPE Plugin or to Prepare Windows PE CD?
In fact, both options aim to let you wipe out the most persistent malware by booting into an environment where the malware has no power. If you dare to choose the BartPE option, TrustPort prompts you to select a folder and then announces that it successfully created the plugin. You're left to research BartPE on your own, and create a BartPE bootable disk including the plugin files.
If you choose instead to prepare a Windows PE CD, you'll find that you can't. Not without first downloading and installing Microsoft's Windows Automated Installation kit. This just isn't something the average user will do.
Bitdefender Antivirus Plus 2017 handles this same problem so much better. You don't have to fiddle with creating a rescue disk at all. Just choose Rescue Mode and the system reboots into a non-Windows environment where Bitdefender is king. Kaspersky automates the process of creating a rescue disk, and Avira at least lets you download its rescue disk as an ISO file. TrustPort needs to move away from the über-geeky BartPE and Windows PE solutions.
With its new name and user interface, TrustPort Antivirus Sphere makes a good first impression. However, most of the antivirus testing labs ignore it, and it earned mediocre scores in our testing. The anti-exploit component takes no action by default. If you take it out of silent mode, it pops up warnings about both good and bad programs. Yes, it costs less than most competing products, but the best of those are worth paying more for.
From the many dozens of antivirus products available, we've identified five as our Editors' Choice products. They are: Bitdefender Antivirus Plus, Kaspersky Anti-Virus, McAfee AntiVirus Plus, Symantec Norton AntiVirus Basic, and Webroot SecureAnywhere Antivirus. Each has its own virtues.