September 30, 2022

The Home of the Security Bloggers Network
Home » Cybersecurity » DevOps » Beware fake anti-virus reviews
Some anti-virus reviewers know what they are talking about. Others don’t. Some are just in it for the money. How can you tell which reviews are worth your time?
Most people believe that you should run anti-virus on your PC. Independent security experts, governments and every computer journalist on the planet promotes this advice. And they are not wrong. There is no doubt that installing anti-virus is one of the most important things you can do to keep your computer and its data safe.

Download home anti-virus reports now! (free – no registration)
But not all anti-virus programs are equal. This is because the bad guys are always changing how they attack. Anti-virus companies must keep up and update your software to block them. Some companies are better than others at tracking the trends. As we mentioned last month, even independent security experts stop short of helping you decide which program to use. So how do you decide?
The simple answer is to check our website. Our home endpoint security reports are all you need.
(‘Endpoint’ is the name the security industry uses for PC anti-virus software).
But you may choose to look further. This guide will help you sort the useful reviews from the misleading ones.
TIP: We don’t expect everyone to read through every anti-virus report that we produce but it helps to check the headlines in the most recent one or two.
With a quick glimpse you can see which are the front runners. Then you can decide what to buy, based on these details and other important details such as price.
Given that you might want to look further than SE Labs for advice on anti-virus (😮), where else should you go? The safest option is to visit websites belonging to well-known, professional anti-virus testers. There are only a handful, and most are members of the Anti-Malware Testing Standards Organization. AMTSO tracks tests from members and notable non-members.
Not every anti-virus test is worth your attention, though. While we applaud enthusiastic amateurs getting involved in the security world, sometimes home-made tests are unintentionally biased.
It’s like trusting your friends down the pub (or on social media) to give sound advice on vaccine technology or investing in the stock market. You might listen to them but hopefully won’t make life-changing decisions based entirely on their opinions.
“Not every anti-virus test is worth your attention.”
While established professional testers don’t always agree with each other, they use scientific methods to check that anti-virus software works properly. If they all agree that certain products are strong, you can be confident in choosing them.
But less rigorous reviews on the internet can be very misleading. How can you find out which reviews are worth your time, and which are so naïve or made-up that you should ignore them completely?
When you search for “Best antivirus” on Google and YouTube you’ll see plenty of reviews. Who are these people? And how do they decide which anti-virus programs are best? Can you trust their opinions much, or even at all?
Some reviews are created by enthusiasts or journalists. Others are created by businesspeople who make money promoting anti-virus products. They then earn commission when you buy them. Some reviewing organisations are even run by security companies that sell anti-virus products!
The SafetyDetectives site makes recommendations about security software. This site is owned by a company that makes security software. We know this because SafetyDetectives openly admits it.
A link at the top of the webpage called ‘Ownership’ produces a pop-up that notes the site is owned by Kape Technologies PLC, which in turn owns ExpressVPN, CyberGhost, ZenMate, Private Internet Access and the Mac anti-virus product Intego. And yes, Intego is listed as one of the best anti-virus products, along with the common foursome we mentioned above. We welcome this unusual level of transparency.
You might worry about taking financial advice from someone who earns commission on the pension plans, energy deals or painkillers that they recommend. The same applies here. The reviewer is biased and making recommendations for their benefit, not for necessarily yours.
“Some reviewing organisations are even run by security companies that sell anti-virus products!”
Can you imagine a situation in which a business that sells a product would ever recommend a competitor? Consider that, when you read an anti-virus review published by an anti-virus reseller.
It is possible to earn money online by selling products for other companies. This is called ‘affiliate marketing’ and it’s similar to when you share a link to a product on Amazon and get a small amount of money if anyone follows that link and buys the item.
According to online shopping site Shopify, affiliate marketing lets you, “earn a commission by promoting a product or service made by another retailer… using an affiliate link.”
If we put special links to McAfee, Norton or Avira on our website, you could click through, buy one of those products and we’d make a small amount of money. Those companies would know that you’d clicked through from our site and reward us for bring them new business.
But we don’t do that, partially because it would undermine the independence of our reports. If we provided affiliate links you might suspect, quite reasonably, that we would be tempted to give top marks to the best-paying products.
Affiliate marketing can work responsibly. The British financial expert Martin Lewis runs the MoneySavingExpert website, which makes money by providing affiliate links. But the business team seeks these links after the advice has been written. There is an editorial code published on the website. It’s up to individuals whether or not they choose to believe that MoneySavingExpert keeps to its claims and code, but at the very least it makes some clear claims.
The anti-virus affiliate marketing schemes that we see online are usually much less transparent.
Many of the reviews that we’ve seen from different sources agree with each other very closely. They consistently recommend produces from the same four or five anti-virus companies. Could it be that each of these reviewers have managed to reach the same conclusions independently, based on testing?
It’s possible but, as the reviewers give no detail about how they test, we can only guess. Another possibility is that they have all identified the anti-virus companies that run well-paying affiliate marketing schemes. It is possible that they are recommending the products that will bring them the most money.
Earning money is not illegal and maybe these four frequently recommended products are really good. So, could these reviews still be useful? Yes, if the reviewers were clear about how they decided which anti-virus products to recommend. If they explained how they tested, that would help. If they claimed to follow sensible guidelines they could avoid accusations of bias. We’d know that they were not just recommending certain products in order to earn the best commissions.
“If they chose the best products by rolling a dice then they should say so.”
If a review declares that it recommends products because of the commissions, at least customers could understand what’s going on and decide whether or not to trust it.
Ideally reviewers would follow the one accepted Standard for testing anti-virus. Then we could have confidence in their results. Or enough understanding to be able to judge the merits of the review process.
For example, if they chose the best products by rolling a dice then they should say so and we, the customer, can decide if that’s an acceptable way to decide. If they don’t tell use how they reach their decisions we cannot know how seriously to take them.
Sign up to our home security newsletter.
The ‘best antivirus’ reviews we’ve read and watched tend to focus on ‘feelings’ of security rather than facts. Sometimes reviewers run very basic tests that neither stress the products nor give them a chance to show off the strength of their features.
For this blog post we chose the first YouTube anti-virus review that appeared on Google with the search term, “best antivirus”. This was published by cybernews. The reviewer, “felt so secure with [product name]… With all these features, I really felt like the viruses were never getting close.”
Feelings are driving the reviewer’s opinion. This opinion is based on the existence of features. The reviewer largely assumes that these features work, although he did run a very small anti-malware test. He says he, “planted 10 malicious files onto my PC.”
We don’t know how he did this. What does “planted” mean? Did he copy the files from a USB drive, giving the anti-virus programs a chance to detect them as they arrived? Or download them from a malicious website? Or send them via email? All of these are realistic ways to bring malware onto a system.
“You deserve to know how reviews such as this evaluate quality.”
Or did he disable the anti-virus, copy the files onto the system and then run a basic scan in a very limited and unrealistic test. We don’t know, because he doesn’t say.
His performance testing is also extremely vague. The product, “might slow down an older device.” Well, it might, or it might not. Did he test it with a number of PCs to find out? How were those PCs configured? Did it contain lots of files or a plain Windows installation? We don’t know, because he doesn’t say.
Cybernews’ website claims its reviewers, “link and evaluate products and services because of their quality and not because of the compensation we receive.” You deserve to know how reviews such as this evaluate quality.
The best way to choose an anti-virus product is to check the reviews from well-known scientific testing organisations. Then consider the products that performed the best over a period of time, and which have features you personally care about. Price should also be a major consideration.
Avoid excitable reviews that prattle on about how ‘awesome’ an anti-virus program is, without providing any detail about what ‘awesome’ means.
Use affiliate sites if they can provide you with savings on anti-virus products, but we respectfully suggest that you don’t trust their lists of ‘best’ products without double-checking with reports such as those we provide for free on our website.
Our security test reports for enterprise, small business and home users are available for free.
Please download them and follow us on Twitter and/or LinkedIn to receive news, comment, updates and future reports.
Sign up to our monthly business and personal security newsletters.
See all blog posts relating to test results.
The post Beware fake anti-virus reviews appeared first on SE Labs Blog.
*** This is a Security Bloggers Network syndicated blog from SE Labs Blog authored by Simon PG Edwards. Read the original post at: https://blog.selabs.uk/2022/09/beware-fake-anti-virus-reviews/
More Webinars
Security Boulevard Logo White
DMCA

source

Leave a Reply