Klopatra malware steals banking and crypto data, even when screen is off
Distributed via fake IPTV+VPN app, requests Accessibility permissions for full device control
Uses Virbox, anti-debugging, and encryption to evade detection and analysis
Cybersecurity researchers Cleafy have discovered a new, powerful Android trojan capable of stealing money from bank apps, stealing crypto from hot wallets, and even using the device while the screen is off.
Klopatra, an Android malware apparently built by a Turkish threat actor, does not resemble anything that’s already out there, meaning the tool was likely built from scratch. It was first spotted in March 2025, and since then has experienced 40 iterations, meaning the group is actively working on and developing the malware.
Klopatra is being distributed through standalone, malicious pages, rather than Google’s Play Store. It uses a dropper called Modpro IP TV + VPN, which pretends to be an IPTV and VPN app. Once the dropper is installed, it deploys Klopatra which, as usual for malicious apps, requests Accessibility Services permissions.
Thousands of victims
These permissions allow hackers to simulate taps, read screen content, steal credentials, and control apps silently – among other things.
Besides stealing people’s money, data, and fiddling around the phone, Klopatra also has a list of hardcoded Android antivirus names, which it then cross-references with the device and attempts to disable.
The malware also goes an extra mile to avoid being detected and analyzed.
It uses Virbox, a legitimate software protection and licensing platform, that defends apps against privacy, reverse engineering, and unauthorized use.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In this case, Virbox was used to prevent cybersecurity researchers from reverse-engineering and analyzing the malware. Furthermore, it uses native libraries to bring its Java and Kotlin use to a minimum, and recently started using NP Manager string encryption.
The researchers said the malware comes with multiple anti-debugging mechanisms, runtime integrity checks, and the ability to detect when it’s running in an emulator, thus preventing researchers from dissecting it.
So far, at least 3,000 devices across Europe are infected, Cleafy said.
Aura’s antivirus protected our laptops and mobile devices. Here it is scanning our Pixel 7 for threats.
Aura’s antivirus is overall basic, but its features work very well according to our tests. The antivirus offers the following features:
Real-time protection
Web protection
Malware scans
Real-Time Protection
This means the antivirus continuously scans your device for signs of malware, while running quietly in the background. It operates as you download from the web, launch apps, or open files and folders. If it detects anything suspicious, it automatically flags and quarantines it. It also sends you an alert every time. We’re happy to see real-time protection, as we consider it to be an essential antivirus feature. It’s convenient because it eliminates the need to regularly scan your computer.
We subjected Aura’s real-time protection to multiple antivirus tests and it performed well. For example, we tried downloading the EICAR malware test file1 while Aura was running — this is a file that’s not malicious, but is used to test the effectiveness of antivirus software. Aura stopped us each of the ten times we tried downloading the file.
In addition to testing the antivirus on desktop, we also ran AMTSO malware detection tests2 on Android, and Aura passed. AMTSO stands for Anti-Malware Standards Testing Organization, and it’s a non-profit organization that has been developing anti-malware testing methodologies for over 15 years.
Pro Tip: Even though Aura offers real-time protection, we still recommend manually running scans once or twice per month.
Web Protection (“Safe Browsing”)
Aura’s antivirus offers protection against online threats, like malicious links, shady websites, and phishing sites. It does so via “Safe Browsing,” an in-app feature and a browser extension that provides AI-powered filtering.
To see how good Aura’s web protection is, we tried accessing test malicious links available via EICAR, AMTSO, and WICAR3 (a collection of online tools for testing anti-malware software). In addition, we tried connecting to a few HTTP websites as well. Aura’s antivirus successfully stopped us from accessing all links.
Our only complaint is that Aura’s web protection was a little inconvenient to use. It’s built into the Aura app but as part of the VPN service, not the antivirus. So, you’d need to connect to the VPN to enable it. Most top antiviruses don’t bundle their web protection with their VPN services.
On the plus side, desktop users can get around that issue by using the “Safe Browsing” browser extension. It’s available for Chrome, Firefox, and Edge, and doesn’t require you to be connected to Aura’s VPN for it to work.
Expert Advice: For a similar feature that doesn’t require you to connect to a VPN, check out NordVPN’s Plus package. It includes “Threat Protection Pro” that works similarly to “Safe Browsing,” except it runs even when the VPN is off. It’s thanks to that feature that NordVPN made our list of the best VPN and antivirus bundles.
Malware Scans
Aura allows you to manually run scans. Like most antivirus services, it offers three types of scans:
Quick Scans. This is a type of scan that searches folders where most malicious threats are usually found, like temporary and system files. When we used it, Aura scanned roughly 1,100-1,300 files, and the whole process took just two minutes.
Full Scans. This scan is more in-depth, as it checks all files and folders on your device for signs of malware. In our tests, Aura’s full scan took around two hours and 15 minutes, and it scanned over 250,000 files.
Custom Scans. This is perfect for targeted scans, as it allows you to scan only selected files, folders, and external drives (like USB flash drives).
We found it very easy to run all types of scans — even setting up a custom scan only took a few seconds. The devices we used to test Aura also didn’t experience significant slowdowns while we ran the scans (including the full scans). We were able to browse the web, watch online videos, install apps, and play games without our devices freezing, lagging, or experiencing crashes.
Checking out our antivirus scan history on Aura’s mobile app.
The only thing we don’t like is that Aura doesn’t let you schedule scans, which is something most top antiviruses offer. For example, TotalAV lets you schedule scans every day, week, two weeks, or month — it also lets you pick the day and time when the scan takes place.
While Aura has all the essential features we’d expect from a good antivirus, it is missing some extra tools that most top antiviruses have.
For example, it doesn’t have a system clean-up feature, like you get with TotalAV. This is a tool that scans your device for junk files and removes them, improving device performance. TotalAV’s feature even optimizes startup programs to make your operating system run smoother.
Aura’s antivirus is also missing a firewall, which you get with Norton 360. This is a security tool that helps secure your device against suspicious network traffic that could compromise your device.
Aura also lacks webcam protection, which Surfshark Antivirus offers. This tool prevents apps from accessing your webcam without your permission, preventing malicious apps and actors from spying on you through it.
To reduce the number of harmful apps targeting Android users, Google has announced that certified Android devices will require all apps to be registered by verified developers in order to be installed.
But this new measure is not just about malware that’s found on the Google Play Store, it’s mainly about sideloaded apps (apps downloaded from outside the official Google Play Store).
Since August 31, 2023, apps on the Play Store already were subject to a D-U-N-S (Data Universal Numbering System) number requirement. Google says this has helped reduce the number of cybercriminals exploiting anonymity to distribute malware, commit financial fraud, and steal sensitive data.
To broaden this success, Google intends to start sending out invitations gradually starting October 2025, before opening it up to all developers in March 2026. In September 2026, the requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer. The requirements will then be rolled out globally.
This initiative, branded as ‘Developer verification,’ aims to combat the widespread problem of malware from sideloaded apps. Google says its research shows that 50 times more malware comes from sideloaded sources than from Google Play itself.
So, the new rules extend to everyone distributing Android apps, including those hosting them on third-party app stores or offering APK downloads directly. For developers who distribute their apps solely through the Google Play Store there will not be much of a change.
Yet, while legitimate developers will tell you how hard it is to get their apps accepted into the Google Play Store, cybercriminals manage to sneak in their malicious apps anyway.
For a full understanding of the new requirement, we’ll need to explain what “certified Android devices” are.
A definition for a certified Android device is: an Android product—such as a smartphone, tablet, smart TV, or streaming box—that has passed a rigorous series of Google security, compatibility, and performance tests, and is officially approved by Google. Certified devices run an official version of Android and have access to Google apps and the Play Store. Uncertified devices often lack these and may not receive updates or proper security support.
This is important to know because not all Android malware is limited to phones. Take for example, the BadBox botnet which also affects devices like TV streaming boxes, tablets, and smart TVs.
In practice, a certified device encompasses all mainstream devices from Samsung, Xiaomi, Motorola, OnePlus, Oppo, Vivo, and the Google Pixel line.
Reportedly, non-certified devices are those from Huawei, Amazon Fire tablets, and a set of Chinese TV boxes and smartphones that use heavily modified OS images.
Google encourages all developers to sign up for early access as the best way to prepare and stay informed.
“Early participants will also get:
An invitation to an exclusive community discussion forum.
Priority support for these new requirements.
The chance to provide feedback and help us shape the experience.”
Whether these controls will be effective largely depends on enforcement and public awareness, but Google feels it marks real progress toward a safer mobile ecosystem. Let us know how you feel about this in the comments.
We don’t just report on phone security—we provide it
Some particularly insidious malware is disguised as free antivirus software. You download something to protect your computer, and instead, you infect it, leading to stolen data or a locked device.
You can avoid this malware by sticking with trusted antivirus companies. Choose a company from a vetted list like this one, read the third-party tests we link to and make sure the URL you’re downloading from is authentic.
Features
Antivirus software typically offers two layers of protection:
Scans that search your computer and remove malware. Some programs let you schedule these yourself, while others run them automatically when your computer is idle. You should also be able to manually run a scan at any time.
Real-time protection that identifies and blocks malware from being downloaded onto your computer.
Antivirus tools may also block malicious websites and protect you from threats like phishing, but these features are typically only included with premium programs. Similarly, antivirus tools may only provide limited scan scheduling.
Free vs. paid antivirus software
Most free antivirus software programs are created by companies that also produce paid antivirus tools. They typically use the same antivirus engines as the paid versions, so you’ll get the same level of scanning and malware protection you’d get if you bought premium antivirus from the company. However, this protection is often only available for one device per person, whereas paid antivirus tools offer packages for five, 10 or even unlimited devices.
Moreover, paid antivirus software usually comes with additional benefits, such as advanced ransomware and phishing protection. Many companies also offer full security suites that include things like VPNs and password managers alongside the antivirus tools. Check out our list of the best antivirus programs to learn more about these security suites.
System resource use
An antivirus tool’s real-time protection shouldn’t interfere with regular use of your computer. Deep scans will often slow things down by consuming RAM or CPU resources, but they shouldn’t make your computer totally unusable.
Issues with Avast
For years, Avast Antivirus for Windows was the gold standard of antivirus, with consistently high rankings on AV-Test. We’ve included its antivirus in our list of recommended security app options before.
However, early in 2024, the Federal Trade Commission fined Avast $16.5 million to settle charges that from 2014 to 2020 the company had sold customer browsing information to more than 100 third parties. The FTC said that Avast allegedly collected the data through browser extensions and antivirus software and sold the data through its Jumpshot subsidiary.
Then-Avast CEO Ondřej Vlček responded to the initial 2020 reports with a statement that he understood that his company’s actions raised questions of trust in his company. To address these concerns, Avast terminated Jumpshot data collection in January 2020 and closed its operations.
We hope there will be no further Jumpshot-style activities and that Avast returns to glory as one of the best antivirus software options. Until then, we recommend using one of the other free options on this list.
Issues with Kaspersky
Kaspersky has historically been another top antivirus provider, earning high marks and awards for virus and malware protection from independent labs. However, in June 2024, the US government announced a federal ban prohibiting Kaspersky from selling antivirus or cybersecurity software or services in the US or to US citizens due to alleged ties between Kaspersky and the Russian government.
“Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive US information, and we will continue to use every tool at our disposal to safeguard US national security and the American people,” Secretary of Commerce Gina Raimondo said in the official announcement of the ban.
In a statement, Kaspersky said it “does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies.”
Google releases urgent security update for Android, fixing two actively exploited zero-day vulnerabilities. The threat landscape has dramatically worsened in 2025, with malware soaring by 151 percent.
Google has released a critical security update for Android devices, patching 120 security flaws—including two zero-day exploits that were already being actively exploited. The September 2025 Security Bulletin warns of targeted attacks that can execute malicious code without any user interaction. All Android users should update immediately.
The patch comes at a critical time: 2025 is recording a dramatic increase in sophisticated malware on Android devices. Kaspersky reports a quadrupling of banking Trojans, while Android malware overall has increased by 151 percent.
Advertisement: Speaking of Android security: Would you like to secure your smartphone significantly better in just a few minutes? A free guide shows the 5 most important protective measures—step by step, without expensive additional apps, with clear checklists for updates, permissions, and vetted apps. Reliably protect WhatsApp, online banking, and shopping from data thieves. Get the free Android Security Package now.
Actively Exploited Zero-Days Threaten Millions of Users
The vulnerabilities CVE-2025-38352 and CVE-2025-48543 are particularly explosive, as they are already being used in targeted espionage campaigns. These zero-day exploits allow attackers to gain elevated system privileges and completely take over devices.
CVE-2025-38352 affects the Android framework and can give malicious apps deep device access.
The second flaw (CVE-2025-48543) weakens the Android runtime environment. Google’s Threat Analysis Group discovered the kernel vulnerability and suspects its use in professional spyware attacks against journalists and government officials.
In parallel, Samsung is closing a separate zero-day flaw (CVE-2025-21043) that is also actively exploited. Security experts warn that attackers often combine such vulnerabilities—one grants access, the other escalates privileges for permanent surveillance.
Alarming Threat Landscape: 600 Percent More SMS Attacks
The current zero-days are just the tip of the iceberg. SMS-based phishing attacks exploded by over 600 percent in 2025. These “Smishing” attacks use clever social engineering tricks to lure users into installing disguised malicious apps.
Particularly insidious: Cybercriminals are increasingly managing to infiltrate the official Google Play Store. Nevertheless, the main risk remains with apps from unofficial sources—these are 50 times more likely to be infected with malware. The Zimperium Threat Report 2025 identifies side-loaded apps and SMS attacks as the primary dangers.
Advertisement: 600 percent more SMS phishing in 2025? Here’s how not to fall into the Smishing trap. The free guide explains which settings you should activate immediately, how to check links, keep permissions under control, and avoid risky side-loads—ideal for beginners. Download the free guide: 5 Protective Measures for Your Android.
System Protection Is Not Enough: These Antivirus Apps Help
Google Play Protect alone is no longer sufficient against the new threats. Security experts recommend additional protection through specialized Android antivirus solutions. Top-rated security suites in 2025 are Bitdefender Mobile Security, Norton Mobile Security, and Avast Mobile Security.
These applications offer real-time malware scanning, web protection against phishing, and anomaly detection for suspicious app activity. Additionally, users should follow basic security rules: only install apps from the Play Store, critically check permissions, and activate strong authentication.
Google’s Counter-Attack: Tougher Rules for Developers
Google is reacting to the threat landscape with tightened ecosystem rules. Starting in 2026, all Android app developers—even those outside the Play Store—must be verified. This measure is intended to make anonymous malware distribution more difficult.
Stricter Play Store guidelines have been in effect since August 2025: New apps must use the latest Android API levels to ensure modern security features. These systematic changes demonstrate Google’s strategy to establish security as a non-negotiable core element.
However, the continuous discovery of actively exploited zero-days underscores one thing: The fight for Android security is an unrelenting arms race. Users must remain vigilant and install updates immediately—the next few months will show whether Google’s tougher measures can stop the attackers.
Normally, when it comes to Android malware, when new strains are discovered, they often build upon a previous one. However, that’s not the case with a new Android banking trojan currently making the rounds online. Instead, it appears to be written from scratch with no code similarities to existing malware families.
As reported by The Hacker News, this new banking trojan has been dubbed RatOn by security researchers at Threat Fabric who discovered it while investigating another malware strain that uses near-field communication or NFC in its attacks to steal contactless payment info from unsuspecting Android users. The most surprising part of this new sample was the fact that it wasn’t just in a single malicious app but instead was part of a campaign involving multiple ones.
After analyzing this new campaign further, Threat Fabric found that RatOn is a fully functional banking trojan with several unique capabilities. In addition to being able to take over one of the best Android phones and the accounts on it, the banking trojan can also perform automated money transfers as well as use custom overlay attacks to trick victims into thinking their device is infected with ransomware.
Here’s everything you need to know about this new malware strain, along with some tips and tricks to keep your Android phone safe from banking trojans that can completely drain your financial accounts.
From overlays to automated money transfers
(Image credit: Shutterstock)
In order to trick potential victims into installing their malicious apps, the hackers behind this campaign registered several domains with adult themes, which they then used as a lure. Specifically, these fake sites contained “TikTok18+” in their names. However, Threat Fabric’s security researchers couldn’t find out how the hackers got their victims to go to these sites. In the past, I’ve seen hackers use phishing emails, random messages on social media and even fake ads to get people to click on links to their malicious sites.
If someone is foolish enough to sideload an adults-only version of TikTok onto their Android phone, what ends up getting installed is actually a malware dropper or third-party software installer. By tricking users into granting it the permission to install apps from unknown sources, the malware dropper is able to bypass Android’s built-in security protections. This is used to download and install the first payload, after which, the second payload and two more permissions are requested that are essential for hackers looking to commit on-device fraud: access to Accessibility services and Device Admin privilege.
Like other banking trojans, RatOn abuses Android’s Accessibility services to launch overlay attacks on an infected device. For those unfamiliar, these attacks involve hackers putting an overlay on top of popular banking and finance apps that is almost identical to a legitimate login screen. This way, the hackers can harvest a victim’s banking credentials to gain access to their accounts without their knowledge, as they just thought they were logging into one of their banking, finance or crypto wallet apps.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Another interesting thing cybercriminals deploying the RatOn malware can do is to use an overlay to make victims think their phone has been locked by hackers. Of course, to unlock it, they need to send over a large amount of money, just like with a ransomware attack. However, while their phone isn’t actually infected with ransomware, it is compromised by the RatOn banking trojan.
RatOn also requests access to read/write contacts and manage system settings to carry out its malicious activity. From there, a third payload is downloaded, which is actually the NFSkate malware Threat Fabric was initially looking into. By using a technique known as Ghost Tap, NFSkate can carry out NFC relay attacks and steal contactless payment info. However, with that malware strain, these attacks needed to be carried out in person within physical range of a targeted Android phone.
Now, with RatOn, this new malware can perform automated money transfers (ATS) by abusing Android’s Accessibility services. This means that hackers deploying this malware in their attacks can drain your financial accounts from anywhere in the world, as they don’t need to be in the same room with you.
How to stay safe from banking trojans
(Image credit: Google)
The good news here is that at the moment, RatOn is only being used to target Android users in the Czech Republic. However, like with any Android malware strain, that geographic location could just be a testing ground to make sure it works before the malware’s creators begin targeting Android phones in other countries like the U.S. or the U.K.
I’ll be keeping a close eye on RatOn and how this new Android malware strain develops, but in the meantime, here are a few tips and tricks to help keep your phone (and your bank account) safe from dangerous trojans.
For starters, you never want to sideload Android apps unless you absolutely have to. Instead, you want to download all of your new apps from official app stores like the Google Play Store and the Samsung Galaxy Store. Google will soon prevent users from sideloading altogether with the next version of Android, but for now, you should avoid doing so even if it seems like a convenient way to put new apps on your phone.
When it comes to new apps, you want to be very careful when installing them, as even good apps can go bad. This is why I highly recommend limiting the number of apps on your phone overall and then, if you find you haven’t used a particular app for quite some time, it’s best to just delete it.
To stay safe from malicious apps, you want to make sure that Google Play Protect is enabled on your phone. This free, built-in security software scans all of your existing apps, along with any new ones you download, for malware or other signs of malicious activity. For extra protection, you may also want to run one of the best Android antivirus apps alongside it.
Hackers aren’t slowing down anytime soon, and there are constantly new malware strains and banking trojans like RatOn you need to look out for. However, if you practice good cyber hygiene, avoid clicking on links from unknown senders and don’t sideload apps you’ve found on less-than-reputable sites, you should be safe.
Follow Tom’s Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
September 12, 2025: With this update, our lineup of recommended Antispyware software remains unchanged. The existing picks have been vetted for currency and availability.
Award-winning antivirus
Protects Windows, macOS, Android, and iOS devices
Online management and remote control
VPN, spam filter, and parental control
Vast number of additional bonus features
Full VPN access requires a separate subscription
Parental content filter not fully effective
Support for iOS is limited
Bitdefender Total Security is our Editors’ Choice pick for security mega-suite, in no small part due to its amazing breadth of features. Of course, it includes all the expected suite mainstays: award-winning antivirus protection, unobtrusive firewall, parental control, spam filtering, and so on. But it also boasts an extensive collection of spyware-fighting features.
Like IronVest, it actively puts an end to tracking systems that profile your online activity by embedding ads and other trackers in the web pages you visit. Its SafePay hardened browser isolates your financial transactions from interference using a separate desktop inaccessible to other processes. If an unauthorized program tries to peek through the webcam, Bitdefender offers to block it. Its file shredder lets you rub out all traces of sensitive files, foiling even spies with forensic recovery software. Don’t forget the privacy protection from its VPN (though you’ll have to pay extra for unlimited VPN features).
Sure, spyware is a worry, but maybe you’ve got enough worries already. Rather than taking the time to figure out separate spyware protection tools, you may prefer to pick an award-winning security suite with spyware protection baked in. That’s Bitdefender Total Security.
Protects and automates SMS passcode authentication
Manages passwords
Blocks tracking of your browsing activities
Local-only password storage can be lost if you don’t back up
Some minor rough edges
If you suspect spies are waiting outside your home to tail you, you might choose to go out in disguise. IronVest brings that concept to the modern world. When using it, you can shop online without revealing your email address, credit card, or phone number. The only thing you can’t mask is the address you use to receive your purchases.
As you surf the web, ads and other trackers on the pages you visit spy on your activities and conspire to build a profile they can sell. IronVest integrates with your browser to actively block those trackers. Its browser toolbar button displays the number of tracking spies on the current site and lets you fine-tune its blocking behavior.
Surfing the web is fun, and shopping online is convenient, but the idea that someone might be spying on your activities may sour you on the experience. Use IronVest to foil webpage spies and do your shopping without revealing your identity.
By itself, Norton 360 Deluxe is a PCMag Editors’ Choice pick for a cross-platform, multi-device security suite with a ton of features, including some aimed at fighting spyware. The addition of LifeLock makes it a powerful tool for detecting attempts to spy on your personal activities and steal your data. If someone gets access to your bank account, requests an illicit change of address, or misuses your SSN, Norton with LifeLock warns about it so you can quickly take action. And if the spies and hackers manage to steal your identity, your subscription entitles you to all the help it takes to put things right.
But Norton’s skills don’t stop there. A full-powered VPN protects your online communications against interference and spying. It includes a degree of data broker opt-out management offered by Privacy Bee and Optery. Sneaky peekers won’t get access to your webcam because Norton will warn you. It even puts your browser in isolation mode when you’re banking to prevent data theft.
You want it all, and you want it now. An award-winning security suite, comprehensive identity monitoring, expert help to recover if identity thieves strike, and an array of spyware-specific security components—that’s Norton for you.
Foils websites that track you using fingerprinting
Actively detects tracking attempts
Can clear cookies and other browser traces
Configures Windows for better privacy
Tracker blocking visible only in Chrome
No transparency regarding Windows privacy settings
Each time you visit a website, there’s a good chance you’ll trigger an ad or other tracker embedded in the site. Trackers on sites across the internet work together to build a profile. What kind of sites do you like? What do you buy? Where do you comment? They then sell these profiles to others, legitimate or shady. If you’d rather not be spied on by these trackers, check out Avast AntiTrack.
Old-fashioned trackers rely on browser cookies to link your various activities, and old-fashioned tracker blockers easily subvert this process. Persistent trackers invented a new technology called browser fingerprinting, which identifies you using a collection of data that any site can gather by querying your browser. Avast AntiTrack defeats fingerprinters by subtly varying the information your browser sends so you don’t have a consistent fingerprint. Of course, it also smacks down the old-fashioned trackers.
Whose business is it what you do on the internet? Nobody but yourself, right? With Avast AntiTrack, you can keep nosy spies out of your online activity.
No longer offers mobile management or keylogger protection
Advanced features require uncommon tech expertise
You probably have an idea or two to protect your own privacy from prying spies, but what will you do when your friends and family ask for help? Will they even be able to understand and follow your advice? With a Sophos Home Premium subscription, you can remotely manage up to 10 security software installations, including various spyware-specific components. If your low-tech best buddy screws something up, you can reach out and fix it without getting up from your chair. Tweak the configuration, check security status, run a scan—it’s all handled remotely.
Safe Browsing will sound the alarm any time a spyware app tries to break into your online financial transactions. If someone surreptitiously installs a keylogger on your system in hopes of capturing passwords, secrets, and anything else you type, the Keylogger Protection component ensures that they get gibberish instead. Sophos also warns you anytime a program accesses the webcam, though it doesn’t give you the option to allow or deny access the way several others do.
Everyone in your circle turns to you for tech help—you’re the tech hero! With Sophos Home Premium, you can keep them all safe from malware, spyware, ransomware, and other badware, all from the comfort of your tech lair.
Includes Pro editions of all current and future Avira tools
Protection for Windows, macOS, Android, and iOS devices
No-limits VPN
Cross-platform high scores from antivirus testing labs
Lacks many expected suite features
Dark Web Monitoring is available only in Germany
With most modern security suites, you automatically receive all updates during your subscription. Avira Prime goes a step further. This suite incorporates the premium version of every Avira product, even those that have yet to be released. And yes, quite a few of these components protect various forms of spying and spyware.
First, you get full, unfettered access to Avira’s VPN, not the limited version supplied with lesser Avira products. When your communications go through the VPN, nobody can spy on them, not even if the network itself is compromised. Speaking of the network, Avira’s Network Scanner lists all devices using your network, though it doesn’t check them for security problems or let you deny access to interlopers.
Other spy-fighting features include an active Do Not Track system to prevent ads and other trackers from profiling you; a secure deletion shredder that ensures a spy with forensic recovery software can’t retrieve files you meant to erase forever; and a device control system that can prevent data exfiltration via removable devices.
How would you feel if your security suite provider released a new type of security software but kept it separate from the suite? Avira Prime keeps you up with all the latest additions, including every Avira product, both existing and future.
Removes your data from hundreds of data broker sites
Risk assessment features are available for free
Reports data breach exposures
Active Do Not Track browser extension
Manages trust relationships with thousands of companies
Handles industry opt-outs such as junk mail
Email search function gives Privacy Bee full access to your email
Spy thriller novels would have you believe that intelligence agents are bold, dashing types who infiltrate enemy assets and exfiltrate intel. But in truth, plenty of agents work behind the scenes, sifting valuable data from public sources. They even have a name for it: OSINT, short for open-source intelligence. In the same way, data brokers don’t steal your personal info; they obtain it from legitimate sources and use it to build profiles that they can sell. If you ask them to remove your profile, the law says they must comply, but figuring out who to ask and how is tough. That’s where Privacy Bee comes in.
Privacy Bee checks a huge (and growing) list of data brokers and flags those holding your information. It then acts as your agent to get your data removed. If you’re willing to do the grunt work yourself, manually opting out of the brokers it finds, you don’t even have to pay for the service. Online spies can still steal your private data, but at least they won’t just receive your personal profile on a platter.
Some things about you and your activities are public information, whether you like it or not. A determined researcher can find out about you with some effort. Or a dedicated identity thief can buy your profile from a data broker. If you find that image maddening, Privacy Bee can help.
Your subscription has been confirmed. Keep an eye on your inbox!
The Best Antispyware Software for 2025 Compare Specs
Buying Guide: The Best Antispyware Software for 2025
What Is Spyware and How Does It Work?
Just what is spyware? The term covers a wide variety of sinister software—programs that can capture your passwords as you type, or spy on you through a webcam, or collect your personal data and send it to hacker HQ.
As the name implies, a keylogger keeps a log of all the keys you type, from personal messages to username and password combinations. If you have a keylogger running on your system, chances are good that some crooked individual planted it specifically to spy on you. The keylogger can even be a physical device installed between the keyboard and the PC.
We call them keyloggers, but these nasty programs log a ton of information in addition to keystrokes. Most capture screenshots, save the clipboard’s contents, note each program you run, and log every website you visit. The perp can use these various threads of information to, for example, match up a username and password you typed with the website you were visiting at the time. That’s a potent combination.
(Credit: PCMag)
As noted, a first-class malware protection utility should wipe out keyloggers, along with all other types of malware. However, some add another layer of protection, just in case a keylogger slips past. When this sort of protection is active, the keylogger typically receives random characters, or nothing at all, in place of your typing, and attempts at screen capture come up blank. Note, though, that other logging activities may not be blocked.
Of course, keylogger protection in software can’t prevent a hardware keylogger from capturing keystrokes. But what if you don’t even touch the keyboard? A virtual keyboard on the screen lets you enter your most sensitive data by clicking with the mouse. Some products go to extremes, scrambling the key locations or creating a flock of decoy cursors to foil screen-capture attacks. Virtual keyboards are often found in password manager tools, so you can enter the master password without fear of having it captured.
(Credit: Kaspersky/PCMag)
How Do Trojans Steal Your Data?
The historic Trojan horse looked innocuous enough to the soldiers of Troy that they brought it inside the city walls. Bad idea: Greek soldiers exited the horse in the night and conquered the Trojans. The malware type aptly named Trojan horse works in much the same way. It looks like a game, a utility, or a useful program of some kind, and it may even perform its promised function. But it also contains malicious code.
So, now that you’ve brought it inside your city walls, what can the Trojan horse do? The possibilities are vast, but I’ll focus on the ones designed to steal your personal data. They silently sift through your files and documents, seeking information to send back to malware HQ. Credit card details, social security numbers, passwords—the malware coder can monetize these and other kinds of personal information.
One way to foil this type of attack is to use encryption software to protect your most important files. Encryption is built into G Data Total Security and a few other security suites. Note, though, that it’s tough to find and encrypt every shred of personal data. It’s a good thing your antivirus usually whacks these nasties before they launch.
A variation on this theme is called a man-in-the-middle attack. All your internet traffic gets redirected through a malware component that captures and forwards your personal information. Some banking Trojans take this a step beyond, actually modifying the traffic they handle. For example, the Trojan might transfer $10,000 out of your account but strip that data from the activity log that you see.
You can prevent man-in-the-middle and other types of browser-based spying by using a hardened browser. Implementations vary from suite to suite. Some wrap your existing browser in added protective layers. Some offer a separate high-security browser. Some move your browsing to a secure desktop, entirely separate from the regular desktop. The smart ones automatically offer their secure browser when they see you’re about to visit a financial site.
(Credit: Bitdefender/PCMag)
Routing your traffic through a virtual private network (VPN) is another way to foil many kinds of browser-level spying. You can definitely use a VPN, along with your malware protection, for a suspenders-and-belt approach! More and more security suites are including a VPN component, though some charge extra for full functionality.
What if the worst happens, and an evildoer uses your personal information to steal your identity? Norton 360 With LifeLock detects identity theft attempts early and helps you recover from the effects of such an attack. It’s our Editors’ Choice among security suites that include identity theft protection.
How Do Advertisers Track Your Browsing Habits?
Have you noticed that when you look at a product on a shopping site, you see ads for it on other sites? Online advertisers really want to present ads that you might click on. To that end, they use various techniques to pin down your browsing habits. They don’t necessarily know your name or email address, but they do know “that guy who keeps shopping for Nevermore Academy action figures.”
Creepy, right? The good news is you can set your browser to tell every site you visit that you don’t want them tracking you. The bad news is that they can (and do) ignore that request.
(Credit: Avira/PCMag)
The ad networks that perform this kind of tracking are necessarily large. It’s not too hard to compile a list of them and actively block their tracking, or at least give the user the option to do so. This active Do Not Track functionality is sometimes paired with general-purpose ad blocking. Note, too, that using a secure browser or a VPN can help to throw off the trackers.
The most advanced trackers create a fingerprint by quizzing your browser about all kinds of details, fiddly stuff like what extensions are installed and even what fonts are available. The usual active Do Not Track implementations can’t help you against these. If you really, really hate the idea of having your online behavior tracked, consider giving Avast AntiTrack a try. This tool keeps tweaking the data that goes into your browser fingerprint so the trackers lose track of you.
Of course, sometimes you can’t avoid giving out your personal details, like giving your email address and credit card to a shopping site. The retailer may not be spying on you, but others can get hold of that data. Using a temporary email address tool like IronVest, you can shop online without giving out your actual email address or credit card. IronVest includes active Do Not Track, password management, and more.
What About Spyware That Uses Public Data?
Real-world espionage experts don’t spend all their time hiding behind potted plants or focusing binoculars on their targets. They can often gather an impressive dossier just by collating publicly available information. Spies call this OSINT, which stands for open-source intelligence. The same is true of data brokers and data aggregators. These snoops can assemble a thorough profile of you, your neighbor, your spouse or roommate, and just about anyone from public information.
These businesses have to obey the law, including the laws about removing your personal information from their files if you ask them. But how do you know to opt out when you don’t even know they have your profile?
(Credit: Optery/PCMag)
A growing army of privacy services has arisen to help. These services search dozens or even hundreds of data broker sites to find your information and then automate the process of opting you out. Optery and Privacy Bee are our current favorites in this realm. Privacy Bee handles over 900 brokers, more than any competitor. Optery verifies that your data has been removed and shows before and after screenshots as evidence. Both will search out your data for free if you’re willing to make the opt-out requests yourself.
What’s the Best Antispyware for Webcams?
That webcam on your laptop or all-in-one computer makes video conferencing super easy. You can tell when it’s active because of the little light next to it. Right? Well, no. There are varieties of malware that can turn on the webcam and peek at you without causing the light to reveal their activities.
Meta’s Mark Zuckerberg famously tapes over his webcam for privacy. If using tape seems déclassé, you can get a sliding webcam cover for just a few bucks. But with the right security software, you don’t need to cover the camera physically.
Products from Sophos and Norton include a component that monitors any program that tries to activate the webcam. Authorized programs, like your video conferencing tool, get easy access. But if an unknown program tries to peek through the camera, you get a warning and a chance to give the spyware a black eye.
Recommended by Our Editors
Do My Smart Devices Need Antispyware Software?
Your home network supports a collection of very visible computers and mobile devices. Behind the scenes, though, it also supports an even bigger collection of Internet of Things (IoT) devices. Connected espresso makers, washing machines, light bulbs—everything’s on the network these days. Toys, too. It’s cool that your child’s new doll can learn her name and converse realistically. It’s not so cool when it turns out that the doll is spying on you.
There are occasional instances, like the connected doll, where IoT devices deliberately collect data about you. But the lack of security in most connected devices is even more worrisome. Spending extra bucks to secure a smart light bulb makes no financial sense in some manufacturers’ eyes. The competitor who skips security can get to market faster and at a lower price. Ultimately, you may pay the cost for their negligence.
Any unsecured IoT device can potentially offer spies a view into your house and your habits. Ironically, hacked security cameras provide a lovely view for hackers. Even something as simple as a thermostat that adjusts the temperature when you’re home can reveal that you’ve gone on vacation.
You can’t go around installing antivirus software on each connected doorbell, refrigerator, and bathroom scale. The only way to truly secure these devices is to install a network security device like Firewalla. Without adding hardware, you can at least track what lives on your home network.
(Credit: Bitdefender)
Some security products now include variations on the theme of a network scanner. Features include verifying your network security settings, cataloging all devices on the network, and flagging devices that may be vulnerable to attack. If your antivirus or security suite includes this feature, take advantage of it and learn as much as possible.
How Does Antispyware Software Work?
The spyware protection features I’ve mentioned are important, but they’re not the only tools available. I mentioned encrypting your sensitive files. For maximum security, you must also use secure deletion to erase the originals beyond the possibility of forensic recovery. And yes, many antivirus and security suite products offer secure deletion.
If spyware does get a foothold on your PC, it can’t hoover up data that isn’t there. Many security products can clear traces of your browsing activity, general computer activity, or both. As a bonus, eliminating unnecessary files can free up disk space and may boost performance.
It’s unlikely that a spy would get physical access to your computer and copy sensitive documents to a USB drive—that happens only in movies. But if you have the slightest worry about that possibility, consider choosing a security suite that lets you ban the use of any USB drive that you haven’t previously authorized. G Data Total Security, ESET Home Security Premium, and Avira Prime are among the products that offer this kind of device control.
As I noted earlier, this article focuses on products that employ techniques aimed at different spyware types. It’s not about the best general-purpose security software. Ultimately, the most powerful tool you can apply to keep yourself safe from spyware is a top-of-the-line antivirus or security suite. These products handle all kinds of malware, including threats much tougher than mere spyware.
Your McAfee Total Protection subscription also gets you premium access to the True Key password manager. In fact, you get five licenses for True Key, so five individuals in your household can each have their own personal password manager. And each of those users can install True Key on all their Windows, macOS, Android, and iOS devices simply by installing from the app store and then activating with the code you give them.
Create Your Account
You’ll find a Password Manager menu item in the My Protection menu’s Privacy section. But that doesn’t mean this component lives within the suite. When you click that panel, it sends you to the web to initialize and configure True Key.
As part of the setup process, you create a master password of at least eight characters. True Key rates your password as you type, but it’s very lax. It rated “passwor” as Weak and “password” as Very Weak, but said “pass word” with a space was Acceptable. Yes, as you’ll see below, you can configure True Key so it doesn’t even require a master password for authentication, but you should still protect your credentials using a strong master password, something that you can remember but that nobody would guess.
Get Our Best Stories!
All the Latest Tech, Tested by Our Experts
Sign up for the Lab Report to receive PCMag’s latest product reviews, buying advice, and insights.
Sign up for the Lab Report to receive PCMag’s latest product reviews, buying advice, and insights.
Your subscription has been confirmed. Keep an eye on your inbox!
Simple Tricks to Remember Insanely Secure Passwords
On Windows or macOS, True Key installs as a browser extension for Chrome, Edge, Firefox, or Safari. Just like the PassWatch component in UltraAV, there’s no separate True Key app on these desktop platforms.
True Key installs as an app on iOS, with its own internal browser. It can fill passwords in other browsers if you enable it as an AutoFill provider. On Android, True Key also installs as an app with an internal browser. It directly supports Chrome, Opera, and several other Android browsers. Once you enable True Key’s Instant Log In, it can also log in to most Android apps.
(Credit: McAfee/PCMag)
True Key works hard to ease you into password management. It starts by displaying a list of over two dozen popular websites and encouraging you to add one as a login. When you click an item, it opens that page in the browser, explaining that all you need to do is log in as usual. It also walks you through the process of clicking a saved item to automatically revisit the site and log in.
(Credit: McAfee/PCMag)
You can speed up the setup process by importing data from another password manager, but the choices are very limited. The import process supports LastPass, Dashlane, and True Key itself, as well as importing from Chrome or Edge. An option titled Other Browsers directs you to export existing passwords to a CSV file and import them into True Key. Typically, the way to make this work is to export a CSV file and duplicate its format. In this case, I simply couldn’t achieve a successful import, not even when exporting existing entries and importing them right back in.
Basic Password Management
True Key does all the basic password management tasks you’d expect. When you log in to a website, it slides in a banner offering to save your credentials. If you revisit a site whose credentials True Key already holds, it fills them in automatically. When more than one set of credentials is available, it pops up a menu so you can choose.
(Credit: McAfee/PCMag)
If True Key notices that you’re creating a new account, it offers to generate a secure password. You can also invoke the password generator at any time by clicking its button above the list of accounts.
By default, True Key creates 16-character passwords using small letters, capital letters, numbers, and special characters. You can set the length to any even number from 8 to 30. Since you don’t have to remember these passwords, consider making them 20 characters or even longer.
(Credit: McAfee/PCMag)
In testing, True Key captured all the logins I tried, including two-step ones like Google and Yahoo. Once I got a few dozen passwords in place, I found the main list a bit unwieldy. By default, it’s sorted alphabetically, though you can sort by most used or recently used. If you save a lot of logins, you’ll find the search box handy.
There aren’t a lot of settings to worry about, but there’s one every user should update. True Key logs you out after a period of inactivity, but unlike most competitors, the default for this period is a full week! We strongly recommend setting it to no more than 30 minutes. This is a per-device setting, not global to your account, which makes sense—you might want a different timeout on your smartphone than on your PC.
Secure Notes and Personal Wallet Data
You can save any number of free-form color-coded secure notes and access them from any device. This can be handy for things like locker combinations and other real-world secrets.
Clicking Wallet lets you add personal data in six categories: Address Book, Credit Card, Driver’s License, Memberships, Passport, and Social Security Number. You can color-code these entries if that helps you keep them organized. Note that when you store a credit card in Dashlane, you not only get to pick the color to match the physical card, but you can also apply the bank’s branding.
(Credit: McAfee/PCMag)
Most password managers that store personal data use it to help you fill out web forms. RoboForm rules this group—it started life as a form-filling tool and evolved into password management. True Key doesn’t offer form-filling aid, although you can copy data and paste it into those forms. As with secure notes, the personal items you enter become available on all your devices.
Multi-Factor Authentication
True Key’s biggest strength lies in its ability to use multiple factors for authentication. Right from the start, it requires both the master password and a trusted device. Any attempt to log in from a device that’s not yet trusted requires additional authentication. In testing, it used various techniques, including verification email and swiping a notification on an existing trusted device.
What Is Two-Factor Authentication?
You can add other factors in settings. Your trusted email account is automatically available for verification, and your master password is active by default. You can also require authentication using a second device, typically a mobile device. The second device receives a request for authentication, and you simply respond by swiping. If your PC supports Windows Hello, you can use it as an authentication factor.
(Credit: McAfee/PCMag)
In the distant past, True Key used to support biometric authentication factors, but not anymore. In addition, contrary to its seeming emphasis on multiple factors, it doesn’t work with common choices like registering an authenticator app or receiving codes through SMS. Nor does it support authentication using a hardware security key.
Password Recovery Options
True Key initially requires a master password, but you can choose to rely on a combination of other factors instead. Even if you do, the master password remains available as a fallback.
Password managers that rely on a master password usually offer a warning that if you forget that password, they can’t help you. (That also means they can’t be compelled to unlock your account for the NSA, which is a plus.) McAfee can’t unlock your account or tell you the master password you forgot, but if you’ve defined other factors, True Key lets you authenticate with those and thereby reset the master.
You’re not likely to lose a desktop computer, but it’s awfully easy to misplace a laptop or mobile device. If someone else gets hold of your device, you can remotely remove it from the trusted list.
Just the Password Management Basics
True Key is easy to set up and easy to use, and it comes with your Total Protection subscription, but it lacks advanced features. There’s no audit for weak passwords like you get with Dashlane, Keeper Password Manager, and others. The best password managers, NordPass and Proton Pass among them, provide secure sharing, along with a digital legacy to give your heirs access. True Key lacks even the simple ability to fill web forms. You may be better off choosing from the best free password managers instead.
September 12, 2025: With this update, we added Malwarebytes Ultimate, and based on updated independent lab tests, Avast One Platinum is now our security suite with the best lab scores. Our remaining picks have been vetted for currency and availability. Since our last update, we reviewed and evaluated two new security suites for potential inclusion in this roundup. We currently have one more security suite from McAfee in PC Labs for evaluation.
Award-winning antivirus
Protects Windows, macOS, Android, and iOS devices
Online management and remote control
VPN, spam filter, and parental control
Vast number of additional bonus features
Full VPN access requires a separate subscription
Parental content filter not fully effective
Support for iOS is limited
You almost certainly have security protection for your PCs, but have you protected your other devices? Bitdefender Total Security pours all the excellent features of Bitdefender Antivirus Plus into your Windows boxes and goes on to offer protection for your macOS, Android, and iOS devices. It also kicks its Windows game up a notch with password management, system optimization, an unusual anti-theft component, and more.
You can manage your installations (or launch new ones) from the handy Bitdefender Central online console. When installing protection on a Mac, you get Bitdefender Antivirus for Mac, an Editors’ Choice in its own realm, and the same limited VPN you see in Windows. Installed on Android, Total Protection brings a comprehensive collection of security features. It’s an impressive Android app. As with all cross-platform suites, Bitdefender’s iOS protection is relatively limited.
Bitdefender Total Security thoroughly protects your Windows devices, with all expected suite features and more. But Windows boxes are only part of the picture. Total Security also offers award-winning protection for your Macs, a comprehensive suite for your Android devices, and even a modicum of security for iOS. If you need to secure and manage a household full of disparate devices, this one’s for you.
Children’s identity features limited in Family Plan
You’ve installed security on your PC, your Mac, and your mobile devices. But what about your partner’s devices and all those electronic devices that so enrapture your children? You could be looking at quite an expense to get them all protected. Unless that is, you turn to McAfee+. This generous suite lets you protect every device in your household, whether it runs Windows, macOS, Android, or iOS. It even supports Chromebooks and ARM-based laptops. That protection includes the use of McAfee’s VPN with no limits on bandwidth or server choices, as well as numerous security bonus features.
McAfee+ comes in three tiers: Premium, Advanced, and Ultimate. You get basic Dark Web monitoring of personal information at all three levels. The Advanced and Ultimate levels include full-scale identity theft monitoring and remediation, roughly parallel to Norton’s LifeLock and to Bitdefender Identity Theft Protection. It doesn’t monitor quite as many different aspects of your identity, but it hits the important ones. And, like Norton and Bitdefender, it comes with a guarantee. If you suffer identity theft, McAfee will spend up to a million dollars helping you to a full recovery.
If you live in a Manhattan rent-controlled apartment with your cat, your PC, and your Android, this isn’t the suite for you. But if you have a house full of modern, digitally active people, it can be a godsend. More than 10 devices? More than 25? Relax, they’re all covered!
Effective protection against dangerous and fraudulent websites
Powerful, self-sufficient firewall
Parental control unavailable on macOS
Online backup strictly for Windows
Data-broker opt-out system limited
When you buy a security suite, there’s an implied promise that it will keep you safe. Norton 360 Deluxe makes that promise explicit. As long as you choose auto-renewal, you’ve got a guarantee that Norton support will handle any malware that gets past the app’s protection. And that’s some powerful protection—the independent labs we follow frequently give Norton perfect to near-perfect scores. It also aces many of our hands-on tests.
This suite includes a robust, intelligent firewall, a basic password manager, and a dark web monitoring system to warn if your private data is exposed. Your subscription lets you protect up to five devices running Windows, macOS, Android, or iOS. It also gets you five full licenses for Norton’s VPN. That’s a plus. Many other suites make you pay extra to remove limits from their included VPN components, or reserve a no-limits VPN for their most expensive tier. And the 50GB of online storage for your backups is a nice bonus.
Norton security programs have been around for decades, and the brand has plenty of fans. This is a good choice for anyone who wants a time-tested suite that covers all the bases, but it’s especially good for those who wisely opt to protect their connections with a VPN.
Dedicated resolution specialists help remediate identity theft
Identity theft insurance
No-limits VPN
Parental content filter not fully effective
Password manager lacks advanced features
Cannot actually prevent identity theft
Bitdefender Ultimate Security is the pinnacle of the company’s security pantheon. It incorporates Bitdefender Total Security, Bitdefender Premium VPN, the SaferPass Password Manager, Bitdefender Digital Identity Protection, and more. You also get a full-scale identity protection and remediation system, complete with privacy monitoring, breach alerts, and white-glove personal assistance in the event you do experience identity theft. Bitdefender backs its identity theft with a million-dollar guarantee; two million at the highest subscription tier.
Like most suites that incorporate identity theft services, Ultimate Security’s price looks high at first. But if you sum up what you’d pay for its components individually, it begins to seem like a bargain. And if you subscribe at the family level, you can protect up to 25 devices and extend identity protection for up to five individuals.
You already know that Bitdefender is a trusted name for antivirus tools, security suites, VPNs, and more. When you want protection against identity theft, it’s only natural that you’d choose Bitdefender to supply it.
Norton’s security software can protect your devices and your local data, but it can’t reach out into the real world and protect your identity. That’s why you want Norton 360 With LifeLock. This suite starts with everything we like about Norton 360 Deluxe and adds identity monitoring and identity theft remediation supplied by identity pioneer (and Norton property) LifeLock.
Once you’ve set up LifeLock, Norton monitors the dark web for any sign that your identity has been compromised. It tracks possible misuse of your SSN, unexpected new accounts opened in your name, and anomalous financial transactions. If you lose your wallet (or have it stolen), Norton can help deal with the fallout. You get periodic credit reports, along with help freezing your credit if necessary. And if the worst happens and your identity is stolen, Norton will spend up to three million dollars on remediating the theft.
You can choose from three protection tiers, each with more identity theft features, device-protection licenses, and storage for your online backups. The top tier, $349 per year, includes all identity features, protection for unlimited devices, and 500GB of backup storage.
Are you horrified to think that some malefactor could masquerade as you, open accounts in your name, spend your money, even commit a crime while posing as you? Yes, identity theft can be a nightmare. Norton 360 With LifeLock protects your devices against malware and such, and also functions as an early warning system so you can nip identity theft in the bud. What a combination!
Identity theft protection for you and five family members
Device-level security for Android, iOS, macOS, and Windows
Excellent antivirus lab scores
24/7 support for all tech problems
Thorough monitoring of credit and data breaches
Dedicated resolution specialists help remediate identity theft
Device-level protection limited on Android, more so on iOS
Doesn’t add much to security suite features available in free edition
Cannot actually prevent identity theft
Instead of the typical squares and rectangles, Avast One Platinum decorates its display with color splotches, doodles, and happy people. If you like top-notch lab scores, you’ll be happy too. The independent antivirus testing labs all keep an eye on Avast, and it earns perfect scores in almost all of their tests. It rates near the top in our hands-on tests, too.
Antivirus protects your data locally, while a no-limits VPN protects it in transit. Among other unusual security features, Avast can keep untrusted programs from using the webcam and check if any of your passwords have been exposed in a breach. You also get a set of performance enhancement features liberated from the limits imposed in Avast’s free edition. And you can install Avast on up to 30 devices.
In addition to powerful device-level protection, the Platinum subscription includes identity theft protection for you and five family members. It alerts you to data breaches and other dangers, with easy access to dedicated resolution specialists and a promise to spend up to $2 million to remedy the damage. You also get concierge-level 24/7 support for all your tech problems.
Avast is a household name around the world, with millions relying on its free antivirus. If you’re an Avast aficionado looking to kick your security game up a notch and add whole-family identity theft protection, this suite is the way to go.
Password manager lacks secure sharing and inheritance
Though ESET’s blue-eyed cyborg mascot no longer graces its main window, ESET Home Security Ultimate still leans toward high technology. For example, it offers a Device Control system that gives you granular control over what device types and devices can connect to your PC. You could block USB drives in general, but allow the use of those you’ve personally vetted, for example. This suite has a big set of security tools, some of which are fine for all users and some of which require serious tech expertise. Going beyond ESET’s other suites, it offers a capable VPN and identity protection for the whole family.
Other ESET features include a network inspector, a firewall, a spam filter, an anti-theft system for laptops, webcam security, banking protection, and a limited parental control system. ESET’s Android edition provides a comprehensive set of security features, and the labs give it top marks. On a Mac, ESET offers antivirus, firewall, parental control, and simplified device control.
Quite a few features in the ESET Home Security Ultimate require an uncommon level of technical expertise. If you’re that rare person whose expertise rises to the necessary level, this suite is for you. Setting up identity protection and configuring the VPN should be a snap. You’ll use the Network Inspector to gain full insight into your devices, take system status snapshots with SysInspector, and build a perfect set of device control rules. Not you? Maybe look elsewhere.
Very good protection against malicious and fraudulent sites
Omits some common suite components
Relatively expensive
When other antiviruses lose the battle with malware, experts turn to Malwarebytes to clean up the mess. At the premium level, Malwarebytes aced our hands-on malware protection test and also earned a perfect score from one testing lab. As the name suggests, Malwarebytes Ultimate goes beyond mere antivirus, with an integrated VPN, personal data removal, and a full-powered identity theft protection service.
This isn’t your typical security suite. It doesn’t include a firewall (though it will help you manage Windows Firewall). It doesn’t bother with parental control or spam filtering, features not everyone needs. And that can be just fine for many users.
Your antivirus protects data on your computer, and using a VPN keeps that data safe while it travels the unruly internet. Identity theft protection keeps you safe even if hackers try to take over your identity. If that sounds like just what you need, without the distraction of other security elements, take a look at Malwarebytes Ultimate.
Your subscription has been confirmed. Keep an eye on your inbox!
The Best Security Suites for 2025 Compare Specs
Buying Guide: The Best Security Suites for 2025
Basic vs. Advanced Security Suites
Most security companies offer at least three levels of security programs, including a standalone antivirus utility, an entry-level security suite, and an advanced suite with additional features and enhancements. Entry-level suites typically include antivirus, firewall, antispam, and parental control. The advanced “mega-suite” often adds a backup component and some form of system tune-up utility, and some also add password management, a VPN, or other security extras.
When a new or updated security line comes out, we start by reviewing the antivirus. In our review of the entry-level suite, we summarize results from the antivirus review and dig deeper into the suite-specific features. For a mega-suite review, we focus on the advanced features, referring to the entry-level suite review for features shared by both. Your choice of a basic or advanced security suite depends entirely on what features matter to you and what you’re willing to pay for them.
The suites we’ve rounded up here aim to protect consumers. You can use any of them in a small business, but you may need to switch to a software-as-a-service (SaaS) endpoint protection system as your company grows. This type of service lets an administrator monitor and manage security for all the company’s computers.
Is Windows Defender Good Enough?
Over the years, the Windows Defender program built into Windows 10 and 11 has evolved into Microsoft Defender Antivirus. In addition to antivirus protection, it manages Windows Firewall and other Windows security features. It doesn’t truly qualify as a suite; it’s just an antivirus that manages other Windows components. Independent antivirus test scores for Windows Defender have literally come in below zero in the distant past, but its scores have been steadily improving. You can still get better overall protection from the best third-party free antivirus utilities, but Windows Defender is looking better all the time. Even so, it can’t begin to replace a full-scale security suite.
Security Suites Fight Malware, Adware, and Spyware
Malware protection is the heart of a security suite; without an antivirus component, there’s no suite. Naturally, you want a suite whose antivirus is effective. When evaluating an antivirus, we look for high marks from the independent antivirus testing labs. The fact that the labs consider an antivirus important enough to test is a vote of confidence. The very best antivirus utilities get high ratings from many labs. All of our top picks have high scores from at least two labs.
We also perform our own hands-on testing. For one test, we use a relatively static set of malware samples that we replace once per year. We note how the antivirus reacts when we try to launch those samples and score it on how well it protects the test system. For another, we try to download new malicious files from URLs no more than a few days old. Lab test results, our own test results, and other aspects like ease of use go into our antivirus rating.
What Do You Want in a Firewall?
A typical personal firewall offers protection in two main areas. First, it monitors all network traffic to prevent inappropriate access from outside the network. Second, it monitors running applications to ensure they don’t misuse your network connection. The built-in Windows Firewall handles monitoring traffic but doesn’t include program control. A few security suites skip the firewall component, figuring Windows Firewall already does the most essential firewall tasks.
The last thing you want is a firewall that bombards you with incomprehensible queries about online activity. Program PoleznyyIdiot.exe wants to connect with IP address 212.192.156.38 on port 443. Allow or Block? Incoming or outgoing? Once, or always? Plastic or paper? Modern firewalls cut down on these queries by automatically configuring permissions for known programs. The very best also handle unknown programs by monitoring them closely for signs of improper network activity and other suspicious behaviors.
Providers Mostly Handle Spam Filtering
These days, most of us hardly ever see spam messages in our inboxes because our email providers filter them out. If you don’t get this service from your provider, it can be hard to even find your valid mail amid all the offers of male enhancements and free cryptocurrency drops.
If your provider doesn’t squelch spam, choosing a suite with built-in spam filtering is smart. Look for one that integrates with your email client. Client integration lets it divert spam into a dedicated folder and sometimes lets you train the spam filter by flagging any spam messages that got through or, worse, valid messages that wound up in the spam pile.
Prevent Phishing and Protect Your Privacy
The best antivirus in the world can’t help you if a fraudulent website tricks you into giving away your security credentials. Phishing sites masquerade as bank sites, auction sites, and even online dating sites. When you enter your username and password, your account is instantly compromised. Some clever frauds pass along your credentials to the real site to avoid raising suspicions. You can learn to avoid phishing scams, but having some backup from your security suite is important when you’re not as alert. We test phishing protection using real-world fraudulent sites scraped from the internet.
Steering users away from phishing sites helps protect privacy, but that’s not the only way suites can keep your private information out of the wrong hands. Some offer specific protection for user-defined sensitive data, credit cards, bank accounts, and that sort of thing. Any attempt to transmit sensitive data from your computer sets off an alarm. Other spyware protection techniques include foiling keyloggers, preventing misuse of your webcam, and supplying a hardened browser that lets you do online banking in an environment isolated from other processes.
Content Filtering and Parental Control
We don’t penalize a suite for omitting parental control. Not everyone has kids, and not every parent feels comfortable controlling and monitoring their children’s computer use. In fact, we don’t even recommend buying a third-party parental control utility, not when Apple, Google, and Microsoft offer such services at no cost. Even so, if a suite puts forth parental control as one of its components, it had better work properly.
Blocking inappropriate websites and controlling how much time the child spends on the internet (or on the computer) are the core components of a parental control system. Some suites add advanced features like instant message monitoring, limiting games based on ESRB ratings, and tracking the child’s location. Others can’t even manage the basics successfully.
A VPN Protects Your Communications
Local antivirus and security suites protect your data and documents, but their protection doesn’t extend to your internet communications. A virtual private network, or VPN, secures your internet traffic and can hide your IP address and location from snoops. Most VPN companies have just one product, but more and more security suite companies have ventured into the VPN realm.
Often, though, you don’t get full VPN protection as part of your suite. Some install a free edition or a free trial. Others offer a link that sends you online to subscribe. Avast One, Norton 360, McAfee+, and Malwarebytes Ultimate are exceptions, offering VPN protection without such limits.
Will a Security Suite Slow Down My PC?
One big reason to use a security suite rather than a collection of individual utilities is that the integrated suite can do its tasks using fewer processes and a smaller chunk of your system’s resources. However, hardly any modern suites have an appreciable effect on performance.
In the past, we’ve run some simple performance tests, timing three common system actions with and without the installed suite, averaging many runs of each test. One test measured system boot time, another moved and copied a large collection of files between drives, and a third would zip and unzip that same file collection repeatedly. After years of spending time on these tests only to find little to no effect on performance, we’ve retired this test.
Do I Need Backup and Tune-Up Utilities?
In a sense, having a backup of all your files is the ultimate security. Even if a sample of asteroid dust goes astray and destroys your computer, you can still restore it from a backup. And if ransomware gets past your antivirus, you can restore from backup after eliminating the attacker.
Recommended by Our Editors
Some companies reserve backup for their mega-suite offering, while others include it in the entry-level suite. Read our reviews carefully, as backup capabilities vary wildly. At the low end, some companies give you nothing you couldn’t get for free from IDrive or another online backup service. At the high end, you might get 25GB, 50GB, or even more online storage hosted by the company, possibly paired with the separate ability to make local backups.
Tuning up your system performance has no direct connection with security unless it counteracts the security suite’s performance drag. However, tune-up components often include privacy-related features such as clearing traces of browsing history, wiping out temporary files, and deleting lists of recently used documents.
What Can I Do About Identity Theft?
No software solution can guarantee that malefactors won’t capture and misuse your personal information. What they can do is alert you when they find evidence that your data has been compromised, so you can head off full-scale identity theft. This kind of dark web monitoring is becoming more common.
If the worst happens and your identity is thoroughly stolen, you can get help. McAfee+ includes identity theft remediation at its two higher pricing tiers, and Norton offers suites that include LifeLock identity protection. The top-level suites Avast One Platinum, Bitdefender Ultimate, and ESET Home Security Ultimate enhance device-level security with identity theft remediation and a no-limits VPN. Malwarebytes Ultimate also adds VPN and identity protection. All of these will assign a caseworker to help you recover and spend what it takes to remediate the problem, typically a million dollars or more.
Do Suites Provide Mac, Android, and iOS Security?
Windows still dominates the desktop, but many households include Macs as well. Cross-platform multi-device suites give you one source of protection for all your devices. Typically, you don’t get as many features on macOS. In fact, most companies just offer a Mac antivirus, not a full suite. Be sure to take advantage of the option to protect your Macs. They’re not immune to malware.
Android devices are ubiquitous, and the Android platform isn’t locked down like iOS. Even if you stay away from third-party app stores and refrain from jailbreaking your device, you can still get hit with Trojans, ransomware, and other Android malware. Smart users protect their devices with an Android antivirus. Most Android antivirus utilities include antitheft features such as locating, locking, or wiping a lost or stolen device. Some include bonus features like blocking unwanted calls or warning when you connect to an insecure Wi-Fi network.
As for iPhones and other iOS devices, Apple’s built-in security makes life tough for malware coders and antivirus writers alike. Many cross-platform suites simply skip iOS; those that don’t typically offer a seriously stripped-down experience. Given the platform’s intrinsic security, it rarely makes sense to expend one of your licenses installing protection on an iPhone.
