A guide to buying security software

Between office computers, home computers, and smartphones, these days people can (and in many cases often do) stay connected to the Internet 24/7. At any time, day or night, we can check stocks, look up movie details, play games... the possibilities are endless.

Remember, though, that the connection runs both ways. Hazards range from widespread spam and random drive-by downloads to targeted "spear phishing" attacks aimed squarely at a specific individual. Security software defends your devices and your data from attack, and it’s definitely a must-have – but which software should you choose? Should you go for an overarching multi-platform suite, or individual solutions?

Internet security suites

If you'd rather spend time using and enjoying your devices, rather than fooling around with different types of protection and products, one of the modern cross-platform multi-device security suites will cover all your needs. Many of the major suites now offer cross-platform protection – indeed, the battle between security vendors has rather shifted to take the diversity of protection they can provide into account, as well as the strength of that protection (although obviously the latter remains a critical factor).

Which suite you pick will depend on what devices you own, obviously enough. A further consideration is the number of devices licensed by a suite – if you have several smartphones, a tablet, and a computer, you’ll need a program that extends beyond the normal three devices which is the average offering (or you’ll need to pay more for extra devices on top of the asking price).

To cite some examples, Symantec’s Norton 360 2014 covers three devices and is priced at £36 for a year, but it only covers the PC and Android devices. If you want complete multi-platform cover, you’ll have to buy Norton 360 Multi-Device which costs £70 (and covers five devices). Webroot SecureAnywhere Internet Security Complete 2014 covers the PC and Mac, Android and iOS, with annual cover for five devices running to £65.

Not all Internet security suites offer cross-platform cover, though. Indeed, some of the best products we’ve reviewed – namely Bitdefender Total Security 2014 and BullGuard Premium Protection – only cover your PC. However, both these firms do have separate mobile protection software available – although you’ll have to pay more on top for that.

The big advantage of having a suite which does it all, as opposed to separate programs, is that an Internet security suite can check and manage all of your security issues in one place. And of course, a well-integrated suite should have less impact on performance than a collection of separate processes.

Standalone antivirus software

Of course, not everyone wants cross-platform coverage, or to fork out for a security suite with multiple modules, whistles and bells. You could save some money going for a more basic anti-virus program, which drops all those extras and simply provides cover against malicious threats such as viruses, spyware, Trojans, worms, rootkits, scareware, and more. Along with firewall protection, antivirus is an absolutely essential component of any system's protection. If you don't opt for a suite, your first purchase should be a standalone antivirus offering.

Look for an antivirus that does well in independent lab tests, such as those conducted by AVTest. Bitdefender and Kaspersky consistently perform well across the board in these kinds of tests.

As for really slashing the budget, there are some quality antivirus offerings out there which are completely free. In terms of these solutions, you should definitely check out Avast or AVG. The great thing about choosing free antivirus is that you can take each piece of software for a test drive before making your selection at your leisure.

Firewall protection

A personal firewall needs to perform several tasks. It should protect your PC against attack from outside, it should stealth the PC's ports so they're not visible to attackers, and it should control which programs are permitted to use your network and Internet connection. The built-in firewall in Windows does a fine job of stealthing ports and fends off many attacks. As a result, the number of standalone personal firewall products has steadily diminished over the years.

Early personal firewalls were known (and reviled) for their innumerable and incomprehensible popups. The first time any program attempted network access, the firewall would ask the user whether to allow or deny it, this time or every time. Denying a valid connection could cause serious problems, so most users got in the habit of just allowing everything.

Modern firewalls check online databases to identify known good programs and configure access automatically. High-end firewalls like those found in the Norton and Kaspersky suites go farther, monitoring and controlling programs not found in their databases. You won't find that level of functionality in a standalone firewall, but you can stay safe from the blizzard of popups.

If you’re after a solid free firewall solution, check out ZoneAlarm Free Firewall. Developer Check Point gave the free product access to the huge online database used by the company's non-free tools, so it no longer spews popups.

Spam filtering

Many webmail services include fairly effective spam filters. You may also get spam filtering at the server level from your standard email provider. If you do need local spam filtering on the PC, you want it to be accurate and low-key.

In the past, many spam filters boasted of features like "training mode" or "Bayesian learning," promising to get more and more accurate with training. Avoid these like the plague. They can be wildly inaccurate out of the box, and there are plenty of products that do the job without training.

I've been impressed with community-based spam detection. In this model, a user who encounters a spam message flags it as such. When enough users have flagged the same message, it gets marked as spam so no other users see it. This technique will never mark a personal email as spam, since the spam designation requires multiple reports.

That's the simplified explanation, of course, but Cloudmark DesktopOne Basic relies in part on this technique and it's the most accurate anti-spam tool I've tested. This free edition filters one account of almost any kind; the $20 (£12) per year Pro edition filters all your accounts. I see no reason to look further.

Parental control and monitoring

Modern kids, even young ones, are thoroughly entranced by the home computer. Most parents want to let them learn and amuse themselves, without worrying that they'll click the wrong link and see something they shouldn't. Traditional parental control systems block access to unwanted categories and control when (and how long) the kids can use the computer for.

Software such as Net Nanny 7 and AVG Family Safety offer web-based tools to let parents check on the kids from any web-connected computer, and options to monitor social media, the latter being important in these days of cyber-bullying. They have fuller feature sets than the parental control modules you’ll find in the Internet security suites we discussed earlier.

Password management

Security experts will give you contradictory advice on password safety. On the one hand, they advise using a different password for every secure site, so that a breach at one site doesn't expose the rest. On the other hand, they insist your passwords should be made from a jumble of character types. How can you remember them all?

A password management tool solves the memory problem. All you need to do is memorise one really tough password that locks the password manager itself. The better password managers rate the strength of your master password.

A password manager should automatically capture credentials when you log in manually and offer to fill in those credentials the next time you visit the same site. It should handle multiple logins for the same site. And it should let you visit and log in to a site by choosing from its list of saved sites, organised by category. Any tool that doesn't manage these tasks is not an effective password manager. Our top picks for password managers are LastPass and Dashlane, both of which are free.

Some products keep your encrypted password storage strictly local, for those not wishing to trust their security to the cloud – Dashlane gives you this option. LastPass stores the data online, but it’s encrypted, and the key is safely stored locally with your browser, not with LastPass.

The whole point of having a password manager is that it lets you use stronger passwords without having to worry about remembering them. The best password managers help you out with the process of replacing weak passwords. Dashlane and LastPass list all your passwords and rate their strength. Both make it very easy to replace a weak password with an automatically-generated strong one.

Most password managers can also fill out web forms with user-supplied personal data. If you plan to use this feature, look for a tool that lets you store multiple instances of its various data types. You may need to save multiple street addresses, multiple email accounts, multiple credit cards, and so forth. A form-filling tool that's too rigid won't be much use.

For more on this subject, see our closer look at the best password managers.

Conclusion

Ultimately, what security solution(s) you choose will depend entirely on your needs and budget. A cross-platform multi-device suite can protect every device in your household in one fell swoop – but you’ll generally pay a bit more for this privilege. If you’re only interested in plain malware protection for your PC, then a standalone antivirus may be your only required line of defence. And of course if your budget is tight, you can put together your own security suite from free products. You pays your money, and takes your choice, as ever.