usatoday.com cannot provide a good user experience to your browser. To use this site and continue to benefit from our journalism and site features, please upgrade to the latest version of Chrome, Edge, Firefox or Safari.
When it comes to planning for retirement, choosing the right time to collect your Social Security benefits can have a significant impact on how much you end up earning in benefits over the course of retirement. Despite Social Security benefits comprising a large portion of people's retirement income, many of those close to retirement age don't know basic facts about the program.
A 2020 study done by MassMutual found that nearly 52% of people failed or barely passed a survey of 12 questions regarding Social Security. The study tested people on everything from what full retirement age is to their knowledge of when the Social Security trust fund would be drawn down.
While misconceptions about how the program works are common, not knowing the basics of Social Security could lead people to lose out on benefits. The earnings test is one aspect of Social Security retirement benefits that is commonly misunderstood. The earnings test applies to people who are earning income and collect benefits before full retirement age.
Below, Select talks to an expert about what the earnings test is and how it works.
Subscribe to the Select Newsletter!
Our best selections in your inbox. Shopping recommendations that help upgrade your life, delivered weekly. Sign-up here.
Let's start by reviewing some basics about Social Security.
The Social Security administration uses a formula based on a worker's income in their 35 highest earning years (indexed for inflation) to calculate their benefits. Everyone is eligible to collect worker benefits starting at age 62, although full retirement age (FRA) is between age 66 and 67, depending on when you were born. However, if you collect before FRA, your monthly benefit will be permanently reduced by a certain percentage for every month before FRA that you choose to collect.
Individuals who wait until age 70 to collect are able to earn an additional 8% in benefits for every year after the full retirement age. This means an individual with a full retirement age of 67 can earn 124% of their monthly benefit if they wait until age 70.
For example, if their monthly benefit was $3,000 at FRA but they waited until age 70 to collect, they would instead receive $3,720 per month.
The Social Security earnings test applies to people who are earning an income [i.e. a salary from job] and choose to collect benefits before FRA. For every dollar an individual makes above a certain income limit, the Social Security administration will withhold some of their benefits.
In other words, a working individual, who collects before FRA, will receive a reduced percentage of their benefits.
However, it's important to remember that those withheld benefits are not lost forever. Workers will recoup those lost benefits once they hit FRA. This means that the benefits that the Social Security administration withheld from workers before FRA will be fully paid out to them later on.
Though the earnings test has undergone many legislative changes since 1935, it still remains in place.
While it's commonly thought that the test was first passed to encourage older workers to leave the workforce in order to make room for younger workers during the Great Depression, historian Larry Dewitt writes in 1999 that "the RET is part of the Social Security Act for the basic reason that Social Security was designed as an insurance scheme, which seeks to compensate covered individuals who suffer a loss of income due to retirement."
Retirees may be reluctant to work while collecting benefits because of the retirement earnings test, but in reality, it shouldn't have any impact on whether you choose to work or not.
(Note: If you make enough income, Social Security could end up withholding all of your benefits, so you might be better off waiting to collect if you're not receiving any of your benefits before FRA.)
Furthermore, if you keep on working, the Social Security administration considers those earnings on your work record and may recalculate a higher benefit for the succeeding years.
According to Jim Blair, Lead Consultant at Premier Social Security, the Social Security administration will calculate how much of your benefits are withheld, based on the income limit, and then send you fewer checks or a lower monthly benefit.
After you reach FRA, the Social Security administration will recalculate the value of your benefit so you're not cumulatively losing any benefits.
To summarize, you may not receive your full Social Security payments if you're still working, once you hit FRA, you'll receive any of that money that was previously withheld. This could be in the form of extra checks or a higher monthly benefit.
There are two different income limits for the earning test: there's a lower limit for the retirees who are more than one year away from FRA and a higher limit for people who are one year or less from FRA. Income is considered wages from an employer and does NOT include investment earnings, government benefits, interest or capital gains.
In 2022, the lower limit was $19,560. So for every $2 an individual earns above this amount, the Social Security administration will withhold $1 from a worker's benefit. The higher limit is $51,960. For every $3, you earn above this amount, the Social Security administration will withhold $1 from your benefit. This means that the year an individual turns 67, they can earn up to $51,960 before the earnings test kicks in (i.e. before the government would withhold benefits if you were still working).
Consider this example:
The Social Security administration provides a Retirement Earnings Test calculator on their website.
Lastly, the earnings test impacts the spousal benefit too. If either you or your spouse is working while collecting the worker or spousal benefits before FRA, both of your benefits may be withheld. In other words, the worker's salary will influence the worker's benefit AND the spousal benefit while the spouse's salary will just impact the spousal benefit.
Social Security is intended to supplement people's other sources of retirement income, whether that's from 401(k)s, traditional and Roth IRAs or pensions. The average Social Security monthly benefit is only $1,658, hardly enough money for retirees to live off of in retirement, so it's crucial that individuals save for retirement as early as possible.
Your first priority should be maxing out your employer's 401(k) match as it's essentially free money. After you've maximized your match, you might consider opening a traditional or Roth IRA, depending on which account you're eligible for.
A Roth IRA offers people a unique tax advantage: Your initial contributions are taxed so your investments grow tax-free over time. However, there's an income limit on Roth IRAs. For individuals, your income must be below $144,000 and for married couples filing jointly, their income must be below $204,000. A Roth IRA is a good option for people who think they'll be in a higher income tax bracket in retirement.
On the other hand, a traditional IRA offers a different type of tax advantage. Your upfront contributions are not taxed, so you pay taxes on your distributions in retirement. There is no income limit for a traditional IRA.
Depending on your income and whether your employer offers a retirement plan, your traditional IRA contributions may be tax deductible. This means that your contributions reduce your taxable income which reduces the amount of money you owe in taxes in the year you contribute.
The decision of when to collect your Social Security benefits can have a dramatic impact on your finances in retirement. If you don't know what your FRA is, how the earnings test works or how the spousal benefit works, you could be missing out on thousands of dollars in benefits.
With the earnings test, the Social Security administration withholds some portion of your benefits if you're still working and decide to collect benefits before your FRA. However, it's important to remember that these benefits are not lost forever and that you'll receive the withheld money once you hit FRA, either in the form of a higher monthly benefit or more checks.
Editorial Note: Opinions, analyses, reviews or recommendations expressed in this article are those of the Select editorial staff’s alone, and have not been reviewed, approved or otherwise endorsed by any third party.
Spanner Spencer has been writing since 2005 for a variety of print and online publications. Focusing on entertainment, gaming and technology, his work has been published by Eurogamer.net, "The Escapist," "GamesTM," "Retro Gamer," "Empire," "Total PC Gaming" "The Guardian," among others. Spencer is a qualified medical electronics engineer with a Business and Technology Education Council certificate in technical writing from Huddersfield Technical College.
More than half of Americans surveyed by Voya Financial plan to work in retirement. If you share that plan, you may assume that you can easily combine paid employment with other sources of retirement income, such as your retirement savings and Social Security.
However, if you claim Social Security before your full retirement age — which is based on your year of birth — your benefits may be reduced through a mechanism known as the Social Security earnings test. Essentially, this rule limits your benefits if your paid employment earnings exceed certain thresholds.
The good news is that once you reach full retirement age, the benefit amounts that were withheld due to the earnings test will be returned to you in future Social Security payments. However, that doesn’t help when you are trying to balance your budget during the early years of retirement.
The impact of the earnings test on your benefit can be broken down into three distinct phases. Each phase is based on your current age relative to your full retirement age.
Special Rule: A special rule exists for filers that fall into phase 1 and 2 who retire from employment mid-year. Regardless of your earnings, if you stop receiving employment income once you collect Social Security, you can collect your entire benefit without reduction due to the excess earnings test.
The amount of your Social Security benefit depends on your earnings history and your age. Social Security benchmarks all benefits around the concept of full retirement age, which for those born between 1943 and 1960 is between ages 66 to 67.
At full retirement age you receive what is known as your full benefit or primary insurance amount (PIA). If you claim Social Security before your full retirement age, your benefit is reduced. Similarly, if you claim after your full retirement age, your benefit is increased.
The earliest you can claim Social Security is age 62; the latest you can claim to receive the maximum potential benefit is age 70.
Source: U.S. Social Security Administration
Ultimately, the Social Security earnings test does not affect the benefit you receive over the course of your retirement because Social Security will make up any benefit reductions later when you reach full retirement age.
However, this isn’t much comfort when you’re trying to balance your budget in early retirement. That’s why it’s critical to understand the earnings test and weigh all of your possible options when making your Social Security filing decision.
Amy Buttell contributed to this article.
Advisory services offered through J.W. Cole Advisors, Inc & Blue Financial are unaffiliated entities. No information provided is intended as a solicitation to buy or sell any security. Blue Financial is an independent financial services firm helping individuals create retirement strategies using a variety of investment and insurance products to custom suit their needs and objectives. This material has been prepared for informational and educational purposes only. It is not intended to provide, and should not be relied upon for, accounting, legal, tax, or investment advice.
Licensed Insurance Professional. The licensed professional can provide information, but not advice related to social security benefits. The licensed professional may be able to identify potential retirement income gaps and may introduce insurance products, such as an annuity, as a potential solution. For more information, contact the Social Security Administration office, or visit www.ssa.gov. 20988 - 2021/5/3
*Deals are selected by our commerce team
It starts so innocently. You realize that your antivirus doesn’t protect data when it leaves your computer, so you add a VPN app. Your security-minded friend points out that “password” is a bad password, which leads you to add a password manager. And when your child is traumatized by reaching a porn site instead of cartoons, you realize parental control might be a good idea. Pretty soon you have 17 different apps protecting your security and privacy, but your computer is sluggish and your wallet is empty. Don’t let this happen to you! Instead of piecing together your security, find a security suite that contains all the features you need in a single program. Your computer will thank you—your wallet, too.
Some security companies add only the most essential components to create a suite, while others rope in a huge variety of security elements. Just which security solution should you choose? We’ve reviewed nearly 40 suites and pulled together the best, from simple entry-level suites to cross-platform multi-device lollapaloozas. We're sharing the top suites we've tested here, along with what makes them unique and how they can work for you.
This article briefly mentions the many tests we use to evaluate security suites and determine which are the best. If you want more details on the torture tests we perform on every suite we review, please read the full explanation of how we test security software.
Deeper Dive: Our Top Tested Picks
When you buy a security suite, there’s an implied promise it will keep you safe. Norton 360 Deluxe makes that promise explicit. As long as you choose auto-renewal, you’ve got a certain Norton support will handle any malware that gets past the app’s protection. And that’s some powerful protection—the independent labs we follow frequently deliver Norton perfect to near-perfect scores. It also aces our hands-on tests.
This suite includes a robust, intelligent firewall, a basic password manager, and a local spam filter, as well as a dark web monitoring system to warn if your private data is exposed. As a standalone, the parental control system is an Editors’ Choice. Your subscription lets you protect up to five devices running Windows, macOS, Android, or iOS. It also gets you five full licenses for Norton’s VPN. That’s a rarity; many other suites make you pay extra to remove limits from their included VPN components. And the 50GB of online storage for your backups is a nice bonus.
Norton security programs have been around for decades, and the brand has plenty of fans. This is a good choice for anyone who wants a time-tested suite that covers all the bases, but it's especially good for those who wisely opt to protect their connections with a VPN.
Bitdefender’s standalone antivirus packs in more features than some self-proclaimed suites, and Bitdefender Internet Security piles on even more. The core antivirus technology consistently earns perfect and near-perfect scores from independent testing labs, and its ransomware-specific protection aced our tests. Other key features include a no-hassle firewall, a simple spam filter, password management, file shredding, a full-powered parental control system, and more. And it wraps all this protection in an AutoPilot system that lets you sit back and enjoy your protection, with minimal interaction.
Bitdefender does include a VPN, but with limits. You can’t pick and choose among available servers, and you can only use 200MB of bandwidth per day. That’s enough to try out the VPN protection, but if you plan to make serious use of the VPN you’ll have to pay for an upgrade.
Maybe you’re torn between two choices. On the one hand, you want a security suite that packs in every important security component. On the other hand, you don’t want those components clamoring for your attention when you’re working, gaming, or relaxing with a video. Is that you? If so, then Bitdefender Internet Security, with its multitude of components reined in by AutoPilot, is just what you need.
You almost certainly have security protection for your PCs, but have you protected your other devices? Bitdefender Total Security pours all the excellent, well-behaved features of Bitdefender Internet Security into your Windows boxes, and goes on to offer protection for your macOS, Android, and iOS devices. It also kicks its Windows game up a notch with system optimization and an unusual anti-theft component.
You manage your installations (or launch new ones) from the handy Bitdefender Central online console. Installing protection on a Mac you get Bitdefender Antivirus for Mac, an Editors’ Choice in its own realm, as well as the same limited VPN you see in Windows. The password manager and parental control features also support macOS.
Installed on Android, Total Protection brings a comprehensive collection of security features. It scans for malware on demand and also scans every new application. If you lose your phone, you can log in to Bitdefender Central and locate, lock, or wipe it. Scam Alert flags suspicious text messages, Web Protection fends off malicious and fraudulent web pages, App Lock adds a second PIN for your most sensitive apps, and Account Privacy checks known data breaches to see if your email was involved. This is an impressive Android app.
The same Apple-enforced strictures that make writing iOS malware difficult also interfere with creating security software for iOS. As with all cross-platform suites, Bitdefender’s iOS protection is relatively limited. You do get Account Privacy and the same limited VPN as on other platforms. However, there’s no antivirus component, nor does anti-theft make an appearance. Web Protection is limited. On the plus side, as long as you don’t enable Web Protection, your iOS installation doesn’t use up one of your licenses.
Bitdefender Total Security protects your Windows devices just as Bitdefender Internet Security does, which should make anyone happy. But Windows boxes are only part of the picture. Total Security adds award-winning protection for your Macs, a comprehensive suite for your Android devices, and even a modicum of security for iOS. If you need to secure and manage a household full of disparate devices, this one’s for you.
Norton’s security software can protect your devices and your local data, but it can’t reach out into the real world and protect your identity. That’s why you want Norton 360 with LifeLock Select. This suite starts with everything we like about Norton 360 Deluxe and adds identity monitoring and identity theft remediation supplied by identity pioneer (and Norton property) LifeLock.
Once you’ve set up LifeLock, Norton monitors the dark web for any sign that your identity has been compromised. It tracks possible misuse of your SSN, unexpected new accounts in your name, and anomalous financial transactions. If you lose your wallet (or have it stolen) Norton can help deal with the fallout. You get periodic credit reports, along with help freezing your credit if necessary. And if the worst happens and your identity is stolen, Norton will spend up to a million dollars on remediating the theft.
This suite costs about $45 more than Norton 360 Deluxe alone, and you still get just five security suite and five VPN licenses, though storage for your backups rises to 100GB. At the Advantage level, which costs $100 more per year, you get ten of each license type and 250GB of storage, along with enhancements to monitoring and larger payouts for losses. Spend another $100 and you reach Ultimate Plus, which maxes out monitoring options and payouts and lets you install security suite and VPN protection on every device in your household.
Are you horrified to think that some malefactor could masquerade as you, open accounts in your name, spend your money, even get arrested while posing as you? Yes, identity theft can be a nightmare. Norton 360 with LifeLock Select protects your devices against malware and such, and also functions as an early warning system so you can nip identity theft in the bud. What a combination!
Instead of the typical geometric shapes, Avast One Platinum decorates its display with color splotches, doodles, and happy people. If you like top-notch lab scores, you’ll be happy too. The labs all keep an eye on Avast, and it earns perfect scores in almost all of them. It rates near the top in our hands-on tests, too, and its full scan is faster than most. If malware interferes with Windows itself, Avast’s boot-time scan takes care of it, and it balks ransomware by banning unauthorized file changes.
Antivirus protects your data locally, while a VPN protects it in transit. Avast’s VPN isn’t the most feature-rich, but you can use it with no limits. Among other unusual security features, Avast can: protect sensitive documents from others including other accounts on the same PC; prevent use of the webcam by untrusted programs; and check to see if any of your passwords got exposed in a breach. You also get a set of performance enhancement features liberated from the limits imposed in Avast’s free edition.
In addition to powerful device-level protection, the Platinum subscription includes identity theft protection for you and five family members. It alerts you to data breaches and other dangers, with easy access to dedicated resolution specialists and a promise to spend up to $2 million to remedy the damage. You also get concierge-level 24/7 support for all your tech problems.
Avast is a household name around the world, with millions relying on its free antivirus. If you’re an Avast aficionado looking to kick your security game up a notch and add whole-family identity theft protection, this suite is the way to go.
You installed security on your PC, and on your Mac, and your mobile devices. But what about your partner’s devices, and all those electronic devices that so enrapture your children? You could be looking at quite an expense to get them all secured. Unless, that is, you turn to McAfee+. This generous suite lets you protect every device in your household, whether it runs Windows, macOS, Android, or iOS. It even supports Chromebooks and ARM-based laptops. That protection includes use of McAfee’s VPN with no limits on bandwidth or server choices, as well as numerous security bonus features. Better still, the antivirus component aces our hands-on protection tests.
McAfee+ comes in three tiers, Premium, Advanced, and Ultimate. You get basic Dark Web monitoring of personal information at all three levels. The Advanced and Ultimate levels include full-scale identity theft monitoring and remediation, roughly parallel to Norton’s LifeLock. It doesn’t monitor quite as many different aspects of your identity, but it hits the important ones. And, like LifeLock, it comes with a guarantee. If you suffer identity theft, McAfee will spend up to a million dollars helping you to a full recovery.
If you live in a Manhattan rent-controlled apartment with your cat, your Mac, and your iPhone, this isn’t the suite for you. But if you have a house full of modern digitally active people, it can be a godsend. More than 10 devices? More than 20? Relax, they’re all covered!
What kind of security do you want for your devices? Maximum security, naturally! Trend Micro Maximum Security has you covered, with protection for Windows, macOS, Android, and iOS devices. All four of the antivirus testing labs we follow consider the Trend Micro antivirus engine important enough to merit examination, though it doesn’t always get the best scores. It did score very well in our hands-on tests defending against malware-hosting websites and phishing frauds.
On Windows, Trend Micro presents a wide array of features, among them: multi-layered ransomware protection; protection for online transactions; a PC Health Checkup system; a scanner for privacy lapses in social media; an advanced encryption system for your sensitive documents; and a file shredder to securely delete originals after encryption. A few of its features aren’t quite as stellar. The parental control system is limited, password management handles just the basic, and spam filtering works only with Outlook. Even so, the collection of security features is impressive.
In cross-platform suites, it’s not uncommon for Windows to get all the goodies, leaving Macs with just a basic antivirus. Not so with Trend Micro. The macOS edition gets top scores from the testing labs. It scans for malware on access, on demand, and on schedule, and also scans any removable drives you mount. Other features include ransomware protection, detection of web-based threats, preventing misuse of the camera and mic, parental control, and the same social network scan as on Windows. Android users likewise get a feature-complete security suite, and it offers more protection than most on iOS devices.
On Windows, Trend Micro Maximum Security is feature-rich, but has a few rough edges. But on macOS, Android, and iOS, it outperforms the competition. It’s a great choice if you need to protect across multiple platforms, and even greater if Windows isn’t your primary platform.
An Avira Prime subscription gets you every security tool from Avira, but that’s not all. Any time Avira comes up with a new security app, you get that too. Many of these are available separately in both free and Pro editions—Avira Prime users naturally get the Pro editions. And it supports Windows, macOS, Android, and iOS.
All the independent labs I follow include Avira, and it aces most (but not all) of their tests. In my own hands-on tests, though, it came up a bit short. On the plus side, you can use its VPN freely, with no limits on bandwidth or server choices. System Speedup Pro With HyperBoost aims to fine-tune performance, Software Updater Pro automatically finds and applies needed security patches, and Password Manager Pro adds an advanced security report that’s not available in the free edition.
Other than removing VPN limits, Avira's Pro-level macOS edition doesn’t add a lot beyond what you can get for free. Android users wind up installing three apps: Antivirus Security Pro, Phantom VPN Pro, and Password Manager Pro. On an iOS device, Avira’s scan covers Protection, Privacy, and Performance, but not malware. The password manager and VPN are among the other apps that have an iOS presence.
When Avira Prime is your suite, you don’t have to fear missing out on the latest and greatest features. Whatever marvel Avira’s developers and wizards come up with, it’s yours. Avira is the no-FOMO choice.
That blue-eyed cyborg peering at you from the main window makes it clear that ESET Internet Security leans toward high technology. For example, it offers a Device Control system that gives you granular control over what device types and devices can connect to your PC. You could block USB drives in general, but allow use of those you’ve personally vetted. This suite comes with a big set of security tools, some that are fine for all users and some that require serious tech expertise.
An impressive Network Inspector lets you see all the devices connected to your network, with an option to get notified when new devices connect. It also checks your devices for security problems such as ports open that shouldn’t be. Avast once boasted a similar feature, but no longer does so. Other ESET features include firewall, spam filter, anti-theft for laptops, webcam security, banking protection, and a limited parental control system.
As for the core antivirus protection, ESET slips a bit. Its test scores, from just two labs, range from average to excellent, but it tanked our hands on malware protection test. On the positive side, it scored well when we tested its protection against malicious and fraudulent websites. ESET’s Android edition provides a comprehensive set of security features, and the labs deliver it top marks. As for protecting your Macs, ESET offers antivirus, firewall, parental control, and a simplified device control. However, the labs no longer put it to the test, and it tanked one of our hands-on tests.
Quite a few features in the ESET Internet Security suite require an uncommon level of technical expertise. If you’re that uncommon person whose expertise rises to the necessary level, this suite is for you. You’ll use the Network Inspector to gain full insight into your devices, take system status snapshots with SysInspector, and build a perfect set of device control rules. Not you? Maybe look elsewhere.
F-Secure’s entry-level suite is a bit light on features, but F-Secure Total tips the scales the other way. It adds a cross-platform VPN, a password manager, and a monitor to warn if your personal information turns up in a breach. And its pricing is quite competitive for those who want 10 or more licenses.
The integrated password manager handles all the expected basic tasks, though it doesn’t fill web forms with personal data. It also lacks secure sharing, password inheritance, and multi-factor authentication.
The simple VPN is also integrated right into F-Secure Total, and it’s a snap to use. It includes useful features such as a Kill Switch and split tunneling, but its network of servers is sparse compared to the best VPNs.
F-Secure has been around for decades, and the brand has a devoted following. If you’re part of the fanbase, you’ll find that this is the most complete suite ever from F-Secure, and it's quite a bargain if you protect a large number of devices.
Buying Guide: The Best Security Suites for 2023
Most security companies offer at least three levels of security programs, a standalone antivirus utility, an entry-level security suite, and an advanced suite with additional features. Most entry-level suites include antivirus, firewall, antispam, and parental control. The advanced "mega-suite" typically adds a backup component and some form of system tune-up utility, and some also add password management, a VPN, or other security extras.
When a new security line comes out, we start by reviewing the antivirus. In our review of the entry-level suite, we summarize results from the antivirus review and dig deeper into the suite-specific features. And for a mega-suite review, we focus on the advanced features, referring to the entry-level suite review for features shared by both. Your choice of a basic or advanced security suite depends entirely on what features matter to you, and what you're willing to pay for them.
The suites we've rounded up here aim to protect consumers. You can use any of them in a small business, but as your company grows you may need to switch to a SaaS endpoint protection system. This type of service lets an administrator monitor and manage security for all the company's computers.
Kaspersky offers security at three levels—Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium—all of them rated four stars or better in our reviews. In the past, Kaspersky has been very prominent in this roundup. The apps remain highly effective, with excellent scores from the independent testing labs. So where's Kaspersky?
For years, Kaspersky has faced accusations and censure based on its Russian origins, though none of the accusations have come backed by hard evidence of malicious behavior. We at PCMag focused on the capabilities of the programs, not on the brouhaha around the company. However, the current war in Ukraine has raised the stakes. Governments and third parties are cutting ties with Kaspersky. The FCC labeled Kaspersky a national security risk.
After consideration, we can no longer recommend you purchase Kaspersky security solutions. We've left the reviews in place, with a warning, since they provide useful information. But at least for now, we're removing Kaspersky from our "Best for" lists.
Over the years, the Windows Defender program built into Windows 10 has evolved into Microsoft Defender Antivirus. In addition to antivirus protection it manages Windows Firewall and other Windows security features. It doesn't truly qualify as a suite; it's just an antivirus that manages other Windows components. Independent antivirus test scores for Windows Defender have literally come in below zero in the distant past, but its scores have been steadily improving. You can still get better overall protection from the best third-party free antivirus utilities, but Windows Defender is looking better all the time. Even so, it can't replace a full-scale security suite.
Malware protection is the heart of a security suite; without an antivirus component, there's no suite. Naturally, you want a suite whose antivirus is effective. When evaluating an antivirus, we look for Good Marks from the independent antivirus testing labs. The fact that the labs consider an antivirus important enough to test is a vote of confidence. The very best antivirus utilities get high ratings from many labs.
We also perform our own hands-on testing. For one test we use a relatively static set of malware samples that's replaced once per year. We note how the antivirus reacts when we try to launch those samples and score it on how well it protects the test system. For another, we try to obtain very new malicious files from URLs no more than a few days old. Lab test results, our own test results, and other aspects like ease of use go into our antivirus rating.
A typical personal firewall offers protection in two main areas. On the one hand, it monitors all network traffic to prevent inappropriate access from outside the network. On the other, it keeps a watchful eye on running applications to make sure they don't misuse your network connection. The built-in Windows Firewall handles monitoring traffic but doesn't include program control. A few security suites skip the firewall component, figuring Windows Firewall already does the most essential firewall tasks.
The last thing you want is a firewall that bombards you with incomprehensible queries about online activity. Should I let KiberViyna.exe connect with IP address 22.214.171.124 on port 8080? Incoming or outgoing? Allow or Block? Once, or always? Plastic or paper? Modern firewalls cut down on these queries by automatically configuring permissions for known programs. The very best also handle unknown programs by monitoring them closely for signs of improper network activity and other suspicious behaviors.
These days, most of us hardly ever see spam messages in our inboxes because our email providers filter them out. If you don't get this service from your provider, it can be hard to even find your valid mail amid all the offers of male enhancements and magic COVID-19 cures.
If your provider doesn't squelch spam, it's smart to choose a suite with spam filtering built in. Look for one that integrates with your email client. Client integration lets it divert spam into its own folder, and sometimes lets you train the spam filter by flagging any spam messages that get through or, worse, valid messages that wound up in the spam pile.
The best antivirus in the world can't help you if a fraudulent website tricks you into giving away your security credentials. Phishing sites masquerade as bank sites, auction sites, even online dating sites. When you enter your username and password, though, your account is instantly compromised. Some clever frauds will even pass along your credentials to the real site, to avoid raising suspicions. You can learn to avoid phishing scams, but it's important to have backup from your security suite for those times when you're not as alert. We test phishing protection using real-world fraudulent sites scraped from the internet.
Steering users away from phishing sites helps protect privacy, but that's not the only way suites can keep your private information out of the wrong hands. Some offer specific protection for user-defined sensitive data, credit cards, bank accounts, that sort of thing. Any attempt to transmit sensitive data from your computer sets of an alarm. Some contract with third-party companies to offer credit protection. Other spyware protection techniques include foiling keyloggers, preventing misuse of your webcam, and supplying a hardened browser that lets you do online banking in an environment isolated from other processes.
We don't penalize a suite for omitting parental control. Not everyone has kids, and not every parent feels comfortable about controlling and monitoring their children's computer use. However, if parental control is present, it has to work properly.
Blocking inappropriate websites and controlling how much time the child spends on the Internet (or on the computer) are the core components of a parental control system. Some suites add advanced features like instant message monitoring, limiting games based on ESRB ratings, and tracking the child's location. Others can't even manage the basics successfully.
Local antivirus and security suites protect your data and documents, but their protection doesn't extend to your internet communications. A virtual private network, or VPN, secures your internet traffic and can also serve to hide your real IP address or location from snoops. Most VPN companies have just one product, but some security suite companies have ventured into the VPN realm.
Often, though, you don't get full VPN protection as part of your suite. Some install a free edition or a free trial. Others offer a link that sends you online to subscribe. Avast One, Norton 360, McAfee+, and Panda Dome Premium are exceptions, offering VPN protection without such limits.
One big reason to use a security suite rather than a collection of individual utilities is that the integrated suite can do its tasks using fewer processes and a smaller chunk of your system's resources. Or at least, that's what ought to happen. Few modern suites have an appreciable effect on performance.
For a hands-on measure of just what effect installing a suite has, we time three common system actions with and without the suite installed, averaging many runs of each test. One test measures system boot time, another moves and copies a large collection of files between drives, and a third zips and unzips that same file collection repeatedly. Suites with the very lightest touch have no measurable effect on the time required.
In a sense, having a backup of all your files is the ultimate security. Even if stray debris from a failed Russian satellite destroys your computer, you can still restore it from backup. Some companies reserve backup for their mega-suite offering, while others include it in the entry-level suite. Read our reviews carefully, as backup capabilities vary wildly. At the low end, some companies deliver you nothing you couldn't get for free from IDrive or another online backup service. At the high end, you might get 25GB, 50GB, or even more online storage hosted by the company, along with the separate ability to make local backups.
Tuning up your system performance has no direct connection with security unless it serves to counteract the security suite's performance drag. However, tune-up components often include privacy-related features such as clearing traces of browsing history, wiping out temporary files, and deleting lists of recently used documents. For a dedicated system-cleaning app, read our roundup of the best tune-up utilities.
No software solution can certain malefactors won't capture and misuse your personal information. What they can do is alert you when they find evidence your data has been compromised, so you can head off full-scale identity theft. This kind of dark web monitoring is becoming more common.
If the worst happens and your identity is thoroughly stolen, you can get help. McAfee+ includes identity theft remediation at its two higher pricing tiers, and Norton offers suites that include LifeLock identity protection. The top-level suites Bitdefender Ultimate and Avast One Platinum enhance already impressive security with identity theft remediation, as well as a no-limits VPN. All four will assign a caseworker to help you recover, and spend what it takes to remediate the problem, typically up to a million dollars.
Windows still dominates the desktop, but many households include Macs as well. Cross-platform multi-device suites deliver you one source of protection for all your devices. Typically you don't get as many features on macOS. In fact, most companies just offer a Mac antivirus, not a full suite. Be sure to take advantage of the option to protect your Macs. They're not immune to malware.
Android devices are ubiquitous, and the Android platform isn't locked down the way iOS is. Even if you stay away from third-party app stores and refrain from jailbreaking your device, you can still get hit with Trojans, ransomware, and other kinds of Android malware. Smart users protect their devices with an Android antivirus. All the best Android antivirus utilities include antitheft features such as the ability to locate, lock, or wipe a lost or stolen device. Some include bonus features like blocking unwanted calls or warning when you connect to an insecure Wi-Fi network.
As for iPhones and other iOS devices, Apple's built-in security makes life tough both for malware coders and antivirus writers. Many cross-platform suites simply skip iOS; those that don't typically offer a seriously stripped-down experience. Given the platform's intrinsic security, it rarely makes sense to expend one of your licenses installing protection on an iPhone.
We've evaluated nearly 40 security suites, including entry-level suites, feature-packed mega-suites, and suites that extend protection across multiple different platforms. The suites listed in this article have all received at least 3.5 stars.
In some cases, multiple suites from the same company appear in the chart. For example, Bitdefender Internet Security is an Editors' Choice winner for entry-level suites, and Bitdefender Total Security earned the same honor as a security mega-suite. Norton also claimed two entries, an Editors' Choice for cross-platform suite and another for security suite with identity theft remediation.
This article identifies ten security suites we recommend, including multi-device suites, mega-suites, and entry-level suites. If you're looking for a suite that covers the basics without getting in the way, Bitdefender Internet Security is our Editors' Choice winner. In the mega-suite range, the Editors' Choice award goes to Bitdefender Total Security, with more features than you can imagine.
Norton 360 Deluxe is our Editors' Choice for cross-platform multi-device security suite. If you're looking to combine powerful device-level protection with identity theft remediation, our Editors' Choice pick is Norton 360 With LifeLock. With a powerful, integrated suite protecting your devices, you can stay safe and calm without worrying about balancing security against performance.
A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were:
RELATED CONTENT: Shifting left for better security? It’s just as important to shift right too
If you’re a provider of software composition analysis solutions, then the first bullet point obviously excites you, but by the same token it also challenges long-held security paradigms. For those of you unfamiliar with SCA, it’s the ability to identify latent vulnerabilities in applications that originate not from the code teams create, but from the code they depend upon. Such dependencies are very common in modern applications due to the proliferation of high-quality open-source components that address common tasks within a given programming language or platform. Since open-source libraries are the foundation for modern application development, it makes sense that tackling any latent unpatched vulnerabilities in them should be a primary task. In other words, if you address any issues in your libraries, you’re free to focus on issues in your custom code. SCA solves the former problem, while traditional tools like SAST solve the latter.
The second bullet is more nuanced. Essentially, it states that traditional SAST solutions will take a back seat to limited testing capabilities baked into IDEs or other areas of the toolchain. While traditional SAST has a reputation for long test times, this is more a function of the depth of analysis in the checkers than the value of the testing. By moving elements of code analysis into IDEs or into functional testing, this allows traditional SAST to focus on the hard task of discovering bugs within the entire application and have the IDE-based solution look for incremental issues. By incrementally checking code within the IDE, fewer defects are logged, which both increases the quality of code being committed while reducing testing costs. The reduction in testing costs for standard security issues then frees QA teams to focus their attention on architectural or system-level issues rather than preventable security issues.
The last bullet is more interesting. Automatic remediation of defects implies that security tools could become code generators. While it’s fairly straightforward to determine whether basic security defects exist within the code, there’s a fairly wide gap between detection and semantically appropriate resolution. Put another way, would you rather trust your engineers to develop a security fix in your business logic, or have a tool provide a standardized fix with generic assumptions?
While I’m not yet comfortable with automated resolution of security issues, I am a huge fan of contextual training. When developers are armed with easy-to-use tools that identify security defects in their IDE and explain precisely why the code fails to meet security targets, we not only are able to address the defect but simultaneously help prevent future occurrences. In the end, security tooling should focus on enabling developers to create more secure code prior to it ever being available to customers.
At a high level, the three predictions from Gartner boil down to providing development teams with the security tools they need, when they need them, without becoming roadblocks to development. When security tools become an impediment to development, engineers under tight deadlines will find ways to bypass them. This is why context-sensitive security information, both detection and remediation guidance, belongs in an IDE. It’s also why having transparent security testing operating in parallel to existing functional testing is a hot topic, and why continuous monitoring for new security disclosures within dependencies is crucial for released code. Each provides contextually valuable security information enabling the delivery of higher quality code – and who wouldn’t want that!