How to Choose Antivirus Without Getting Played

Understand the Review Site Problem First

The antivirus review industry has a structural conflict of interest that's worth understanding before you read anything, including this. Most comparison sites earn money through affiliate commissions — typically £10 to £40 per sale. That means a site that ranks Bitdefender first earns money when you click through and buy Bitdefender. This is legal and disclosed (usually in small print), but it shapes editorial decisions in ways that aren't always obvious.

You'll notice that most comparison sites have very similar top picks. That's partly because some products genuinely are better, but it's also because those products have the most developed affiliate programs. Products with poor affiliate programs don't get recommended even when the protection is good.

ShieldLog doesn't run affiliate links. We write about what we've tested. Read our disclaimer for details on how we sustain this. The point here isn't to pat ourselves on the back — it's to give you a framework for evaluating any advice you read, including ours.

What the Numbers Actually Mean

Detection Rate

The only meaningful detection rate numbers come from independent testing labs: AV-Test, AV-Comparatives, and SE Labs are the three worth referencing. A product that quotes its own detection rate on its own website is not evidence of anything. Most major products score in the 97-99.5% range at these labs. A 2% difference sounds small, but across a year of threats it matters. Anything below 95% from an independent lab is a red flag.

False Positive Rate

Rarely discussed but genuinely important. A product that flags legitimate software as malware trains you to dismiss alerts. When a real threat gets flagged, you click "allow" without reading it. High false positives reduce real-world security even when detection rates look good on paper.

Performance Overhead

This only matters if you're on older or mid-range hardware. On a modern machine with an SSD and 16GB RAM, even heavier products are manageable. On a 6-year-old laptop with a spinning disk, the difference between a light and heavy product is the difference between usable and annoying. PCMark benchmark scores are the standard measure — a 3-5% drop is good, 8-10% is heavy, anything above that is a problem.

Features That Matter vs. Features That Don't

Features that matter:

Real-time protection (required). Ransomware behaviour blocking (genuinely useful, not all products do this well). Browser extension for phishing protection (varies in quality — worth checking independently). Regular, automatic database updates (check how frequently).

Features that usually don't:

Game Mode (marginal benefit on modern products). File shredder (use Eraser if you actually need this). System cleanup tools (avoid these — they often cause more problems than they solve). VPN (only valuable if it's actually unlimited and actually fast — most bundled VPNs are neither).

The Pricing Trap

Almost every major antivirus product offers a heavily discounted first year and then auto-renews at a significantly higher price. This is industry-wide and the only defence is a calendar reminder set for one month before your renewal date. Some vendors will offer a retention discount if you call to cancel. Others have promotional pricing that resets if you cancel and resubscribe.

The "real" price of a product is the renewal price, not the introductory offer. Factor that into your decision.

The Three Questions to Ask Before Buying

First: does this product appear in recent AV-Test or AV-Comparatives results, and is it in the top tier? Second: what does year-two renewal cost, and am I comfortable with that? Third: does the feature list match what I actually need, or am I paying for a VPN I won't use and cloud backup I already have elsewhere?