Would you buy an antivirus utility that’s absolutely guaranteed to block execution of every single piece of malware, be it a virus, Trojan, ransomware, spyware, or any other nefarious ilk? Would you still buy it after learning that it blocks every good program as well? Sounds crazy, but there’s a path to sanity. The app would simply need a comprehensive whitelist of known good programs that it should leave alone. That’s what PC Matic Home aims to do. Any program it doesn’t recognize gets put on ice, until the analysis system at the company’s HQ determines if it’s good or bad. That analysis is meant to happen within 24 hours, but in testing, after three days most unknowns remained unknown. And those who choose PC Matic’s protection must prepare for the possibility it will block valid programs.
How Much Does PC Matic Home Cost?
A $50-per-year PC Matic Home subscription gets you five licenses; you can also pay $150 to keep those five licenses for a lifetime. About a third of the premium antivirus products I track cost roughly $40 per year for a single license. That group includes Bitdefender Antivirus Plus, Trend Micro, and Webroot.
There’s another common price point that’s $20 higher, but what you get with your $60 subscription varies wildly. A Norton subscription for that same amount protects just one computer, while Kaspersky protects three for the same price. Sophos goes all out, with 10 remotely manageable licenses. And with McAfee AntiVirus Plus you get unlimited licenses. You can install McAfee protection on every single Android, iOS, macOS, and Windows device you own.
PC Matic’s main window is busier than many, divided into three main horizontal bands. At the bottom you see a collection of maintenance statistics, such things as viruses removed, vulnerabilities patched, and drivers updated. Above that, you see three colorful dials representing CPU usage, available RAM, and disk activity, along with buttons to review activity history and performance trends. The next panel up offers details about the current device along with a toolbar to select a view from Dashboard, SuperShield, Scheduler, Reports, and Options.
Website and Promotion
PC Matic is one of the few antivirus companies that regularly advertises on television. Fortunately, the ads have grown more sophisticated over time. For example, they no longer claim that computer viruses are written by “Boris RipYouOff.”
Both the ads and the company’s website celebrate the fact that the company is entirely based in the US. The website also states that PC Matic is “The only antivirus company that conducts our research 100% in the United States.” I’m not sure if that’s a plus, given that there are smart people all over the world. But some consumers will appreciate the “made in the USA” sentiment.
The site also promotes whitelisting as the best solution to blocking malware, suggesting that other antivirus products work by attempting to blacklist every malicious program. It also uses words like “patented” and “exclusive” to suggest that PC Matic is the only whitelist-based protection system. As I’ll discuss later, it’s not.
In any case, competing products don’t rely solely on simple blacklisting. They use heuristic scans, behavioral analysis, reputation scoring, and other advanced techniques. Blacklisting alone would be like barring only known criminals from entry to a building. Antivirus products do bar known troublemakers, but they focus more on detecting criminal behavior. That guy lurking in the bushes? The one with a ski mask on, and hands in his pockets? I’ve never seen him before, but don’t let him in unless you can verify he’s legit.
Whitelisting has undeniable value, but it also tends to block access for perfectly legitimate programs (or people). When your long-lost cousin suddenly appears on your doorstep, will you turn her away because she’s not on the list?
Consulting with my PC Matic contact, I got a little surprise. Despite all the emphasis on whitelisting, PC Matic does not simply block every unknown. A known, safe program like Chrome still comes under scrutiny when, say, it invokes a script processing tool. And according to the program’s own messaging, SuperShield has multiple layers of protection, including (but not limited to) whitelisting.
One more thing. You have the option to change the way PC Matic handles unknown files. Specifically, you can have it notify you when it detects an unknown, and ask what to do, rather than always suppressing unknowns. This proved important for my testing, as it was the only way I could get PC Matic to let my unique-to-me testing programs to run.
Little Help From the Labs
I look to four independent antivirus testing labs around the world for reports on their extensive testing of security products. If all four labs include a product in their testing, and all four give it top scores, you can be sure the product is worthwhile. Kaspersky Anti-Virus stand out in exactly that way, currently holding perfect scores from all four labs.
As for PC Matic, it only shows up in current reports from AV-Test Institute, and its scores are nothing to celebrate. This lab rates antivirus products on three criteria, Protection, Performance, and Usability, assigning up to six points for each. That last category refers to avoiding false positives, which are instances of identifying valid programs and websites as malicious. Given PC Matic’s default-deny mode, I expected it would get a perfect score for Protection and fall way behind in Usability.
In fact, PC Matic scored just four points for Protection, down from five in the previous test report. That’s the lowest protection score of all the products tested. Two thirds of the products tested reached a perfect six points for protection. My PC Matic contact explained that the product doesn’t entirely fit this testing regimen. When it detects an unknown and prevents it from launching, the malware is completely neutralized. But because it didn’t identify the sample as malicious, PC Matic doesn’t get credit for detection.
As for usability, PC Matic did indeed stumble, with lots of false positives. Its score, 3.5 of six possible points, is the lowest among tested products. The product’s total score, 13.5 of 18 possible points, is also the lowest.
I’ve devised an algorithm for aggregating multiple lab scores, mapping them onto a scale from 0 to 10. However, this algorithm requires at least two results to generate a score. As noted, Kaspersky took perfect scores across the board, for an aggregate score of 10 points. Also tested by four labs, Avast Free Antivirus, Norton, and Avira earned scores of 9.7, 9.6, and 9.5, respectively.
Blocking Malware (and Everything Else)
When I tried launching my collection of malware samples, PC Matic blocked almost all from running. I was surprised that it didn’t block them all. One Trojan, recognized as malware by more than 40 of the antivirus engines on the VirusTotal website, sailed right past PC Matic. Another launched without interference and ran in the background until PC Matic claimed to have blocked it. I say claimed because it didn’t; the blocking message came up again and again.
Of the rest, PC Matic deleted 23%, identifying them as known malware. It simply prevented the rest from running, on the basis that it couldn’t identify them as good or bad. According to the PC Pitstop website, when PC Matic encounters an unknown program, it submits that program for analysis. Results should be available within 24 hours.
Naturally, I tried this test again after 24 hours, launching those samples that had been detected as merely unknown. PC Matic deleted just over a fifth of those, meaning nearly four-fifths remained unknown. Alarmingly, one sample went from unknown status to good.
My contact at the company noted that while most unknowns are resolved within 24 hours, or even much less time, it can sometimes take longer. After a weekend, I went through the surviving unknowns yet again. Of that group, more than 60% remained unknown more than three days after their initial discovery. Based on my experience, PC Matic does not actually classify each unknown within 24 hours, or even within three days.
If I scored PC Matic’s behavior as if every blocked program represented a true detection of malware, it would have 99% detection and an overall score of 9.8 points. But it didn’t—it flagged most of them as simply unknown. Hence the asterisks by its scores in the chart below.
This is the first review to be scored using my newest collection of malware samples. To make sure I have data for direct comparisons, after curating a new set of samples I run my usual hands-on tests on all Editors’ Choice product in the antivirus and free antivirus realms. With 99% detection and a score of 9.8, PC Matic matches Webroot’s scores. McAfee edged just a bit higher, with 100% detection and 9.9 points. But again, this isn’t an apples-to-apples comparison given PC Matic’s default-deny system.
PC Matic does install an ad blocker in your browsers, but there’s no component to detect and avert malware-hosting URLs or phishing URLs. My malicious URL blocking test gives products equal credit for diverting the browser away from malware-hosting URLs and for wiping out the malware payload during or immediately after download. In past reviews I’ve been able to complete this test by configuring SuperShield to scan files on access, giving it a chance at the downloads. This time around, I couldn’t find that option anywhere. Don’t count on PC Matic to take its protection upstream, preventing malware downloads.
See How We Test Security SoftwareSee How We Test Security Software
Full Scan Confusion
With many antivirus products, you get a page of scan choices, typically Quick, Full, and Custom. PC Matic just has the Scan button on the main page, and by default, clicking that button performs a quick scan. I had to dig into the Options to change the default to Full.
A full scan with PC Matic took 85 minutes, more than the current average of 68 minutes. It found exactly one threat, a low-risk item from my parallel collection of hand-modified malware samples. That means it left behind dozens of other hand-modified samples, including a dozen examples of ransomware. And this almost makes perfect sense. The full scan strictly and only removes known malware. It does not get involved with unknowns the way SuperShield does. The one oddity is that hand-modified never-seen-elsewhere file that it identified as bad—I can’t explain that one.
Note, though, that malware detection is just one part of this scan. It also checks for unpatched security holes in apps and dangerous browser add-ons. In the performance realm, it flags and removes junk files and defective Registry entries, and also checks memory and startup items. Other tasks report on your system specs and installed apps, and check for problems with drivers, services, and scheduled tasks.
PC Matic didn’t find a lot to do on my minimally provisioned virtual machine testbed. Its summary of changes and advice contained just a few items. As noted, it removed one malware sample. It advised enabling System Restore and disabling Firefox password security, without any indication of how to go about these changes. And found a CPU load of 36%, advising me to somehow get it below 25%.
Don’t get me wrong. The many tests and reports that make up a full scan by PC Matic are quite useful. But I didn’t get a lot from the advice items.
Other Avenues
Despite what the ads may say, PC Matic doesn’t have the lock on whitelisting technology. Quite a few antivirus utilities maintain their own huge whitelists of programs that are known and safe, but most use it in conjunction with other technologies. For example, Norton AntiVirus Plus quarantines any programs known to be malicious and leave programs on its whitelist alone. When a program falls in neither category—a true unknown—Norton ramps up its behavior monitoring on that program. At the first hint of malicious activity, the antivirus steps in, halts the program, and puts it in quarantine.
VoodooSoft VoodooShield handles whitelisting a bit differently. It assumes you have a clean PC to start, and it whitelists your existing programs. When a never-seen program appears, it asks you what to do. If you were actively installing something new, you just let it continue. But if the message is unexpected, you block the activity. VoodooShield’s ability to actively identify malware is growing, but for now it’s meant as a supplement to your existing antivirus.
The Kure effectively whitelists your entire PC’s current status. On every reboot, it returns to that clean starting point. Any malware that weasels onto the system gets eliminated as soon as you reboot. It’s a rather extreme solution, and not one that I’d choose for myself. However, it can be perfect for situations like a public computer; just reboot between users.
Does What It Says, Mostly
PC Matic promises that it won’t let any program run if it’s not on the whitelist, and it mostly delivers on that promise, though it missed a couple of samples in testing. It doesn’t promise to identify bad programs, only programs that it can’t swear are good. As a result, you’re almost certain to find that it suppresses some legitimate programs. Its lab tests bear out this tendency toward false positives, and one recent test also found it less effective at malware protection.
If you’re not bothered by the idea of dealing with false positives, you could give PC Matic a try. It costs less than most competitors, and besides its unusual style of antivirus protection, it keeps your PC tuned up. But most users will be better off with mainstream antivirus tools that use blacklisting, whitelisting, website reputation, behavior-based analysis, and all other available tools to eradicate malware without interfering with valid programs.
Of the many, many antivirus utilities available, we’ve identified four as Editors’ Choice winners. Bitdefender Antivirus Plus and Kaspersky Anti-Virus consistently earn great scores from the independent labs. McAfee AntiVirus Plus doesn’t score as consistently high, but one subscription protects all your devices. And Webroot SecureAnywhere AntiVirus, with its focus on detecting malware by its behavior, is the smallest and lightest antivirus you’ll find.
