Founded back in 1992, Dr.Web is a Russian developer with a vast range of security products for desktops and mobile devices.
The latest edition adds Dr.Web ShellGuard, which the company describes as 'enhanced Dr.Web process heuristic technology' which 'protects against attacks involving zero-day exploits.'
The ShellGuard description on the 'New Features' page doesn't give a detailed explanation of the technology, but from what we can see, it doesn't appear to be anything revolutionary.
For instance, it apparently detects threats based on reputation information on the cloud – files that are 100% clean, digital signatures of known threats and so on – which many vendors have been doing for years.
Pricing can be as low as €14 (£12.64, $16.05) for a one PC/Mac, one-year license, if you opt for no technical support. If that's a step too far, the with-support price doubles to €28 (£25.28, $32.10). Both options offer deep discounting if you add more users and extend the term. For example, a three device, three-year license with tech support costs €98 (£88.50, $112.35).
These are decent prices for a full security suite, but the company doesn't stop there. Dr.Web also offers some impressive discounts on renewal, starting at 40% off the regular price. Long-term customers could save a lot of cash.
Dr.Web Security Space is available in trial form, in theory giving you a generous three months for free if you register. However, the company makes this more difficult than usual – we had to hand over our email address, complete a CAPTCHA, receive an email, click a link, provide our name and country, subscribe to Dr.Web emails and complete another CAPTCHA. But finally, we got a real download link, and were able to grab and install the program.
We rebooted, as prompted, and watched as the firewall asked us to create new rules for just about every internet call made on our system, even from well-known and entirely safe services such as Dashlane and BackBlaze.
You only have to do this once per application and connection type (and there are other firewall modes, if you can find them), but it's still a major hassle. We much prefer more modern and intelligent firewalls from providers such as Bitdefender, Kaspersky and Symantec, which are smart enough to make most decisions entirely on their own.
We browsed the Dr.Web installation and found more than 1GB of files, including signature databases. The package also added no less than five background processes, grabbing close to 500MB RAM. That's more than most of the competition, but we didn't find Dr.Web made any noticeable difference to our system performance.
It's important that an antivirus can protect itself from interference by malware, so we test this by running a range of simple attacks to delete files, stop services, edit Registry keys and more. Dr.Web batted away all our efforts without difficulty, though, and its protection wasn't compromised at any point.
The Dr.Web interface opens with a simple panel displaying six buttons, each representing an area of functionality: Files and Network, Preventative Protection, Devices and Personal Data, Parental Control, Tools and Exclusions. We weren't entirely sure what these contained, but browsing the menus revealed a huge number of configuration options.
Real-time protection rules enable customizing the type of threats Dr.Web will detect and how it'll process them, for instance.
Dr.Web's behavioral analysis layer can be tweaked to define what apps are allowed to do. By default, the program blocks all attempts to modify your HOSTS file, for example. That's the safest course of action for regular users, but if you find it breaks a legitimate application, there are alternatives. You could explicitly give your application permission to edit HOSTS or take other risky actions, or you might have Dr.Web ask you what to do whenever it spots any HOSTS editing in future.
A network monitoring technology called SpIDer Gate analyzes the sites you visit, and apparently should prevent you accessing dangerous URLs. We found we could visit some risky links without difficulty, although the package did spot and block threats in downloads, ensuring our system was never compromised.
Device-related features start with the ability to control access to your webcam and microphone. That's not uncommon, but Dr.Web takes this further by allowing you to block the use of specific device classes and buses. You could block new USB devices, new disk drives, printers, or other device types from being connected to the system, reducing the chance that others can introduce malware to the system, or perhaps compromise your data by copying it to a device of their own.
A Data Loss Prevention module enables protecting the contents of folders from modification by anything other than trusted applications. That could help defend against even undiscovered ransomware, although it might also involve some initial hassles while you whitelist all your known safe applications.
Basic parental controls enable restricting access to websites by category. You can limit internet and computer use by time of day, and block access to files and folders on your local system.
While there's a lot of functionality here, the individual features sometimes feel a little basic, not to mention dated. An 'Anti-Spam parameters' box only provides a couple of detection settings, for instance, in 'Allow Cyrillic text' and 'Allow Asian text'. We would hope there's more to its detection abilities than that.
The Secure Space interface hides its antivirus features more deeply than we hoped, too. Normally you can launch a scan directly from a system tray icon, or the main antivirus console. Here you must open the Security Center, click Files and Network > Scanner, and then choose your scan type from Express, Full or Custom.
Scan times were longer than average, though we're unsure why. Files were scanned quickly enough, but some application processes took 20 to 30 seconds to check, greatly reducing performance overall. The Pause and Stop buttons greyed out during these process checks, too, so we couldn't do anything but wait.
Scan configuration options are limited. You can't create new scan types or redefine exactly how individual scans work, as you can with the likes of Avast and Avira.
Dr.Web had no problems detecting our malware samples, but it also raised more false alarms than most, including claiming our spam filter was 'riskware'. You can whitelist files you trust to avoid them being falsely flagged in the future, but that's still a hassle we'd prefer to avoid.
Dr.Web Secure Space found and removed all our sample threats without difficulty, but to really understand what an antivirus can do, we like to see how it performs with the main independent testing labs.
The difficulty with Dr.Web is that the company hasn't been assessed by any of the big testing labs for a very long time (AV-Comparatives hasn’t looked at it since 2007). There simply isn't enough data out there to compare Dr.Web's abilities with the best of the competition.
Our small-scale tests can't make up for this total lack of information, but we decided to try one more, anyway, pitting Dr.Web against our very own ransomware simulator. We developed this ourselves, ensuring any antivirus wouldn't have seen it before, which in theory should make it much more difficult to spot.
The results were interesting, with Dr.Web detecting our test threat from its file alone. Most antivirus packages don't do that, which suggests Dr.Web is looking for more malware indicators than most. That worked here, although this looser approach to definitions might also explain why Dr.Web also raised more false alarms than usual.
What it didn't tell us, unfortunately, was anything about Dr.Web's behavioral monitoring. That's a pity, because this is the most important layer for stopping ransomware and any other form of advanced threat.
Put this all together, and although Dr.Web scores in some areas, there's not enough data around to have any confidence in how well it might protect your system.
Dr.Web Security Space has some expert-level features, but modules like the firewall are dated and awkward to use, and with no coverage from the independent testing labs, it's hard to tell how effective the package really is. Experts may like bits of Security Space anyway, but everyone else should probably look elsewhere.
- We've also highlighted the best antivirus software in this roundup