Thor Premium Home review

Thor Premium Home is the top-of-the-range consumer antivirus and security suite from experienced developer Heimdal Security.

The Thor range has three main products. 

Thor Foresight is all about stopping threats before they can breach your system, with protective layers including URL filtering, antiphishing, online banking protection, and automatic detection and installation of missing patches. It's priced at $52.46 for a one-year, three-device license, $69.95 on renewal.

Thor Vigilance aims to detect and block any malware which penetrates your defenses, and includes elements like antivirus, behavior monitoring, cloud scanning and firewall integration. It's fractionally cheaper at $44.96 to cover three devices, $59.95 on renewal.

Thor Premium Home combines all the features of Foresight and Vigilance and costs a little less, at $74.96 for a one year, three PC license, rising to $99.95 on renewal.

• Want to try Thor Premium Home? Checkout the website here

That looks a little expensive, to us. Thor Premium uses the Avira antivirus engine, and Avira's high-end Prime package gives you an array of capable security features (including apps for Android and iOS), and covers up to five devices, for $99.99 a year.

Bitdefender Total Security offers similar protection for macOS, Windows, Android and iOS, and costs just $44.99 for a one year, five device license, rising to $89.99 on renewal.

Setup

Thor Premium is available as a 30-day trial version, and it's easy to set up and use. Click the website 'trial' link to download the package, choose to activate the trial during setup, hand over your email address to register the package, and the installer handles everything else.

The setup process equipped our PC with a modest 300MB of files, including a large number of Avira components, and assorted other Heimdal and supporting modules.

Any good security package must be able to protect itself from malware attacks. We've found that suites which use third-party engines are often vulnerable, though, perhaps because no-one has full control over the entire installation, and Thor Premium was no exception. Running a simple batch file as an administrator enabled us to delete enough of the program to disable the interface entirely, and at least some of its functionality. 

We tried closing Thor's five background processes. Most antivirus tools protect themselves from this, but, to our surprise, we were able to close Thor's processes without difficulty. Thor’s engine restarted them within a few seconds, but, was that good enough, we wondered? If we created a simple batch file to repeatedly close the same process, could we prevent it from properly loading? 

A few seconds later, we had our answer: yes. A batch file running as an administrator was able to kill at least part of Thor's network monitor, for example, preventing it from blocking malicious URLs in its usual way.

It's important to put this in perspective. The vast majority of malware wouldn't target Thor specifically, and if a threat can run as an administrator then you're already in big trouble. Still, this is an unexpected vulnerability.

Interface

The Thor Premium dashboard is brighter and more cheerful than the usual security app, thanks to a mix of large icons, and text and buttons which change color according to system state.

The opening screen displays various security stats (attacks prevented, software updated required and so on), provides buttons to launch scans, and has a menu where you can access Thor's various menus.

Slightly odd design makes this more awkward than it needs to be. This starts with two Scan buttons, one for each area of the package (Vigilance and Foresight). These may be displayed in different colors, apparently depending on whether Thor is recommending you run them, or not. Expect to be confused, initially, as you're left to wonder what to do next.

Tapping the menu button top left displays a list of Thor's main security layers, and enables browsing and configuring them. There's more confusion here, as Thor uses its own product terminology rather than simple generic descriptions. First-time users may have no idea what 'X-Ploit Resilience' means, for instance, and first-time users may not realize this is the module that detects and handles missing software updates.

Scanning

Thor Premium enables running a Quick Scan for malware from its main console, and a separate On Demand Scan pane has a long list of scan types: Quick, Active Processes, Full, Hard Drive, Local Drive, Removable Drive, System and Network Drive.

The On Demand list doesn't have a Custom scan, unfortunately. That's annoying, especially as the interface doesn't give you any indication of what the other scan types will do. What's the difference between a Full, Hard Drive, Local Drive and System scan, for instance? There's nothing to show you what these will check, and even if you launch a scan, the most you'll see is the file name (without a path) that Thor is currently checking.

You can launch a Custom Scan from Explorer, though, even if the main window is busy with another scanning task. We've a small issue with its implementation - the scan window doesn't tell you the target file, folder or drive it's checking, a problem if the scan takes an age and you've forgotten what you selected - but otherwise it works as you'd expect.

Scan times are slower than average, and there's not a lot you can do about that. Our Quick Scans typically took more than ten minutes, for example, and you can't customize the scan in any significant way to speed it up. That's not necessarily a bad thing - thoroughness and accuracy are more important than speed - but if you're more used to the sub-60 second Quick Scans you'll see with many antivirus apps, it may be disappointing.

We had no issues with core detection rates, as Thor picked up all our known malware samples. But it seems to be more conservative, elsewhere. 

For example, when we pointed Kaspersky Antivirus at a text file stuffed with malicious URLs, it warned us of possible danger, but Thor Premium didn't care. While that's a small concern, it also seems to have a plus side: Thor had no false positives at all.

Additional features

While most antivirus packages focus on their detection rates, Thor Premium's key features are all about trying to prevent you becoming infected in the first place. That works for us, but the issue is these are difficult to test in any meaningful way.

DarkLayer GUARD, in particular, is a two-way network traffic scanning engine which 'works on DNS, HTTP and HTTPS layers to block payload and malware delivery, execution and data exfiltration.' Sounds good, but we see no way to properly evaluate that in the context of a short-term review.

Thor's URL filtering can at least be checked in a simple way, and the package had no problem blocking our test domains. Thor replaces your target URL with a 'Heimdal Security has blocked this page' message, and no obvious way around this, perhaps annoying if you're sure it's a false alarm. It is possible to manually add URLs to a whitelist, but you're left to figure this out for yourself.

Thor's X-Ploit Resilience, a system for automatically detecting and installing missing software patches, is more straightforward. It only supports updating a relatively small number of applications (around 60, full list here), but there are some very popular names: 7-zip, Acrobat Reader, Chrome, Flash, Dropbox, Firefox, IrfanView, TeamViewer, VLS and more.

The module displayed absolutely no results on our test system, initially. This seemed odd as we'd intentionally installed some old versions of major packages, but checking Thor's settings, we found monitoring was turned off. One click enabled monitoring and highlighted all our pre-prepared update issues, and a couple of others we hadn't realized were there (oops.)

You could use this report as a hint to update the app yourself, or use its own update system, but X-Ploit Resilience' key selling point is its ability to handle this itself. Choose some or all listed apps and Thor should update them entirely automatically.

We tested this by checking the boxes next to six apps, then watched as Thor changed their status from 'Outdated' to 'Installing', and - left them that way for the next 30 minutes.

Was this an interface issue? We closed and reopened the update pane; two packages were marked as up to date; the rest were still 'installing.'

We went back to the home page, ran a Quick Scan in the hope that this would check the updates again, and it did - all apps were labelled up to date. That should have been good news, but it wasn't the end of the story; when we checked Firefox, we found Thor was displaying it as on version 66.0.3, but the browser was reporting 66.0.4.

Put this all together, and the mechanics of the update engine appear to work well. Patches were installed silently, in the background, without ever getting in our way. But the Thor interface wasn't always synchronized with what the engine was doing. That may not matter very much - if you don't monitor the interface, you'll never even realize there's an issue - but it could lead to some confusion.

Protection

While Thor Premium passed our simple malware detection tests without difficulty, we would normally turn to the independent testing labs to get the bigger picture. Unfortunately, they don't currently benchmark Thor, and so have nothing to tell us.

We can still look at the current results for Avira, who supplies Thor's antivirus engine, and they are very impressive. In the February-May AV-Comparatives Real-World Protection Test, for instance, Avira was one of only three products out of sixteen to score a 100% protection rate. Kaspersky came top, as it had no false positives; Avira was fractionally behind, with just one; F-Secure third, with 20.

Although Thor Premium has the core Avira engine, it won't necessarily implement it in the same way, and there's no guarantee you'll see this level of accuracy. Still, it's clearly a very good starting point (as long as you keep in mind you can get the basic Avira engine for free.)

Final verdict

Thor Premium doesn't just include the usual antivirus features - its proactive layers try to filter out threats before they can reach your PC. Sounds good, in theory, but it's also very difficult to test, and right now we see no clear evidence that Thor keeps you any safer than more conventional tools.

• We've also highlighted the best antivirus software of 2019