Avast Premium Business Security Review: Full Remote Security Management for Company Computers

While the business suite reviewed here doesn’t boast the same collection of features as the consumer edition, it does hit all the high points. Here are some additional features to protect your company’s computers.

Ransomware Shield Prevents Unauthorized Changes

Ransomware that encrypts your personal files can be a problem, but ransomware that shuts down your business can be devastating. And the malware coders behind those ransomware attacks see businesses as much more likely to pay up. Avast’s antivirus shields should eliminate ransomware just like any other type of malware, but just in case, this suite’s Ransomware Shield provides extra protection for files in sensitive folders, Documents, Downloads, and Desktop by default. Consider carefully where the most important files reside. You may want to add the Pictures folder, for example.

(Credit: Avast/PCMag)

To test this shield, I turned off the regular antivirus protection, carefully isolated the test system from the network, and released more than a dozen real-world ransomware samples. The ransomware shield did nothing to stop two samples that act on the whole disk rather than files, which makes sense, as it’s designed to protect against tampering with files, not disks. Two others simply didn’t do anything and hence didn’t trigger protection.

(Credit: Avast/PCMag)

That leaves 10 file-encrypting ransomware samples. Avast detected and blocked ransomware behavior by eight of those, ensuring no change to files in protected folders. However, all but one managed to encrypt files outside Avast’s protection, anywhere from a few dozen to more than 10,000. That leaves two that totally slipped past Avast’s ransomware shield. Do remember, though, that to perform this test, I had to turn off all other shields.

Simple Firewall

Where antivirus software protects you against malicious programs, a firewall prevents network-based attacks. Avast’s firewall comes preconfigured with rules for private networks and for more dangerous public networks. Each time you make a new connection, it asks whether it’s public or private. Your employees don’t need to make any changes to firewall settings. In fact, you should leave them alone yourself, unless you’re an expert.

(Credit: Avast/PCMag)

In addition to blocking attacks from outside the network, Avast manages application permissions to prevent your apps from abusing the network connection. Like Norton, it defaults to making those configuration decisions independently. You can configure it so it asks what to do each time it encounters a new program requesting network access, but you really shouldn’t. Your employees aren’t qualified to make that decision.  

(Credit: Avast/PCMag)

I always check a firewall’s resistance to termination, using techniques available to a malware coder. As in previous tests, Avast resisted all attempts to terminate its 11 processes, simply returning Access Denied. The situation was a bit different with its eight Windows services. Four of them resisted all attempts to stop the service or disable it from launching at startup. For another two, the program requested confirmation that I was really trying to stop the service. The remaining two weren’t protected. That’s better than in some of my past evaluations, but I still wonder why Avast doesn’t simply protect all its services.

Network Inspector

Although keeping track of devices on your network is a complex task, Avast’s Network Inspector is available to all users. Upon launch, it scans your network and reports any network-level issues. If you verify that you own the network, it then lists all the devices it finds. The scan attempts to identify the name and type of each device found; it also scans each device for security holes.

(Credit: Avast/PCMag)

As the boss, you’ll want to run this scan and peruse the list of found devices. For those unknowns that Avast can’t identify, you may want to do some sleuthing using the supplied IP address and MAC address. When you successfully identify a device, you can rename it directly in the scan report, and Avast will remember that name. And, of course, if the report identifies any security issues, you’ll need to address them.

Once you’ve made that initial scan, you can configure Avast to monitor the network and report any time a new device connects. If you don’t recognize the newcomer, it could be an intruder, so it’s worth following up on these notifications. Unfortunately, I was unable to activate this feature for testing. It was turned off, and the switch to turn it on was disabled. My Norton contacts confirm this is a known bug that will be fixed soon.

Basic VPN

While Avast’s antivirus components protect your documents and data from attack by malicious programs on the computer, they have no power over that data when it travels the wild and wooly internet. To protect your data in transit, you need a virtual private network, commonly referred to as a VPN. The VPN sends your data in an encrypted form to a secure VPN server, and from there, it establishes the connection you requested. This serves to hide your actual location, so trackers can’t geolocate you. Spoofing your location can also let you access geo-locked content.

When your company computers are connected through the company network, they’re relatively safe. If your remote workers hook up through a shady internet café’s Wi-Fi, that could be a problem. Your Avast subscription includes Avast SecureLine VPN for each device. Please read our review of the VPN for full details. Then make it a company policy to always use the VPN when outside the corporate network.

(Credit: Avast/PCMag)

If you just flip the VPN’s big connection button from off to on, Avast sends your encrypted data through what it determines is the fastest server. That’s sufficient for protecting your data in transit. You can also choose from over 100 cities in 66 countries. Those numbers are higher than when we last reviewed the product, but Avast’s server collection still skews heavily toward Europe (over 40%) and North America (over 30%).

(Credit: Avast/PCMag)

To encrypt your traveling data, a VPN uses one of a handful of known encryption protocols. We at PCMag lean toward OpenVPN and WireGuard because they’re open source projects. Avast supports both, with WireGuard being the default. You can also choose Avast’s own Mimic protocol, which attempts to fool sites that ban VPN connections by imitating a standard HTTPS connection.

Many dedicated VPN apps offer advanced features to enhance their protection. With some, you can choose a multi-hop option, meaning your traffic passes through two VPN servers. Others offer split tunneling, allowing you to divert traffic for specific apps or websites to connect without using the VPN. A few build in direct support for using the TOR anonymization network. Avast skips all these advanced features, though it does include a kill switch feature. If your VPN connection drops, the kill switch ensures that no data is sent out without protection.

(Credit: Avast/PCMag)

Connecting with a VPN is almost always slower than without, since the data must travel farther and make extra stops. In our VPN speed tests, Avast produced inconsistent results. It put an above-average drag on file uploads and connection latency, but file downloads ran faster with Avast’s VPN active. We also determined that Avast’s privacy policy is transparent and understandable, although the company gathers more information than some of its competitors. The app handles all basic VPN tasks, and it’s easy to use. Since it’s part of the suite’s protection, it’s worth using.

One more note. The standalone VPN supports Windows, macOS, Android, and iOS. This suite doesn’t include mobile protection. However, it also doesn’t include VPN protection for macOS, an omission I find peculiar.

Other Shared Features

Like its consumer-facing counterpart, this suite includes a sandbox feature that allows you to run suspect programs without letting them make any permanent changes. This feature is too advanced for most consumers, and likely for most of your employees as well. And do you really want them running suspect programs?

It’s creepy to imagine a pervy hacker peeping at you through your computer’s webcam or listening in on your private conversations. In a business setting, however, this type of spyware attack is more likely to be an instance of industrial espionage. Imagine your laptop’s mic coerced into listening in on your top-secret strategy meeting. Webcam Shield tracks which programs access the webcam and microphone, allowing access only for known and trusted programs and alerting you to access by unknown programs. If it flags a new video conferencing app that you’re testing, just click to allow it. But if you didn’t initiate the webcam connection, hit block. Bitdefender and Norton offer a similar webcam protection feature.

(Credit: Avast/PCMag)

A few of the shared features are a bit esoteric. Browser Shield, turned off by default, promises to prevent malware from accessing browser passwords and cookies. However, your team should be using a powerful third-party password manager, not the browser’s built-in one. And cookie-based attacks are rare.

When a security suite’s feature collection includes encryption for sensitive files, it’s common to find a data shredder component. After encrypting files, you shred the originals so nobody, not even the NSA, can recover them. Avast skips the encryption, but its Data Shredder is more powerful than most. In addition to shredding files, it can also shred entire drives or erase all unused space on a drive.

(Credit: Avast/PCMag)

Browser Shield gets a place of honor in the main window’s Privacy page, but to find Remote Access Shield, you’ll have to dig into Settings. This feature, also disabled by default, aims to protect the subject computer from Remote Access Trojans (RATs) and other attacks that utilize remote desktop features. Might as well turn it on.

Also found by digging into Settings, and also disabled by default, Real Site foils DNS-based attacks. This feature seems to correspond to Web Hijack Guard in Avast’s consumer suite. DNS, the Domain Name System, is responsible for translating human-readable domain names, such as pcmag.com, into machine-friendly IP addresses, like 2606:4700::6810:1576. A DNS spoofing or poisoning attack can hijack this process, causing your browser to point to a fraudulent website, with the address bar displaying the URL you expect. Once again, you might as well turn it on.