Skip to main content
Field Guide

Avast Antivirus Review (2026): Free Antivirus With Data Caveats

Bottom Line

Avast Antivirus delivers strong detection and a generous free tier (Premium $69.99/yr), but its $16.5M FTC fine and data-selling history are real strikes against it versus Bitdefender or the built-in Windows Defender.

Avast is one of the most installed antivirus products on the planet. Its free version has attracted more than 400 million users worldwide, making it a household name in consumer security. But a landmark FTC enforcement action in 2024 permanently changed how any honest review must frame the product. This review gives you the full picture: the security is genuinely good, but the data collection history is a material fact that belongs at the top of every assessment.

[sc_tool_rating rating=”3.5″ label=”Avast Antivirus”]

What Is Avast Antivirus?

Avast is a Czech cybersecurity company founded in 1988, making it one of the oldest antivirus vendors still operating under its original brand. For most of its history it operated independently, building its reputation on a free product that used a large user base to improve its threat intelligence. In 2022 it became part of Gen Digital — the company formed when NortonLifeLock (itself a spinoff of Symantec’s consumer division) merged with Avast. Gen Digital now owns Avast, AVG, Norton, Avira, and several smaller brands, making it the largest consumer security conglomerate in the world.

The free model has always worked the same way: give away effective antivirus, upsell users to paid tiers, and bundle optional offers during installation. Until 2020 it also included a third revenue stream through its Jumpshot subsidiary — a data analytics business that sold user browsing data to advertisers and market research firms. That subsidiary is now shut down, but the episode produced a federal enforcement action with lasting consequences for how the product should be evaluated.

The FTC Action: What Happened and Why It Matters

In February 2024 the Federal Trade Commission fined Avast $16.5 million and issued a consent order banning the company from selling or licensing user browsing data for advertising purposes. The FTC’s complaint found that Avast, through its Jumpshot subsidiary, sold “detailed, sensitive browsing data” to over 100 third-party clients despite telling users that its software would protect their privacy. The sold data included records of users’ health information searches, visits to religious and political content, financial situation research, and other activity that users had no reason to believe was being monetised.

Avast had marketed its browser extension as a privacy protection tool. The FTC found this framing deceptive given the simultaneous data sales. The complaint documented that Avast collected browsing data through both its antivirus software and its browser extensions, aggregated it, and transmitted it to Jumpshot, which then sold it to advertisers, hedge funds, and market research companies. Avast claimed the data was anonymised; the FTC found the granularity of the data made re-identification possible.

Avast shut down Jumpshot in January 2020 after an investigation by Motherboard and PCMag exposed the data sales. The FTC consent order, finalised in 2024, formalised the legal consequences. The $16.5 million fine is relatively modest given the scale of the operation, but the consent order — which permanently prohibits data sales for advertising — carries legal weight. Violations of a consent order can lead to civil penalties of up to $50,000 per day.

What this means for users evaluating Avast today: the past behaviour is documented fact. Avast’s current privacy practices are governed by the consent order, its updated privacy policy, and Gen Digital’s consolidated privacy framework. The company has an affirmative incentive not to repeat the same behaviour under active federal monitoring. Whether the historical conduct permanently disqualifies the product for a given user is a judgement call — but that judgement should be made with full information, which most Avast promotional materials do not provide.

Gen Digital: One Umbrella, Four Brands

The Gen Digital consolidation matters beyond the data history. Avast, AVG, Norton, and Avira now share infrastructure, threat intelligence feeds, and corporate data policies. For security purposes this is largely positive: the combined telemetry network is enormous and means all four brands benefit from malware detections made against any of them. When Norton’s telemetry detects a new ransomware variant, Avast’s signature database updates too.

The downside of consolidation is that the competitive pressure between brands has been eliminated. Before the merger, Avast and AVG competed directly, and both competed with Norton. That competition drove feature improvements and pricing discipline. Today Gen Digital sets pricing and feature tiers across all four brands simultaneously. Avast Premium Security at $69.99/year and Norton AntiVirus Plus at a similar price point are not really competing products — they are the same company’s segmentation strategy.

For privacy purposes the consolidation means that a single corporate entity now controls the data of customers across all four brands. Gen Digital’s consolidated privacy policy governs all of them. Users who switched from Avast to Norton after the Jumpshot revelations are now back under the same corporate umbrella. This is not necessarily a reason to avoid Gen Digital products — Norton’s own data practices have been generally cleaner — but it is worth understanding.

Avast Free Antivirus: Features and Honest Assessment

Avast Free Antivirus is a genuine, functional antivirus product with real-time protection. This distinguishes it from some competitors: Malwarebytes Free, for example, offers only on-demand scanning with no real-time protection in its free tier. Avast Free includes real-time protection that runs continuously in the background, which is the meaningful definition of antivirus software for most users.

Core Protection Components

  • File Shield — scans files when they are opened, created, or downloaded. This is the primary real-time protection layer.
  • Web Shield — blocks malicious URLs, phishing pages, and drive-by downloads at the browser level. Works across browsers, not just Avast’s own extension.
  • Mail Shield — scans incoming and outgoing email attachments for malware. Relevant for desktop email clients; less relevant for users who only use webmail.
  • Behavior Shield — monitors running processes for suspicious behaviour patterns, providing some protection against zero-day threats not yet in the signature database.
  • Wi-Fi Inspector — scans the local network for vulnerable devices, weak router passwords, and open ports. Useful for home users who want a quick network health check.
  • Smart Scan — a combined one-click check for malware, outdated software, weak passwords, and network issues. Tends to surface upsell opportunities alongside genuine findings.

The free version does not include Ransomware Shield (which blocks unauthorized file encryption), Real Site (DNS hijacking protection), or Sandbox mode (running suspicious files in an isolated environment). These are reserved for Premium Security. For most home users the free tier’s protection is adequate; the paid additions address more specific threat scenarios.

The Installation Process

Avast’s installer has historically been one of the more aggressive in the industry for bundling additional software. A standard installation will offer to install Avast’s browser extension, VPN, and system optimizer. These are opt-out offers, meaning users who click through quickly without reading each screen will install software they did not explicitly request. This practice is common across free antivirus products but more pronounced in Avast than in some competitors.

The browser extension, in particular, warrants attention given the product’s history. Avast’s browser extension is the mechanism through which Jumpshot historically collected data. The extension has been updated and the data collection has stopped, but users who are cautious about the historical context may prefer to install Avast without any browser extensions and use a separate ad blocker (uBlock Origin, for instance).

Avast Premium Security: Paid Tier Features

Avast Premium Security costs $69.99 per year for one device or $89.99 per year for up to ten devices. The ten-device plan represents reasonable value if you want to cover an entire household across Windows, Mac, Android, and iOS. Individual device pricing is less competitive against alternatives like Bitdefender Total Security.

What Premium Adds Over Free

  • Ransomware Shield — creates protected folders that only trusted applications can modify, preventing ransomware from encrypting files. This is the most practically significant paid addition for most users.
  • Real Site — validates DNS responses to protect against DNS hijacking attacks that redirect users to fake banking or e-commerce sites.
  • Sandbox — allows users to run suspicious executables in an isolated virtual environment before allowing them to affect the main system.
  • Data Shredder — securely deletes files so they cannot be recovered by forensic tools. Useful for disposing of sensitive documents.
  • Anti-Theft — remote location tracking and device locking for portable devices. Less critical than it once was given OS-level equivalents (Find My Device on Windows, Find My on Mac).
  • Advanced Firewall — provides additional firewall control beyond Windows Defender Firewall. Most users will not need this.

The Ransomware Shield is the genuinely compelling paid addition. Ransomware attacks on consumers have increased substantially, and Avast’s implementation of folder protection is functional and not overly intrusive. If the choice is between Avast Free and Avast Premium Security and the primary concern is ransomware, the upgrade is worth considering. If the primary concern is data privacy, the free tier’s data collection is essentially the same as the paid tier’s — the privacy trade-off is not mitigated by paying.

Avast SecureVPN: Skip It

Avast offers a VPN service called SecureVPN, available as an add-on to its antivirus subscription or as a standalone product. Based on available information, SecureVPN uses OpenVPN rather than the newer WireGuard protocol, has a limited server network compared to dedicated VPN providers, and does not have an independently audited no-logs policy.

Given Avast’s data collection history, the VPN is the one Avast product category where the concern about privacy practices is most directly relevant. A VPN’s core promise is that the provider will not retain or misuse your traffic data. Avast’s demonstrated willingness to sell user data through Jumpshot — even data users believed was being protected — makes this a harder claim to accept without independent audit evidence. Dedicated VPN providers with strong audit track records (Mullvad, ProtonVPN, ExpressVPN) are meaningfully preferable. If you want a VPN alongside antivirus, treat them as separate purchasing decisions rather than defaulting to Avast’s bundle.

Detection Rates and Security Performance

Independent antivirus testing laboratories (AV-TEST and AV-Comparatives) consistently rate Avast well on malware detection. In recent AV-TEST evaluation cycles, Avast has achieved 98–100% detection rates against both widespread and zero-day malware samples. AV-Comparatives’ Real-World Protection Test has similarly placed Avast in the top tier of consumer antivirus products.

This is not marketing framing — the detection rates are genuinely strong. Gen Digital’s combined telemetry network, which aggregates threat data from across Avast, AVG, Norton, and Avira’s combined user base of hundreds of millions of devices, gives the underlying engine access to one of the largest malware signature datasets in the industry. The security engineering is competent and the detection rates reflect that.

The nuance is that several competitors match or slightly exceed these rates. Bitdefender and Kaspersky consistently outperform Avast in AV-Comparatives’ Advanced+ certification categories. For most home users the difference between 98.5% and 99.7% detection is not practically significant — either product will catch almost everything. For security-conscious users who want the highest possible detection rates as their primary criterion, Bitdefender is the current benchmark.

Performance Impact

AV-TEST rates Avast at approximately 5 to 5.5 out of 6 on its performance category, measuring the slowdown caused by the antivirus on common tasks like launching websites, downloading software, and installing applications. This is an acceptable score — Avast does not meaningfully slow down modern hardware. On older systems with limited RAM and slower processors, the multiple background processes (File Shield, Web Shield, Mail Shield, Behavior Shield, plus the update service and UI daemon) can produce noticeable overhead.

Users who find Avast’s background resource usage excessive have a few options: disable components they do not use (Mail Shield, for instance, is irrelevant for users who do not use desktop email clients), schedule full scans for overnight periods, or consider switching to a lighter product like Windows Defender, which is notably less resource-intensive.

Avast vs the Main Alternatives

Avast vs Bitdefender

Bitdefender is the cleaner choice across almost every comparison dimension. Detection rates are marginally higher, performance impact is lower (Bitdefender consistently scores 6/6 on AV-TEST performance), the company does not have a history of selling user data to advertisers, and its paid tiers offer better value per feature. Bitdefender Antivirus Plus at $29.99/year (introductory) or Bitdefender Total Security at $49.99/year are both more compelling than Avast Premium Security at $69.99/year.

The only meaningful advantage Avast holds over Bitdefender is that its free tier includes real-time protection that Bitdefender’s free tier does not offer. If cost is the constraint and a paid product is not viable, Avast Free is a stronger option than Bitdefender Free (which is essentially a scanning tool). If a paid subscription is on the table, Bitdefender is the better purchase.

Avast vs Windows Defender

Windows Defender (now called Microsoft Defender Antivirus) has improved dramatically over the past decade. It now achieves comparable detection rates to third-party products in most independent tests, has zero additional cost, has no installation overhead, and carries no data monetisation concerns beyond Microsoft’s standard telemetry. For the majority of Windows 10 and Windows 11 users, Windows Defender is adequate protection.

Where Avast adds value over Defender: the Wi-Fi Inspector for network scanning has no equivalent in Defender, Avast’s web protection is generally rated slightly stronger than Defender’s SmartScreen for phishing detection, and the Avast interface is more accessible for users who want to see and understand their protection status. These are real but incremental advantages.

For users who want more than Defender but are concerned about Avast’s data history, a better complement to Defender is Malwarebytes Free (for on-demand scanning of suspicious files) plus a browser-level ad and tracker blocker like uBlock Origin. This combination covers most threat vectors without introducing a third-party product with Avast’s specific history.

Avast vs AVG

AVG and Avast are the same product under the hood — both owned by Gen Digital, both running the same detection engine, both backed by the same threat intelligence infrastructure. AVG was acquired by Avast in 2016, before Avast itself was acquired by Gen Digital. The two products share malware databases and update schedules. Testing one is functionally equivalent to testing the other.

The differences are cosmetic: different user interfaces, different default browser extension offers, and slight differences in the specific features included at each price tier. Some users find AVG’s interface slightly less cluttered; others prefer Avast’s. If you are choosing between the two, pick based on interface preference or run AVG to avoid the more prominent Avast brand association. The underlying privacy trade-off is identical since both are Gen Digital products subject to the same data policies.

Avast vs Malwarebytes

Malwarebytes Free and Avast Free serve different use cases. Malwarebytes Free is an on-demand scanner — it does not run in the background and does not provide real-time protection. It is useful for scanning a system you suspect is already infected, or as a second-opinion scanner alongside another antivirus product. It is not a replacement for real-time antivirus.

Malwarebytes Premium ($44.99/year) adds real-time protection and is a legitimate Avast competitor. Malwarebytes has a generally cleaner reputation on data practices, has no equivalent of the Jumpshot controversy, and its real-time protection scores competitively in third-party tests. For users who want paid real-time protection with a simpler privacy calculus, Malwarebytes Premium versus Avast Premium Security is a close call that depends on feature preferences.

Privacy Settings: If You Use Avast, Check These

If you decide to use Avast, several privacy settings are worth reviewing immediately after installation:

  • Community IQ / telemetry participation — Avast collects threat intelligence telemetry from users to improve its detection database. Opt-out options exist in the Settings panel. Participation in threat intelligence sharing is broadly accepted practice in the industry; participation in product analytics is more discretionary.
  • Browser extension permissions — if you install the Avast browser extension, review what data it requests access to. Given the history, understanding exactly what the extension can see is worth the two minutes it takes.
  • Marketing communications preferences — Avast’s upsell notifications within the product can be configured. Reducing them to only security-relevant alerts improves the daily experience.
  • Bundled software from initial install — if additional software was installed during setup (VPN, system optimizer), review whether you want to retain it. Each additional Gen Digital product represents an additional data relationship.

Who Should Use Avast

Avast Free Antivirus is a reasonable choice for users who:

  • Want real-time antivirus protection without paying, and are comfortable with the Gen Digital data trade-off now that the FTC consent order is in place
  • Specifically want the Wi-Fi Inspector feature to monitor their home network for vulnerabilities
  • Are running older hardware where the goal is adequate protection with a familiar, long-established product
  • Have reviewed the privacy settings and plan to configure them carefully
  • Are in a region where Avast has better local support resources than alternatives

Avast Premium Security is a reasonable upgrade for existing Avast users who want Ransomware Shield and are already comfortable with the platform. It is a harder recommendation for new users when Bitdefender offers comparable or better security at lower cost with a cleaner history.

Who Should Avoid Avast

Avast is not the right choice for users who:

  • Place privacy as their primary criterion — the FTC consent order means Avast cannot sell browsing data for advertising, but the historical conduct is a signal about the company’s values that privacy-sensitive users should weigh
  • Want to avoid corporate consolidation risk — all four Gen Digital brands now share infrastructure and data policies under a single entity
  • Are organisations where an active FTC consent decree against a software vendor is a compliance red flag — procurement policies may exclude vendors under federal enforcement action
  • Want the cleanest installation experience — Avast’s bundled offers during installation are more aggressive than competitors like Bitdefender or Malwarebytes
  • Are evaluating a VPN as part of the same package — Avast SecureVPN specifically is where the historical concern is most directly relevant to the product’s core promise

Avast Antivirus: Technical Specifications

SpecificationDetails
DeveloperAvast Software (Gen Digital)
Founded1988 (Prague, Czech Republic)
Current ownerGen Digital (formerly NortonLifeLock)
Free tierYes — real-time protection included
Paid tier (1 device)$69.99/year (Premium Security)
Paid tier (10 devices)$89.99/year (Premium Security)
PlatformsWindows, macOS, Android, iOS
AV-TEST detection score6/6 (protection category)
AV-TEST performance score5–5.5/6
FTC action$16.5M fine, consent decree (2024)
VPN includedAdd-on (SecureVPN, not recommended)
Ransomware ShieldPremium only
Wi-Fi InspectorFree
SandboxPremium only

Verdict: Technically Solid, Trust Is the Variable

Avast earns a 3.5 out of 5. The security engine is legitimate and the detection rates are well-documented. The free tier provides real-time protection that genuinely works, which is more than some competitors offer at no cost. The Wi-Fi Inspector is a useful feature not found in most free antivirus products.

The rating is not higher because the data collection history is a material fact, not a footnote. The FTC found that Avast sold detailed, sensitive browsing data to advertisers while marketing itself as a privacy-protecting product. The $16.5 million fine and permanent consent order reflect the severity of that conduct. The product may have changed; the company’s demonstrated values in the Jumpshot era are part of the permanent record.

For users whose primary concern is malware detection and who are comfortable with the Gen Digital data framework, Avast Free is a capable free antivirus. For users who want the best available combination of detection, performance, and privacy assurance, Bitdefender is the more defensible recommendation. For users who want to avoid third-party antivirus entirely, Windows Defender combined with Malwarebytes Free and uBlock Origin provides solid protection without any of the Avast-specific considerations.

If you do use Avast: install the free version, decline the browser extension and VPN during setup, review the telemetry settings, and skip SecureVPN entirely in favour of a dedicated VPN provider with an independently audited no-logs policy.

[sc_tool_disclosure]