K7 Total Security Review
Views: 4397
2023-06-23 04:29
So, you’ve got all your PCs secured with a powerful antivirus. That’s great, but you

So, you’ve got all your PCs secured with a powerful antivirus. That’s great, but you can do more for your privacy and security. A full-blown security suite integrates a variety of other useful and protective components. With K7 Total Security, you get antivirus, firewall, spam filtering, parental control, Wi-Fi security, and many bonus features. The effectiveness of these components varies from excellent to poor, but if you don't need, say, parental control, it can be a cost-effective choice. But while it is inexpensive, you’re ultimately better off scraping up a little extra cash for a more effective suite.

What Do You Pay For K7 Total Security?

Your cost for a single K7 Total Security subscription is just $27 per year. Bumping that to $41 gets you three licenses, and for five licenses it’s $61. Unusually, K7 also offers two- and four-license packs. At every level, it’s less expensive than competing entry-level suites.

It's Surprisingly Easy to Be More Secure Online

For example, Bitdefender, ESET, and ZoneAlarm cost just short of $60 for a single license, and Vipre is a bit above $60. K7’s $27 price tag is less than half that. At the three-license level, G Data and Webroot are in the $50s, while Bitdefender Internet Security more than doubles K7’s price, going for $84.99. A five-license subscription for F-Secure, Total Defense, or Webroot goes for $79.99, while Avira Internet Security, G Data, Trend Micro, and Vipre are all between $80 and $90 per year.

K7’s economical pricing wins it a place in PCMag’s list of 100 Budget Buys. The standalone K7 Antivirus Premium makes the list as well, as does K7 Ultimate Security, representing the budget realm for top-tier security suites.

Getting Started With K7 Total Security

As with K7’s antivirus, installation is a breeze. One click accepts the EULA and starts the installation. You do need to activate the suite, either by entering the registration code you purchased or by starting a 30-day trial.

The suite’s main window is almost identical to that of the standalone antivirus. It displays useful statistics in three large panels, including the date and time of the last update, the version of the virus definitions, and the number of days left in your subscription. The only visible difference is the application title and the addition of Wi-Fi Advisor to the collection of icons across the bottom.

As you click icons, links, and arrows to navigate the app, new pages slide in from different directions. The interface is lively, but you’ll want to spend some time exploring all the available pages, so you don’t miss any of the features.

K7 Total Security Features Shared With Antivirus

Naturally, every feature found in K7 Antivirus Premium also shows up in this suite. I’ll summarize my impression of those shared features here. If you want more details, please read my review of the antivirus.

Two of the four antivirus testing labs I follow include K7 in their reports, which is more attention than many antivirus tools get. A third of those I track have no lab scores at all, and another quarter just one.

From AV-Test Institute, K7 received 17.5 of 18 possible points, earning the designation Top Product. It passed all three tests by AV-Comparatives, two at the Standard certification level and one at the Advanced+ level.

I use an algorithm to calculate an aggregate score for those antivirus systems tested by at least two labs. K7’s score came out at 8.8, which is decent, though others have achieved better scores, and from more labs. Bitdefender is the current lab test leader, with perfect scores from all four labs and an aggregate score of 10 points, the maximum. Also tested by four labs, Avast managed 9.6 points. Avast’s “cousin” AVG reached 10 points, but that’s based on results from just two of the four labs.

K7’s full antivirus scan on a clean test system finished in 110 minutes, about 10 minutes quicker than the current average. It clearly used that first scan to optimize for subsequent scanning; a repeat scan finished in less than four minutes.

As noted, many antivirus tools don’t get attention from independent labs. With or without lab results, I always perform my own tests. These tests also give me valuable hands-on experience with each antivirus. K7 scored 6.9 of 10 possible points in my hands-on malware protection test, the lowest score of any antivirus challenged with my current collection of malware. That low score is ameliorated somewhat by K7's good lab test scores. Webroot SecureAnywhere Internet Security Plus managed 9.4 points, the best score of those tested against the same collection.

That hands-on test uses a set of samples that remain the same for months. For a more timely view of antivirus protection, I test using real-world malware-hosting URLs recently discovered by experts at London-based MRG-Effitas. I launch each one, discarding those that are already defunct, and note whether the antivirus blocks access to the URL, eliminates the malware download, or misses the danger altogether.

K7’s standalone antivirus suffers a serious handicap in this test, as it doesn’t include the web protection component found in the suite. It did eliminate 58% of the malicious payloads, but its total score was among the lowest recorded for this test. K7 Total Security adds Safe Surf web protection, a component designed to keep you away from dangerous and fraudulent websites. When I last reviewed K7, the addition of Safe Surf brought its anemic score up to 99%, almost perfect.

When Safe Surf detects a dangerous website, it replaces the page with a starkly minimalist warning that says nothing more than “The access to this page has been denied by K7 Safe Surf.” That’s quite a contrast with Vipre Advanced Security’s warning, which includes a detailed description of what happened, along with instructions for tasks such as restoring access to a site blocked in error. Most similar components take a middle-way approach, perhaps naming the type of danger the page poses and linking to instructions for restoring access.

K7 blocked 42% of the malware-hosting URLs in the browser, and its real-time antivirus took care of another 36%. Its total score of 78% puts it in the bottom third of current contenders, a far cry from the previous 99%. McAfee+, Norton, Sophos, Trend Micro, and ZoneAlarm all scored 100% in their latest tests.

On the plus side, K7’s antivirus (and, by extension, this suite) turned in an excellent performance in my ransomware protection test. For this test, I turned off the regular real-time antivirus and attacked the virtual machine testbed with a dozen real-world ransomware programs. In every case, K7 detected ransomware activity and shut down the dangerous program before it could do the slightest damage.

Even at the standalone antivirus level, K7 includes a basic firewall that fends off outside attacks and monitors local programs so they don’t misuse your network connections. In testing, the firewall proved resistant to direct attack. The antivirus will also scan for security vulnerabilities, abnormal system setting changes, and tracking cookies.

Other bonus features include a pair of simple privacy cleaners, a virtual keyboard, vaccination of USB drives against infection, and a simple device control system. This last component lets you control the use of USB drives, CD/DVD drives, and floppies, but it’s not the full-scale device control found in G Data Total Security and a few others.

As you can see, you get a lot of security features from K7 even at the standalone antivirus level. If this summary intrigues you, please read my full review of the antivirus.

K7 Is an Antiphishing Disappointment

Phishing websites don’t attempt to plant malware on unsuspecting visitors. Rather, they do their best to simulate real-world sensitive sites such as banks, auction sites, and even dating sites. When a victim logs in to one of these fake sites, the fraudsters receive the login credentials for the real site, and the victim is pwned. Sure, phishing sites quickly get blacklisted and taken down, but the fraudsters just pop up another fake.

I couldn’t test phishing protection in K7’s antivirus because it simply lacks that feature. Given the suite’s diminished score in my malicious URL test, I worried that I might see a similar disappointment in my phishing protection test.

Because of the transient nature of phishing sites, it’s important for a web-based protection system to handle the very newest ones. To test that ability, I scrape websites that receive reported phishing attempts, gathering the newest ones and making sure to include both verified fraud and ones that are too new for the blacklists.

With my collection of several hundred URLs in hand, I set up four test systems, three relying on the phishing protection built into Chrome, Edge, and Firefox, and a fourth protected by the antivirus under test. I launch each URL in all four browsers at once and note the results, discarding any that don’t load properly in all four, as well as any that don’t represent a fraudster's clear attempt steal credentials.

This must have been a tough day for phishing defense, as none of the browsers scored higher than 70%. Scores vary, but the three browsers often get into the 90s. As for K7, it hardly did anything to detect and defend against phishing sites. Hardly any other antivirus tools have scored lower than K7’s 26% detection. The lesson is clear—leave the phishing protection in your browser turned on.

Thorough defense against phishing fraud is undeniably possible. Avast, Trend Micro, and ZoneAlarm reached 100% in their respective phishing protection tests. Half of the antivirus tools in recent tests scored higher than 90%. K7’s detection of fraudulent and malicious websites needs an overhaul.

Web Protection in K7 Total Security

Safe Surf is just one component of this suite’s Web Protection system. The Safe Search system rates all the links in your search results, marking safe ones with a green check and dangerous ones with a red X. This lets you avoid clicking on dangerous links. Hovering over the rating icon gets a tooltip that tells you whether the site is safe or dangerous. Norton’s Safe Web system goes further, offering a link to a full analysis of the page in question.

I couldn’t immediately figure out the third component, titled Identity Protection. The help system clarified that this component prompts you with a warning if you enter a password on a website that’s not secured with HTTPS. With the current strong emphasis on security, it’s hard to find a site that doesn’t use HTTPS. If you do run across one, heed K7’s warning and avoid entering passwords or other sensitive information.

K7 Total Security Local Spam Filter

These days, few users need a local spam filter. Popular web-based email systems such as Gmail strip out spam messages, as do most business-level email servers. If you’re one of those few who still require local protection, K7’s spam filter may come in handy.

K7 filters all incoming POP3 email and checks outgoing SMTP email for spam characteristics, on the chance a spambot got past the antivirus. The filter adds a marker to the subject line of suspected spam messages. If you’re using Outlook or Outlook Express, as your email client, K7 diverts those messages to a spam folder automatically. It’s worth noting that development on Outlook Express ceased in 2006 and support ended along with Windows XP in 2014. It’s very unlikely that you’re using Outlook Express. Those using a different client can create a message rule to sort the spam.

From the toolbar in Outlook or Outlook Express, you can mark any spam messages that reached the Inbox, or valid messages wrongly discarded as spam. In settings, you can whitelist known correspondents, with an option to automatically whitelist recipients of your own messages. Any address or domain on the blacklist will always go to spam.

If you love tinkering, you can dig into the spam filter’s settings to tweak them in many ways. A slider lets you adjust the threshold for “spamminess,” controlling how bad it must be to get a message banned as spam. Another slider adjusts the threshold for the Bayesian learning filter, which is disabled by default. You can even define rules, for example, to mark any message with “webinar” in the subject as spam. I doubt one user in a thousand ever touches these advanced settings.

As noted, few users need this feature. If you’re one of them, keep an eye on it at first, to make sure it’s correctly distinguishing spam from valid mail. Then just lean back and let it do its job.

Privacy Protection in K7 Total Security

K7 includes two very different features for protecting your privacy, Webcam Protection and Privacy Service. To configure Webcam Protection, you click the Details link on the home screen and then click Settings under the heading Webcam Protection. A different route lets you configure the Privacy Service, which prevents inadvertent transmission of user-defined personal data. To reach this one, click Settings at the top of the home screen and click Privacy Service in the resulting slide-in window.

In its default configuration, the webcam protection system notifies you when any program wants to use the webcam. You can allow or block access, with an option to remember the response, thereby making the program trusted. There’s also an option to prevent all use of the webcam, removing the block manually when you need it for a video call.

In my previous round of testing, I found that to enable access for Skype I had to allow three distinct processes and check the box to remember my answer for each. Until I did that, Skype reported no webcam present. This was a minor, one-time inconvenience, far outweighed by the knowledge that no creepy peeper will be spying on me through the webcam.

To test the privacy service, I entered a bank account number, a password, and a credit card number for protection. I left the list of trusted websites blank and tried submitting the protected data items on Google and Bing, with no response from K7. Google and Bing both force HTTPS, which I thought might have interfered, so I submitted the items on several non-secure pages. Here, too, K7 did nothing.

When I tested this feature three years ago, my K7 contact explained that a recent build broke it, but that it would be working again “very soon.” This time around, I figured out that privacy protection is only active if you enable blocking sensitive information in the parental control system. When I did that, it worked, both on HTTP and HTTPS pages.

K7 Total Security Parental Controls

Not every consumer has young children, and not every parent wants to monitor and control what the kids do on their screens. For those who need one, K7 nominally offers a parental control system. However, it’s quite different from most, and not in a good way.

Parental Customization

You configure most parental control systems separately for each child, perhaps setting different time limits or different degrees of content filtering. With K7, many settings are global, with a separate option to determine whether they apply to each user account. For example, you create just one content filtering list, but choose whether to enable it for each child or other user. Customization is the first step.

Unlike almost every parental control content filter, K7 offers no predefined categories for blocking unwanted content. You, the parent, must list every website you don’t want your kids to visit. Or, if you’re going for the iron fist approach, you can list all the websites that are allowed, banning anything not on the list. This feature is worse than useless.

Next is a peculiar option called Browser Settings. Here you create a list of websites, with certain controls on the use of cookies, ActiveX, and Java apps. For every site listed, you define whether each type of active content is allowed or blocked, or whether the user will get a prompt to choose. This isn’t an appropriate feature for parental control.

At least the list of ad-blocking keywords comes pre-configured. When ad-blocking is enabled, it suppresses access to URLs containing such text strings as “/ad/” and “/adinfo/”.

Finally, Application Control lets you identify specific applications for K7 to block. Again, this list is global. You add any programs you don’t want your kids using and then turn on control for each child account.

Per-User Settings

Everything you’ve done so far has no effect until you apply limitations to specific user accounts. To get started, you choose an account and click Modify User Settings.

You start by configuring the Web Filter. For each user account, you can choose to block all sites on the blocked list, allow only sites on the allowed list, or leave the account unfiltered. There’s an option to log all sites visited, but you can’t tune the allowed and blocked lists on a per-user basis.

The Application Control page lets you choose whether to block the specified applications for this account, and whether to log all blocking activity. Also on this page is an option to block all browsers except Internet Explorer, with a statement that this is necessary if you want web filtering for HTTPS sites. Unfortunately, this is useless given that Internet Explorer has reached its end of life. Fortunately, I found that, despite the warning, HTTPS content filtering worked in other browsers.

The Privacy tab lets you configure privacy protection on a per-user basis. By default, it blocks sending of sensitive info and notifies when blocking occurs. But just what information does it block? It turns out this refers to the private data you entered in the Privacy Service component, completely outside of the parental control system. And under Browser Settings you can configure global options for cookies, ActiveX, and Java applets. As with the separate per-website control of these options, I don’t think this last item belongs in parental control.

Finally, there’s the Timings page. Here you can completely block a user’s access to the internet or define periods during which access is permitted. There’s no convenient grid for roughing out allowed and blocked times, though, nor do you get a daily or weekly cap, as you do with Trend Micro Internet Security, F-Secure Internet Security, and others.

Does It Work?

K7’s content filtering, which requires parents to define every site that should be blocked, is useless. I checked it anyway, and it did successfully block access to sites I listed, even secure HTTPS sites. The blocking message looks almost identical to when K7 denies access to a fraudulent or dangerous page, though it does specifically state that K7 Parental Control denied access.

When I tried accessing the internet during a time forbidden by the scheduler, the browser displayed an error message, and a transient notification stated that access isn’t allowed at this time. Further attempts to visit websites just returned browser errors, without notification. I changed the system date/time to a time with internet access permitted, but that didn’t fool K7.

Just to see what would happen, I checked the box to ban all browsers except the defunct Internet Explorer. K7 blocked Chrome, Edge, and Firefox, but it did nothing to prevent internet access by a tiny off-brand browser that I wrote myself. I also found that content filtering didn’t affect my tiny browser.

I set K7 to block the “dangerous” application Windows Calculator. When I tried to launch it from the child account, K7 popped up a warning and prevented access. I tried moving the executable file, creating a renamed copy, and other sorts of chicanery. K7 wasn’t fooled.

Not a Parental Control Solution

Parents expect that a parental control solution will at the very least handle steering the little darlings away from inappropriate websites and help control their screen time. K7 does schedule when internet access is permitted, and it can’t be fooled by fiddling with the system date and time, but it lacks the daily cap offered by most competitors. And its web filter is useless, requiring parents to either list every bad website or every permitted website. If you need parental control from your security suite, consider Kaspersky or Norton 360 Deluxe, both of which include top-tier parental control systems.

K7's Data Locker Protects Your Files

Like the similar feature in Trend Micro Antivirus+ Security, Avast Premium Security, and others, K7’s Data Locker prevents unauthorized changes to files in specific protected folders. That way if a ransomware attack gets past the admittedly powerful anti-ransomware layer, it still can’t mess with your files. You reach Data Locker by opening the antivirus settings page and clicking the Data Locker tab.

When I last looked at this feature, it extended protection to the Pictures and Documents folders for the current user by default. By observation, that’s no longer the case. To get any benefit from Data Locker, you must manually add these and any other folders where you store important files.

K7 populates the list of trusted applications with a handful of important ones such as OneDrive and Windows Explorer. There’s also an option to use what’s called Smart Analysis to discover trusted programs. With that option turned on it let Notepad edit text files; with it off, Notepad got the bum’s rush. Even with Smart Analysis active, K7 correctly blocked changes by a tiny text editor that I wrote myself.

If Data Locker blocks one of your important programs, you can’t just check a box in the notification to make it trusted. You must dig into settings and actively add the program to the trusted list. Other similar components make adding trusted apps easier.

K7 Total Security Wi-Fi Security Advisor

Another feature not found in the standalone antivirus is the Wi-Fi Security Advisor. You can click its icon at the bottom of the main screen at any time to check the security of your current Wi-Fi connection. It shows the name of the connection, the authentication and encryption types used, and the device’s IP address. But really, what’s important is the notice at the top that your connection is secure.

The advisor should also alert you when you connect to an unsecured hotspot. I don’t have one of those handy for testing, but I don’t doubt it works.

Additional Tools in K7 Total Security

As with the standalone antivirus, clicking Tools at the bottom of the main window brings up a list of bonus tools. For the suite, they are USB Vaccination, Secure Delete, Windows Temp Cleaner, Computer TuneUp, IE History Cleaner, Internet Temp Cleaner, Activity History Eraser, Virtual Keyboard, and Disk Optimization. Note that you must click the arrow on the right to see them all.

The standalone antivirus offers just four of these: USB Vaccination, Windows Temp Cleaner, Internet Temp Cleaner, and Virtual Keyboard. I didn’t see much point in the two cleaners, but the virtual keyboard can foil keyloggers, and vaccinating your USB drives prevents USB-proliferating malware from infecting them.

You use Secure Delete to wipe out sensitive files so thoroughly that even forensic software can’t recover them. This can be handy, for example, to wipe out the plaintext originals of documents that you have encrypted. There’s no handy right-click menu option for files, nor the ability to drag and drop items for deletion, just buttons to add items to the list. With your items in place, you check the box for Quick Mode if desired and click Delete. The program doesn’t specify, but I imagine it overwrites file data once before deletion in Quick Mode, more than once otherwise.

As noted, I didn’t see much use for the temp cleaner tools. Nor do I see a real point to Disk Optimization, given that Windows 10 and 11 perform defragmentation in the background and include a built-in tool to invoke a thorough (and lengthy) defrag operation. Activity History Eraser is a grand name for a tool that wipes out most recently used lists and other traces of your activity. IE History Cleaner does what you can do by pressing Ctrl+Shift+Del in Internet Explorer. Or rather, what you could do if Internet Explorer hadn’t reached its end of life.

That leaves Computer TuneUp as the remaining new tool. This tool promises to increase your computer’s performance and speed. When you launch it, it reports itself tuning up memory, CPU, browser, and graphics settings, and then requests a restart. I didn’t notice any difference after running it.

Of all these tools, USB Vaccination, Virtual Keyboard, and Secure Delete are the most useful. The rest could be combined into a singular tune-up and privacy tool, perhaps one that more visibly demonstrates its worth.

K7 Has Only Minor Drag on Performance

Consumers just won’t accept a security solution that slows everyday operations or makes their cat videos lag. If security causes a problem, it’s likely to get turned off. Security companies recognize this and do their best to avoid causing any performance problems. I still run a few simple tests to verify which suites put a little drag on performance and which show none at all.

My tests measure boot time, the time to run a lengthy script that copies and pastes files across drives, and the time to run another script that zips and unzips that same collection of files repeatedly. I run the tests many times, discard the highest and lowest values, and average the results. Then I install the suite and repeat the process. Comparing the results lets me see how much, if at all, the suite slowed things down.

When I last evaluated K7, all three tests ran faster after installation of the suite, for a score of zero performance impact. My latest tests showed rather different results. With K7, the boot process took 15% longer. Note, though, that this is 15% of about 10 seconds, so not a long time. The file move and copy test took 11% longer, while the zip and unzip test ran 4% longer.

K7’s average performance hit of 10% isn’t much. You’re not likely to notice it. Even so, some competitors score a perfect zero, just as K7 did when last tested. Webroot scored a true zero, with no impact at all, while the impact scores of Avira and ESET Internet Security were so small that they averaged out to zero.

Low Price, Uneven Features

When I reviewed K7 Total Security three years ago, quite a few features were new, marked as such in settings. Those “new” markers are still present—it’s as if the app was frozen in time, except for its hands-on test scores, some of which would have been better off frozen at their previous higher levels. It does boast a broad set of security features, including antivirus, firewall, spam filtering, parental control, vulnerability scanning, ransomware protection, and more. Some of these are impressive—for example, K7’s behavior-based ransomware protection achieved total success, but if it hadn’t, Data Locker would still have protected essential files. On the other hand, the parental control system is useless. K7’s pricing, down since my previous review, beats the competition. Its three-star rating is an average of these highs and lows.

Money isn’t everything, especially where security is concerned. You're better off stretching your budget to get a security suite with components that are all top quality if you can. Bitdefender Internet Security gets top scores from all the labs, and its breadth of features beats most competitors, including K7. As such, Bitdefender is our Editors’ Choice winner for entry-level security suites.

Tags security suites