Other than reading reviews, I guess the only sure way is to test for yourself. If I wanted to do it with minimal risk, how would I go about it? I've come up with the following:- Must test in a VM, I'm thinking VirtualBox for easiest to use. Then install Xp SP3/Vista Sp1 in it. disable the router protection for this VM. For this I must put it into the DMZ right? How do I do this? Take a snapshot of VM (like taking an image) Install security sw Visit bad sites, run malware exe's. What's a good source for these? Which sites to visit? I suppose it also must be done in IE with all its protection disabled. See what's caught and what's not - look for firewall notices, false positives, automatic cleaning etc. How will I know that a virus has slipped through if its not detected? Is the only way to do this by running scans with many different online scanners? Restore snapshot Repeat steps 4,5,6 If someone here has already done such tests, please link to your findings.