How We Test and Review Security Software at CyberTechVault
Affiliate disclosure: This article contains affiliate links. If you click a link and make a purchase, we may earn a commission at no extra cost to you. Our editorial recommendations are never influenced by commissions — read our full disclosure policy.
Why This Page Exists
The cybersecurity affiliate space is full of conflicts of interest. Many review sites rank products according to commission rates. Some are paid directly to feature certain products in top positions. We believe you deserve to know exactly how we make our recommendations.
Our Testing Principles
We test everything we recommend. Thomas installs and uses every product before it appears on this site. For VPNs, that means running speed tests, leak checks, and kill switch verification. For antivirus, that means exposing products to real malware samples. For password managers, that means creating test accounts and evaluating the full experience.
We do not accept payment for rankings. Our editorial rankings reflect our test results and professional judgment. Affiliate commissions may vary between products, but they do not affect our rankings.
We update reviews regularly. Security software changes rapidly. We revisit our top picks quarterly and update when products change significantly.
We disclose affiliate relationships. Every page that contains affiliate links includes a disclosure. We earn a commission if you purchase through our links. This funds the site and the testing that goes into our reviews.
How We Test VPNs
- DNS leak testing via dnsleaktest.com and ipleak.net
- WebRTC leak testing via browserleaks.com
- Kill switch verification (forced connection drops)
- Speed testing: 50 tests per provider across multiple server locations
- Streaming service bypass testing (Netflix, iPlayer, Disney+)
- Privacy policy and audit report review
- Real-world use over minimum 30 days
How We Test Antivirus
- Known malware sample testing (AV-TEST library)
- Zero-day behaviour simulation
- Ransomware detection testing
- Performance impact measurement (CPU, file transfer speeds)
- False positive rate tracking over 30 days
- Cross-reference with independent lab results (AV-TEST, AV-Comparatives)
How We Test Password Managers
- Encryption implementation review
- Browser extension reliability across major browsers
- Auto-fill accuracy testing
- Cross-device sync testing
- Emergency access feature testing
- Import/export functionality
- Third-party security audit review
What We Cannot Test
We are honest about our limitations. We cannot test claims about VPN server infrastructure we cannot physically access. We cannot verify no-logs policies through direct inspection. For these claims, we rely on independent audits by firms like PricewaterhouseCoopers, KPMG, and Cure53 — and note when products have not been audited.
About the Authors
Thomas (co-founder) — former electrician and house builder. Brings a systematic, methodical approach to testing. Tests every protocol personally.
Øyvind (co-founder) — former insurance professional and debt management expert. Brings risk analysis expertise and a focus on real-world impact.
NorwegianSpark SA | Org no: 834 984 172 | norwegianspark@gmail.com | +47 99 73 74 67
We read every email.
Reviewed by Thomas — NorwegianSpark · Last updated: 15 January 2026