The Definitive Best Anti Virus Thread

Started by Allan, December 22, 2011, 06:01:18 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Allan

Okay, this question just comes up so often that I, for one, am tired of seeing it .So maybe we can try this: everyone who wants to give his or her opinion please do so here. Let's not argue about anything or question anyone else's choice, let's just state our preferences so those who want to read differing opinions can do so here. If you have very strong feelings about other programs (good or bad) go ahead and express them. Then when the question comes up in the future we can just point to this thread. One post per person should probably suffice (okay, wishful thinking ).

I'll start. I like Kaspersky Anti Virus. I've been using it for about 6 years. All new versions are free as long as you maintain your yearly license. Definitions are updated several times a day. It's always active and I also use it to scan incoming email. I use MalwareyBytes & SpywareBlaster for monthly on-demand scanning (neither remains resident) along with SpywareBlaster (updated weekly) to block known malicious sites. WinPatrol Plus is also resident on most of my systems. I can honestly say I've never had a virus on any system - and I started using PC's in 1985 and have owned and/or been responsible for scores of systems since then.

Now for what is probably a controversial comment - NOTE: this is strictly my personal opinion..... I know there are a few good free AV's, but I simply have never been thrilled with any (thought admittedly, it has been a number of years since I evaluated them). I realize this is a minority view, but I simply feel that anti virus protection is the single most important app you can have on your system and I'm a firm believer that you get what you pay for. I would never consider skimping on AV software. If you can afford $50 for the latest computer game you can certainly afford $30/year to protect your system. Having said that, Microsoft Security Essentials and Avast seem to be among the best free choices and LOTS of folks are very happy with them.

I don't use third party firewalls, but my systems are always "behind" a router that uses NAT. I do keep the built-in Windows firewalls active at all times. While the XP version offered no incoming protection, later versions do.

It should go without saying that the most important preventative is "smart computing" (never open an email  attachment unless you are 100% certain you know what it is, don't click on links unless you KNOW where they go, don't download anything from the web unless you absolutely know it is safe, avoid all forms of pirated sw and warez, etc.).

Okay, that's my 4 cents :) . Please post your protection scheme.

BC_Programmer

Heh, good idea... I doubt it will stop people from posting polls every three weeks on the subject, but at least we'll have a sticky to point them to when we try to tactfully tell them to STFU :P


Myself, I don't, personally, use a "On-demand" or background scanner. I do have tools such as MBAM and the like installed which I will run when I notice odd processes in task manager, svchost hogging resources, or general "odd" behaviour from my system.  I've never felt it was worth the processing overhead; The task of AV scanning takes time, and having it occur on nearly every file access is a rather hefty price. And of course, even the best AV application isn't going to catch everything, so you need to be cautious anyway, means that, for me, I'm actually safer when I don't have an AV installed.

When I did have one installed (after a nasty Virut infection on Windows XP to keep me from reinfecting the system using existing executables on my data drive) I actually found that a lot of activity I found suspicious and thought "oh no, I'm reinfected" could be traced to the AV. While their purposes are far more noble and good, I'm sort of felt that AV software is sort of like "fighting fire with fire"; rather than a Virus or malware building a huge root system in your machine, the AV software does. That's why they all seem to need special software to fully remove. That, and a lot of the systems I've fixed for others that they blamed on "Viruses" were in fact caused by the Anti-virus software they were using, which if you ask me is utterly unacceptable. (I'll say I've only seen those issues with one or two "Free" offerings, Mcaffee, and older versions of Norton, though.

Basically, my "protection" amounts to healthy cynicism. Almost all malware infections these days are trojans. So few infect a system by way of things like exploits and "drive-by" stuff that it's hardly worth the effort to waste time thinking about. More importantly, the first line of defense even for those is the same. After all, in order to download a trojan you need to trust a website, and in order to visit a web page, you need to trust the link. Typically, when dealing with an unfamiliar executable, I'll just run it. (unless it has a blatantly suspicious name). I might run process explorer and keep track of what the program does as well to make sure there is no funny business. I usually have that running in the background anyway. If the program requests administrator permission- it doesn't get it. Not at first. This has prevented a good lot of "infections" if you ask me, since you can't well infect a machine without administrator permissions. Naturally, software installers do need those permissions so depending on the software I will allow. Or, if I'm in a forgiving mood I might just say yes and deal with whatever happens later. When I am infected, I usually catch on rather quickly and am able to either kill the malware processes, or, if they are the type where they autorespawn each other, suspend all the suspicious processes and kill them all at once. Visit regedit and delete the offending entries (generally in the Run key), reboot, and typically everything is back to the way it was. In 7-8 years I was only infected once, and since moving to Vista/7, I've had hardly any problems.

An important Note: Typically, "manual" Virus removal is not something that just anybody does. It really requires a intimate knowledge of how Windows software works, the PE file format, and of course a willingness to "get your hands dirty". At the same time, it really is only an extension of what you should do even when you have a AV installed- keeping a system clean requires constant vigilance and you need to constantly be assessing what possible security repurcussions your actions could have. "Does this application REALLY need admin permissions?" type stuff.

BC's tips for AV-free operation:

Sometimes your applications will crash; this is pretty much inevitable. Sometimes you'll need to run Task Manager for various reasons.  While there, glance over the processes. Again, this requires a familiarity with the type and number of processes you would typically see running on your machine, so it's useless unless you are familiar both with your operating system of choice as well as your "normal" software configuration. Things like rundll32.exe showing up in there out of nowhere will make me reach for Process Explorer, where I can determine the "threat" posed by that process.

As I type this, my desktop machine does in fact have a rundll32.exe process running. Which piqued my curiousity. You can use the "Select columns" menu in the view menu of Windows Task Manager to enable columns such as "command line" which can give additional information on the process. you can also use various features of Process Explorer for that same task, or further investigation of a suspicious process, such as examining it's in-memory layout, stack frames, loaded Libraries, etc. in the case of this particular rundll32.exe, it turns out to be used to launch a function called "GameUXShim" in C:\Windows\System32' gameux.dll, which according to it's description, is "Games Explorer". the parameters, and function name, passed make it clear this is designed to "Shim" an older game to work in the newer Windows 7 environment. Again, familiarity with the Windows System helps here, the compatibility settings provided by the windows shell itself pale in comparison to what is actually provided "under the hood" which involves a massive network of shims, compatibility hooks, and databases on the sorts of the two needed for various games and older applications that were, for lack of a better word, written badly. In this case, it seems to be for "Halo.exe" the executable for the popular Halo game, which I bought and never played hardly until yesterday where I played for 5 minutes and got stuck. Knowing that I played the game, and was no longer, I can safely terminate this process and know it wasn't malicious, and is required for proper gameplay. Same for a variety of other older games I have.

Obviously, this isn't for people that just want to "do work" on their computer; it's more useful for people who want to learn about how it works. The ultimate result is that I've saved who knows how much on AV software, I've saved time that would be spent running that AV software, and over time I've learned enough about machines to become the "go to fixer person" of several people who are willing to pay for my services, so it's a rather good result. Of course I don't try to make them run without an AV, in fact I try to dissuade them; they will often ask "well what AV do you use" and I have to answer that I don't use one. Some of them will get the idea that if I (somebody who's understanding of the machine they have come to respect) doesn't use one, then they don't need to either. Then I have to try to explain that an AV solution is only as good as it's user, without telling them "you keep getting infected because your stupid, not because your AV sucks". Usually I can get them to understand, and even if I don't, I have a machine I often use to show them how I would clean a machine (using the above steps) by infecting it and running through the process, which involves process explorer ,suspending processes, recovery console. If they don't know how to do all those things (and if they did, they wouldn't be coming to me for help in the first place) than they are going to need to choose an AV product and learn how to use it. That second part is critical, I think.

More critical that what AV a person uses is learning how to use that AV software effectively. You can't just install an AV and forget about it; they each have their own nuances and settings that you should configure to your unique usage scenario. Learning what causes their various "popups" to appear warning you about things and how severe they are is important, particularly since the way a lot of AV suites present their messages is using skinned messages and gaudy pop-ups with stupid images that depict "virus infections" or other images that are wholly unimportant. Installing an AV and blindly following it's advice and getting all worked up because it says it quarantined something merely feeds the ignorance, it doesn't absolve it. It just adds confusing terms. "Quarantine" for example, is just a silly term in a software environment. All it amounts it is a backup folder where the files are moved to. Why? Because AV software has false positives, so it moves it there so that if it turns out that "woops that wasn't infected" it can be moved back. It's sort of like the equivalent of a society where, if anybody is identified as "sick", they are euthanised. (a bit harsh but that's essentially the analogy as far as software goes). For "cleaning" and disinfecting files, basically at this point the analogy would be that they can cure your cold, but they will have to rip off all your limbs and cut off your ears. (the resulting program very rarely still works as it used to and you need to reinstall anyway). In such a scenario, false positives could be disasterous. Instead of just having a call to your house telling you that your test results were wrong and you don't actually have the flu, the docor would have to interrupt your funeral to say "oh, yeah turns out he wasn't sick". As such AV software does what might be done in such a scenario: instead of outright deleting/killing the victims, it moves them to a special holding area, where they are forgotten about and usually deleted anyway, but at least that way if the doctors/AV software balls up they can just release them back into society. This only outlines that AV software is far from perfect. using medical terminology like "quarantine" and "virus" and "heal" and "infection" only serves to confuse the issue, since it actually makes people think that the entire area of malware removal is a "profession" like your standard medicine on which the analogies are based. It's not. At this point, Anti-Virus software as a "medical" field is about the equivalent of when we would drill holes in peoples head to release their inner demons. That isn't to say it's useless, just that a lot of what it does is a tad drastic.
I was trying to dereference Null Pointers before it was cool.

JoetheHawkinsman

I've found that McAfee works very well, I've used it for a year and haven't had any issues with it, the price is reasonable, and you do get your moneys worth.
Joe Hawkins

kpac

Quote from: JoetheHawkinsman on January 07, 2012, 06:06:13 PM
I've found that McAfee works very well, I've used it for a year and haven't had any issues with it, the price is reasonable, and you do get your moneys worth.
Not many people agree! ;D

I use MSE on my laptop and Avast on my desktop, but will probably switch to MSE when it starts nagging me to re-register.

ronnyxx

i  use the virgin security suite which works well enough for me the only down point is that it does load up very slowly, i  do  believe now the new virgin security is now from trend micro ( if thats how you spell it ) but it will not update on my pc probaly because i  have malware bytes on my pc, but i am happy  with the security as it stands

jamich

AVG works well for me. Been using it for years now. It's better than Norton.

nedkelly

For paid I will only use ESET NOD32 Smart Security, works better than anything else I have tried, for free I just use MSE.
CPU: Intel Core 2 Duo E7500 Wolfdale 2.93GHz, Memory: 6gb DDR2 800mhz (For now), HDD: 2X500gb Sata2, GPU: Sapphire HD 4670 512MB, O/S: Quad boot: Windows XP Pro, Vista Ultimate 64 Bit, Windows 7, Ubuntu, Case: Coolermaster Centurion 590 Black

Kurtiskain

I personally use Avast! Free (disabled when gaming) and Malwarebytes Anti-Malware Pro ( $9 licence from Trial Pay :D )

They both stop anything that comes my way if it is malicious and never conflict/cause huge slowdowns when accessing data.

If I had to pick a paid product, ESET Smart Security would be my pick, we use it in the workshop and it is great.

Interleave

I have been running Microsoft Security Essentials and Malwarebytes in tandem on many computers for years. I generally install these on client computers unless they already have paid versions of something else (Norton, Mcaffee, etc...). I also like to use Ad-aware. All of these are free and I NEVER get any trojans or viruses.
Pc/laptop repair and upgrade expert. Love the new Ubuntu. Not so much Windows 8.

smithrick

I think AVG antivirus is best antivirus i ever used. The best thing is this is free software. But keep this antivirus is always updated.

michaewlewis

At home, I use Microsoft Security Essentials.
At work, we use Symantec Endpoint Protection and Kaspersky.

A couple years ago, I got a virus on my flash drive that SEP and MSE would clean up after plugging it into either of two PCs with Avira and AVG on it.
Kaspersky didn't notice it, but the pc with it installed never got infected either, so.... ???

lapinette

THIS WILL BE SHORT,TO ME THE VERY BEST A.V IS PANDA CLOUD FREE,INSTALL AND FORGET. THANKS.

patio

It seems it however has broken your capslock button though...no matter how good you feel it is.
" Anyone who goes to a psychiatrist should have his head examined. "

BC_Programmer

Why would I want to install something that makes me forget?
I was trying to dereference Null Pointers before it was cool.

Accessless

Another vote for AVG from me. I've used it for years now, left it sometimes but I've always returned. Currently using ~25Mb of RAM... No idea if that's good or bad for an AV program.

Pros:
- Least spam I've ever found from a free product
- Thorough  & up to date
- Easy to install
- Does not worm it's way onto your computer through 3rd party software & demand that you must buy it before you may ever feel safe again. (A big selling point to me)

Cons:
- Cannot disable easily (for gaming)
- False positives fairly frequent (less so recently)
- Does not recognise Norton & McAfee as adware

Saying that:

"AVG – AVG used to be a great program, several years ago.  Starting with version 9 it's been getting worse and worse as they try to do too much.  It slows down your computer, making it almost unusable during virus scans.  It has one of the worst ratings for speed performance, especially that of scanning for viruses.  It currently has a very poor detection/protection rate and lets more infection into your computer than several top antivirus solutions combined.  It does a barely mediocre job of detecting threats it doesn't know about.  It's ratings have been dropping rapidly.  Even for free it should be avoided." http://www.npinc.ca/tag/antivirus/

Oh dear, AVG made the list of worst AV programs.

Well I think that we can agree that vigilance and experience are the best ways to avoid virus's, I've got a long blank event history and an empty virus vault so I'm obviously doing something right.