Ask Slashdot: Actual Best-in-Show For Free Anti Virus?

First time accepted submitter paperclipman writes "I'm on the college student budget and want to make sure that my recent investment in an Acer laptop will last me a good long while. I like to think of myself as a reasonably competent CPU user so I'm no adventurous link-clicker, but I do download some music as a recent SoundCloud devotee. My Kaspersky antivirus will be expiring shortly and I don't particularly care to renew with that steep of a fee — any advice from fellow thrifts?"

Simple

Windows: Microsoft Security Essentials, free if you have Microsoft Windows XP or higher, and it does work especially for the technical, not too adventerous link clicker. Gives you that extra layer of protection you seem to want for those 'oh shit' moments.

Re:Simple

[The+MAZZTer]

I can second this, and I should also add that the functionality is built-in to Windows 8 as Windows Defender. Same functionality as MSE, just relabeled. The old Windows Defender is dead.

Re:Simple

[Nos.]

Not only is it a reasonably good anti-malware tool, its the least intrusive one I've ever used, both as far as annoying popups and abusing system resources. My first download on any new Windows install.

Re:Simple

[snemarch]

+1.

I've had MSE detect & clean that one of the other free products (think it might have been Avast?) didn't catch - and MSE is no-nonsense, doesn't get in your way, haven't given me false positives (it does flag stuff like keygens though :)), and isn't too hard on system resources.

Combine that with FireFox + AdBlockPlus + NoScript + Ghostery + Certificate Patrol and some common sense, and you should be pretty well off.

Re:Simple

[DJRumpy]

I can second this. I've taken to using the MSE offering for family that are on Windows. Two simple reasons. I can flat out tell them to ignore any web prompts for 'free virus scans' and whatnot. Ignore any prompts to purchase virus scan 'updates', etc,

It also removes the irritating ad-ware that Avast and AVG are pushing out lately. They are doing more and more prompts to 'upgrade' which is confusing to older family members. Considering you're a techy this is probably a non-issue, but I do find comfort in the fact that the MS offering isn't likely to quarantine key OS files as Avast and AVG have done multiple times over the last few years.

Re:Simple

[Antipater]

Hate to deviate from the bandwagon, but there is a big downside to MSE. MSE is the program that every piece of malware tries to disguise itself as when they do their "a threat has been found! Click this button to remove it, then restart your computer!" routine to try and install themselves and take over your OS. It's a lot easier to tell the fake warnings from the real warnings when the fake warnings are claiming to be a program you don't even use.

Re:Simple

[brokenin2]

Yep.. I'm a big-ol M$ hater, and I can say that MSSE is a pretty decent product.. FIrst thing I put on everyone else's computer after I fail to convince them to run Linux..

Re:Simple

[Erioll]

Not the same thing IMO. A great amount of malware requires that the user does something. So "download our .exe and ignore the security prompts!" is still a very large section of things, and has nothing to do with a secure OS or not. Programs running as a user has as many rights as a user themselves. That's what most virus software is for: detecting that you're trying to run something that's "bad" but it's not exploiting security holes to do so. It's just running with "full trust" just like any other program on your machine, and behaving badly.

Re:Simple

[TheCarp]

> A virus (usually) can't damage the PC, it might destroy the data on it, but you can just reinstall in
> a worst case scenario.

In the very narrow realm of "Physical Damage to your PC", you are absolutely correct. There are some, at least theoretical, exceptions.... CRT monitors that could be put into damaging modes... excessive constant drive access could decrease its lifetime.... some flash technologies have limite dwrites.... meh.... no big deal.

That said, damage to my pc doesn't even enter into my "worst case scenario" when it comes to this sort of compromise.

My worst case involves things like, I connect to work from home and they steal my credentials (of course 2 factor auth helps but, even without my token they can still get in when I connect). Install a keylogger on the box and get my banking passwords and clean out my accounts.

but hey, having to fix my pc...that would suck

Re:Simple

[GIL_Dude]

Add to the items you list EMET - http://www.microsoft.com/en-us/download/details.aspx?id=29851. This is a free download from Microsoft that allows you to protect processes (such as IE and Java) from well known exploit techniques (such as heap spray, etc.). As an example, it protected against this latest IE zero day "execCommand Use After Free Vulnerability - CVE-2012-4969". We (large enterprise) had no worries at all about that vulnerability since we have EMET deployed and configured. Here's the MS02-063 bulletin - http://technet.microsoft.com/en-us/security/bulletin/ms12-063. If you expand the execCommand node and look at the mitigations you'll see you would have been protected. Often times Adobe Flash bulletins mention that EMET was a mitigation for the plethora of vulnerabilities that Adobe Flash code contains.

Re:Simple

[hairyfeet]

MSE is good IF, and its a BIG IF, you are not going anywhere risky, as it doesn't seem to do as well on drive bys as the others. This isn't really surprising as it started out as Giant AntiSpy before being bought by MSFT, but if he is going anywhere other than school sites I'd be leery if he isn't tech savvy.

A better choice IMHO and one I've been giving to my customers for a couple of years now is Comodo Antivirus as its butt simple, pretty much install and forget, is free, and is VERY good at stopping malware cold. If you want extra protection it asks on install if you wish to use their secure DNS which blacklists malware sites, but its strictly optional. its light on resources, doesn't pop up 40 ads a week trying to sell you crap like Avast has been doing lately, and has a really nice sandboxing feature that is enabled by default but which you can set to be as granular as you like, anything from off to whitelistsing to blacklisting, really nice.

All in all out of the free AVs I'd rate it "best of show" because not only does it have sane defaults and great sandboxing, but its as simple or as fine grained as you want it to be. With MSE there really isn't any way to change...well anything, with Comodo if you desire you can tweak pretty much everything if you choose, from the behavior of the scanning engine, to the levels of paranoia on the sandboxing (which MSE doesn't do) to who what and when it scans and where it will scan.

Re:Simple

[sconeu]

Peter Norton should sue Symantec for defamation of character.

The original Norton Utilities were lean, mean must-haves. Anything called "Norton" nowadays is a steaming pile of shit that you run away from as fast as you can.

Re:Simple

[Ritchie70]

My only qualm with MSE: My mother-in-law (and my wife's sister, who lived with the m-i-l) managed to impressively infect a Windows XP system that I had MSE installed on.

So far as I could tell, something broke Windows updates, which in turn meant that MSE updates didn't flow, and the infestation ran wild... to the point that the computer was unusable.

In my work experience, it's easy for Windows updates to break or be broken. It was nonfunctional on my work computer for the better part of a year before I reloaded it.

This experience led me to believe that antivirus should have its own, hardened, secure, simple update path independent of Windows system management technologies.

Re:Simple

Uh oh, sounds like you might have an infection that's sapping your performance. Might need to get a third antivirus program and install it alongside the other two. Make sure you leave realtime scanning on so that all three of them get a good look at every file that the system is opening and closing behind the scenes. Surely one of them can identify the rogue files.

Good luck!

Re:Simple

[Local+ID10T]

I downloaded and executed a program called windows web commander while running MSE. It gave me no warning. I had to restore the computer to a date before downloading to get it to work again. It started with a pop up message stating I had a virus. The program asked for money to remove the virus which was essentially itself.

Even the best code can't fix stupid...

NO anti-virus/anti-malware/anti-rootkit/etc gets them all. AV is run as an early warning system. If something slips past, you either restore from backup or scan with another tool and hope it finds whatever got past the first tool.

Re:Simple

[scubamage]

I'd have to disagree. We used to use it on mammography workstations dealing with sets of 8 80+MB files per study with no problem. The files were regularly compiled into standard ISO's, and again, no issues. The same workstations could also be used to load JPG2000 Animation files (MR and CT scans) which sometimes contained 3-4000 images, and again, no issues (these were not lots of small images, rather several thousand full resolution images in a single file). We honestly had more issues with Nod32, plus it cost more. We ended up moving everyone off of Eset NOD32 over to MSSE because it was free with the windows license and worked just as well. Outside of work, I've regularly had several multi-gb files with no problems (including 10+GB virtual hard disk files).

Re:Simple

[teh+dave]

MSE is not free: it is free for home users. Business may use only up to ten free licenses before they are required to upgrade to Forefront. If you're a business and using more than ten copies of MSE, you're breaching the license agreement.

Source: the MSE download page

Re:Simple

[drcheap]

Second this. It's the best thing I've ever seen from Redmond. If all their software worked like this their suckometer would read a hell of a lot lower.

If their other software (read: Windows) worked like 'this', then 'this' wouldn't be needed in the first place. /smirk

Microsoft Security Essentials

[jfdavis668]

For a free, Windows antivirus, it is hard to beat. Not the greatest, but it works and updates automatically from windows update.

Re:Microsoft Security Essentials

Keep in mind MSE is only free for organizations for under 10 people...

Blasphemy

[Diomedes01]

But if you're running Windows, you could actually do a lot worse than Microsoft Security Essentials...

You want ad-blocking, not AV

[mlts]

One of the primary causes of malware is drive-by intrusion via compromised or unmaintained ad servers. Instead of worrying about free antivirus (which by definition rarely catches real 0-day threats), I'd get an ad blocker, or a utility like the paid version of Malwarebytes which blocks malicious website IPs.

Block the IPs and what spits out the malware, don't bother playing whack-a-mole against the latest polymorphic stuff.

As for antivirus, just go with MSE. It usually is in the middle of the pack, is lightweight, and the price is right.

Re:You want ad-blocking, not AV

[ozgood]

You don't even need to run an .exe. The RSA hack a while ago was social engineered with an excel exploit. http://www.f-secure.com/weblog/archives/00002226.html

My favorite free one

[UconnGuy]

Avast. Used to use AVG, but Avast seems to work better.

Avira or AVG

[EvilGrin5000]

I've always found

AVG Free http://free.avg.com/us-en/homepage
or
Avira Free http://www.avira.com/en/avira-free-antivirus

To be good free solutions.

Microsoft Security Essentials

[ilsaloving]

As others have stated, MSE does a very good job. It easily outclasses the other freebies, and most of the non-free ones as well. For example, I've seen it clean up machines that got infested while under AVG's watch.

And it doesn't slow your machine down to a crawl, which is nice.

Huh?

[gstoddart]

I like to think of myself as a reasonably competent CPU user

What the hell does that even mean? Do you mean computer?

Re:Huh?

[K.+S.+Kyosuke]

He's a reasonably competent CPU user, but he needs to learn to use his memory, especially the part remembering all the acronyms out there.

Re:Use a Mac

[cgt]

You should be downvoted for the reasons stated below: 1. He said his budget is tight 2. He just bought a new Acer laptop 3. Macs do actually get viruses (though there are significantly less viruses for Mac OS X than for Windows) Short story shorter: You're a jerk.

Microsoft Security Essentials

[amaupin]

First I used Avast, but after a while it began bugging me to to buy the paid version, and slowed down my PC with ill-timed, intensive scans.

I switched to AVG, but after a while it began bugging me to to buy the paid version, and slowed down my PC with ill-timed, intensive scans.

Now I use Microsoft Security Essentials, which is surprisingly good. So far.

Complement with a Spybot Search and Destroy scan every now and then and you're good to go.

Re:ClamWin

Unfortunately, also doesn't do any resident background protection, network monitoring or link scanning, which all major antivirus tools do nowadays. The only reason to put ClamWin on a Windows machine if it is running 2000 or earlier, which is about the only current AV that will run on those systems.

It's not only about the antivirus

[obarthelemy]

Try to use a non-admin account for your daily stuff. An escalated admin account when you do need to install stuff is just 2 clicks away (start -> change user)

I've had my computer-illiterate parents on a non-admin account for 20 years now, they still haven't gotten a virus. And yes, they're still computer-illiterate ^^

Your post reads like bad market research

[discord5]

Have you tried Common Sense 2012? I hear it works well in most sensible cases. Other than that on the cheap : Microsoft Security Essentials. It seems a bit contradictory to let MS handle anti-virus software, but at least it doesn't hog your system as badly as most other products.

reasonably competent CPU user

Yes, I know how you feel. I like to think of myself a I/O aficionado. I have a friend who's a memory expert. We know a guy who was pretty much a BIOS guru, but he's not feeling too well lately after hearing about the UEFI thing.

but I do download some music as a recent SoundCloud devotee

I hardly know anyone who downloads their music from SoundCloud. Most tracks are either demos (with a link to itunes, amazon, juno or whatever). And the few amateurs that are serious about their music have already joined one of the many netlabels where you can usually download entire albums from their own site or bandcamp.

Are you by any chance doing market research, trying to infiltrate into the tech crowd while looking young, hip, dynamic and social 2.0 web networking? You're doing a splendid job, I might add. However, please forgive my sarcasm if you're not, your post seems to read like a 55 year old police officer going under cover "buyin' da ganja mon, totally down with da 'erb an' ting".

Re:Your post reads like bad market research

[sootman]

55? Oh my gracious no, double that. If you have a moment, I highly recommend you re-read the original post while imagining Mr Burns' voice.

> I like to think of myself a I/O aficionado.
> I have a friend who's a memory expert.

If I drank coffee, you'd owe me a new keyboard and/or screen. :-)

Re:Winblows, LOL

[Skarecrow77]

you realize that attitudes like yours and GPs are exactly what turns prospective linux neophytes off, right?

For an every-day user, Linux has just as many problems as windows. the problems are just completely different. Source: I use both linux and windows every day. typing this on a linux laptop for pete's sake.

For the OP's concerns, linux very well may be his best option, but telling him that he's been playing in the little kid's sandbox is very nearly as counterproductive as telling him that he's a retard, as GP did.

Re:Winblows, LOL

[Dog-Cow]

For the vast majority of people, Linux is a heap of useless trash. It's inconsistent. It has relatively poor hardware compatibility. It has no software compatibility for software that real people care about. There's basically no good reason for the average home user to touch it.

Advert/Shill much?

[trancemission]

This place really has gone down hill - 'first time submitter' wants to know what anti-virus to use. Information given:

I have a Acer laptop and I use SoundCloud.

Any hint to operating system? No. We will have to assume Windows then. Which is confirmed by the first post within a couple of minutes [where is the frosty piss post?] :

'Windows: Microsoft Security Essentials, free if you have Microsoft Windows XP or higher, and it does work especially for the technical, not too adventerous link clicker. Gives you that extra layer of protection you seem to want for those 'oh shit' moments.'

From an AC and modded 5 Informative.

News for nerds - stuff that matters. I remember them days well.

Feel free to join me over at hacker news.

College student? Check your benefits

[PPalmgren]

Granted it was ten years ago, but when I went to UNCC, there was a small selection of software provided by the school under a shared license for free to students. This included, in my case, norton corporate, which was not intrusive and did an admirable job. Might wanna check around and see if you have similar options available. While the best free AV might be MSE for Windows, you might be able to get a paid AV for free.

AV-Comparatives.org

[INowRegretThesePosts]

http://av-comparatives.org/

This tests a lot of antivirus and shows you their detection rate, false-positive rate, etc.

I myself promote Avira Antivir, which is lightweight, does well on AV-Comparatives.org, and is gratis.

Of course, the best solution is to install Ubuntu; if you choose it, I can give you free support over email.

And remember: any Windows antivirus (even, to a lesser degree, Ubuntu) will only attenuate the problem. You are _not_ safe just because you have a good antivirus (or run Ubuntu). You _must_ take care: don't go to rogue sites, don't execute untrusted executables, don't use pirated software, etc.

Good luck.

Slashdot is missing something

[viperidaenz]

Where is my mycleanpc spam?

Re:Winblows, LOL

[Loosifur]

I disagree, but I'm much closer to your opinion than the two hopeless fanboys that posted earlier.

Full disclosure, I use Linux in a professional environment. We use it to run wifi hardware, and in LAMP configurations for websites. Personally, I have used Linux off and on for the past six years, and Windows since it existed.

For the combination of low resource overhead and stability, Linux (CentOS in our case) beat Windows hands-down for the hardware that we sell to clients. We need something that will act as a router, bridge, or access point, so we need it to stay up and running for as long as possible. We don't upgrade hardware often, so as long as it works when it's installed it'll probably be fine, and we don't need to update the OS for the same reason.

In all other regards, Linux has been at best something that we can work around, and at worst a hindrance.

In 2012, being limited to a command line is archaic and counter-productive, so a user should be able to accomplish most if not all tasks from within a GUI. We can argue about command line interfaces and how 1337sauce they are all day, but the fact that all serious OSs on the market, including Linux, incorporate GUIs tends to indicate that moving away from command lines considered a good move by people that design and develop operating systems. It might be faster for people who are used to it to live in the command line, but the overwhelming majority of users want GUIs that provide all the functionality they need, and people who are in the business of making operating systems respond to this. And, overall, if the GUI is well-designed, it's generally more efficient than the command line. My opinion, yes, but I'll argue it all day.

Any security gains in Linux (and there certainly are) are mitigated by the obscurity of the system itself. Yes, you can batten down a Linux installation to a level of security you don't see with MS if you know what you're doing. The problem is that you have to have a high level of comfort and expertise with the OS to see these benefits; you can realize at least base-line security on a Windows machine without having to know anything about IPTABLES. It's like the classic martial arts dilemma: Chinese boxing might be superior to all other martial arts, but it takes decades to achieve mastery; a student of Krav Maga or jujitsu can become competent in a few years.

At our office I and another person write the documentation. With Open Office, we ran into formatting issues that, frankly, made it impossible to produce a professional-looking document. Even the person who'd been doing the documentation before, who is a self-described "Linux guy", admitted that he'd reached the limits of what could be done with OOo, and recommended I use Wine to install Office. This required that I switch distros, because CentOS doesn't support the latest version of Wine, which was required to install Office 2010 (a copy of which had already been purchased for a previous employee). Admittedly, the alternative was to install some flavor of Windows on a VM, but that would've required buying a license; I work at a very small company where cost is always an issue. Eventually, after some tweaking, I got Wine to install Office and launch it reliably, although there are stability issues.

As a gamer, too, I can speak to Wine and Linux in home applications. Yes, some games run under Wine. Certainly not all, and not even most. Also, big releases, especially multiplayer games, remain the province of Windows. It's changing, slowly, and Steam going to Linux is a promising development, but a PC running Windows remains the best platform for gaming. And, sure, you can run a VM, but then you're adding to hardware requirements that new releases already stretch on most PCs.

I know it's sort of de rigeur to hate Windows if you like Linux, but it's not the 1990s. Linux has come a long way, especially Ubuntu, and I think the argument can be made that some distros are no longer "hobbyist" OSs, but Windows remains the authoritative PC operat

How about this: no antivirus

[InsectOverlord]

I don't mean "use Linux", which has already been suggested a number of times, predictably. I mean no antivirus installed whatsoever, and do the following:

- Before you run any binaries and otherwise infectable files you download, run them through an online antivirus (e.g. ESET).

- In Explorer, don't generate thumbnails.

- services.msc and disable everything you don't need

- Run a firewall. Even a basic one will do.

- Don't use IE or Outlook.

That's how I roll, and I know for a fact I haven't had a virus for about a decade. I'm absolutely positive the machine isn't in a botnet or anything of that sort because I regularly monitor my traffic in the router. If I had a virus I almost certainly wouldn't be able to browse to ESET online or any other antivirus site. Finally ESET online also scans the RAM.

Re:Winblows, LOL

[cyber-vandal]

Facts mentioned in this post are 5 years in the future because the Linux experience you describe does not exist. Easier to administer than Windows. Fuck off. "It is possible to change the DE easily". Fuck off. I've been waiting 3 hours for lubuntu-desktop to install dozens of unnecessary packages for me and now it's failed and refuses to give me LXDE. That's not a five years in the past out of date blah di blah di fanboi. That's just happened. Right this second. Linux has been going backwards for ages. It used to be really lean and reliable. Now it's festooned with pointless bloat that is poorly tested and annoyingly slow and unreliable. If they wanted to duplicate the Vista experience they've done it. Otherwise you are pretending that you didn't have to dick about with the damn thing for ages to get to a level of functionality that is out of the box on Windows 7 or Mac OS.

Best AV is almost as good as nothing at all

[3nails4aFalseProphet]

The only thing AV provides is a false sense of security. With AV, you're waiting until AFTER an infection occurs and then HOPING the AV company you've chosen has A) seen the malware before, B) bothered to add a signature to their definitions list, and C) is actually capable of removing the virus.

Better ideas: Turning on AppLocker & running most of the time as an unprivileged user. Check out OSSEC for use as a File Integrity Monitor and Host-based Intrusion Detection System. Disable unnecessary services, remove unnecessary programs, use an ad-blocker, a "default deny all" firewall policy and get a 3rd party patch manager to keep all your non-MS bits up to date. Secunia PSI is a free patch manager/vuln scanner for home use - there are others.

For a detailed description of just how bad AV is at protecting systems, check out the following blog post at computer-forensics.sans.org:
http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-a-real-world-simulation-created-for-forensic-data-yields-surprising-results