Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?

CryoKeen writes: I got a new laptop recently after trading in my old laptop for store credit. While I was waiting to check out, the sales guy just handed me some random antivirus software (Trend Micro) that was included with the purchase. I don't think he or I realized at the time that the CD/DVD he gave me would not work because my new laptop does not have a CD/DVD player.

Anyway, it got me wondering whether I should use it or not. Would I be better off downloading something like Avast or Malwarebytes? Is there one piece of antivirus software that's significantly better than the others? Are any of the paid options worthwhile, or should I just stick to the free versions? What security software would you recommend in addition to anti-virus?

In after somebody says don't run Windows.

Because I'm assuming that will be an answer.

You can fill in any particular OS as an alternative.

Re: In after somebody says don't run Windows.

Wipe the disk and run linux

Re:In after somebody says don't run Windows.

[cbiltcliffe]

That would be "in before somebody says 'don't run Windows'".

Having said that, I've run Windows (among other things) for years, and haven't run anti-virus in over a decade for two reasons:
- it's more trouble than it's worth when you know what you're doing,
- it's hard to do any kind of virus research at all when you've got antivirus trying to delete every infected file you're examining.

In the time I've not run a/v, I've never had an infection. (I never had an infection before that, either, but that's beside the point.)
I use Comodo Endpoint Security on the kids' computer, and the HTPC, but my main Windows desktop hasn't had it for years, and won't have it for the foreseeable future, either.

All my Linux machines, of course, don't run anything, except for my mail server, which has ClamAV on it, just to scan attachments.

Re:In after somebody says don't run Windows.

[Matheus]

Repeat: Best software = None.

There are people out there (many of my friends included) who need protection from such a thing because they can't put the tiniest amount of thought into what they are doing when on their computer. I do not practice safe browsing by any means, torrents and pr0n are just too much fun to leave alone ;-), but somehow manage to never get infected without any A/V software protecting me BUT I keep getting calls from friends who's machines have turned into rotting cesspools and want them cleaned. Honestly my answer lately is "Call Geek squad" because it's not worth my time or energy to scrub their waste pond just to have it rot again shortly there after and Geek Squad is cheaper than my time if I were to bill them. So for these people A/V software may be useful but honestly again most of them already have it and it didn't keep them safe anyway.

A/V DOES otoh slow down your machine, interfere with properly running processes and generally behave like the worst of viruses on its own so why willingly go down that path.

Re: In after somebody says don't run Windows.

[arglebargle_xiv]

I agree. That's exactly what virtual machines excel at.

Any malware worth its salt will detect a VM (and the presence of debuggers and other things) and refuse to run. You need to be running on a physical machine to do malware analysis.

Re:In after somebody says don't run Windows.

[arglebargle_xiv]

All my Linux machines, of course, don't run anything.

Don't worry, I have it on good authority that next year will be the Year of Desktop Linux, and then all those apps will appear and you'll have things to run on your Linux machine.

Re:In after somebody says don't run Windows.

[Dynedain]

In the time I've not run a/v, I've never had an infection. (I never had an infection before that, either, but that's beside the point.)

That you know of. There have been many documented cases of drive-by installs, worms that infect from external media, infected installers from legitimate installers. Hell, even legitimate open source projects having their servers unknowingly hijacked and malware injected into source or binaries during download.

While some malware is geared at spamming your desktop with ads, the good stuff tries to be as unnoticeable as possible, especially for botnets or if the goal is keylogging. Today's sophisticated viruses aren't trying to wipe your machine - they're all about creating networks of vulnerability to sell later to the highest bidder.

Re:In after somebody says don't run Windows.

[LetterJ]

To the average Windows user, their computer is a means to an end. To the average Linux user, the computer IS the end.

Re: In after somebody says don't run Windows.

[Squiddie]

You should run Linux on that too.

Re: In after somebody says don't run Windows.

Oh good. Didn't realize my virtualized servers are all virus proof.

Re:In after somebody says don't run Windows.

his non-existent scanning tools never found anything.

Re:In after somebody says don't run Windows.

[vux984]

I use visual and audible cues like an oddly running HDD: going by the activity light mostly using SSDs.

Because a botnet is going to need a lot of hard drive on your computer with GB of extra RAM?

Also, fan operation, CPU temp, resource monitoring stuff.

Unless you've been coopted to mine bitcoins or something, your CPU temperature isn't going to be noticeable if your part of a botnet either.

Just checking out what .exes are running and/or in startup once in a while is a good habit.

Sure it is; for the low hanging fruit. The really good stuff doesn't show up in taskmanager because its told windows not to report it. It doesn't show up in the registry editor either. And windows explorer can't see the files on disk. Or maybe it's hiding in plain sight... some common service replaced by a malware version; that still performs all the original functions, but also does something... extra.

The idea that anyone could detect anything sophisticated with "visual cues" and "checking stuff" is laughable; on any OS.

An offline scan is usually required, that flags everything not known specifically to come from a trusted vendor... and the resulting list is probably going to be overwhelming anyway for the average person / average system. Only the most secure managed environments would be able have any real confidence.

Re: In after somebody says don't run Windows.

[Billly+Gates]

Wow just, wow.

Guess you never heard of a flash exploit before? You probably think a user only has to click on something to be 0wned?

Go to any major website and you will get 0wned if an ad network is hit.

That is beyond ignorant and very dangerous advice.

Re:In after somebody says don't run Windows.

[cbiltcliffe]

I don't execute virus files on my work computer. That would be stupid. I decompile/reverse engineer/etc them.

I have a separate computer that I use if I need to actively infect one. It's not a VM (for the exact reason that some posters have already given) but I do have a Clonezilla image of it, so I can quickly wipe/reinstall after analyzing the infection.

Re: In after somebody says don't run Windows.

[Muros]

Agreed. I turned off AV on one of my machines about 2 years ago while troubleshooting problems I was having. I forgot to re-enable it and picked up some random crap via drive-by install from web browsing within a few days.

Re:In after somebody says don't run Windows.

[cbiltcliffe]

Don't forget checking the state tables on your router every once in a while.

Oh...that's right; most routers don't actually let you see that information. You have to be running something actually, you know, useful. Like pfSense.

Re:In after somebody says don't run Windows.

[cbiltcliffe]

You don't need no brakes on your car to study what happens to some other guy when they crash their car.

Similarly, I don't need antivirus on my computer to reverse engineer the infected files I pulled from a client machine; which, incidentally, their antivirus said was clean, and I found them manually. (But wait! How did you find them without the antivirus telling you that they were infected?! That's unpossible!!! <head explodes>)

Re: In after somebody says don't run Windows.

[plover]

That's why NoScript, Ghostery, and FlashBlock are critical pieces of security software.

Re: In after somebody says don't run Windows.

[Luckyo]

I guess you never heard about ghostery, adblock, noscript et al?

Essentially all flash exploits come from very specific kinds of flash elements, and those are blocked by aforementioned software. For me, it's the primary reason to run adblocker. Safety.

Re:In after somebody says don't run Windows.

[ArcadeMan]

Where is the insight?

It's parked in the garage.

Re: In after somebody says don't run Windows.

[hawguy]

Any active AV software worth 5 seconds of attention watches the resident virtual memory ranges of all processes on the computer, they pick up virus signatures in both local processes and things running inside VMs unless you're running some kind of cheap AV software from the 90s that simply scans your non-volatile memory systems.

I've never heard of AV software scanning all memory pages of all processes. It seems like that would be hugely expensive in terms of CPU resources because a VM can easily touch many gigabytes of RAM in a very short term, and somehow the AV software has to compare this entire dirty page set against a database containing hundreds of thousands, if not millions of potential virus signatures. Without help from the hypervisor, it seems like this would be even harder since when it sees a dirty page, it has no idea where it came from, how it got there, or what it's doing, so it has to scan every block of data just in case it happened to be executable data.

When I was testing AV software, I played with a number of real and test viruses in my disposable VM, yet the host system never alerted on any of them.

Re:In after somebody says don't run Windows.

[ArcadeMan]

I have a separate computer that I use if I need to actively infect one.

Oh, so you're this guy.

Re: In after somebody says don't run Windows.

[ArcadeMan]

Guess you never heard of a flash exploit before?

I don't know about Matheus, but I do hear about Flash exploits but I still don't use anti-virus software. It's just safer and easier to remove Flash from your computer. Same goes for Java. And since I use OS X I don't need Adobe Reader on my system either, so that's three of the biggest security holes completely removed from my system.

Re: In after somebody says don't run Windows.

[Zontar+The+Mindless]

Haha, if you're going to use a *nix system, you might as well go with one that you actually control.

Re: In after somebody says don't run Windows.

[allcoolnameswheretak]

Yeah, I also run AdBlock for safety first, and to remove ads I will never click on anyway second. AdBlock is the most important security software for surfing the internet.

I'm sorry about the websites that depend on ad revenue. But if the advertising companies can't get their shit together and instead abstract their business model in such a way that it's impossible to know where an ad is coming from, it's their fault not mine.

Re: In after somebody says don't run Windows.

[dotancohen]

So how do I configure my graphics designer's Windows box to look like a VM so that the malware won't run?

Re: In after somebody says don't run Windows.

[Zorpheus]

Were there any security holes in these areas in the last years? I thought these simple things are safe nowadays.

Re: In after somebody says don't run Windows.

[Zontar+The+Mindless]

That's a cute but transparent attempt to sidestep the issue.

Apple says if I buy a computer from them, they'll place arbitrary restrictions on what I can do with it. This means that it might not do things that I tell it to do. This also means that it might do other arbitrary things that I don't tell it to do, or even that I tell it not to do.

You might consider these acceptable terms for the use of your general-purpose computer. I do not consider them such for mine.

If nothing else

[TheRealMindChild]

AVG is a Freemium minefield. May as well be WeatherBug. Serves a purpose, but ultimately adware

Re:If nothing else

[TheDarkener]

Agreed. I'm actually an AVG reseller for many years. I always loved them when they just stuck to what they were good at, which was solid, lightweight antivirus protection (they held out longer than most). I guess it's inevitable that they will get dollar signs in their eyes and try to produce and sell everything else under the sun (PC Tune-up, Web Tune-up, Internet Security, Anti-Spam, Firewall, blah blah blah).. Ever since they did that, their core Antivirus offering got pushed aside and now they sell adware (constant pop-ups on the desktop to purchase add-ons, for instance). I still think they're one of the best out there, but that's really not saying much IMHO. Would love to see them get back to their roots as I'd feel better recommending it to my clients.

Re:If nothing else

[dszd0g]

Even the paid version of AVG now spams pop-up advertisements. Definitely do not go with that.

I tend to use AV comparatives as one place to compare how anti-virus products are stacking up:
http://www.av-comparatives.org...

Re:If nothing else

[Virtucon]

One of the main reasons i got rid of BitDefender. They started popping shit up on your screen even though I had a paid version. Fuck that.

No need

Windows? Use Security Essentials and practice safe surfing. No need for anything else.

Re:No need

[sexconker]

EMET (also from MS) is free and effective at preventing many 0-day vulnerabilities.

Re:No need

[WolfWithoutAClause]

I think the studies show that MSE is by far the least effective... but none of the others are anything like 100% either.

Nag, nag, nag, nag

[Iamthecheese]

I've found only one free antivirus where the nag screens can be turned off and stay off. Panda has treated me right so far and if things keep going this way I'm going to buy the premium version just to support the company. It's efficient, effective, and -- most importantly -- silent.

for windows read below

The Best AV for Windows is Microsoft Security essentials which is available for Free from Microsoft for private use. Make sure your OS and apps are not left without security updates. Use Secunia PSI or alternatively Qualys browser check both free for private use. One last thing, don't use an account with admin privileges but one that has limited rights, so if your box gets pwned the attackerhas to escalate privileges before he or she can run as admin/root.

Re: for windows read below

[sexconker]

Microsoft Security Essentials is Windows Defender is System Center Endpoint Protection.
Definition updates come out every few hours.
They all catch the vast majority of shit.

EMET (also free and from MS) will prevent many of the 0-day vulnerabilities that MSE/WD/SCEP could miss until the next definition update rolls out.

Windows Defender + Malwarebytes

[LuniticusTheSane]

If you are on Windows 8.1, Windows Defender. If on Windows 7, MS Security Essentials. And supplement both with Malwarebytes. All free, and very non-intrusive.

New Laptop? Windows?

[idontgno]

I thought the included (pre-installed) Microsoft Windows Defender (or Windows Security Essentials) was already good enough.

That, plus not installing every stupid piece of malware-studded "freeware" I come across and being a bit conservative in my browsing, has always been enough since Windows 7.

Windows after 7 also has a built-in software firewall, so wouldn't seem like you'd need one of those either.

I just can't picture needing anything beyond that.

Re:New Laptop? Windows?

[nuckfuts]

I just can't picture needing anything beyond that.

While technically not an "antivirus" product in the conventional sense, Microsoft's Enhanced Mitigation Experience Toolkit adds a significant layer of defense on top of Windows.

Microsoft Security Essentials

[enter+to+exit]

Nowadays i use Microsoft's free AV, a decent browser and discretion. Unless you're particularly haphazard (like downloading random files with full Admin privileges and visiting dodgy sites with unpatched IE) that should be enough. You don't really need a full arsenal of anti-malware software anymore. Ms has tightened things up a fair bit over the last years.

A while back i tried NOD32 and was very impressed. I don't know if it's still good.

My Experience

[MightyDrunken]

I have tried a few paid options and a number of free antivirus. Nothing as yet has convinced me to use a paid option.
For Windows 8 there is no need as Microsoft Security Essentials, renamed Windows Defender, is good enough. Otherwise I use Avast, which seems to work well and comes with a few handy options like a software updater and the option to run a scan at boot time. Though it can be annoying recently as it reminds you of other paid features like VPN tunnels.

Steer clear of Norton for God's sake, it seems as bad as the disease itself. I dislike Symentec and had problems in the past with AVG. A few years back an update prevented browsers from accessing the internet.

If you think you may be infected try running a scan of the free version of Malwarebytes, it gives a good second opinion and is great at cleaning up some infections.

Avast is OK

[dwywit]

I used to use AVG until it became bloatware, then I tried Avira and it seemed to suffer stability problems, switched to Avast which was OK and didn't seem to slow things down, and then removed that when I realised how much FUD the antivirus industry uses to sell its products, and how piss-poor their products are at doing their job.

I've seen malware infections - from trivial all the way up to cryptolocker - manage to get past the "big 3" (norton/symantec, McAfee, and Trend Micro), and AVG. The only products who seem to be stable and maintain a small-ish footprint are Eset and Kaspersky.

I leave Windows defender switched on, scan once every few months with free malwarebytes, keep Cryptoprevent updated, and anything else I can remove with Combofix - not that I've had anything in over 2 years, but Combofix is what I use to repair customers' machines, then I leave them with a copy of free malwarebytes, and Cryptoprevent.

My 2 cents: avast, MWB, ABP, noscript, sandboxie

[monkeyzoo]

I'm on Windows 7. Here are my tips:

1) I have run avast real-time for years. I'm a pretty wary, sophisticated user. But it has occasionally blocked malicious elements on webpages. And it once blocked a zip attachment that I got sucked in on with a phishing email before any harm was done. I have also had it give me a few false positives over the years, which are a bit disconcerting to see and annoying until you can get things sorted out.

2) Second, I run malwarebytes scans from time to time.

3) Other prevention: adblock plus and noscript plugins.

4) For seemingly dangerous websites that I still want to be able to access, I use a Sandboxie sandbox for the browser.

Avirea (www.free-av.com) Is Great

[machineghost]

I've used Avira (free-av.com) for years (since Windows XP at least), both on my computers and my friends' and family's, and I've never gotten a virus despite visiting Bit Torrent and other questionable sites.

It's 100% free and it doesn't install malware (though it might optionally install some crapware, I forget). The only downside is that they pop an alert maybe once a day or so with different messages (the point of which is clearly to prod you to purchase the paid version). I strongly recommend getting the paid version to make those alerts go away ... but I'm embarrassed to admit that I haven't actually done as much myself (sorry Avira!).

Install an ad blocker

[complete+loony]

These days the most effective measure you can take is to install an ad blocker. That will prevent the vast majority of drive by installs. Second, I'd say you need to be very sceptical of freeware software installers. Using a service like Chocolatey to find and install popular utilities will help here. Third, I'd recommend installing Process Explorer as a replacement for the windows Task Manager. Get a feel for what programs are running in the background, and investigate anything you don't yet recognise particularly after installing something new.

Re:Not in my experience

[BenJeremy]

Non-intrusive... and ineffective. I just cleaned up my brother-in-law's machine and that was what he was using.

My preferred approach is to use Avira Free (installed with ninite.com), MalwareBytes, HiJackThis, and the no-ads hosts file from mvps.

Secondary, install Google Chrome with adblock and a good no-script type program (though I personally just use Ghostery with AdBlock)

If treating for malware, bleepingcomputer is the site to go to. Run RKill, followed by ComboFix, ADWCleaner, and TDSSKiller.

This takes care of 99% of the issues, assuming you don't HAVE to continually visit some obscure Russian porn sites.

ClamWin

[PAjamian]

ClamWin, the windows port of ClamAV which is relied on for mail scanning on just about every Linux/UNIX mail server you run across.

I think there may be a better front end that uses the ClamAV database as well, but I tend to just install ClamWin and call it a day.

Re:ClamWin

[Marginal+Coward]

Clamwin is not an active scanner and relies on it manually being ran and then removing any unwanted stuff manually.

I actually consider that a major selling point (along with being free.) Since ClamWin is non-intrusive, it happily coexists with other AV products, though some of them complain about it when your install them. So, I use ClamWin in conjunction with whatever commercial anti-virus product I happen to be running at the moment as a secondary check when I download things. It can also be used to do a second independent quick system scan.

I don't know if adding on ClamWin actually makes me any safer, but at least I feel safer. And isn't that mostly what AV products are all about?

Re:Seriously???

Uh, no. The people who recommend MSSE recommend it because they are capable of safe-browsing. MSSE will be more than effective if you don't click every link you see.

BitDefender

[Zibodiz]

I'm really surprised more people aren't recommending Bit Defender. I use the free version on my own machines and install it on customer PCs, and have had very good results from it. Never pops up asking to upgrade to a premium version, doesn't audibly announce it's updating/scanning/etc (in fact you'll only know it's there if something goes wrong). It also doesn't impact performance very much at all -- way better than Avast or AVG. According to http://www.av-comparatives.org..., they're always at the top of their game.

Start by being intelligent with your login

[damn_registrars]

Don't be like the disgusting majority of windows users who log in everytime as admin. Login with regular user access and half the viruses become helpless.

Disagree!

[King_TJ]

Malware Bytes? Yes.... Great product that really is pretty effective (especially if you can boot into "safe mode" in Windows first) at cleaning up malware.

But Windows Defender? Absolutely not. It got ranked absolute worst at detecting malware in a head to head test last year vs. something like 40 other products on the market! And just from personal experience trying to keep PCs clean in an office setting with a lot of mobile workers? It didn't even trigger on some heavily infected machines.

Personally, we use eSet NOD32, and while I won't claim it's "best" - I just feel it seems to do a reasonably good job without dragging down system performance. It's not free but not that expensive either.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Seriously???

[Luckyo]

Yes. Because these tests are pure FUD generation. These "tests" are designed specifically to give high marks to AV kit that has its heuristics engine to produce as many false positives as possible and low marks to AV kit that has a reasonable heuristics engine that looks for realistic threats and doesn't spam user with "this is a potential threat, upgrade for 9.99 now to fix" advertisements.

Reminder - home users aren't threatened by latest custom tailored malware. They are threatened by well known mass-produced threats like bitlocker. And MSE catches those just fine.

Re:Seriously???

[tlhIngan]

Yes. Because these tests are pure FUD generation. These "tests" are designed specifically to give high marks to AV kit that has its heuristics engine to produce as many false positives as possible and low marks to AV kit that has a reasonable heuristics engine that looks for realistic threats and doesn't spam user with "this is a potential threat, upgrade for 9.99 now to fix" advertisements.

Nevermind that most heuristics engines will at one point or another detect a standard (Microsoft-signed) required Windows file as a virus and promptly "quarantine" it for you. Which just means Windows will either bluescreen or render your system unusable.

And that's a problem - because now AV is interfering with your computer - and if it isn't a Windows binary that gets hosed, it's a file one of your programs you use.

No, MSE will not catch a 0 day. No antivirus can. So they use heuristics to bridge the time between it's in the wild and when they push an update that will detect it. But there's a tradeoff - too aggressive and there will be a TON of false positives. More conservative (Like MSE) and you'll be more likely to miss a threat, but less likely that you'll clobber a file you really need. And for most people, that's more than acceptable tradeoff.

Especially when you combine it with safe surfing that blocks questionable URLs - available on every browser now (either powered by Google or Microsoft) that prevent you from grabbing questionable files.

Your Linux distro of choice (free)

[Qbertino]

Need to run special software tied to the OS? No? ... Install Linux.
Really, it's that easy.

Ubuntu can be a drag, in more ways than one, but it's worth a try - and it does look really cool. Seriously.
Suse and Redhat are hassle-free to install aswell. All three are definitly more hassle-free than any Windows installation you can do thesse days.

I've got Ubuntu 14.04 on my ThinkPad. And while it can be anoying (which OS isn't?), it is way ahead of Windows in usability and you can get tons of books and free info on the web for it.

Other than that I'd recommend Mac OS X or Chrome OS - but since you already have your laptop I guess that's ruled out.

Welcome to the camp. Enjoy.