Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?

CryoKeen writes: I got a new laptop recently after trading in my old laptop for store credit. While I was waiting to check out, the sales guy just handed me some random antivirus software (Trend Micro) that was included with the purchase. I don't think he or I realized at the time that the CD/DVD he gave me would not work because my new laptop does not have a CD/DVD player.

Anyway, it got me wondering whether I should use it or not. Would I be better off downloading something like Avast or Malwarebytes? Is there one piece of antivirus software that's significantly better than the others? Are any of the paid options worthwhile, or should I just stick to the free versions? What security software would you recommend in addition to anti-virus?

In after somebody says don't run Windows.

Because I'm assuming that will be an answer.

You can fill in any particular OS as an alternative.

Re: In after somebody says don't run Windows.

Wipe the disk and run linux

Re:In after somebody says don't run Windows.

[cbiltcliffe]

That would be "in before somebody says 'don't run Windows'".

Having said that, I've run Windows (among other things) for years, and haven't run anti-virus in over a decade for two reasons:
- it's more trouble than it's worth when you know what you're doing,
- it's hard to do any kind of virus research at all when you've got antivirus trying to delete every infected file you're examining.

In the time I've not run a/v, I've never had an infection. (I never had an infection before that, either, but that's beside the point.)
I use Comodo Endpoint Security on the kids' computer, and the HTPC, but my main Windows desktop hasn't had it for years, and won't have it for the foreseeable future, either.

All my Linux machines, of course, don't run anything, except for my mail server, which has ClamAV on it, just to scan attachments.

Re:In after somebody says don't run Windows.

[Matheus]

Repeat: Best software = None.

There are people out there (many of my friends included) who need protection from such a thing because they can't put the tiniest amount of thought into what they are doing when on their computer. I do not practice safe browsing by any means, torrents and pr0n are just too much fun to leave alone ;-), but somehow manage to never get infected without any A/V software protecting me BUT I keep getting calls from friends who's machines have turned into rotting cesspools and want them cleaned. Honestly my answer lately is "Call Geek squad" because it's not worth my time or energy to scrub their waste pond just to have it rot again shortly there after and Geek Squad is cheaper than my time if I were to bill them. So for these people A/V software may be useful but honestly again most of them already have it and it didn't keep them safe anyway.

A/V DOES otoh slow down your machine, interfere with properly running processes and generally behave like the worst of viruses on its own so why willingly go down that path.

Re: In after somebody says don't run Windows.

[arglebargle_xiv]

I agree. That's exactly what virtual machines excel at.

Any malware worth its salt will detect a VM (and the presence of debuggers and other things) and refuse to run. You need to be running on a physical machine to do malware analysis.

Re:In after somebody says don't run Windows.

[Dynedain]

In the time I've not run a/v, I've never had an infection. (I never had an infection before that, either, but that's beside the point.)

That you know of. There have been many documented cases of drive-by installs, worms that infect from external media, infected installers from legitimate installers. Hell, even legitimate open source projects having their servers unknowingly hijacked and malware injected into source or binaries during download.

While some malware is geared at spamming your desktop with ads, the good stuff tries to be as unnoticeable as possible, especially for botnets or if the goal is keylogging. Today's sophisticated viruses aren't trying to wipe your machine - they're all about creating networks of vulnerability to sell later to the highest bidder.

Re:In after somebody says don't run Windows.

[LetterJ]

To the average Windows user, their computer is a means to an end. To the average Linux user, the computer IS the end.

Re: In after somebody says don't run Windows.

[Squiddie]

You should run Linux on that too.

Re: In after somebody says don't run Windows.

Oh good. Didn't realize my virtualized servers are all virus proof.

Re:In after somebody says don't run Windows.

[vux984]

I use visual and audible cues like an oddly running HDD: going by the activity light mostly using SSDs.

Because a botnet is going to need a lot of hard drive on your computer with GB of extra RAM?

Also, fan operation, CPU temp, resource monitoring stuff.

Unless you've been coopted to mine bitcoins or something, your CPU temperature isn't going to be noticeable if your part of a botnet either.

Just checking out what .exes are running and/or in startup once in a while is a good habit.

Sure it is; for the low hanging fruit. The really good stuff doesn't show up in taskmanager because its told windows not to report it. It doesn't show up in the registry editor either. And windows explorer can't see the files on disk. Or maybe it's hiding in plain sight... some common service replaced by a malware version; that still performs all the original functions, but also does something... extra.

The idea that anyone could detect anything sophisticated with "visual cues" and "checking stuff" is laughable; on any OS.

An offline scan is usually required, that flags everything not known specifically to come from a trusted vendor... and the resulting list is probably going to be overwhelming anyway for the average person / average system. Only the most secure managed environments would be able have any real confidence.

Re: In after somebody says don't run Windows.

[Billly+Gates]

Wow just, wow.

Guess you never heard of a flash exploit before? You probably think a user only has to click on something to be 0wned?

Go to any major website and you will get 0wned if an ad network is hit.

That is beyond ignorant and very dangerous advice.

Re:In after somebody says don't run Windows.

[cbiltcliffe]

I don't execute virus files on my work computer. That would be stupid. I decompile/reverse engineer/etc them.

I have a separate computer that I use if I need to actively infect one. It's not a VM (for the exact reason that some posters have already given) but I do have a Clonezilla image of it, so I can quickly wipe/reinstall after analyzing the infection.

Re: In after somebody says don't run Windows.

[plover]

That's why NoScript, Ghostery, and FlashBlock are critical pieces of security software.

Re: In after somebody says don't run Windows.

[Luckyo]

I guess you never heard about ghostery, adblock, noscript et al?

Essentially all flash exploits come from very specific kinds of flash elements, and those are blocked by aforementioned software. For me, it's the primary reason to run adblocker. Safety.

Re:In after somebody says don't run Windows.

[ArcadeMan]

I have a separate computer that I use if I need to actively infect one.

Oh, so you're this guy.

Re: In after somebody says don't run Windows.

[dotancohen]

So how do I configure my graphics designer's Windows box to look like a VM so that the malware won't run?

Re: In after somebody says don't run Windows.

[Zontar+The+Mindless]

That's a cute but transparent attempt to sidestep the issue.

Apple says if I buy a computer from them, they'll place arbitrary restrictions on what I can do with it. This means that it might not do things that I tell it to do. This also means that it might do other arbitrary things that I don't tell it to do, or even that I tell it not to do.

You might consider these acceptable terms for the use of your general-purpose computer. I do not consider them such for mine.

If nothing else

[TheRealMindChild]

AVG is a Freemium minefield. May as well be WeatherBug. Serves a purpose, but ultimately adware

Re:If nothing else

[dszd0g]

Even the paid version of AVG now spams pop-up advertisements. Definitely do not go with that.

I tend to use AV comparatives as one place to compare how anti-virus products are stacking up:
http://www.av-comparatives.org...

No need

Windows? Use Security Essentials and practice safe surfing. No need for anything else.

Nag, nag, nag, nag

[Iamthecheese]

I've found only one free antivirus where the nag screens can be turned off and stay off. Panda has treated me right so far and if things keep going this way I'm going to buy the premium version just to support the company. It's efficient, effective, and -- most importantly -- silent.

Windows Defender + Malwarebytes

[LuniticusTheSane]

If you are on Windows 8.1, Windows Defender. If on Windows 7, MS Security Essentials. And supplement both with Malwarebytes. All free, and very non-intrusive.

New Laptop? Windows?

[idontgno]

I thought the included (pre-installed) Microsoft Windows Defender (or Windows Security Essentials) was already good enough.

That, plus not installing every stupid piece of malware-studded "freeware" I come across and being a bit conservative in my browsing, has always been enough since Windows 7.

Windows after 7 also has a built-in software firewall, so wouldn't seem like you'd need one of those either.

I just can't picture needing anything beyond that.

Re:New Laptop? Windows?

[nuckfuts]

I just can't picture needing anything beyond that.

While technically not an "antivirus" product in the conventional sense, Microsoft's Enhanced Mitigation Experience Toolkit adds a significant layer of defense on top of Windows.

Microsoft Security Essentials

[enter+to+exit]

Nowadays i use Microsoft's free AV, a decent browser and discretion. Unless you're particularly haphazard (like downloading random files with full Admin privileges and visiting dodgy sites with unpatched IE) that should be enough. You don't really need a full arsenal of anti-malware software anymore. Ms has tightened things up a fair bit over the last years.

A while back i tried NOD32 and was very impressed. I don't know if it's still good.

My Experience

[MightyDrunken]

I have tried a few paid options and a number of free antivirus. Nothing as yet has convinced me to use a paid option.
For Windows 8 there is no need as Microsoft Security Essentials, renamed Windows Defender, is good enough. Otherwise I use Avast, which seems to work well and comes with a few handy options like a software updater and the option to run a scan at boot time. Though it can be annoying recently as it reminds you of other paid features like VPN tunnels.

Steer clear of Norton for God's sake, it seems as bad as the disease itself. I dislike Symentec and had problems in the past with AVG. A few years back an update prevented browsers from accessing the internet.

If you think you may be infected try running a scan of the free version of Malwarebytes, it gives a good second opinion and is great at cleaning up some infections.

My 2 cents: avast, MWB, ABP, noscript, sandboxie

[monkeyzoo]

I'm on Windows 7. Here are my tips:

1) I have run avast real-time for years. I'm a pretty wary, sophisticated user. But it has occasionally blocked malicious elements on webpages. And it once blocked a zip attachment that I got sucked in on with a phishing email before any harm was done. I have also had it give me a few false positives over the years, which are a bit disconcerting to see and annoying until you can get things sorted out.

2) Second, I run malwarebytes scans from time to time.

3) Other prevention: adblock plus and noscript plugins.

4) For seemingly dangerous websites that I still want to be able to access, I use a Sandboxie sandbox for the browser.

Avirea (www.free-av.com) Is Great

[machineghost]

I've used Avira (free-av.com) for years (since Windows XP at least), both on my computers and my friends' and family's, and I've never gotten a virus despite visiting Bit Torrent and other questionable sites.

It's 100% free and it doesn't install malware (though it might optionally install some crapware, I forget). The only downside is that they pop an alert maybe once a day or so with different messages (the point of which is clearly to prod you to purchase the paid version). I strongly recommend getting the paid version to make those alerts go away ... but I'm embarrassed to admit that I haven't actually done as much myself (sorry Avira!).

Install an ad blocker

[complete+loony]

These days the most effective measure you can take is to install an ad blocker. That will prevent the vast majority of drive by installs. Second, I'd say you need to be very sceptical of freeware software installers. Using a service like Chocolatey to find and install popular utilities will help here. Third, I'd recommend installing Process Explorer as a replacement for the windows Task Manager. Get a feel for what programs are running in the background, and investigate anything you don't yet recognise particularly after installing something new.

Re:Not in my experience

[BenJeremy]

Non-intrusive... and ineffective. I just cleaned up my brother-in-law's machine and that was what he was using.

My preferred approach is to use Avira Free (installed with ninite.com), MalwareBytes, HiJackThis, and the no-ads hosts file from mvps.

Secondary, install Google Chrome with adblock and a good no-script type program (though I personally just use Ghostery with AdBlock)

If treating for malware, bleepingcomputer is the site to go to. Run RKill, followed by ComboFix, ADWCleaner, and TDSSKiller.

This takes care of 99% of the issues, assuming you don't HAVE to continually visit some obscure Russian porn sites.

ClamWin

[PAjamian]

ClamWin, the windows port of ClamAV which is relied on for mail scanning on just about every Linux/UNIX mail server you run across.

I think there may be a better front end that uses the ClamAV database as well, but I tend to just install ClamWin and call it a day.

Re: for windows read below

[sexconker]

Microsoft Security Essentials is Windows Defender is System Center Endpoint Protection.
Definition updates come out every few hours.
They all catch the vast majority of shit.

EMET (also free and from MS) will prevent many of the 0-day vulnerabilities that MSE/WD/SCEP could miss until the next definition update rolls out.

Start by being intelligent with your login

[damn_registrars]

Don't be like the disgusting majority of windows users who log in everytime as admin. Login with regular user access and half the viruses become helpless.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Seriously???

[Luckyo]

Yes. Because these tests are pure FUD generation. These "tests" are designed specifically to give high marks to AV kit that has its heuristics engine to produce as many false positives as possible and low marks to AV kit that has a reasonable heuristics engine that looks for realistic threats and doesn't spam user with "this is a potential threat, upgrade for 9.99 now to fix" advertisements.

Reminder - home users aren't threatened by latest custom tailored malware. They are threatened by well known mass-produced threats like bitlocker. And MSE catches those just fine.

Re:Seriously???

[tlhIngan]

Yes. Because these tests are pure FUD generation. These "tests" are designed specifically to give high marks to AV kit that has its heuristics engine to produce as many false positives as possible and low marks to AV kit that has a reasonable heuristics engine that looks for realistic threats and doesn't spam user with "this is a potential threat, upgrade for 9.99 now to fix" advertisements.

Nevermind that most heuristics engines will at one point or another detect a standard (Microsoft-signed) required Windows file as a virus and promptly "quarantine" it for you. Which just means Windows will either bluescreen or render your system unusable.

And that's a problem - because now AV is interfering with your computer - and if it isn't a Windows binary that gets hosed, it's a file one of your programs you use.

No, MSE will not catch a 0 day. No antivirus can. So they use heuristics to bridge the time between it's in the wild and when they push an update that will detect it. But there's a tradeoff - too aggressive and there will be a TON of false positives. More conservative (Like MSE) and you'll be more likely to miss a threat, but less likely that you'll clobber a file you really need. And for most people, that's more than acceptable tradeoff.

Especially when you combine it with safe surfing that blocks questionable URLs - available on every browser now (either powered by Google or Microsoft) that prevent you from grabbing questionable files.