Slashdot Mirror
Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?
CryoKeen writes: I got a new laptop recently after trading in my old laptop for store credit. While I was waiting to check out, the sales guy just handed me some random antivirus software (Trend Micro) that was included with the purchase. I don't think he or I realized at the time that the CD/DVD he gave me would not work because my new laptop does not have a CD/DVD player.
Anyway, it got me wondering whether I should use it or not. Would I be better off downloading something like Avast or Malwarebytes? Is there one piece of antivirus software that's significantly better than the others? Are any of the paid options worthwhile, or should I just stick to the free versions? What security software would you recommend in addition to anti-virus?
Anyway, it got me wondering whether I should use it or not. Would I be better off downloading something like Avast or Malwarebytes? Is there one piece of antivirus software that's significantly better than the others? Are any of the paid options worthwhile, or should I just stick to the free versions? What security software would you recommend in addition to anti-virus?
AVG is a Freemium minefield. May as well be WeatherBug. Serves a purpose, but ultimately adware
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Windows? Use Security Essentials and practice safe surfing. No need for anything else.
Wipe the disk and run linux
If you are on Windows 8.1, Windows Defender. If on Windows 7, MS Security Essentials. And supplement both with Malwarebytes. All free, and very non-intrusive.
I thought the included (pre-installed) Microsoft Windows Defender (or Windows Security Essentials) was already good enough.
That, plus not installing every stupid piece of malware-studded "freeware" I come across and being a bit conservative in my browsing, has always been enough since Windows 7.
Windows after 7 also has a built-in software firewall, so wouldn't seem like you'd need one of those either.
I just can't picture needing anything beyond that.
Welcome to the Panopticon. Used to be a prison, now it's your home.
That would be "in before somebody says 'don't run Windows'".
Having said that, I've run Windows (among other things) for years, and haven't run anti-virus in over a decade for two reasons:
- it's more trouble than it's worth when you know what you're doing,
- it's hard to do any kind of virus research at all when you've got antivirus trying to delete every infected file you're examining.
In the time I've not run a/v, I've never had an infection. (I never had an infection before that, either, but that's beside the point.)
I use Comodo Endpoint Security on the kids' computer, and the HTPC, but my main Windows desktop hasn't had it for years, and won't have it for the foreseeable future, either.
All my Linux machines, of course, don't run anything, except for my mail server, which has ClamAV on it, just to scan attachments.
"City hall" in German is "Rathaus" Kinda explains a few things......
Nowadays i use Microsoft's free AV, a decent browser and discretion. Unless you're particularly haphazard (like downloading random files with full Admin privileges and visiting dodgy sites with unpatched IE) that should be enough. You don't really need a full arsenal of anti-malware software anymore. Ms has tightened things up a fair bit over the last years.
A while back i tried NOD32 and was very impressed. I don't know if it's still good.
I'm on Windows 7. Here are my tips:
1) I have run avast real-time for years. I'm a pretty wary, sophisticated user. But it has occasionally blocked malicious elements on webpages. And it once blocked a zip attachment that I got sucked in on with a phishing email before any harm was done. I have also had it give me a few false positives over the years, which are a bit disconcerting to see and annoying until you can get things sorted out.
2) Second, I run malwarebytes scans from time to time.
3) Other prevention: adblock plus and noscript plugins.
4) For seemingly dangerous websites that I still want to be able to access, I use a Sandboxie sandbox for the browser.
These days the most effective measure you can take is to install an ad blocker. That will prevent the vast majority of drive by installs. Second, I'd say you need to be very sceptical of freeware software installers. Using a service like Chocolatey to find and install popular utilities will help here. Third, I'd recommend installing Process Explorer as a replacement for the windows Task Manager. Get a feel for what programs are running in the background, and investigate anything you don't yet recognise particularly after installing something new.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Non-intrusive... and ineffective. I just cleaned up my brother-in-law's machine and that was what he was using.
My preferred approach is to use Avira Free (installed with ninite.com), MalwareBytes, HiJackThis, and the no-ads hosts file from mvps.
Secondary, install Google Chrome with adblock and a good no-script type program (though I personally just use Ghostery with AdBlock)
If treating for malware, bleepingcomputer is the site to go to. Run RKill, followed by ComboFix, ADWCleaner, and TDSSKiller.
This takes care of 99% of the issues, assuming you don't HAVE to continually visit some obscure Russian porn sites.
Repeat: Best software = None.
There are people out there (many of my friends included) who need protection from such a thing because they can't put the tiniest amount of thought into what they are doing when on their computer. I do not practice safe browsing by any means, torrents and pr0n are just too much fun to leave alone ;-), but somehow manage to never get infected without any A/V software protecting me BUT I keep getting calls from friends who's machines have turned into rotting cesspools and want them cleaned. Honestly my answer lately is "Call Geek squad" because it's not worth my time or energy to scrub their waste pond just to have it rot again shortly there after and Geek Squad is cheaper than my time if I were to bill them. So for these people A/V software may be useful but honestly again most of them already have it and it didn't keep them safe anyway.
A/V DOES otoh slow down your machine, interfere with properly running processes and generally behave like the worst of viruses on its own so why willingly go down that path.
ClamWin, the windows port of ClamAV which is relied on for mail scanning on just about every Linux/UNIX mail server you run across.
I think there may be a better front end that uses the ClamAV database as well, but I tend to just install ClamWin and call it a day.
Windows is a bonfire, Linux is the sun. Linux only looks smaller if you lack perspective.
I agree. That's exactly what virtual machines excel at.
Any malware worth its salt will detect a VM (and the presence of debuggers and other things) and refuse to run. You need to be running on a physical machine to do malware analysis.
That you know of. There have been many documented cases of drive-by installs, worms that infect from external media, infected installers from legitimate installers. Hell, even legitimate open source projects having their servers unknowingly hijacked and malware injected into source or binaries during download.
While some malware is geared at spamming your desktop with ads, the good stuff tries to be as unnoticeable as possible, especially for botnets or if the goal is keylogging. Today's sophisticated viruses aren't trying to wipe your machine - they're all about creating networks of vulnerability to sell later to the highest bidder.
I'm out of my mind right now, but feel free to leave a message.....
To the average Windows user, their computer is a means to an end. To the average Linux user, the computer IS the end.
The Glass is Too Big: My Take on Things
Microsoft Security Essentials is Windows Defender is System Center Endpoint Protection.
Definition updates come out every few hours.
They all catch the vast majority of shit.
EMET (also free and from MS) will prevent many of the 0-day vulnerabilities that MSE/WD/SCEP could miss until the next definition update rolls out.
You should run Linux on that too.
Oh good. Didn't realize my virtualized servers are all virus proof.
I use visual and audible cues like an oddly running HDD: going by the activity light mostly using SSDs.
Because a botnet is going to need a lot of hard drive on your computer with GB of extra RAM?
Also, fan operation, CPU temp, resource monitoring stuff.
Unless you've been coopted to mine bitcoins or something, your CPU temperature isn't going to be noticeable if your part of a botnet either.
Just checking out what .exes are running and/or in startup once in a while is a good habit.
Sure it is; for the low hanging fruit. The really good stuff doesn't show up in taskmanager because its told windows not to report it. It doesn't show up in the registry editor either. And windows explorer can't see the files on disk. Or maybe it's hiding in plain sight... some common service replaced by a malware version; that still performs all the original functions, but also does something... extra.
The idea that anyone could detect anything sophisticated with "visual cues" and "checking stuff" is laughable; on any OS.
An offline scan is usually required, that flags everything not known specifically to come from a trusted vendor... and the resulting list is probably going to be overwhelming anyway for the average person / average system. Only the most secure managed environments would be able have any real confidence.
Wow just, wow.
Guess you never heard of a flash exploit before? You probably think a user only has to click on something to be 0wned?
Go to any major website and you will get 0wned if an ad network is hit.
That is beyond ignorant and very dangerous advice.
http://saveie6.com/
I don't execute virus files on my work computer. That would be stupid. I decompile/reverse engineer/etc them.
I have a separate computer that I use if I need to actively infect one. It's not a VM (for the exact reason that some posters have already given) but I do have a Clonezilla image of it, so I can quickly wipe/reinstall after analyzing the infection.
"City hall" in German is "Rathaus" Kinda explains a few things......
That's why NoScript, Ghostery, and FlashBlock are critical pieces of security software.
John
Yes. Because these tests are pure FUD generation. These "tests" are designed specifically to give high marks to AV kit that has its heuristics engine to produce as many false positives as possible and low marks to AV kit that has a reasonable heuristics engine that looks for realistic threats and doesn't spam user with "this is a potential threat, upgrade for 9.99 now to fix" advertisements.
Reminder - home users aren't threatened by latest custom tailored malware. They are threatened by well known mass-produced threats like bitlocker. And MSE catches those just fine.
So how do I configure my graphics designer's Windows box to look like a VM so that the malware won't run?
It is dangerous to be right when the government is wrong.