Free security software 'as good as commercial brands'

[Mark]

Bottom line is still "How much are you willing to mess with it?"

I agree the heuristic approach and the sandbox are both the only future path
that will result in leaving valuable computer resources to the user, but...

Since installation of ESET AV, I've caught one trojan before it was
installed and had one false positive which took me an hour to overcome so I
could use the file.

McAfee and Norton continuously asked me questions that most users (meaning
my wife) would blithely answer "Deny." This eventually required my
intervention to get valid programs working again.

Spybot is only good in that it is free. It misses as much as it catches
since it looks for a particular type of file.

Sphinx was beyond the casual user.

Notice the trend...
....ease of use...

It has to do it's job without my input and be correct at doing it. When that
one comes along, let me know.

 

[Steve Riley [MSFT]]

{...deleting a bunch of other stuff...}

http://www.consumersearch.com/www/software/antivirus-software/
Best antivirus software for experts. Reviews unanimously agree that NOD32
is as good as or
better than Kaspersky Anti-Virus in all but one area: Reviews say NOD32
has a very hard-to-use
interface. Although computer experts say NOD32 offers great protection, no
system drain and no
software conflicts, most users will be confused by its unintuitive and
confusing interface and
controls. That puts NOD32 out of contention for anyone but sophisticated
computer users.

"Best anti-virus software for experts." This is a really curious position to
take. I've been involved in computer security--as a practitioner, a
consultant, and an instructor/speaker--for several years. I feel fairly
confident in calling myself an expert. I don't run anti-malware on any of my
own computers. Why not? It's simple: I know what to click and what to skip,
what to visit and what to avoid. I have control over what I choose to open,
what I choose to load, and what I choose to run. And yeah, before the
question arises, every four months or so I run a scan, and I've never gotten
infected with anything.

Now don't think that I run totally naked (the other residents of my house
probably would object, and I shudder to imagine how hot the laptop would
feel *then*, haha). Because there's no way to control what someone else
might throw at my Ethernet port, I do run the Windows firewall. I also run
with UAC enabled because I want IE's protected mode, but I configure the
policy to elevate without prompting.

Am I saying that anti-malware is useless? Absolutely not. In many instances,
and for many people, it's still necessary. But we can't ignore the fact that
malware is getting more sophisticated. Nor can we ignore the fact that, as I
have this conversation with other security experts and similarly-minded
folk, I often ask this question: "When's the last time your AV or AS
detected anything?" Invariably, the answer is, "Never."

 

[Mark M Morse]

Perhaps I'm lucky because retailers in my area routinely offer free
computer-security software (i.e., I pay the sales tax and submit a
rebate form on-line or by mail, and the purchase price returns to me
by check). I use separate systems for e-mail, financial
transactions, responding to SPAM, personal correspondence,
mathematics and tutoring, rebate processing, testing
freeware/shareware, games, etc. (Oh, that's a bit exaggerated;
there is some overlap -- except for the SPAM and financial systems.)
Using so many systems let's me evaluate a variety of security
software under different operating systems and different hardware
profiles.

Of course, commercial subscriptions eventually expire, but, even if
I had to pay for any of these products, I would still choose to use
one of them over freeware. In general, I do not believe that
developers of freeware can invest enough resources in researching
and responding to new threats to be able to surpass what is done by
many commercial developers. Also, while there are a few freeware
developers who produce good documentation and provide above-average
technical support, in my experience most do not. With the exception
of Windows Live OneCare, all the documentation and technical support
for the commercial products that I've used so far is very good.

Anyway, I'm trying out two Computer Associates products (with two
more still in the box), one Norton product (with two more still in
the box), Windows Live OneCare, one Webroot product (with one more
still in the box), Kaspersky, McAfee, and Trend Micro. So far, I
like Kaspersky the best, and I'm least impressed with Windows Live
OneCare.

Keep those rebates coming!

~ Mark


Julian wrote, in part:

 

[MICHAEL]

* Steve Riley [MSFT]:

{...deleting a bunch of other stuff...}


"Best anti-virus software for experts." This is a really curious position to
take. I've been involved in computer security--as a practitioner, a
consultant, and an instructor/speaker--for several years. I feel fairly
confident in calling myself an expert. I don't run anti-malware on any of my
own computers. Why not? It's simple: I know what to click and what to skip,
what to visit and what to avoid. I have control over what I choose to open,
what I choose to load, and what I choose to run. And yeah, before the
question arises, every four months or so I run a scan, and I've never gotten
infected with anything.

Now don't think that I run totally naked (the other residents of my house
probably would object, and I shudder to imagine how hot the laptop would
feel *then*, haha). Because there's no way to control what someone else
might throw at my Ethernet port, I do run the Windows firewall. I also run
with UAC enabled because I want IE's protected mode, but I configure the
policy to elevate without prompting.

Am I saying that anti-malware is useless? Absolutely not. In many instances,
and for many people, it's still necessary. But we can't ignore the fact that
malware is getting more sophisticated. Nor can we ignore the fact that, as I
have this conversation with other security experts and similarly-minded
folk, I often ask this question: "When's the last time your AV or AS
detected anything?" Invariably, the answer is, "Never."

Steve,

I have two friends who claim to have never used an AV in real-time
protection mode. One is still using Win2000 and the other WinXP,
neither one has ever been infected. Like you, they may run a scan
from time to time. It has been quite awhile since I have actually seen
my AV catch anything, except for my own testing when I purposely
throw critters at it.

The keys are having IE locked down, don't be stupid with email,
get behind a router. Software firewall (some will say that's not necessary
if you're behind a router). Some folks just have very bad surfing habits, too-
they go to shady sites, want to download "free" stuff that comes with
a critter payload, and click on this and that without thinking and/or
paying attention.

While an AV isn't perfect or foolproof, I'd rather have that extra bit
of security than not.


-Michael

 

[Leythos]

While an AV isn't perfect or foolproof, I'd rather have that extra bit
of security than not.

In more than 30 years of working with computers I can honestly say that
my own computers have only alerted to malware 2 times in all those
years.

I've seen thousands of compromised machines, but, following the well
known standards on security, I've managed to keep all of my own
computers and all of our clients computers free from malware all this
time.

Yes, we always run active AV scanners, firewalls that strip attachments
from Emails, block downloads via HTTP/HTTPS, don't allow FTP or P2P
apps, etc...

AV software, active, quality, does provide protection when you are
unable to remain behind your very secure network, and it helps keep you
safe if you're not able to secure your machines while doing work that
can't be locked down.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)

 

[R. C. White]

Hi, Steve.

I'm certainly no expert, although I've been using personal computers since
the original TRS-80 in December 1977 and online since at least 1979. There
was no AV software in the beginning, of course, but I started using Norton
Utilities in the mid-1980s, when Peter was still writing them. At some
point I started using Norton Anti-Virus and continued until 2006, when my
subscription to NIS 2005 expired before Symantec got around to making it
work with WinXP x64 - or with the Vista beta I was testing. Since then, I
also have been "Running Bear". ;^}

The only virus I ever had in that 30 years was from a floppy disk given me
by a professor, who had received it from a student. The virus was quickly
discovered and dispatched with no ill effects. It helps that I'm just one
guy with one computer and no network but the Internet.

In my opinion, the best anti-virus - for me, at least - is simply
"practicing safe hex". In addition to the other benefits of running without
AV, I enjoy not having a drag on my system's performance, not having to
respond to false alarms, not having to constantly update the programs and
definitions, and - perhaps most of all - being able to focus on identifying
and solving the REAL cause of any computer problems, rather than saying, "It
must be the AV messing up - again!"

No, I don't advocate running bare for everybody, especially newbies and
immature users who can't recognize threats and can't - or won't - control
their curiosity. Or for anyone who must share their computer with others
who may not be as careful. But it works for me.

RC
--
R. C. White, CPA
San Marcos, TX
(e-mail address removed)
Microsoft Windows MVP
(Running Windows Live Mail beta in Vista Ultimate x64)

 

[Gary VanderMolen]

I'm certainly no expert, although I've been using personal computers since the original TRS-80 in December 1977 and online since
at least 1979. There was no AV software in the beginning, of course, but I started using Norton Utilities in the mid-1980s,
when Peter was still writing them. At some point I started using Norton Anti-Virus and continued until 2006, when my
subscription to NIS 2005 expired before Symantec got around to making it work with WinXP x64 - or with the Vista beta I was
testing. Since then, I also have been "Running Bear". ;^}

The only virus I ever had in that 30 years was from a floppy disk given me by a professor, who had received it from a student.
The virus was quickly discovered and dispatched with no ill effects. It helps that I'm just one guy with one computer and no
network but the Internet.

My experience has been similar to yours. My one and only infection was
in 1980 from a boot sector virus on a floppy disk received from a friend.
I quit using Norton AV in 2003 shortly after they instituted their activation
requirement.

 

[...winston]

Ah..the good old days of Ask Beep and Verify.

I've still a build of NSW2006 on an XP sp2 machine without any Windows
or OE issues.
- all email, office, and messenger scanning is disabled.

The sole issue was transferring large files(2GB+) from a different
networked pc to a slave drive partition connected to the XP/NSW machine.
Doing so lit up the Internet Worm Protection(IWP) blocking. A rule based
on ip address corrected it, though IWP interface is about as archane as
manually configuring Windows Firewall, thus turning off IWP may work
better for most)

The only other issue was self-induced...forgetting to disable Recycle
Bin protection and/or hide a slave drive partition with a dual boot
Vista RC2. The Norton Recycle Bin and true to its recommended
compatibilty couldn't/wouldn't empty Vista's files.

...winston
MS-MVP Windows Live Mail

 

[Mark M Morse]

Hi RC:

If any of my various security software caused those issues on the
system it monitors, then I would probably spread my computer usage
over even more systems so that I, too, could uninstall that source
of irritation.

What are the other benefits of running without AV that you enjoy?

Cheers,

~ Mark


R. C. White wrote, in part:

 

[R. C. White]

Hi, Mark.

Other? The ones I've listed pretty well cover it. Except for the sense of
freedom - but remember, freedom and security are the opposite ends of the
seesaw: The more of one, the less of the other. I have to accept the fact
that, at any moment, I could learn that my system has been compromised by
some malware that a good AV could have stopped. So far, so good, after 30
years, but it could happen today.

I've left my classic 1957 TBird with the top off parked in downtown LA, too,
but I sure don't recommend it to others. The only time I've suffered a
theft loss was when someone opened my garage door at night (the only night I
forgot to lock it!) and took the hardtop and fender skirts off the car. :>(

RC
--
R. C. White, CPA
San Marcos, TX
(e-mail address removed)
Microsoft Windows MVP
(Running Windows Live Mail beta in Vista Ultimate x64)

 

[Mark]

(Different Mark)
I went for about 15 years (starting with a TRS-80 myself) before I managed
to trip onto a malicious website that provided me with a package deal. Lost
all my data. Took about 2 hours (back then) to reload everthing and put some
protection in place. Never got hit again until I opened an e-mail attachment
sent by dear old mom. So much for protection.

Lesson learned... make full backups. Takes twenty minutes to restore
everything.
... don't use default installation directories.
... get a second hard drive and place all "data" (not
executables) on that drive.

We'll see if that gets me another 15 years.

PS. Was the TBird topless in LA before or after the garage?

 

[R. C. White]

Hi, (Different) Mark.

Dear old Mom, eh? My standard advice to newbies is to don't open
attachments unless you trust the sender TWO ways. First, that she would not
harm you intentionally, and second, that she is computer-savvy and careful
enough to not do it unintentionally. Still, I recognize that something
could still slip by all my defenses - and my "safe hex" caution. :^{

Visiting my elderly aunt, who struggles with the Dell her late husband left,
I see all those true spam messages PLUS the AOL "spam" from her niece,
forwarding bundles of "send this to everybody you know", with everybody's
addresses - maybe 50 or maybe hundreds of her closest friends and their
closest friends and their... ad infinitum. There ain't no way an AV can
protect her from those, because she will disable the AV long enough to read
the inspirational message. Gotcha! :>(

PS. Was the TBird topless in LA before or after the garage?

I don't recall. I bought the car in '72 and we moved away from California
in 1980, so it was in that time-frame. The top was stolen in about 1975.
The only insurance claim I've had, while paying premiums for 35 years.

RC
--
R. C. White, CPA
San Marcos, TX
(e-mail address removed)
Microsoft Windows MVP
(Running Windows Live Mail beta in Vista Ultimate x64)

 

[Ken Blake, MVP]

Hi, (Different) Mark.

Dear old Mom, eh? My standard advice to newbies is to don't open
attachments unless you trust the sender TWO ways. First, that she would not
harm you intentionally, and second, that she is computer-savvy and careful
enough to not do it unintentionally.

I go much farther than you, RC. I recommend to everyone--newbies and
experts alike--that they don't open attachments at all (of course,
unless their job requires them to do so). Even someone who is both
computer and careful is capable of making a mistake now and then.

That's my personal practice, although I admit that I make an
occasional exception, but only for people who fall into both your
categories above.

You often see advice not to open attachments from people you don't
know. I think that that's one of the most dangerous pieces of advice
you see around, because it implies that it's safe to do the
opposite--open attachments from friends and relatives. But many
viruses spread by sending themselves to everyone in the infected
party's address book, so attachments received from friends are perhaps
the *most* risky to open.

 

[Mark M Morse]

Hi RC:

You referred to other benefits, but you did not list them. My
question regards your reference.

~ Mark


R. C. White wrote, in part:

 

[R. C. White]

Hi, Mark.

As I said in my later post, the benefits I've listed pretty well cover it.
Unless you count not having to pay for NIS or other malware protection. I
used the catchall word, "other", because none of the "others" were important
enough to list individually. I probably should have said "in addition to
any other benefits", just to scoop up any that I might have overlooked,
rather than imply that there were some significant others.

RC
--
R. C. White, CPA
San Marcos, TX
(e-mail address removed)
Microsoft Windows MVP
(Running Windows Live Mail beta in Vista Ultimate x64)

 

[Donald McDaniel]

Assuming that the numbers relate to how good the product is as used by the
average person, and not just by the amount of features present as I
suspect they are, then Zonealarm shouldn't score any higher than XP or
Vista Firewall..

Zonealarm may well be more capable, but if the user doesn't take advantage
of ALL of the features, most capability is lost. I always set my local
clients up with AVG or Avast, Windows Defender, and the resident Windows
firewall. At least these four hardly require user intervention of any
kind, and will chug along in the background protecting them far more than
a bunch of hard to use, hard to set up, hard to understand utilities, none
of which the average user will even look at during a year.




--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

Why don't you like NOD32 as the AV product you include? Because it is a
commercial product?
I like to think this way about "free software": One usually gets what he
pays for. If he pays nothing, he will probably get "nothing".

Donald McDaniel

 

[Donald McDaniel]

I'd beg to differ. It turned my father's PC to treacle. It (NOD32) was one
of the more highly acclaimed ones last year...but a recent PC Pro review
put it rather low down...OK...not as low as Norton! ;-)

I personally use AVG, Windows Firewall, Windows Defender and my router's
hardware firewall. I then periodically use Ad-aware and Spybot S&D.

JW A

A few questions:
1) What is "PC Pro"? Some blog on the Internet?
2) Pages dedicated to Antivirus testing put NOD32 at the top, not the
bottom. Why does "PC Pro"?
3) Is this "PC Pro" dedicated to Security testing? Something tells me it is
nothing more than a mass-distribution rag, which usually are supported by
advertisers, not users.
4) Why would anyone in their right mind prefer to use AVG rather than a
superior product like NOD32?

Donald McDaniel

 

[dennis@home]

Why don't you like NOD32 as the AV product you include? Because it is a
commercial product?
I like to think this way about "free software": One usually gets what he
pays for. If he pays nothing, he will probably get "nothing".

How do you define probably?
There is lots of good free software for windows and other OSes.
To just say that you get what you pay for is vague and pointless.

 

[Robert Moir]

A few questions:
1) What is "PC Pro"? Some blog on the Internet?

A well known UK computer magazine with a technical slant and a high
readership. I can't help thinking that 30 seconds with google would have
told you that.

2) Pages dedicated to Antivirus testing put NOD32 at the top, not the
bottom. Why does "PC Pro"?

It didn't put it at the bottom IIRC. As for the reasons, you'd have to read
the review.

3) Is this "PC Pro" dedicated to Security testing? Something tells me it
is nothing more than a mass-distribution rag, which usually are supported
by advertisers, not users.

I love finding fault in these magazines where review rankings are linked to
advertising revenue but I can't find much fault with PC Pro (I'm speaking in
general terms, I haven't analysed the particular tests being discussed
here).

It isn't a dedicated security magazine (though its writers for each area it
covers are experts in their own fields so the security writer is actually
pretty good on security). It isn't perfect - but then what is? It is,
however, considerably much better than every other mainstream magazine in
this regard.

4) Why would anyone in their right mind prefer to use AVG rather than a
superior product like NOD32?

Well this may come as a shock but the world is a very big place with lots of
people in it, and not all of them see the world the way you do. I accept
that sometimes this makes them foolish and wrong, but you have to accept
there is more than drumbeat in the world than the one you march to.

They might find AVG to be cheaper, they might find NOD32's interface to be
too difficult to get on with, they might not know enough about the risks
they face to realise the value of spending money on pay-for AV when free
products are available. That's their choice.