I've been sitting on this post for a very long time.
On the right-most column of my sidebar, under "Claus's Toolbox" I've got a collection of links to specialized posts. I've covered a PC First-Aid Kit full of troubleshooting software, Boot and Rescue CD's to recover data...and maybe a dead system, System Process Tools to help peer into what's running on your system, Software Sandbox Tools to protect your system when you play where you shouldn't probably be, Virtual Machines to guide you in a safer computing environment, we've looked at My Firewall Choices for Windows machines, Anti-Rootkit Tools, and most recently, Anti-Malware Tools.
But in there has been a poor little unlinked "TBP: Anti-Virus Tools." (TBP = To Be Posted).
Time to take the wrapping off
Corporate and enterprise users most likely need corporate and enterprise powered anti-virus solutions. Big Boys. Often combined with hardware-based firewall and intrusion protection gear. Software with consoles to help manage the status of thousands of workstation clients all at one time. At my department we use Symantec Corporate Edition anti-virus software. It is very good and not the suite-monster that the home users face. It runs fast and is pretty thorough. DAT file updates could be more frequent, but it catches most stuff coming to the machines. What it doesn't repair, we can see and monitor--and respond to in person.
Home users going shopping in the stores are often confronted with an overwhelming number of anti-virus software choices. Most seem (to me) to be pandering to what has been referred to as "security theatre." By that I mean bundling firewalls, anti-virus scanners, anti-malware scanners, process guards, phishing guards, Web-ad blocking, white/black lists, identity-theft guards, etc. So in the end consumers must pick through all these elements and try to decide what provides the best protection. Unfortunately, for many users...more is less. By the time a home-pc security software suite gets installed on a pc, there are a large number of processes running, slowing the pc down. And when one element goes down, others which are interconnected, might also hang up or fail. I've done numerous repair calls where the problem ended up being with configurations on these security suites.
So what do I recommend for home-pc security?
- Get a hardware based router/firewall. I'm using a D-Link DI-604.
- Get a software based firewall.
- Get a stand-alone anti-virus application.
- Run weekly anti-malware software scans.
- If you are really having issues--run a single process-guard utility.
- Use a more secure browser based on your operating system. (Firefox, IE 7, or Opera)
- Use strong passwords, kept in a encrypted password manager. Rotate your passwords frequently.
- Practice safe surfing (you know what I mean!)
- If you can't or won't stay away from -- um -- disreputable websites -- use a sandboxed browser utility like GeSWall Personal Edition, Bufferzone, or Greenborder Pro (Consumer).
Sounds like a lot of work, but once you get it set up and get used to using them...it becomes second nature and you won't hardly notice them at all.
So, now let's go look at anti-virus tools for the home-user's Windows pc. There are LOTS out there! Time to fill in that remaining hole.
Evaluating Anti-Virus programs
With the number of choices that are out there on the Web and brick and mortar stores, choosing a dependable anti-virus program can be challenging. With new Trojans and viruses and other malicious software getting coded every day, it's a never-ending arms-race between anti-virus vendors and those who keep them in business. I doubt any virus software can provide 100% effective protection...but with some work and clever programming...they are trying hard to get close.
At the very basic level, there are three techniques anti-virus software uses to protect a system. First is to maintain and compare a section of code (executed or not) in a file against a known signature pattern that matches that virus/trojan. These are the DAT files and must be updated regularly to be effective. Implementation of this scanning can be when files are downloaded, opened, saved, accessed, or during a full or targeted system scan. Next is by monitoring file and code execution behavior...if a program operates or is code-structured in a way that matches past known bad-behavior or files, it might be blocked. This can protect a system against known unknown malicious code, but can lead to false-positives. This is sometimes referred to as heuristic-based analysis. The last is known as sandboxing. In this type of protection, the anti-virus program first executes the file in a protected simulated system environment. When the file stops, the anti-virus program analyzes the results to determine if something looks suspicious. This can be pretty system-resource intensive and slow so it generally isn't used on production systems full-time.
There are lots of good sources to get information about which anti-virus programs are good and effective...surprisingly or not...most well known ones are pretty effective.
One place to start is over at ICSA Labs. They provide certification to anti-virus vendors (and other computer security tools) through their testing labs. Check out the link on their ISCSA Certified Anti-Virus Product page to see which ones they have certified and why.
Another informative site is AV-comparatives.org Besides providing pretty charts, they also provide additional analysis on why programs got the ratings they did. Stop by and look around.
PC Magazine has provided a handy list that is pretty current of anti-virus software they have looked into. Its a very good dependable source of software and hardware information.
PC World lists their 2006 picks for the top 10 anti-virus software applications.
TopTenReviews has a handy feature-chart ranking many ($) products, which may give you information about the providers of the free versions as well.
ConsumerSearch has a busy web-page design, but does provide a November 2006 article reviewing antivirus choices with a good bit of feedback.
Do a Google search.
My point is to encourage you to form your own opinions and find what you think works best. I've made my choice (for now at least), but please...make your own informed decision...then get it on your system!
Free Anti-Virus Software - for personal use
NOTE: I'm only recommending products I am familiar with and receive generally positive reviews by trusted sources. I'm sure there are others out there as well, but these are the ones I would recommend. --Claus
- Grisoft AVG Free v7.5 - I'm going to put this at the top as it is my favorite choice and the one I use on all my personal systems. It meets my anti-virus needs on several levels. It has DAT files that are updated daily (or more frequently). It has a very fast scan-engine. The interface is pretty simple to navigate. It has a e-mail client plug-in that works on Outlook and Thunderbird mail clients (and a lot more). It uses a small amount of system resources...and it just tries to be a anti-virus scanner--not a multi-function security operations center. The few times I've run into a false-positive, I've been able to contact them and, once verified, they updated the DAT files very quickly. That customer service, for a free product, impresses me. So I'm a loyal and faithful AVGFree evangelist for now.
(the rest - in alphabetical order)
- AntiVir PersonalEdition - Nice tabbed interface and large DAT file protection, scheduling options.
- Active Virus Shield AOL/Kaspersky Lab - Free product branded by AOL and built on the award-winning Kaspersky Labs scanning engines. While I'm not a big fan of AOL, this free product has a very simple interface and the muscle of Kaspersky. That's a good combo for home users. (AOL subscription is not required to use this product!)
- Avast! 4 Home Edition - Probably would be my personal 2nd choice. IM, network and Internet shields, quarantine support of malicious files, automatic updating, handy system integration for file scanning, effective automatic cleaning of most infections. And it supports custom skins.
- BitDefender 8 Free Edition - Uses the same scanning engine of their other ($) products. Supports av scanning and removal, scanning scheduling, on-demand scanning, skinning, and quarantines. "BitDefender 8 Free Edition is technically an on-demand virus scanner, which is best used in a system recovery or forensics role." It does not provide "real-time" system protection...so keep that in mind. Since it does support scan-scheduling, I'm listing it here. This might run lighter on systems with lower memory.
- ClamWin Free Antivirus - Drawback? Well, it also is an "on-demand" scanner, so don't look for it to keep your system safe "real-time". Also, it still has a Win98/2000 GUI interface that just doesn't seem up to date. But getting past those points, it does have some positive things going: 1) Built on open source code. 2) Scans can be scheduled (which is why I'm including it here). 3) Automatic updating of DAT files. 4) Add in support for Outlook and menu integration to Windows Explorer.
- Comodo Antivirus 1.1 beta - Comodo is trying to make a growing name for itself in the pc-security field with home users. This product has a beautiful interface that is great for home pc users overwhelmed by techy-looking layouts. It is warm and says "XP" very nicely. Automatic updating is supported. Email scanning capabilities, on-demand and live-access scanning, process monitoring, worm blocking, download file scanning, and quarantine protections--all for free. Not a bad package!
- Computer Associates - CA Anti-Virus 2007 - Offered exclusively for Microsoft customers, this product is free to use for 1 year. That's not a bad deal at all. If you like the product, you can sign up for a paid ($) and very reasonable subscription for updates. CA is one of the big-league corporate AV protection providers in the industry...so getting a product of that class for free, for home, for a year is a great deal. More product information here.
- PC Tools AntiVirus Free Edition - Just found this one. Real-time protection, scanning and removal, email scanning as well. -updated 01-20-07
On-Demand/Portable Anti-Virus Scanning/Cleaning Tools - USB "Friendly"
These are more feature-limited anti-virus utilities. Most user's wouldn't want to use any of these as their primary anti-virus protection solutions. In most cases these would be better suited for using as backups to re-scan a system, or to use as a "second-opinion". That said, I would keep them all handy on a USB stick, just in case.
- Avast! Virus Cleaner - This is not an application most users would use as their primary AV protection. Nevertheless, it does provide wonderful system-disinfection muscle when needed on specifically targeted worms. Keep in on a USB stick, just in case.
- BartPE - McAfee Command Line GUI interface scanner - OK. This is going to take a moment to explain. BartPE is a XP-PE based "LiveCD" for system recovery purposes. It's great. Go make one. In it is a "plugin" that provides a GUI interface to McAfee's command-line scanning tool and DAT files. If you want, make the BartPE disk, or just download and unpack the program. Then take the McAfee Plugin and place it on your hard-drive or USB stick and keep it updated per the instructions with the latest McAfee SuperDAT files. Its easy to do and is a powerful scanning tool. Super-Duper handy and great!
- ClamWin AV Portable USB version - (See features listed above.) Great for emergencies or as a backup, 2nd pass scanner for an infected system. I keep this one on my USB sticks!
- KL-Detector - Again, not really a virus-scanner, but might be helpful to see if a key-logger has been installed on your system. USB drive friendly.
- McAfee AVERT Stinger - Standalone single-file scanner provides targeted scanning for specific infections. Updated periodically.
- McAfee AVERT Tools and Utilities - more standalone tools, targeted for specific threats.
- McAfee Rootkit Detective Beta - While not "technically" a virus, rootkits can be just as bad so I'm tossing this brand-new find in here. "McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system."
- Microsoft Windows Malicious Software Removal Tool - updated monthly. Good resource to have...just in case...but not as fully featured as some of the others listed here.
- Sophos Anti-Rootkit - another rootkit scanner.
- Symantec Removal Tools - Like McAfee, Symantec provides some incredible, targeted, virus-specific removal tools for free. Check the list and get what you need.
- Sysinternals RootkitRevealer - (Microsoft) It's from the geniuses at Sysinternals. What more do you need to know? Wonderful tool!
- Trend Micro System Cleaner - "The Trend Micro System Cleaner can be used to scan computers for possible virus infections. This cleaner maybe downloaded and used by PC-cillin and non-PC-cillin users." Can be updated with new DAT files pretty easily. See link for details.
On-Line Web-Based File Scanning
Many of the larger Anti-Virus software providers offer web-based solutions for free as well to scan your system. These are usually Java or ActiveX based. Depending on your bandwidth speed and system configuration...these can run very fast or deathly slow...even worse if a system is infected. However there are some good reasons why you should keep this option in mind.
- You have an suspected/suspicious file that you think may be malicious, but your AV scanner isn't getting a hit.
- Your AV software is reporting it to be malicious--but you don't think it is.
- You are troubleshooting a system and don't have access to any of your AV tools kept on your USB stick and downloading and installing one of the av options listed is not an option.
Soon I will post a list of these on-line scanning resources...but for now I am going to offer links to just a few of the many sources I most frequently run-files to test on-line.
- FortiClient Anti-Virus Online - Limited to 1MB file sizes or less. Nice service. Uploaded files are sent to a dedicated server where it will be scanned using FortiClient Anti-Virus.
- Jotti - Online malware scan - Jotti runs the file against 15 different anti-virus vendor's scanning engines. It is a great place to check a file and get the "big-picture" on it's condition. Drawback -- service is very slow at times.
- Norman Sandbox Information Center - Nicely done.
- VIRUSTOTAL - Free Online Virus and Malware Scan - Nice and fast service.
Ahh. What is the home-user to do to see if their anti-virus program is working? I don't recommend going and downloading viruses, trojans and like to play around with. Don't do it.
You can however safely use the EICAR anti-virus test file. It's safe and harmless and should trigger an alert in most all anti-virus programs. Leave the rest to the pros.
Commercial ($-$$$) Anti-Virus Product List
By this time you are probably wondering why, with such a fantastic selection of free anti-virus applications and utilities, why would I list ones that cost $? Well. Easy. Some home-pc users want a trusted AV source and are quite happy paying for it. Commercial and small-business/home office users almost certainly might not meet the licensing requirements to use some of those applications on their systems. So the following list is of anti-virus vendors that I would trust on a corporate/office pc system, or have been listed by ICSA Labs as effective. No comments/recommendations otherwise...this post is getting too long!
- AEC TrustPort Antivirus
- BullGuard Antivirus
- Dr.Web Anti-virus
- ESET NOD32 Antivirus Software
- F-PROT Antivirus
- F-Secure Internet Security
- G DATA AntiVirus Kit
- Kaspersky Labs Anti-Virus
- McAfee - Antivirus Software
- NORMAN Antivirus
- Panda Antivirus 2007
- Sophos - anti-virus
- Symantec Corporation Anti-Virus Solutions
- Trend Micro AntiVirus
- VirusBlokAda AntiVirus
- Windows Live OneCare
There you go! Whew. Hope it was worthy of your time!
As a final note, some of the vendors who offer free anti-virus applications will require you to register your information before you are allowed to download the file. That seems like a fair exchange. Others require registering once downloaded to obtain a free license key. Fair enough, as well.
Many of the not-free products I listed also provide free time-limited trials. If you want to take a pass on one of the free versions because a for-pay version looks to better meet your needs...give it a whirl.
Just don't install more than one anti-virus program (standalone/on-demand utilities excepted) on your system at one time. Others have done that, but that's asking for system conflicts in my humble opinion.