What’s the current state of Windows Anti-Virus?

One of our co-op’s clients asked me what I use for anti-virus at the moment and tips for what they should use on their Windows system.

Well, flame me now, but I don’t actually use any anti-virus at the moment: I rely on system security, firewalling and intrusion detection. The diversity of GNU/Linux software – and I use some pretty odd stuff – probably helps too. Even if I did want to run antivirus software, most of what’s available for GNU is actually aimed at detecting and preventing transmission of Windows viruses. There are few real-world GNU viruses and fewer attack opportunities left open.

Also, I prefer firewalling and fairly paranoid security settings because, like an antibiotic, an antivirus is only effective once the virus is already on your system somehow – hopefully held in quarantine by the browser or email client and not actively malignant in the processor.

There’s quite a list at http://en.wikipedia.org/wiki/Comparison_of_antivirus_software#Microsoft_Windows but I expect most of the purchase-free proprietary ones (labelled as “Free” or “Freemium” but you usually pay by watching adverts) will try to sell you upgrades, as that’s how their production is funded. If you don’t mind doing such things, you can disable the ads in at least one of them

The only very free ones I found were Immunet (also funded by upgrades – not sure if it’s actually Free and Open Source Software) and ClamWin (donation-funded) which both use the same scanning engine. If I had to use Microsoft Windows, I think I’d probably use and donate to ClamWin, install the (altruism-funded I think) Clam Sentinel alongside it and be rather cautious about what I downloaded or used online. I’m a bit worried that it doesn’t do great in reviews, though. What do/would you do?

I don’t really know about paying for security. The only paid product I’ve really seen has been Norton and that seemed no better than the ad-funded ones, still getting in the way and always trying to sell upgrades. It also irks me that there’s this huge market just to fix fundamental defects in Microsoft’s product. There’s a Microsoft Security Essentials add-on listed on Wikipedia, but it does fairly badly in this PC Magazine review – and do any of them do intrusion detection?

And finally, if you do decide to download something new, I strongly suggest getting it from a trusted source and/or triple-checking the link with wikipedia, a magazine review like CNET and a search engine. Don’t just trust a search engine, because fake antivirus software is a big way of getting viruses and worse onto computers: there’s even one calling itself “Microsoft Security Essentials 2011″!

This entry was posted in Community, Education, Training and Information, GNU/Linux and tagged , , , , , , . Bookmark the permalink.

6 Responses to What’s the current state of Windows Anti-Virus?

  1. Steven C. says:

    I haven’t been a Windows user for a long time, but you didn’t explicitly mention the crucial security appliance that works better than any AV product on any OS: the human; user awareness.

    An IDS can definitely help to stay away from usual sources of malware, if it alerts you fast enough or intervenes by blocking access. Even if malware changes frequently to avoid AV detection, its network activity is often recognisable. Malware may be distributed from, or phone home to, networks with web and/or DNS servers on a known poor-reputation network, as published by Spamhaus / Emerging Threats.

    Microsoft Security Essentials worked nicely the one time I tried it for someone’s workstation. It makes sense to use it as you’ve effectively bought it already with your Windows license. Checking on VirusTotal with a fresh sample of malware from an infected machine, it was one of very few scanners that recognised it already.

    Trying to install AV after the fact it has become infected, as described in the review, seems a little unfair. Anything sufficiently advanced could avoid removal (except reimaging the disk… hopefully). The particular sample I mentioned was not found by offline (Linux-based) boot/rescue CDs from F-Secure (old scanner version with new signatures) and Kaspersky (latest).

  2. Sam Morris says:

    I’ve always been happy with Microsoft Security Essentials. It’s unobtrusive and does real-time scanning. If ClamWin had real-time scanning I would consider using it instead. Thanks for the pointer to Clam Sentinel, I am checking it out now!

  3. Anonymous says:

    These days, I’d honestly recommend using Microsoft’s standard free anti-virus, rather than any of the third-party ones.

  4. john smith says:

    I would against using any. I’ve been using Windows since 1995 and been running Windows without any anti-things since 7/8 years ago.

    Anti-things have several side effects

    1) System instability and high resource consumption. Be doubtful when someone says that their anti-thing of choice has negligible impact on the system.

    2) False positives. Detecting harmless files as dangerous. And stopping you from accessing them even if you decide that those files are harmless (They will block the file(s) or even delete them, giving no choice). After all the anti-things know better than you.

    3) False negatives. Gives a false sense of security. Lets dangerous files pass through. People who use anti-things think that they are covered, and behave foolishly and irresponsibly. None of the anti-things are 100% accurate not even close.

    4) Microsoft product is the easy choice, but a bad one. Not only it’s plagued by the same diseases of the other anti-things, it’s also plague by the same unethical behaviour from Microsoft. It will send a list of everything that it scans back to Microsoft. Can’t disable that! A violation of privacy and consequently of unsafe product.

    5) Almost of the recent anti-things (and the reason why I call them that) will try to cover every base including the kitchen sink, They are monstrous. The joke about emacs would be better applied here.

    6) They try scaremonging you. This alone says all there’s to about this security people.

    7) Imposing their pseudo-morality on you. Filtering, censoring, etc.

    My recommendation: stay away from them!

    Window 7 is a safe environment. Use a user account instead of a administrator. Use a hardware firewall. There, easy and safe. Without the Big and Stupid brother.

  5. I haven’t done much windows admin in the last 2-3 years, so I’m only upto date really with windows 7.

    My experience from a broad base of customers, is that the two biggest thing which impact your virus vulnerability on windows are not being an administrator, and not engaging in risky activity.

    Staying with a user account doesn’t stop you getting trojan app’s/ drive-by installs running out of your profile, and they run with your personal permissions which are still permissive enough for them tot be annoying – but cleaning them is usually , just a a case of logging in as the system user and deleting them (once you’ve identified them). Hence the advice to be careful what you do.

    This is where AV apps help, as they can bock the tojan getting into the system in the first place but this is not necessarily without cost – it’s entirely possible for the malware to be missed , then picked up after and AV update, which can caused havok with roaming profilles, as the AV with then interfere with profile synchronization.

    And upto date web browser which does well in pwnium is probably a must here too, the non-admin user I had the most AV trouble with used XP, so IE 6 or 7. To put this is perspective over the course of a few years ,this user regualry had AV issues (every few months) , although a number of similarly set user across the same enterprise had little or no issues . I don’t know why , but the user was the least computer literate – but also the user who as most likely to ignore the firefox install and use IE.

  6. Pingback: What's the current state of Windows Anti-Virus?...

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy this password:

* Type or paste password here:

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>