Register's Round Up?
How about The Register doing a round up of free AV products? I've used AVG for a few years, but they're getting more bloated over time. It'd be good to see what's the best alternative.
An update from AVG on Wednesday night rendered 64 bit Windows 7 systems unstable after it was applied. Several Register readers have been affected by the problem, which leaves machines in a continuous reboot loop. AVG has pulled the problem update (3292) and published an advisory apologising for the cock-up and providing …
I've presonally used AVG on a few PCS, as well as Avira and Avast. Some are more effective then others at certain things, but on average they're all pretty much the same level of protection. OKish, but not a "catch all". AVG does seem to guzzle slightly more resources than the rest, but it's not a huge amount.
All of them have created problems though when I've recommended them to other users - they keep getting plagued by the ads along the lines of "your computer would be more protected if you paid us money and moved to this option", or couldn't work out the subscription renewal process. So in past years I've been recommending MS Security Essentials instead of the other offerings. Although it's a MS product it's roughly as effective as the rest, not particularly resource hungry and doesn't show unsolicted ads nag you for subscription stuff. (and as a bonus, updates itself using the Windows Update process so it means the users are forced to keep their PCs properly patched!)
Since version 8/9 AVG has become quite bloated and prolific with Ads. And it's not the first time they've had bug trouble either. I remember a version 9 iteration that used to switch your PC's focus to the AVG application approximately every 30 mins regardless of whatever you were working on at the time (like, Full Screen games, which tended to crash every 30mins like clockwork). Fixing that one required scrubbing the AVG installation combined with multiple registry hacks...
Okay, when it came out Security Essentials had a lot of catching up to do - but recently it's been catching more than AVG Free (I run both on different VMs).
Just glad I switched family members from AVG to MSSE a month or so ago - 64-bit W7 is more common these days.
"Okay, when it came out Security Essentials had a lot of catching up to do "
shouldn't have. Certainly when it first came out, the virus definition files were identical to those of its big-brother product Forefront. (which is the domain-controlled, central-reporting, costs-you-money version)
it's also both inconspicuous, AND doesn't have a "please ignore and run the virus anyway" option on its pop-up
for anyone saying "just don't get infected", remember you can get infected from flash. Before someone mentions noscript, remember there have been cross-side scripting exploits on youtube before. Just because you browse legit websites only doesn't mean you're safe, that's like saying uprotected sex is safe as long as you stick to "nice girls"
I had a beta copy over a year ago (July 2009), which was somewhere around 60% catch-rate - it was a lot better when finally released in around Oct 2009, but AVG when through a major release during the same time and kept ahead of MSSE until about Easter 2010.
Virus defs aren't the only aspect - the defs didn't change massively between beta and release, but the detection engine obviously did. The final release was about 90% and it's now in the high 90's depending on your test of choice.
"remember you can get infected from flash"
...and you can get infected by something that is yet not covered by the most recent AV patch!
I've effectively walked the 'noscript' route for the better part of the last decade. The result: I got infected once, because I trusted eset's virus scanner when it said the executable I scanned was clean. Of course, a few months later eset changed its mind, but luckily I had managed to clean myself minutes after running the trojan. (the executable installed by the trojan was also deemed 'ok' by eset at the time...)
You don't have to run everything as 'administrator'. You don't have to run a browser that doesn't run as 'guest' by default. A couple of simple precautions goes a long way to make sure your local ecosystem just works.
In my case, I would have wasted a lot of resources on AV systems had I used them.
I used to write AV software, but I don't use it now. Oh maybe once in awhile when I think there is something odd going on, but not as a regular installation. It's just more trouble than a virus- as this story illustrates.
Viruses used to be found, disassembled, and the AV updated before they became widespread, so it was worth the regular update as it actually had a chance of keeping you safe. Now a new virus is all over the web before the AV people get a chance to analyse and update, so it's firefighting rather than prevention. You can do that after you have a problem. No sense continually slowing down your computer and suffering all the false positives for no protection.
You can't protect against new Viruses immediately so there's no point having AV software. Even though that means you're vulnerable to Viruses that ARE protected against by AV software. So you're machine can regularly become infected and spread the virus for a few days before you notice it and then clean it. That's like saying we don't need an army until we've been invaded. I bet you don't even do updates because you think your PC is running fine so obviously you don't need updates. Get protected or get off the net.
That's the point. All AV protects against all know viruses, everyone has AV, so there can no longer be any viruses that AV can catch before they catch you.
They will only catch the new ones and only after you already got infected and then only after the update.
Any virus that is successful is going to have to get past the most popular AV. Therefore your popular AV is not going to be much help.
As for updates, imagine if you wanted to maintain a backdoor into everyones computers but did not want to be discovered. Simply switch the location of the backdoor once per month, hence the monthly patch cycle. The backdoors have plausible deniability in that they are "oops a security valnerability" we need to patch.
What a perfect system, and the users do their part to maintain it. The virus companies are kept in business (I am assuming the same people write them as write the AV) and the hardware manufactures can keep supplying more powerful kit to combat the ever bloating software. Oh what a wonderful industry, I think I will become an arms dealer, more ethical.
On the first part you're ok.... Then you mentioned 64-bit XP.
64bit XP was something to toy with but couldn't be used in a normal office environment - it was a 64bit driver wasteland, none to be found anywhere.
Even today with oh say SONY(!), zero support for most things - had to pull a 32bit Vista Business boxen out the other day so the little wife could do her transcription thing, not even Win 7 Pro 64bit drivers.
Unless you were lucky enough to have one of the three printers HP supported back then, I call bullshit.
The post below me?
ESET is a good antivirus/antispyware product and when my clients insist (the theory that anything you pay for is better - I used to try and point out the benefits of Security Essentials, but they evidently get that with their mothers' milk so it's a pointless endeavour (( "our" for our Brit cousins - yet the Reg's spellcheck wants American English lol)) ) on buying AV, that's what they get.
I posted something here somewhere last night about my longish day yesterday - I was doing a job for an adult education center installing new GED software on a new 2008r2 server and......... sigh...... this is why I dread going there: THESE SO-CALLED STUDENTS F-UP ANYTHING THEY TOUCH...... ahem excuse me. I have to clean and update a mix of XP Pro/Win7Pro and one lone Win98 (don't say a word!) BEFORE I can do a damn thing. <blood shoots out eyes> the fun part? No common virus/trojan/etc, everything from everywhere, things I've never seen before, errors never seen before..... all different, all requiring a different response/software. Sigh. Little wife understands why I might come home late and sometimes maybe a little cranky - took her with me as an assistant last night... and she got edumicated. (bwaaaahahahaha bout time!)
The machines with XP have full-on ESET protection and they were the worst of the lot - one had like 38 infections (bastards) etc etc according to NOD - why? ESET knew about it, warned about it, logged it, and the miserable bastards clicked through it... The machines with Win 7 ran Security Essentials - yeah clogged with bs these folks find and install, but no ohfuckware. SE pretty much lets those same miserable bastards understand that cleaning is better and no option to click-thru. That helps and was proven to me last night.
It's no damn wonder Apple and iGod Stevieboy do what they do with a walled garden - people evidently have to be protected from themselves.
And that's just a crying shame - Think I'll stay home today and contemplate that reality.
NOD32 is an amazing product and doesn't get mentioned enough when discussing AV solutions.
I've installed it on mine and all my families computers and I've never had any problems from anyone since upgrading them to NOD32. You don't even notice its there, its doing its job in the background without bugging me, exactly what I want my AV to do.
On the upside at least (some) AVG users have not paid for the privilege of their "anti virus" software buggering their machine up, it must sting less that way than if you handed all that money over to have McCrappee take out your Windows OS or your Office suite as "malware" every couple of months.
Normally at this point we're urged to use open source stuff instead....
We use Clamwin, but they had their own problems couple of weeks back.
A bad update meant that the thing went nuts and sent every DLL and EXE on your server to the quarantine folder. First thing we knew was when the server was rebooted due to Windows updates and would not come up again.
I expected to see something in the Reg but either i missed it or they missed it!
At first we thought we had a very bad virus, but it turns out it was an issue with Clamwin - seems we were not the only ones...
They wrote a batch file that could look at the logs and restore the files from there, but unfortunately the default log size is 1mb - not nearly enough to hold the details of tens of thousands of files that were quarantined.
Can't blame Microsoft for these issues....
Though I run a script that merely logs the "infections" so nothing was quarantined, but I did find myself quite surprised at the thousands of lines worth of log files I was greeted with in the morning.
My conclusion: ClamAV was designed for *nix mail severs and that's probably where it should stay. Also handy to help disinfect bricked Windows systems, via a live CD. But don't bother using it to scan your Windows machines with any regularity or you're just going to spend the rest of your life looking at false positives.
AVG 2011 slowed my gaming pc to a frustrating crawl, increating boot time, and the time it took to launch browsers.
they really do need to take a look at themselves and realise they dont have to be Symantec.
The linkscanner is pretty good, though and you can run that alongside another product to keep things streamlined.
I have moved to MSE for the time being.
Had to recover a customers pc from this, although in his case we could get into safe mode, go figure. Uninstalled AVG, restarted, everything fine, installed MSE until AVG fix things.
Customer: What's this dual core technology?
PC World: Well sir it means you can be scanning your PC for viruses at the same time as getting on with your work.
I'm thinking: Oh so half the reason I buy a computer is to scan for viruses? Maybe I could use my old PC to scan for viruses whilst I get on with my work on the new one?
fired up the laptop this morning only to see the recovery screen. Fortunately letting that run to a previous restore point and a bunch of other background auto-wizardry had the system operating properly after about 15 minutes.
Was wondering what had changed since I hadn't installed or messed with configuration in almost a week, but I did recall seeing the 'you need to reboot" window from AVG's update manager last night.
And here on the first page of El Reg- news I can use. Once again beating the so-called Mainstream Media by providing useful information instead of political propaganda.
That explains my yesterday when Win7 64 Pro went into recovery screen - and recovered, thank god. However there is now another little window from AVG saying a reboot is required. This one is 426/3293 - so my question to the assembled is: how safe is this one? This has all occurred while travelling and is something I could really do without. Additionally, has occurred having replaced the even more painful McAfee which came pre-installed, following years of trying new avs when the previous became to bloated, too naggy, missed things, whether paid for or free.
The moral of this story really is that everything will let you down or annoy you in one way or another sooner or later and whether you can do without as an alternative depends on how well you can control your environment. As a teacher and a traveller, moving rapidly between network environments and with ever promiscuous USB ports and devices, my requirement is that I have to have some defence and I would prefer that that some defence would remain simple and effective, not feeling the need to load up on "features" and complexity as a way of justifying its existence, retaining existing users and gaining new ones.
This may well be the rub - that everything which starts out good will inevitably fail as a result of market pressures rather than simply technical problems...
I am surprised you didn’t put "ditch windows and install Linux" in there too..
No matter how much training you have, no matter how good your firewall is, and for the general population or SOHO, the expense of running an external firewall and subscription is not really a viable option....
Anyone on occasion can get duped into clicking on the wrong link, or opening the wrong document so running a AV program is essential... although not necessary, but if there is a safety net available, use it... only a dumbass wouldn’t.
It stops a lot of the email viruses.
If you try and run an original Cobalt Raq server it will get hacked in days, that's Linux. Even that needs updating :-(
They've got us both ways, do the updates and you have the official backdoors installed. Don't do the updates and all the hackers know where your backdoors are.
First and foremost, does no other device, even a mobile phone, never connect to the same subnet as your machine?
Can you actually trust the users to not click on links (no amount of training can fix stupid, and even the best fall for extremely convincing and well played phishing attacks).
Does nobody ever make a typo in a URL?
Do you trust the server you;re sharing a connection with to be infection free? some of the worst ones were spread by "KNOWN SAFE" sites who were the victims of SQL injection.
Being secure and having trained users, better still web filtering and white-lists on top, is great, and we all SHOULD do that, but lacking AV entirely is just plain stupid. no levels of security can protect you from even someone walking in the door with an infected disk or drive and plugging it in. Even commercial software IN THE BOX (including popular software from big names) has contained viruses on disk. Some "blank" hard drives even contained viruses from the factory, and PCs often do as well.
Do you not get e-mail at all? There are a thousand e-mails you don't even have to PREVIEW to get the virus in them.
All it takes is a single machine in your VLAN to get infected, and it could spread to the entire network in minutes.
Biting the hand that feeds IT © 1998–2019