Reliable, Free Anti-Virus Software?

oahazmatt writes "Some time ago my wife was having severe issues on her laptop. (A Dell Inspiron, if that helps.) I eventually found the cause to be McAfee, which took about an hour to remove fully. I installed AVG on her system to replace McAfee, but we have since found that AVG is causing problems with her laptop's connection to our wireless network. She's not thrilled about a wired connection as the router is on the other end of the house. We're looking for some good, open-source or free personal editions of anti-virus software. So, who on Slashdot trusts what?" When school required a Windows laptop, I used Clam AV, and the machine seemed to do as well as most classmates'. What have you found that works?

Avast

[Anonymous Coward]

http://www.avast.com

Free for personal use.

avast the best free one with no lock down like avg

[Joe The Dragon]

avast the best free one with no lock down like avg8

http://www.avast.com/ [avast.com]

Avast

[fishyfool]

Add me to the chorus of Avast. It simply works and works well.

Re:PEBKAC

[apathy maybe]

Indeed. When I run MS Windows (not very often if I can help it), I never use anti-virus. Indeed, I consider it a waste of time and money (not to mention system resources).

Of course, you should always make sure you have a working firewall before connecting to the Internet. I find that the built in MS Windows firewall works well enough, so long as it is enabled.

Then, make sure not to run MSIE (at all except on sites you control, and even then...), instead run an alternative (Firefox is popular for some reason, Opera I've heard is good, not that I use it). Another email client (instead of MS Outlook Express or MS Outlook) is also a must if you are using POP or IMAP.

As also mentioned, don't download and run random programs from the web. You have to know how to evaluate the trustworthiness or otherwise of the website. (One thing I love about Ubuntu is that there are so many programs in the repositories, I haven't downloaded a program from a website in over a year. Want a game, fire up Synaptic and browse the hundreds of free games available. Want a MUD client, there are at least five available. Etc.) Knowing how to evaluate the trustworthiness or otherwise of a website is a mix of common sense and understanding of security. It maybe better to ask your local computer geek before downloading random programs.

So, to sum up:

• Firewall blocking all incoming connections
• Alternative web browser (not based on MSIE) and email client
• Don't download and run random programs (especially not from websites linked to from ads)
• Learn about computer security

Considering that most people I know don't do much more with their computers then surf the Web, check their email and use some office software, you don't need much more than what I outlined above.

Free for personal use

[Timex]

I use Avira AV [free-av.com] on the WinDOZE systems at my house.

It's free for personal use, and companies have to get a site license...

Re:avast the best free one with no lock down like

[Kaboom13]

Most likely the console (the server that monitors and manages the clients) is scheduled to order a scan every once in a while. You should ask your admin to knock it off or reschedule it for a better time.

No antivirus catches everything.

[modzer0]

I'm a malware researcher by trade and as such I see hundreds of samples per day that all get ran through an gantlet of anti-virus system. As much as I support open source and use Linux workstations with Windows in virtual machines to do analysis in I have to honestly say ClamWin is pretty much useless except for very old samples. In fact most anti-virus software is useless against new threats until someone submits samples to them and then it doesn't matter anyway because the people who write that malware see the detection after a daily run through virustotal.com and then they use a custom packer or PE armorer to change that signature so it won't be detected anymore.

The most effective methods I've seen is the behavioral and heuristic based systems in Kaspersky and Norton AV 2009's SONAR. SONAR may not catch it on execution but it catches registry entries and it's caught 99% of the bot samples I have when they try to call home. The new versions are also fairly light on system resources.

It may not be the popular opinion but if you really don't want to worry about malware then look at OS X or Linux. Yes there is some malware out there but in comparison it's a minute fraction of a percent of the number for Windows based systems.

Check your ISP

[danhm]

Many ISPs offer a free "security suite" to their customers, downloadable from their website. They are usually just a rebranded version of an existing antivirus program. I've been using that on my sole Windows machine and it works just fine. It's F-Secure, so your mileage will obviously vary depending on what AV software powers it.

Observations: AVG vs Avast

[SplatMan_DK]

I have tried both AVG and Avast, after choosing not to continue my TrendMicro PC Cillin subscription. I have also installed/tested both on computers belonging to friends and family. Here are a few of my experiences.

AVG good stuff:

• Good interface with all the bells and whistles a modern app needs
• Easier for end users to use than Avast (according to my mom and girlfriend)
• Finds more spyware and tracking cookies (I experienced Avast miss a real life spyware once, for about 22 hours until it was updated)
• Easy to install, even for end users

AVG bad stuff

• Users (including myself) experienced multiple browser crashes and computer stability issues. Problem first arrived with installation of AVG and disappeared when AVG was uninstalled. Coincidence? Not likely :-/ Acceptable? Not in a million years!
• The URL malware detection browser plugin is crap. It reads ahead every single URL on a homepage, and displays a little GIF icon with a checkmark when the URL is good and clean. Nice in theory BUT it makes your bandwidth usage explode, and makes browsing a drag - to say nothing of what the result must be for the owners of homepages you visit. Magically "all pages are now visited" by all users?
• Virus engine can not be stopped easily if desired. I sometimes play games, and being behind a NAT gateway I don't want my antivirus running alongside Day of Defeat, Natural Selection and Team Fortress 2. AVG is hard to disable, and clicking on the tray icon will only let you disable the management interface (and thereby the tray icon) while the scanning engine continues to run.
• Too many tricks and attempts to lure the user into buying the paid-for version. Almost resembles "legal phising" on occasion, which is kinda sad. Key information screens are supplied with "warnings" that you are using the free product.

---

Avast good stuff:

• Uses less resources
• Gets the job done without tons of bloatware and fancy extra browser plugins (easier to install without tons of fancy plugins and extra features which have nothing to do with basic virus protection)
• Can be disabled easily if desired, with right-click on tray icon. Good for gamers in their mid 30's who know what they are doing!
• No crashes and instability like AVG

Avast bad stuff:

• Interface less intuitive, says mother + girlfriend.
• Installation requires slightly more finesse as the installer is a little more confusing.
• Perhaps (?) slightly slower on updates. My mom had a malware file sent to her by mail, and it remained undetected by Avast 22 hours longer than an identical file on my girlfriends PC which had AVG.

---
At the end of the day, I went with Avast. Stability and low performance impact is more important to me than a fancy GUI. Clueless end-users disagree though, and actually want AVG back inspite of the stability issues. So the GUI really made a difference for them. They simply felt more "at home" with AVG.

Direct links for both products:
AVG Antivirus Free Version Download [avg.com] and Wikipedia Description [wikipedia.org].
Avast Antivirus Free version download [avast.com] and Wikipedia description [wikipedia.org].

brgds

- Jesper


(Experience is from: 3x Vista computers with reasonable hardware specs, and 2 older Windows XP computers)

Re:Trite answer, but on-topic

[tftp]

The purpose of clamav on a *nix box is to protect email and other documents as they [harmlessly] pass through your box. Sooner or later you'll receive an infected email or document and forward it to a Windows user, or save it onto a server where it can be seen by Windows machines.

Re:Easy

[KGIII]

Actually, if you're going to use Windows then Avira's AntiVir is pretty good for a freebie. You don't need email scanning as anything going to be opened is already scanned and the same applies to their web scanning engine which is just as silly as files are already scanned when opened. Avira does make a free Linux version as well.

The only drawback is on Windows systems it tends to flash an ad up once a day or less to try to get people to buy the product. At the price, effectiveness, and seemingly good responses from AV-COMPARATIVES makes it worth looking into even to buy in my opinion.

Anyhow, the answer to this question isn't switch OSes IMHO. Let 'em use what they want and give them actual answers to the question.

It is sort of like... Well...

"I have a flat tire and need help fixing it, could you?" Asks the article.
"Get a Honda." Replies the FP.

Though, well, 'twas funny.

Comodo Firewall with Defense+

[djre]

get comodo firewall pro. its free. install with the defense+ option. it asks permission for almost anything that will run suspiciously on your computer. ive never had any problems with viruses since i installed that. the only downside to it is you have to click and click for giving permission/denial to your system.

AVAST Free Edition

[Blowit]

Does the trick for me and actually removed more viruses that McAfee Missed.

Re:Easy

[c6gunner]

Have you actually tried googling for "Open Office"? The first sponsored link points to exactly what he was talking about - a third-party knock-off which requests personal info in order to let you download. I haven't tried signing up, but it wouldn't surprise me at all if they had all sorts of crapware bundled with it.

The problem isn't that his students are not careful, the problem is that:

1. Most people will click the first link on the page

and

2. Many people assume that sponsored links are guaranteed to be legitimate ("if its not legit, why would google let them advertise?").

Now, you could argue that such assumptions are dumb or ignorant - and I'd even agree with you - but blaming students from low-income families for not knowing the fine-points of internet use doesn't really solve the problem.

Re:avast the best free one with no lock down like

[Whiteox]

AntiMalware Malwarebytes has Rogue Remover which I highly recommend. Save hrs of work.
Some rogues need to be removed manually though. Just keep it updated and it will be fine.
http://www.malwarebytes.org/rogueremover.php [malwarebytes.org]

Re:Easy

[mlts]

AV software takes a lot cash. You have to pay major cash to get FIPS, Common Criteria, ICSA, and other certifications. These take cash for independent validation.

AV software also takes a lot of research, from honeypots to catch stuff that is happening, to getting people to submit possible zero day variants.

AV software takes a lot of bandwidth. Virus definitions are updated daily (if not more often) by the larger AV vendors, so one needs to have the not just the bandwidth for thousands of definition requests at a time, but a high bandwidth cap because the requests will be hitting 24/7. Not many F/OSS projects have this bandwidth.

Finally, AV software needs to be secured. You have to get a code signing certificate, then make sure your signing key is in a secure hardware container so it can't be hacked. You not just have to sign your code signing certificates with a HSM, but you have to sign your virus definitions so if your virus definition download site gets compromised, the definitions can't be tampered with.

All the above makes AV by noncommercial entity a highly daunting task, especially the bandwidth and the independent vendor certifications.

AVAST, AVIRA and Bit Defender

[gelfling]

AVIRA has the advantage of NEVER needing a free license key renewed but they make you pay for it with an intrusive popup add for AVIRA Pro.

Bit Defender has the smallest RAM footprint of the three but updates are EXCRUCIATING and bog down your machine.

AVAST is the most complete of all of them, has the largest footprint, requires a 14 month free license key and some peculiar incompatibilities with one machine I tried it on, but it's the best of the three in terms of the actual work it does.

AVG is pure bloat at this point, and none of the other "FREE" applications are free - they're DEMOWARE.

Re:avast the best free one with no lock down like

[Sabriel]

Seconded, though I prefer defence in depth. My suggestion:

Avast (Home Edition) + Spyware Doctor (Google Pack) + Threatfire.

Free for personal home use (read the fine print for anything else), they complement each other, have automatic updates, and play nice on XP and Vista. Tweak the settings to your (and user's) preference, remember to register Avast, and then you can pretty much forget about them.

Note: Threatfire 4 has only just been released; if you have problems I suggest trying 3.5.

Use the Windows default firewall if you're behind a router - I've yet to find a decent thirdparty firewall that doesn't bug users with annoying questions - but ditch Internet Explorer and instead use Firefox with Adblock Plus and the WOT or SiteAdvisor extensions (turn on search result highlighting). Likewise, ditch Outlook Express for Thunderbird; note that Adblock Plus works with it too!

Overkill? No. Defence in depth. Remember, your objective is to secure a computer for its non-technical user and then stay out of their way.

Just my opinion, salt to taste, mileage may vary, void where prohibited by physics.

Re:OT: Interested in Malware research

[modzer0]

The setup I use involves VMware Workstation and the virtual teams. I have a collection of VMs to run samples in and those it in a virtual network. I have the gateway setup using FakeDNS to resolve everything to that one IP address no matter what it is. On that I run a webserver, snort, and Wireshark to grab the network traffic. On the network side you can develop a signature to catch it coming across the network both bots calling back and the actual executable itself. I would suggest studying network protocols and the PE format that windows uses in executables.

Re:Observations: AVG vs Avast

[reilwin]

On the subject of the URL malware detector -- I assume you're talking about AVG's "LinkScanner" plugin added in by v8?

There's been quite a few webmasters up in arms about it, see here [avg-watch.org].

Also, it's possible to disable LinkScanner (Tools->Advanced settings->Linkscanner). AVG gets annoying at this point because it'll give out warnings about bad security settings, but this can be solved at the previously mentioned "Advanced settings", under "Ignore faulty conditions".

Re:Avast

[eyedentities]

Consumer Reports addresses antivirus software, including free ones. Currently they rate Avira and PC Tools (the former rated more highly). They used to rate Avast, and I use it. However, if you add a user to Windows it forces you to either pay for it or remove it.

Re:AVAST, AVIRA and Bit Defender

[Anonymous Coward]

Just remove execution right for everyone of the file avnotify.exe. You'll never see that popup again.

Re:Easy

[ScreamingCactus]

I agree. I recently switched to Avast from AVG, because AVG kept asking me to restart the computer (which, ideally, I do about once a month). But Avast wants to announce updates with that gay-ass voice, and constantly scan shit on the hard drive, I don't even know what it's scanning but it's doing it all the time and slowing shit down. I've been thinking about switching back to AVG, I'm just not sure which is more annoying. Granted neither one is anywhere near as annoying as Norton/McAffee.

Re:I second the mention of ClamWin

[Anonymous Coward]

> doesn't need real-time
an example would be macro exploit for your office suite that wipes the contents of ur home directory.