Help for picking your next anti-malware tool

Topic

New Reply

	TOP STORY[/size][/font] Help for picking your next anti-malware tool[/size]
	By Michael Lasky Picking the right anti-malware app can be onerous; there are dozens to choose from, and rapidly evolving exploits are constantly putting them to the test. Fortunately, a few independent organizations such as AV-Comparatives are also testing leading security packages and posting the results.

---

The full text of this column is posted at WindowsSecrets.com/top-story/help-for-picking-your-next-anti-malware-tool]/ (free content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

Just looking for some clarification on ‘Help for picking your next anti-malware tool’. The ‘out of box protection’ (OOBP) showed how many viruses the built-in Defender for Windows 8 and the optional Microsoft Security Essentials for Windows 7 caught before the commercial product being tested (correct?). I would have liked to have seen the OOBPs compared as stand alone products as I’ve solely used Windows OOBP for over five years now and never been caught by a virus/malaware. I know it wasn’t your test, it’s just a shame Windows was ignored by AV-Comparatives.

Reply | Quote

Just looking for some clarification on ‘Help for picking your next anti-malware tool’. The ‘out of box protection’ (OOBP) showed how many viruses the built-in Defender for Windows 8 and the optional Microsoft Security Essentials for Windows 7 caught before the commercial product being tested (correct?). I would have liked to have seen the OOBPs compared as stand alone products as I’ve solely used Windows OOBP for over five years now and never been caught by a virus/malaware. I know it wasn’t your test, it’s just a shame Windows was ignored by AV-Comparatives.

In my honeypot tests – the standard IE-11 browser blocked about 85% of all attacks that were not zero day malware. In fact, I quit testing websites for effectiveness, because I had to blow through the Windows browser protections so many times it wasn’t even funny. It was much more effective to try a junk email account and click on the attachments. That is where the hand grenades are now days!

I still feel the killer combo is Avast and MBAM Premium. I use the free Avast alongside the Pro version of MBAM. What a lot of AV comparison sites don’t tell you are the multiple features many anti-malware utilities give you. Avast has so many ingenious ways of improving your security by methods not thought of by competitors, that I highly recommend folks try it!! It is almost a one stop utility, as it has a browser clean up option that can point out bad plug-ins and other shady browser extensions that can attract the minions of malware; and also an application update tool to keep your chances of a vulnerable application to a minimum. This is just some of the advantages – MBAM has a malicious web-site blocking feature, than can keep you from ever being infected in the first place – even if you get hit by a drive by malware!

I might add that my honey pot tests were done without Windows Defender installed – I mean the malware version – not the anti-virus version that came out the same time Windows 8 hit the market – I can’t recommend that one, unless you turn the anti-virus real time protection off and use some other better anti-virus like Bitdefender or Avast.

I and my clients have had some pretty serious problems with all competitors to Avast, and have had the least troubles using Avast as compared to other products. There are more things to think about in the over all usefulness of anti-malware, and this excellent article points this out very well. Thanks Michael Lasky!:D

Reply | Quote

Anti-malware is not enough. That is a reactive approach you need a proactive approach to be safe. Getting on the Internet with Windows is like wading into piranha infested waters bare foot. Advanced introspective network packet analysis and whitelisting of trusted executables as well as Firefox or Chrome browsers is required. Lots of network monitoring and tripwire systems to alert on penetration. Plenty of Intranet security and encryption too.

Or you could just run an OS that is less vulnerable and save some time and money. The only time I run Windows is because I have to for work. The rare times it is necessary for home, it’s either a minimal bootable read only thumb drive or an isolated virtual machine reloaded from a clean snapshot for every use.

I am thankful to Microsoft for being the dominate OS and for being the absolute worst at security. I am also thankful for incompetent MCSE’s. I make so much money cleaning up after hacked and infected computers servers and networks. I would be unemployed were it not for Microsofts shoddy engineering.

Reply | Quote

One caveat not mentioned – never mentioned – is that the A-V comparison tests don’t include all anti-malware software, typically because the company hasn’t or doesn’t want to submit for comparative testing. There are good reasons for that, as suggested by the limitations of testing discussed in the article. The popular and free Comodo Internet Security package is probably tops among those that don’t submt.

Reply | Quote

Wondering why the sites do not mention Norton Internet Security or Norton Anti Virus (Or Symantec). These products are major players in the anti malware product world and their absence unfortunately diminishes the utility of the comparatives, which look excellent by the way.

Reply | Quote

Wondering why the sites do not mention Norton Internet Security or Norton Anti Virus (Or Symantec). These products are major players in the anti malware product world and their absence unfortunately diminishes the utility of the comparatives, which look excellent by the way.

The second site he mentions (AV Comparitives – http://www.av-test.org/en/ ) does include Norton which shows good detection rates and performance.

Jerry

Reply | Quote

Thank you very much. I followed a couple of the links but must have missed that one. We’ve been using The Norton Internet security products on a number of family systems for years and frankly have not been hit by malware. I was wondering if this is just plain luck, or the product. Now I can see that the product is doing a measured good job (though I hardly doubt that a measure of luck is still a factor).

We used Comodo on a couple of machines many years ago, and were not happy. We also used MacAfee as it came with free updates for 15 months on a couple of new Dell Laptops but found that it blocked too many things inappropriately (such as an HP all in one printer on our own Network, and sporadically, access to our own NAS. When the trouble of clearing its misbehavior became too great, we de-installed it (and had to use their removal tool to get all of it out) and put Norton Internet Security in its place with never a problem after that.

False positives and the trouble they bring are definitely a criterion I would always want to know about.

Reply | Quote

First this is a great issue. People get a false sense of security with “their” AV app. How do you know it is doing its job? Well here is a good start at evaluating to make sure you aren’t relying on a Thanksgiving turkey to protect your surfing. For those not paying for a subscription, man you are missing a good part 2!

If you go to the comparative site you can download and read the report. It is very informative. And it will answer questions as to Win Defender & MSE as well as other AV apps that may or may not have been tested.

For completeness here is a list of such agencies. One might be surprised at how many malware is missed or false positive are reported for their package. If you review a history of reports you will see some a perennially missing malware or reporting false positives while other just had a bad evaluation period and clean up their act fast.

http://www.oyyas.com/types-of-computer-viruses.php

Test your AV app and PC on how well it protects here:
http://www.amtso.org/

Antivirus app testing labs:
https://www.icsalabs.com/
http://www.virusbtn.com/index
http://www.westcoastlabs.com/checkmark/vendorList/?techGroupID=27
http://www.av-test.org/
http://www.av-comparatives.org/

http://www.virustotal.com/ Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. Submit a file or URL.
http://www.threatexpert.com/submit.aspx Submit a file and receive a report in email.

————

For the wifi router hijack a better solution is to turn off wifi access to the router menu (which ought to be the default anyway). Then router menu access is only available to someone connected inside your place directly through an Ethernet line. Otherwise, yes the router menu login ID and passwords are readily available online and if the default SSID is the make or model of the router well that makes it easy for the guy parked in the street. Most default passwords are “admin” anyway.

https://community.newegg.com/eggxpert/networking/f/135089/t/99093.aspx

Reply | Quote

Per the System Impact chart shown, the least impact is from ESET, rather than Avira and Bitdefender. I am on my 4th year using ESET, only complaint has been with the on-line license-renewal process.

Reply | Quote

the picture seems cut off

strange that there is no mbam listed
but it appears alphabetical and mcafee was listed last

why no mbam data?

is there a link to the complete diagram?
i did not see it in the article

	TOP STORY[/size][/font] Help for picking your next anti-malware tool[/size]
	By Michael Lasky Picking the right anti-malware app can be onerous; there are dozens to choose from, and rapidly evolving exploits are constantly putting them to the test. Fortunately, a few independent organizations such as AV-Comparatives are also testing leading security packages and posting the results.

---

The full text of this column is posted at WindowsSecrets.com/top-story/help-for-picking-your-next-anti-malware-tool]/ (free content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Yes, the chart is cut off on the right:

38543-avc_factsheet2014_10.p

It’s in a PDF which can be opened/downloaded at http://www.av-comparatives.org/dynamic-tests/ (Real-World Protection Test October 2014 – English)

P.S. Perhaps they too thought MBAM was a big pain;)

Reply | Quote

I’ve been using Kaspersky Pure 3.0 and am happy to see that they rank well on this survey. But I also use MalWare Bytes in addition to Kaspersky, for the simple reason that they focus on malware attacks specifically. I’ve been very happy with their program and, in fact, it’s saved my wife’s PC from a drive-by attack. I think between the two apps we’re pretty well covered. Thanks for a good article, though. Just another reason to keep subscribing. You folks provide a great service.

Reply | Quote

I wondered too how any such list could not include Malware Bytes. I have been using them along with Comodo for years and have never had an issue with either. I see Norton rated highly but I gave up them after Peter Norton sold his name, the list of issues with that “suite” seems endless.

Reply | Quote

This is a nice article, but it’s too simplistic, especially for the kinds of intermediate / advanced readers who subscribe to WS

Here are some observations and suggestions, not in any particular order, just how they came to my mind:

– There are several proficient test sites, however, they use their own methodologies and samples and can come up with completely different results and rankings compared to other sites. Just one example, Microsoft SE, is the benchmark with AV-Comparatives, above, at around 85% +/- yet these tests are apparently not done via the IE browser with Smartcreen switched on – IF they were, then according to MS then only a very small fraction of 1% of malware would get through, as confirmed by their telemetry on Windows systems! This paints a completely different picture of results and is EXTREMELY dependent upon browsers, settings, types of sites visited, etc!

– as the article points out there are wide variations in performance and system impact. I have tested most AV software over the past few years and I would agree that the Top 2 above of Bitdefender and Avira are low in resources / impact, generally. However, BD browser add-ons significantly SLOW things down to such an extent that they need to be switched off eventually, in my experience. Given that most threats come from the browsing vector this is a dangerous thing to do, so BD ends up being uninstalled and we move on to the next AV / anti-malware! As for Avira, great at traditional AV detection, but too many false-positives in my experience and inadequate behaviour monitoring for new malware.

– as already mentioned by others, these tests do not include many other security softwares, and for several valid reasons. Some of them, such as Webroot / Prevx, work in a very different way to traditional software and will not immediately alert the user if no immediate harm is being done / about to be done, it will be just monitored as a potential threat – if it does not match the database signature in the cloud and / or does not execute harmful actions. The AV testing companies cannnot cope with such a different approach and hence Webroot is rarely included in these tests, unfortunately. Similarly Comodo, they have a multi-layered approach as well as a default-deny option which most testing methodologies cannot show correctly and hence show Comodo in a bad light, which is very mis-representative of the real world results with users. These are just two examples.

– some reviewers claim that software is having a resource impact simply by the the reading of RAM usage in the Task Manager, however, this can be frequently mis-leading in my experience. Many softwares will use more RAM, if it’s freely available, to REDUCE the impact of scans, monitoring, accessing the disk, etc, and the result is a very low user impact!!! Many reviewers in Youtube and commenting on Gizmo and elsewhere simply don’t know what they are talking about, sadly.

– I highly recommend a multi-layered approach to security with two or three products, each performing different or complementary roles. These “testing houses” cannot cope with this. There are a few IT experts on Youtube who test various combinations and whose results are extremely revealing and worthwhile to watch. That said, some of them don’t have a real clue as to what they are doing and give inappropriate advice. Many WS users are sufficiently competent to perform their own multi-layered tests in virtual test environments and can come up with their own conclusions, as I have done.

So you might ask, what do I use?

For most users and devices I use Webroot Secure Anywhere, which on a PC is lightning-fast. However, on some mobile devices it is a complete dog and I replace it with Bitdefender.

On my own main laptop I removed WR despite it being low in resources because there were issues with the browser add-ons and major conflictss with their password manager which is based on LastPass, which I have already installed. On that laptop I have “evolved” to using simply Microsoft SE plus Malwarebytes Professional / Premium in real time, the combination of which gives fantastic protection AND is superbly low on resource impact…..regardless of what it may show as RAM usage in Task Manager!

I also use Bitdefender Safepay for internet banking which scans the laptop for malware upon each use of Safepay, so essentially I have 3 layers of protection.

Reply | Quote

I read the article, looked up the reviews – decided that my existing AVG was not the best choice for next year as Kaspersky & Bitdefender had obviously done so much better in the tests. Fine – then I looked at the comments at the bottom of the reviews and found, amid the shouting back & forth, that K. tried to lock you into buying for 3 years & B.’s Help was hopeless, among other problems in both. How is one to decide?

Reply | Quote

I read the article, looked up the reviews – decided that my existing AVG was not the best choice for next year as Kaspersky & Bitdefender had obviously done so much better in the tests. Fine – then I looked at the comments at the bottom of the reviews and found, amid the shouting back & forth, that K. tried to lock you into buying for 3 years & B.’s Help was hopeless, among other problems in both. How is one to decide?

I’ve had the same experience, and also trouble with some of the other top rated AVs – My experience with my clients has AVAST as the one to use, as you will not need any help from them about their product, and the free version is the best one in my considered opinion, and years of test results. Too many factors other than just sample catches are to be looked at when picking a good AV solution. Avast is so well rounded in several areas, that it just can’t be beat!

Reply | Quote

I’ve had the same experience, and also trouble with some of the other top rated AVs – My experience with my clients has AVAST as the one to use, as you will not need any help from them about their product, and the free version is the best one in my considered opinion, and years of test results. Too many factors other than just sample catches are to be looked at when picking a good AV solution. Avast is so well rounded in several areas, that it just can’t be beat!

Subjective opinion is all very well, but the testing sites linked to in the article clearly indicate that Avast is NOT the best choice.

Reply | Quote

Subjective opinion is all very well, but the testing sites linked to in the article clearly indicate that Avast is NOT the best choice.

As far as catching every defined malware out there, yes – many of them fall down – but malware have literally millions of definitions out there and expecting everyone of them to be included in any one utility is a fool’s game by today’s standards. I’ve had Avast bust malware/viruses that were not defined by the zero day lists, and within 24 hours a definition comes down the pike to make it safe to remove from quarantine. Avast uses a good combination of definitions(especially so they can be removed and files repaired) and behavior analysis to catch the really dangerous variants.

If you run as a limited user, which everyone should be doing, many of the really sneaky malware will lie dormant in the temporary-data files anyway, in which CCleaner will dispatch them quite easily. The few that can actually operate from such temporary directories, that don’t need system permissions, may not do too much damage but can filch personal data by keylogging, screen capture, or video surveillance – in those instances a good HIPS, or MBAM can usually catch and/or block them. If not – Trusteer’s Rapport will block the activity within SSL sessions anyway. None of the AV/AM solutions can defeat all the modern malware anyway, so such a blended defense is mandatory if you shop or bank online.

Reply | Quote

I’ve had Avast bust malware/viruses that were not defined by the zero day lists, and within 24 hours a definition comes down the pike to make it safe to remove from quarantine. Avast uses a good combination of definitions(especially so they can be removed and files repaired) and behavior analysis to catch the really dangerous variants.

I dare not ask how you know this, but in any event, what extra does the paid version do?

Reply | Quote

Not much in my opinion, it activates the firewall, and automatic application updating, and other features might even be the cause of some people’s perceptions with MBAM conflict, as it can be slightly unstable, especially if you have a cable ready media center that has all kinds of legal MPAA spyware and hardware on board. I had to stop using it because I couldn’t play my cable recordings, or new blu-rays without a great deal of trouble. It worked just fine as the free version with previously mentioned blended defenses.

As far as discovering these relationships, only experience going back to 1986 can help, and many sessions in several labs I’ve attended to, including my own. I figure I should have the gumption to use the same freeware my indigent clients do. I generally recommend ESET to those that can afford it, and put up with their licensing scheme.

Reply | Quote

Router-level protection is always a good idea. Suggestion: set your router to not broadcast its SSID. Your network will be invisible to most people.

Or go one step further. A few years ago we bought a SonicWALL TZ200W security router. We have been very happy with the results. If you have a Windows-only network, consider spending a few bucks on real firewall protection. There are other vendors but we settled on SonicWALL. Usual disclaimers.

Tony Lima

Reply | Quote

Choosing the best AV and/or malware program is a bit like switching to the cheapest energy supplier, it’s only the best/cheapest until the next review when the rankings all change. If you follow the comparative tests you’ll always be switching products. I prefer to find one that I like which seems to serve me well, and then stick with it. For the past two or three years I have run MSE for constant protection and the free version of MBAM for regular manual scanning, but so far as the latter is concerned I am somewhat apprehensive about having to switch from ver1.75 to ver2 next year, based on what I’ve read of users’ experiences on various forums.

Reply | Quote

“…Suggestion: set your router to not broadcast its SSID. Your network will be invisible to most people…” Several sources say that is a good idea, other sources say: doesn’t matter, any good sniffer will find the wifi. Several-layer defense is the best.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Have a look at the following TechNet article:
Non-Broadcast Wireless SSIDs: Why hidden wireless networks are a bad idea

or HowToGeek article:
Debunking Myths: Is Hiding Your Wireless SSID Really More Secure?

Hope this helps…

Reply | Quote

Anything to do w/ the fact that IT Pros don’t like them, maybe? And don’t recommend them. We do spend a good bit of time removing them. Same goes for McAfee.

“….Some of the best defence is sitting in front of the computer but, sadly can, also, be the same place from which some of the worst security problems originate…”.

Drew

How true. Unfortunately very difficult to teach!

Reply | Quote

What you wrote about router hacking and DNS hijacking is good advice, but then you suggest: “For safekeeping, write the password down on a small piece of paper and tape it to the bottom or back of your router. That way you’ll never lose it.” What??! I can hardly believe a computer specialist would write such nonsense! If a burglar, a nosy friend or guest wanted to hack your home network, that’s the first place they would look. A much better, more secure method is to use a password vault program such as LastPass to generate and store secure passwords for your router and websites that require logins.

Reply | Quote

If a burglar, a nosy friend or guest wanted to hack your home network, that’s the first place they would look.

If you get burgled, change the password. (A burglar is not going to hang around to hack your network then and there.)

And I don’t think much of the friends you keep or guests you host!

Reply | Quote

Hear hear.

Reply | Quote

There is only one way (and I mean one way) to come close to bullet-proofing your system. That’s Virtualization. Typing this now in my newly minted Win7 VM (host is Win8.1; had the OS since old Betsy died on me and had to buy a new computer). Not perfect, but comes close. Anti-virus/spyware programs just gives folk a false sense of security. Yes, I’m still running anti-virus programs (now, even in my Win7 VM; didn’t do so for XP) but my main defense for several years now was using a sandbox to play in. Virtualbox is still free for personal use by the way.

A cool alternative to using Virtualbox is using a program like DeepFreeze (which completely virtualizes your OS itself; upon reboot, it defaults back to a known set point). This program is what most schools and libraries use. Again, it’s a virtualization program.

Reply | Quote

Has TopTenReviews.com recently redeemed its reputation, to become worthy of a reference link in a WindowsSecrets article?

Lugh.
~
Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 1TB SSD, 256GB SSD, 4TB HD

Reply | Quote

Still don’t know which AV programme to use to replace my existing AVG Internet Security – they have already started bugging me a month ahead so I must make up my mind soon

Reply | Quote

Win7 Pro SP1

Reply | Quote

Clee, amongst many good choices: Avast IS/Pro, Comodo IS/Pro, just two of many. Remember, caching of known good files is a good thing, reduces hard-drive usage.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Clee, amongst many good choices: Avast IS/Pro, Comodo IS/Pro, just two of many. Remember, caching of known good files is a good thing, reduces hard-drive usage.

I had endless problems with Comodo & gave it up but I haven’t tried Avast – it had bad ratings in the lists, though several people here have recommended it.

Reply | Quote

I have both Comodo IS & Avast Antivirus Pro [Premium?]. Regardless of what one uses for free or fee, there are always features, benefits, consequences of any/every choice made by user and by default within program. While I do consult the reviews, comments, complaints before buying, I realize that more complaints than compliments make into print.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote