ON SECURITY By Susan Bradley Once upon a time, antivirus was the only thing that kept the attackers on the outside and protected your data on the insi
[See the full post at: Which antivirus solution is the best?]
Susan Bradley Patch Lady
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » Which antivirus solution is the best?
ON SECURITY By Susan Bradley Once upon a time, antivirus was the only thing that kept the attackers on the outside and protected your data on the insi
[See the full post at: Which antivirus solution is the best?]
Susan Bradley Patch Lady
Susan,
Sorry, but I very much disagree that MS Defender is a good AV product. MS just pays (directly/indirectly) to have people say nice things about their solution. This is very well known in the industry. Defender may minimally work for the inexperienced, less savvy, “I don’t care” crowd, but for those of us that are seasoned in IT and cyber know just how horrible and ineffective it really is. Pass!
What is even worse, in my mind, is the concept of a company having its own AV solution to protect its own insecure software. The effort and dollars spent on developing and maintaining Defender should be spent hardening the OS and Office code so its not as vulnerable. Bigger bang for the buck and much more good will will come of it.
Lastly, there are a large number of AV/EDR products out there designed to do a far better job of protecting the endpoint then Defender does. They should be mentioned. Look at Gartner and pull the top ten that include free or low cost AV solutions. Write about those so the audience has something to compare. A super quick search came up with these reputable reviews that provide more details to help users make smarter choices when it comes to protecting their data and computers:
https://www.gartner.com/reviews/market/endpoint-protection-platforms
https://www.usnews.com/360-reviews/privacy/antivirus
https://www.av-test.org/en/antivirus/home-windows/
https://www.tomsguide.com/us/best-antivirus,review-2588.html
Overall, you get what you pay for. If you pay nothing, expect nothing. For some that may be fine. I’d rather not chance my personal data or my PC’s by using Defender.
MS just pays (directly/indirectly) to have people say nice things about their solution. This is very well known in the industry.
Any evidence or references if it’s very well known?
Defender may minimally work for the inexperienced, less savvy, “I don’t care” crowd, but for those of us that are seasoned in IT and cyber know just how horrible and ineffective it really is. Pass!
What is even worse, in my mind, is the concept of a company having its own AV solution to protect its own insecure software. The effort and dollars spent on developing and maintaining Defender should be spent hardening the OS and Office code so its not as vulnerable. Bigger bang for the buck and much more good will will come of it.
Lastly, there are a large number of AV/EDR products out there designed to do a far better job of protecting the endpoint then Defender does. They should be mentioned. Look at Gartner and pull the top ten that include free or low cost AV solutions. Write about those so the audience has something to compare. A super quick search came up with these reputable reviews that provide more details to help users make smarter choices when it comes to protecting their data and computers:
https://www.gartner.com/reviews/market/endpoint-protection-platforms
https://www.usnews.com/360-reviews/privacy/antivirus
https://www.av-test.org/en/antivirus/home-windows
https://www.tomsguide.com/us/best-antivirus,review-2588.html
Overall, you get what you pay for. If you pay nothing, expect nothing. For some that may be fine. I’d rather not chance my personal data or my PC’s by using Defender.
Gartner at that link lists Defender at number 3 of its top twenty, with 4.4/5 stars from 1300+ ratings/reviews.
U.S. News at that link provides coupons and deals for its top ten solutions, with affiliate links (unbiased? reputable?).
AV-TEST at that link gives Defender 100% for Protection, Detection and Usability; it only falls below industry average for file copy performance. For most of last year it also scored 100% for Performance.
Tom’s Guide at that link lists Defender as its top free choice: “1. Windows Defender Antivirus — More than good enough to leave in place”.
Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge
I’m not going to get in a back and forth on this with anyone. Opinions are like you know what. No win scenario. Bottom line is we each have our experiences, we each do what we think is best or what’s simply good enough.
I was not intending to nitpick Suzan’s article, though it probably came across that way. I follow her very closely, especially around the patching stuff. Have shared her advice corporately for many years now.
However, when it comes to Cyber Security Operations, I live this stuff day in and day out. Have for my entire 22+ years in the Cyber Security field. I’ve seen my share. My opinion is educated by my experiences. But then they are just that, MY experiences. YMMV
Peace!
Gartner at that link lists Defender at number 3 of its top twenty, with 4.4/5 stars from 1300+ ratings/reviews.
I do use Defender (as installed in the OS, not the ‘Endpoint’ version) and find it sufficient for my home use. However, to clarify: When clicking on the Gartner link, the default listing of products is not in order of best to least best. It is ordered by ‘Number of Ratings, High to Low‘ which shows Defender as 3rd.
After changing the sort order to ‘Average Rating, High to Low‘, Microsoft Defender Endpoint ends up in 33rd place.
Microsoft Defender (OS version) is a different product than the Endpoint version, it seems….FWIW.
Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.
… those of us that are seasoned in IT and cyber know just how horrible and ineffective it really is.
Not all of us. Microsoft Defender does everything I want and does not get in my way. It behaves very well running in combination with Malwarebytes Premium (my license never expires). I give that combination 5/5.
Sorry Susan, I should have worded that better. I didn’t mean YOU personally. LOL I deal with endpoint security software vendors weekly. The things they say about each other!
Anywho, I personally use Malwarebytes Pro at home across 14 PC’s (lab included). Been a long term customer. Hate the annual price when it comes due, but its always worked so there’s that.
Symantec, like McAfee are to bloated. I personally don’t know anyone who uses them anymore.
ESET was great back in the day but being Russian owned is just too risky these days.
I like ClamAV for Linux hosts. They also make a Windows flavor but no real experience there.
At work we use Crowdstrike Falcon Complete. The only Defender feature we have enabled is for the DLP functionality.
The most disliked part of the MS family of security products is the logging. Just so disconnected. Living chaos. But that’s just my opinion and for a separate discussion.
Paladiun
Are you sure that ESET is a Russian owned company?
See the ESET post dated 08 March, 2022 where the company represents that it is “… headquartered in the European Union, ….”
The posting goes on to indicate that, “In response to the shocking decision by the Russian Government to invade Ukraine, ESET, … announces today that it is stopping all sales to any individuals, businesses and organizations in Russia and Belarus.”
https://www.eset.com/int/about/newsroom/press-releases/company/eset-stops-all-sales-in-russia/
After the 2022 Russian invasion of Ukraine started, Slovakia, as one of the EU countries, imposed sanctions on Russia, and Russia added all EU countries to the list of “unfriendly nations”.
Never Say Never
Paladiun
Are you sure that ESET is a Russian owned company?
See the ESET post dated 08 March, 2022 where the company represents that it is “… headquartered in the European Union, ….”
The posting goes on to indicate that, “In response to the shocking decision by the Russian Government to invade Ukraine, ESET, … announces today that it is stopping all sales to any individuals, businesses and organizations in Russia and Belarus.”
https://www.eset.com/int/about/newsroom/press-releases/company/eset-stops-all-sales-in-russia/
ESET risides in Slovakia, Bratislava for more than 30 years and still has a very good reputation.
ESET, spol. s r.o. Aupark Tower, 16e verdieping Einsteinova 24 851 01 Bratislava Slowakije Tel: +421 (2) 322 44 111 Fax: +421 (2) 322 44 109 Web: http://www.eset.com/int
For business, do you have the Defender endpoint/connected to the Office Defender – the suite that is included in either an E5 subscription or a Microsoft Business premium offering? If you are just doing endpoint without the Office and the cloud piece, you aren’t seeing the whole thing in action.
I think logging is weak in all of the products that I’ve seen. At least with E5/Business premium there is a forensic timeline that you can review.
Susan Bradley Patch Lady
“Write about those”.
I don’t pay for EDR from any of those other companies. I pay for Microsoft Business premium which includes the Microsoft Defender endpoint solution that I wrote about. I much prefer to write about solutions I personally have experience with, have used for years and recommend to others. I don’t write about antivirus that I’ve not used or would not recommend. Clearly that’s what those other web sites are for. If you want to know about what “I” recommend and what “I” use, well there you have it.
Susan Bradley Patch Lady
I used to use Kaspersky but discontinued it (with some difficulty including sending emails trying, eventually successfully, to get repaid!)
I have been using Microsoft defender for a couple of years and it’s worked well.
Regarding emails, I use Outlook 2019 and have set it so that everything goes to Junk except those I have said are Safe. This makes certain I don’t open anything accidentally.
By the way, the Outlook 2019 reminder box that pops up has just been changed by MS in an update to make it less obvious which item you are saying Dismiss (or otherwise) to. It’s really stupid!
I generally agree with sticking with the built-in Windows security tools.
Maybe add Malwarebytes Free and their ADW Cleaner as second-opinion scanners.
WDO has never worked for me on my dual-boot systems, so I can’t evaluate it.
Macrium Reflect (no longer free as of the end of 2023) and some other still free programs allow the creation of a bootable rescue media (even under Windows 11 with TPM security) designed for system recovery outside of any OS. I find I can in these environments add a Folder containing my favorite malware scanners. Kaspersky and Microsoft Safety Scanner can be run as stand-alone scanners in this way. There may be other stand-alone options. I will not speculate about Kaspersky’s relationship with a foreign government.
The web browser and email are the most likely attack routes for consumers, so paying for Malwarebytes Premium or just installing their free browser guard may help with Windows security. Other companies also offer browser guards. Some offer email scanning if you use a local client. All web based commercial email (gmail, yahoo, outlook.com, etc.) is prescanned these days, mostly with some variant of ClamAV.
Firmware and hardware infections are a very real threat now, even for consumers. (Someone with better knowledge than I can fact-check me on this sub-topic.) If one of these incidents would happen to you, you might never be able to remove the infection. Trashing the device would be your only option. And also trashing all USB devices (almost all have their own firmware) which ever had connected to that device.
If your system uses an SSD, fully wiping the drive without destroying the controller firmware is not an easy task. But there may be options, depending on your brand and model. Again, if the controller firmware got infected, trashing the SSD would be the only option. And the device might still remain infected beyond the drive.
For most practical purposes, removal of malware is time consuming and tedious. Sometimes it is impossible to avoid rescuing an infected system without wiping and reformatting and reinstalling. But most of the time, the most expedient thing to do is wipe, reformat and reinstall the OS and software. You might also consider just doing a full Windows reset, but that does not wipe the drive, especially an SSD. Keep track of your license keys!
Much more important than your choice of brands or modular vs. all in one is, use something you will understand and will keep current. And one whose warnings you will pay attention to and act accordingly. And as Susan says, the best security is a “fully patched” human.
-- rc primak
We recently experienced a significant problem with one of our workstations.
We were unable to place orders via the Internet and we kept getting intrusion warnings while our VPN was opening.
Upon further investigation, we discovered that Acronis True Image for Western Digital included a “Protection” option. It was Acronis that was sending the intrusion warnings.
We also discovered that our VPN had a “Threat Protection” option that, “Blocked cyber threats in real time.”
After disabling the VPN and Acronis threat protections our problems evaporated.
I read your article about dumping an auto renew subscription.
You apparently don’t know how credit cards work.
Dumping this kind of vendor is easy but requires some diligence.
You first find out that there is no way to cancel.
You find their snail mail address and send them a certified letter saying cancel with return receipt and mail it.
You get and save the receipt.
When you find that they have renewed you call the cc vendor and ask to cancel the transaction.
Then you cancel the card and get a new number.
The credit card vendors are well aware of this practice of making it impossible to cancel the subscription.
They make it easy to do and are set up to do it. No one can charge a cancelled card #.
For all my online CC purchases, I use a Credit Card that allows me to very easily create a virtual card for each company I deal with. This CC number is unique and can only be used by that merchant. I can very easily discontinue one CC number without affecting any of the others. Sure this creates a lot of CC numbers, but they have a browser extension that remembers all this and, in many cases, can fill in the website CC form. Unfortunately most credit cards do not offer this service, so when my old CC company stopped offering this I had to search for a new one. Currently I’m using CapitalOne and there virtual card service is called ENO. I feel a lot safer buying stuff over the internet, and after a few years of using this exclusively I’ve had zero problems and issues.
As for AV I and my clients have been using ESET for, at least, 15 years and it has performed almost flawlessly. I will sometimes see ESET warnings about websites before they load and about emails, so I have a good feeling that it does work.
-Marc
Repeating major4579’s easy way to manage subscriptions:
You can give a subscription your virtual credit card, then expire it before the next renewal. No more need to contact the company to cancel a renewal. So far, I have generated 34 virtual numbers and 28 of them auto locked after the first charge. Finally, this leaves me in control of subscription renewals. I keep a text file of all my virtual numbers to keep track of what is going on. You can unlock a virtual number if you decide to renew or re-order.
A previous credit card used for subscriptions did automatic renewals even with the wrong expire date and 3-digit code. The only solution was to cancel that credit card along with that credit card company. Some companies make it very difficult to cancel subscriptions.
Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.
If you are looking for Anti-Malware Programs, beyond the basic capabilities of Windows, it is worthwhile to review Consumer Reports’ Antivirus Software Ratings.
Consumer Reports’ also has ratings for mobile security software and password managers.
The organization represents that they are, “… an independent, nonprofit member organization that works side by side with consumers for truth, transparency, and fairness in the marketplace.”
Their product ratings are based on comprehensive quantitative reviews of the products they are evaluating
We have found Consumer Reports to be a good starting place when we are thinking about making a major/important purchase. I repeat, a good starting place. We frequently found that the products they have rated are no longer available. However, if we find a manufacturer that has a number of highly rated products we are likely to look at their alternatives 1st.
I have been using Microsoft defender for a couple of years and it’s worked well.
How do you know it worked at all ? Did it stop viruses, rootkits, ransomware, bad apps installations, bad web scripts…?
Yes. On my home pc I don’t get quite the same alerts (aka normal defender) but at the office I get alerted when an email that HAD a phishing attempt was removed from my inbox.
On the home pc I’ve had it block a download but most of the time my paranoia keeps me from viruses, rootkits, ransomware, etc, etc.
Susan Bradley Patch Lady
How do you know it worked at all ? Did it stop viruses, rootkits, ransomware, bad apps installations, bad web scripts…?
I’m not @Mike Buzzard, but I can answer that. A couple of the utilities I use are quite powerful/exploitative, and Defender blocked their installation. I had to override Defender in order to get them installed. I’ve also seen Defender block an attempt at privilege elevation.
Malwarebytes blocks some web pages from opening, Defender blocks some sites from loading. The two work quite well together. Just as I test my drive images by running a complete restore, I also test my AV/AM protection by trying to visit sites I know to be toxic.
So yes, I know they work well. I open the interface of each from time to time to delete the items they have quarantined.
For example, I prefer vendors that don’t set up automatic renewals — because those that do make it darned-near impossible to figure out how to unsubscribe. Some years back, I had a recurring subscription to an antivirus bundle that made strong claims about protecting the operating systems. I wasn’t satisfied with it, but I had a hard time finding a way to drop the subscription. Worse, I’d try on the website and think I’d bailed, only to discover I’d been charged again the following year. That particular situation was so bad that the subscription was canceled only after the credit card had expired.
Use PayPal for recurring subscriptions. They have a section on their website that lets you cancel such subscriptions directly since the charge goes through PayPal. I’ve had cause to use this and it works perfectly.
The only trick with this is not to cancel until the day before the subscription will renew because some vendors will cancel your existing service immediately when they get posted that you have canceled the recurring subscription.
I was fortunate to get a lifetime license, for one pc but transferable as I replace my desktops, to Malwarebytes Pro for $30. They still support it as I were paying their now annual full price subscription. It’s a software firewall, anti virus, anti malware solution that works in smooth conjunction with Windows Defender. Have never had a virus or piece of malware make it to any machine I’ve ever owned going back 30 years. Easy to use, runs an automatic scan daily and is always on. I use their browser extension too, free, on all browsers. Just my two cents. :^)
ESET was great back in the day but being Russian owned is just too risky these days.
For more than 30 years
ESET, spol. s r.o. Aupark Tower, 16e verdieping Einsteinova 24 851 01 Bratislava Slowakije Tel: +421 (2) 322 44 111 Fax: +421 (2) 322 44 109 Web: http://www.eset.com/int
I will say ESET has had a few problems over the years, but they have always been extremely quick to respond and fix the issues, and I am very satisfied with their A/V product. I use NOD32, not their Internet Security and other stuff. Yes, it feels it is getting more bloated, as are all others (MBAM are you hearing this) but performance is still very good and doesn’t get in the way as a rule.
Never Say Never
We all have our preferred antivirus and mine is one that hasn’t been mentioned in this thread yet. I’ve been a fan and user of Bitdefender for at least 10 years. I get the “protect 15 devices” subscription which easily covers my four PCs and two phones, and most of the friends and family who’s machines I maintain. Bitdefender’s central web page allows management of all the installations remotely. POM for me.
Many years ago, most friend’s computers I would fix would have many viruses on them. I never figured out if this was from one virus downloading all the others or if multiple unconnected events installed different viruses.
By the time Windows 10 was released, instead of virus infections which disappeared (in our group), a lot of major system problems were caused by anti-virus software, combined with other software updating. Monthly Microsoft updates would lead to no boot, and the cause would be found to be the antivirus. Or internet connectivity would fail or become sluggish and the cause was the antivirus blocking a browser. There were and are less than 6 popular browsers, how hard would it have been to check your antivirus update against 6 programs before releasing it?
The Microsoft update situation seems to have changed around the time “enablement packages” started or maybe during the pandemic. Updates to windows 10, as mentioned above, now seem to be so minor that they don’t cause disaster with antivirus software.
In my current experience, the biggest threats to friends of friends are phishing emails, browser popups that say “you are infected click here” and simply bogging down the computer by installing too much software, especially random utilities that have little use. Educating consumers I think is the best fix for these.
But, when Windows 10 support ends, I am afraid the situation will change. Will viruses rise again? What will be the best antivirus to protect unsupported Windows 10? Eh, that future is too far away to worry about right now.
I’ve been using the old “Norton Security” program – always kept up to date, of course – for years on six Win 7 and on four Win 10 machines. I also have Malwarebytes Premium on most of them, but I tend to like it less and less: too expensive and, IMHO, constantly dumbing down the wording of their communications approach. (Yes, I care about these things.)
I’m certainly no computer wizard, and I guess I’d assess myself as a cautious, conservative person in my internet usage, and maybe I’ve just been lucky over the 35 years or so I’ve been using PCs (I started on DOS on an “IBM Compatible” Sanyo machine in 1986), but I’ve never had a computer virus.
During this period I’ve used several AV programs besides Norton, including McAfee, Kaspersky, Bit Defender, and I don’t remember what else. Windows Defender is running on my Win10 machines, but it’s pretty much invisible
Now to the “point” of this rather long post (sorry): Although it’s technically not an “antivirus solution”, I’d appreciate some input on the actual protection provided by running one’s browser sandboxed, an approach offered by the program “Sandboxie”.
Thank you.
Most anti-malware packages now protect the web browser. Browsers are being increasingly isolated from the OS core, on Windows, Mac and Linux. There may not be much benefit in sandboxing web browsers these days in a separate, third party application. Linux and Windows do containers and virtualization very well without third-party tools. Linux also has Snap and Flatpak versions of browsers and apps, which offer some sandboxing features of their own.
-- rc primak
The last time I used any kind of AntiVirus program on Windows was more than 20 years ago when Windows XP was new.
I remembered I used Norton AntiVirus and AVG Free at that time (not both at the same time of course). Frequent false positives and the fact that Norton AntiVirus started to require activation to use greatly soured my impressions, and since that time I had NEVER used any antivirus program, be it Windows or (later) MacOS.
I run Windows 7 and Windows 8.1 without antivirus/antimalware programs (including the built-in Windows Defender which I consider rubbish.), and my limited experience with Windows Defender in Windows 10 (LTSC only) has convinced me it is equally annoying with lots of false positives and unnecessary quarantines. I WILL find a way to disable Windows Defender if I run Windows 10 LTSC on my computer (which I plan to start migrating to for at least some of my computers in 2023).
Please, not any kind of “advice” or “comment” about why I should not run an unsupported OS or why I should run some kind of antivirus/antimalware programs. Thank you.
Hope for the best. Prepare for the worst.
Please, not any kind of “advice” or “comment” about why I should not run an unsupported OS or why I should run some kind of antivirus/antimalware programs.
How often do you do a clean install to “freshen things up”?
Some years back, the US Navy settled on Symantec Endpoint Protection for its Windows desktop AV protection. SEP is intended for enterprise AV use, it features a centralized C&C server app with netted AV heuristics — but it doesn’t have to be used this way. The desktop client also functions as a perfectly serviceable AV standalone app. (It’s standalone by default, until the enterprise’s rules are loaded into the client.) The enterprise license also allowed USN employees and service members to download the client and install it on their personal IT. A feature of the desktop client is that once installed it seems to work indefinitely without any license renewal mechanism. AV signatures update indefinitely. What you DON’T get once your license expires is download access for updated clients.
When I retired, and trusting the product, I purchased an SEP client license for home use. Symantec eventually sold its enterprise products to Broadcom. The transition was not without hiccups.
I have no idea what the Navy is using these days.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
S | M | T | W | T | F | S |
---|---|---|---|---|---|---|
1 | 2 | 3 | ||||
4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 28 | 29 | 30 |
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.