From http://techsupportalert.com/issues/al_current.htm
In the last three issues I outlined my revised approach to computer security. This new approach is not idle speculation but the result of over a year of intense testing of modern malware agents as well as the latest security products.
At the heart of this approach is an increased emphasis on preventing malware ever getting onto your computer as opposed to trying to detect it once it is on your PC or removing it if it manages to infect your PC.
The key to prevention is the use of good personal security practices combined with the use of a sandbox for surfing, opening email attachments and installing any unknown programs. This approach is fleshed out in more detail here:
http://techsupportalert.com/issues/issue141.htm#Section_0
This approach however, is not enough by itself. You still need active protection on your PC, but not as much as you would need if you adopted a less proactive approach to preventing malware from getting on your PC.
If you use good security practices as well as a sandbox, you only need one, maybe two active security products running on your PC. If you donât, youâll possibly need three or four.
So, if you only need one or two active security products, what are the best choices?
Without a doubt the first product should be an anti-virus scanner. Thatâs because AV scanners offer more powerful detection and protection than anti-spyware, anti-trojan and other specialized security products. Not only are they more powerful they also have the ability to detect a wider range of malware menaces than the other products. Indeed good AV products can detect trojans, keyloggers, spyware and rootkits in addition to viruses and worms.
The choice of a second product is moot. Indeed it may not even be required but more of that later. Today we will look at AV scanners.
Letâs first consider the requirements:
-
The product must have good, broad spectrum scanning detection. It needs to be able to detect any malware you have downloaded in your sandbox before you run it. Similarly it must detect anything that you have accidentally downloaded or copied to your ârealâ PC. In other words, it must work well within and outside your sandbox.
-
It must have a first class memory monitor. Some malware programs are so well hidden that they canât be detected by file scanning however they can almost always be detected by a good monitor when the malware is run.
-
Email protection. Although I recommend opening email attachments in a sandbox, itâs useful to know an attachment is infected before it is opened.
-
Self protection. Modern malware products routinely will try to pull down your defenses. The best security products actively defend themselves against been terminated by hostile agents.
-
Protection against new, previously unknown threats. The exploitation of previously unknown product flaws (so called zero day threats) is becoming increasingly common. Thatâs why you need a product with good behavioral/heuristic detection in addition to signature based detection.
-
Polymorphic detection. To avoid detection by their signature, modern malware threats are commonly coded using a technique called polymorphic encryption that ensures each individual copy of the threat looks different to any other. The best scanners can still detect these rodents despite their disguise.
-
Resource usage. Protection is a good thing but you still want your PC to be run quickly.
Letâs see how some poplar AV scanners shape up. My main emphasis is on free products but Iâve included several well known commercial products as well.
In the table below, Iâve rated the products on a scale of 1-5, with 5 being the best rating. My ratings are based on information from a wide set of sources including my own published tests, AV Comparatives and the Virus Bulletin.
[tr][td]Product[/td][td]Price[/td][td]File Scanner[/td][td]Memory Monitor[/td][td]Email Scanner[/td][td]Self Protection[/td][td]0-Day Protection[/td][td]Polymorphic Detection[/td][td]Resource Usage[/td][/tr]
[tr][td]AOL AVS[/td][td]Free[/td][td]5[/td][td]5[/td][td]5[/td][td]3[/td][td]2[/td][td]4[/td][td]2[/td][/tr]
[tr][td]Alwil Avast![/td][td]Free[/td][td]4+[/td][td]4+[/td][td]4+[/td][td]1[/td][td]2[/td][td]2[/td][td]5[/td][/tr]
[tr][td]Avira AntiVir[/td][td]Free[/td][td]5+[/td][td]5+[/td][td]-[/td][td]1[/td][td]5[/td][td]5[/td][td]4[/td][/tr]
[tr][td]Grisoft AVG[/td][td]Free[/td][td]4[/td][td]4[/td][td]4[/td][td]1[/td][td]1[/td][td]2[/td][td]5[/td][/tr]
[tr][td]BitDefender AV[/td][td]Free[/td][td]5[/td][td]-[/td][td]-[/td][td]n.a.[/td][td]4[/td][td]4[/td][td]3[/td][/tr]
[tr][td]Kaspersky AV[/td][td]$49.95[/td][td]5[/td][td]5[/td][td]5[/td][td]3[/td][td]2[/td][td]4[/td][td]2[/td][/tr]
[tr][td]Eset NOD32[/td][td]$39.00[/td][td]5[/td][td]5[/td][td]5[/td][td]5[/td][td]5[/td][td]5+[/td][td]5[/td][/tr]
[tr][td]Norton AV 2007[/td][td]$39.99[/td][td]5[/td][td]5[/td][td]5[/td][td]5[/td][td]2[/td][td]5+[/td][td]1[/td][/tr]
As you can see, Avira Personal and AOL AVS are on balance, the best of the free products though neither is without problems.
The free Avira lacks an email scanner; thatâs only available in the paid version. The self protection is also poor - it can be terminated with Windows Task manager. The free version also constantly nags you to upgrade.
The Kaspersky-based AOL AVS lacks the html scanner found in the full Kaspersky product and consequently doesnât offer the same level of protection against hostile sites. Itâs also quite heavy on resources and is not suitable for slower PCs. AOL AVS can be terminated by a hostile agent as well, though it puts up more of a fight than Avira. Finally, the AOL end user licensing agreement (EULA) has some worrying features including the right to send you unsolicited email and to give your email address to third parties.
Aviraâs lack of email scanning and AOLâs problem with hostile sites can be set aside if you are prepared to do all your browsing in a sandbox and to only open your email attachments in a sandbox. If you have the discipline to do this then you have two fine products available, though unfortunately both can be terminated. Of the two, I would lean towards Avira as itâs lighter on resources and doesnât have the problems of the AOL EULA.
But most users lack the discipline to consistently use a sandbox. They may aspire to do so, but pressure and circumstance may not allow it.
If thatâs you then I suggest you consider one of the commercial products, as I donât think the other free products are fully up to the task. AVG and Avast! have poor detection of polymorphic and 0-day malware in addition to having limited self protection while the free BitDefender lacks a real time monitor as well as email scanning.
Of the commercial products I favor NOD32 as it provides first class detection, yet is light on resources. The $19.95 paid version of Avira is also a fine choice, providing the same or slightly better protection as NOD32 at the cost of slightly heavier resource usage. Kaspersky and Norton AV are also sound options provided you have a fast PC.
If you are an average user and you follow the safe practices I suggested at the beginning of this editorial and combine that with one of these commercial AV products, then thatâs all the protection you probably need. High risk users such as P2P users will need more but thatâs a separate story.
If you simply canât afford to buy a commercial product, there are other options. Thatâs what Iâll be talking about next month. See you then.
Declaration of interest: I do not sell, derive any commission from nor carry advertising for any of the products mentioned in this editorial.
Gizmo