Tuesday, February 10, 2009

Anti-Virus Programs

Since I get a lot of questions about anti-virus programs, I thought I would try to give a very brief and basic overview of how anti-virus and other anti-malware programs work.
I would particularly like to concentrate on the free programs since a lot of people are using them. The main free anti-virus programs that I am aware of are AVG, AVIRA, and Avast. 

As we all understand viruses, spyware - that is malware is constantly flooding through the Internet, searching like a parasite for a host to live in (i.e., your computer). One of the means for protecting your computer from malware is to have various anti-malware programs constantly on the lookout. I'll just refer to all anti-malware programs as AV Programs for short.
All AV Programs must update themselves. All free AV Programs automatically update only once a day. Let's say you're using a free AV Program. It updates at 00:00 Monday just after midnight. It's next update will occur 24 hours later. Between these updates, new malware is being created and released. Most are just versions of known malware and will probably be detected. But some will be unknown to your AV Program. Maybe the AV Program will nonetheless find the malware suspicious and block or quarantine it. But there is the possibility that the malware will get through and infect your computer.
Now most AV Programs that you purchase update every hour, half hour, etc. You can even set them to probably update every 5 minutes. The window of opportunity for a new malware is thereby narrowed. 

Another consideration is the fact that once a new malware is discovered, there is still a period between the moment of its discovery and the moment, when the companies that develop AV Program release an update for that particular malware. So, again the malware has the advantage.

A final consideration is how good your AV Program is.  Provided below are the results of about 5 years of testing done by Virus Bulletin on some of the more well-known AV Programs. I have listed them in hierarchy of number of "successes". In other words the AV Program based Virus Bulletin's test. One should note, however, that many AV Programs were not tested (No Entry). As I recall I believe it is up to the company producing the AV Program to submit their program to Virus Bulletin for testing. Also the failures are over a five-year period, so the failure may have occurred just last month or 3 years ago. One other note is that the products may not have been tested just against Windows, but against other operating systems (e.g., Mac, Linux, Unix), but also different versions of an operating system (Windows 2000, Windows XP, Windows Vista). So, say for example should Sophos submit their product for evaluation in January 2009 for testing on Ubuntu Linux and it passes, they don't get a No Entry score, although maybe they didn't submit Sophos for testing against Vista. Finally, I should note that a failure does not necessarily mean that the AV Product let malware through. Looking through the failures I see that a lot of them are because the AV Product falsely identified a legitimate program as a virus (a false positive). So, the scoring below is not completely fair to the products. 

As for my opinion of these products. Although Symantec has a good rating, I find Norton very intrusive and pain to deal with at times. That doesn't mean it's not a great AV Program, just that I don't care for it a lot. 
Sophos is my personal favorite, but it is marketed more for corporations, than for personal use. They seem to be changing this policy.
It is my understanding that Kaspersky is also supposed to be a great AV Program. Whereas I have never used it, I cannot provide any personal assessment.
McAfee. I haven't used McAfee is ages. I have seen it installed on computers and it seems less intrusive as Symantec. 

As for the Free AV Programs, for years I have been recommending AVG. In my experience it has done quite well. Many people out there are saying Avira is much better than AVG. I have been using Avira on one computer to try it out. The one thing I don't like about Avira is that every time it updates it brings up a screen asking you if you would like to upgrade to the paid version. Kind of annoying, but worth it if it provides better protection. I have included also Avast, since it is free. However, I cannot advise using Avast on a Windows computer.


Symantec (Norton)
48 Success / 6 Failure / 8 No Entry

Sophos
45 Success / 15 Failure / 2 No Entry

Kaspersky
45 Success / 17 Failure / 0 No Entry

McAfee
38 Success / 21 Failure / 3 No Entry


The following are Free AV Programs

AVG (Grisoft)
25 Success / 22 Failure / 15 No Entry

Avast
28 Success / 23 Failure / 11 No Entry

Avira
16 Success / 3 Failure / 43 No Entry
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Hacking Into the Past

In my youth, I would take apart various electronic games, un-soldering and re-soldering them, and taking pride in the fact that that the suc...

  • Tidbits
    Microsoft Bashing or Truth-Telling?  The designers of a new laptop set their goal to create a mobile computer that will be easy to operate. ...
  • An Android Guide
    Having switched from an iPhone to an Android smartphone (specifically, Google's Nexus One), I would like to provide this guide on how to...
  • Hacking Into the Past
    In my youth, I would take apart various electronic games, un-soldering and re-soldering them, and taking pride in the fact that that the suc...