Friday, March 25, 2011

What Anti-virus should I buy? What will protect me the best?

"What Anti-virus should I buy?" is a question I get a lot. My answer really depends on the individual. If you have abundant funds and an incredibly powerful system then resource hog software like Norton Antivirus isn't a bad solution, it's demanding, but does a good job. On the other hand I work with many individuals who cannot afford to go out and plunk down $60/$80 for antivirus software, even $30 is too much in some cases. A number of free antiviruses exist, but they're often stripped down versions of the professional versions and offer fewer on demand protection features.

Legitimately licensed Windows users might want to consider Microsoft Security Essentials. At the time of this writing MSE is free. MSE runs a validation program to check and see if your Windows is genuine. I've installed MSE on a few dozen systems and found it doesn't offer enough protection to prevent malware, but it is free, without a toolbar payload (at least for the moment), and I've used it to successfully remove some malware other programs have missed.

Another great program to consider is Avast's free antivirus. Take note that the free version of Avast expires in 30 days if you do not register it. The free version of Avast currently allows you to register for free by sending your email address and information via the register button in Avast. There are paid versions as well that work slightly differently and offer more features. I like Avast for a few reasons: a) there's a free version, b) registering gives you a year of free updates, c) the detection rate is pretty  good, d) it's not as resource intensive as other antivirus products, e) it seems to work well with Malware Bytes, an excellent free anti-malware product (note it too allows you to register and it's probably worth throwing them a few dollars).

One of my friends is a big fan of Avira Anti-virus. Avira also has a free version. I've used it a few times to check systems other antiviruses have reported clean and it found infections. But just because an antivirus finds an infection another doesn't does not mean it's a better anti-virus. In a number of cases I've found that removing malware involved a combination of antivirus software, anti-malware software, registry edits, trojan removing software, and good old msconfig (a program in Windows XP that allows you to check off which services and programs run at startup).

Malware Bytes (Mbam) is a slightly different beast than Avast or Avira. MBAM doesn't look for viruses, it looks for other types of infections, such as rogue BHO, Browser Helper Object programs. There are a few BHO programs that are legitimate programs such as the Google Toolbar, but the vast majority of BHO programs these days seem to be malware that either redirect you to other sites, pop-up nasty windows, or deliver some other nasty software to your PC. Malware Bytes doesn't take up a lot of system resources, but it also doesn't have on-demand protection (at least not the free version). I like it a lot because it seems to work in conjunction with Avast. Sometimes when scanning with Malware Bytes Avast will pop up and find something Malware Bytes trips over.

There are many other programs out there well worth considering. I've named a few I like, but they're not the only, nor necessarily the best solution in each case.

As a Linux fan my first preference is to suggest Linux. But I'm also a reasonable person and recognize that not everyone is ready to accept Linux as a solution and in some cases it's not a good solution (I never did get Diablo II LOD to work as well as I would like under Cedega or Wine, the original Starcraft worked beautifully though). I do the majority of my work under Linux and I've worked with all the popular Linux distributions as well as quite a few obscure distributions. It's cool, but it's not for everyone.

So what is the antivirus for everyone? If I had to answer I'd say none. The best antivirus is you. If you practice good computing practices (don't go to web sites you don't know, don't open email attachments, use a limited account, use Google's Chrome web browser (Firefox is good too, but version 3.x or less still didn't have the operate in a sandbox feature) you're less likely to get malware. It doesn't mean you won't, but you're less likely than someone who just accepts everything they see in front of them.

Welcome, what's this, who are you - Scooby Doo?

Over the past 20+ years threats to computer software have multiplied like cockroaches in a slum - it's not a pretty sight. There's lots of advice about protecting systems from threats, but much of it is ignored, or doesn't work because new threats are more sophisticated and better disguised.

This log exists because PC threats are increasingly more sophisticated. It's my way of not only documenting the threats and methods used to remove them, but to voice the frustration IT people feel when faced with the daunting task of trying to maintain data on systems that are severely infected.

I'm not Scooby Doo. I don't always have the answer, which is the second reason I started this log, to give voice to others who may have run into some of the same malicious software (aka malware). However because of the nature of my work (rebuilding and repairing PCs) I get the opportunity to see a very large amount of infected computers.

This is their story...