Anti-Virus Effectiveness Question

I would like to know from the computer geeks here on the Dope what, if any, the major differences are in terms of effectiveness between free Anti-Virus programs and paid versions like Norton, McAfee, etc.

My question is more directed at the ability of these software programs to detect and stop incoming viruses and their respective ability to remove such viruses from an infected computer.

Its readily apparent that some programs are more resource-heavy than others…is there any additional protection afforded by processing-hogs like Norton versus a simple, free AVG version?

What’s the dope?

Thanks in advance.

Virus Bulletin has a 100% certification program – antivirus that hits 100% of all the viruses they use to test can brag about it. All major antiviruses pass this test.

In any case, antiviruses are essentially equally effective. For a new virus, one might detect it sooner, but something else will detect the next new virus sooner than that. The differences are minor.

So in this instance, “you get what you pay for” is essentially untrue?

FTR, I believe it to be true. I use shareware on this machine only (just Avast and Malwarebytes) and I feel pretty safe. I had Norton on an older computer a few years ago and I hated it. I’m just wondering if there’s another side to this. Is there any argument for the paid anti-virus software, or the paid versions of the freeware versions that are readily available?

Are there hackers/virus creators that go “Pfftt, we can run an end-around on AVG, but Norton, holy shit, we can’t crack that sucker!”???

Pretty much - in fact, the opposite may be true. Some of the paid-for solutions enjoy a market share gained by bundling with new systems or piggyback installs with other popular programs (I think my last Flash Player update tried to install Norton as a default option).

IMO, this reduces the incentive for their solutions to be quite so efficient, especially in terms of footprint and impact on normal operation.

FoieGras, I agree that Norton absolutely sucks. It slowed down my computer so much that I had to remove it. Once I removed it the computer was speedy as normal. Trend Micro is a good one.

Antivirus software is a commodity. And like all commodities (i.e., things where there is no difference between brands or manufacturers), it should be purchased on price.

Can you elaborate on what you mean here, because I am under the impression that there is a difference between brands/manufacturers and that price may or may not have much to do with it.

Not really. There are large virus databases AV programs are run against and they all do something like 90+% detection rate.

An AV app isnt a difficult application to create. It just does checksums of files and compares those to a database of known viruses. A small team could manage a competitive virus database. Open source ClamAV’s database is created by submissions from volunteers.

That said, I think theyre all pretty terrible at cleaning up infections. Most of them do nothing more than try to move or delete the file that matched the checksum. They usually leave all the reg entries and whatnot alone.

The Microsoft Security Essentials is based on the pay-for Forefront AV product. Most vendors’ free products are just the main version sans a few features. Its the same database and codebase.

Some do better QA than others. AVG is notorious for false positives and instability. Norton is notorious for bloat and slow speeds.

Well, yes, there is an additional protection : the big hogs try to check every process and file transfer/creation/modification in real time, including stuff coming in and out. That’s why they slow your computer down so much.

However, since :

  • 99% of those are bog standard OS processes and the programs you’re running
  • your chances of actually catching a virus off the internet as J. Random User are minute*, and
  • when you do you tend to know it immediately on account of your computer going all wonky, at which time you either run a free antivirus/antimalware/adremover system scan which solves the problem, or worst case scenario do a format/reinstall that’ll take you a couple hours at the most

the cost/effect of such “added protection” is highly debatable.

Hardcore real time protection is worth it on, say, a mail server, the company’s web gateway or the kind of machines that just *have *to be up at all times or people DIE. But on a home workstation ? Bah.

(* as long as you don’t open random attached files mailed to you by strangers, visit really dodgy porn or pirate sites, etc…)

The paid version will give you access to technical support, in the event you need one. The free one will have a forum, but that is not as quick and may not help. In addition, the paid one will update sooner than the free one. For example, AVG 9 was available to the Pro weeks before it was available to the free version.

I have to disagree.

Paid versions of AV software can be better in a number of ways than the free stuff.

First of all there are a variety of attacks out there and not only viruses. Spyware, worms, trojans…lots of things. Often the free stuff has gaps in it (frequently because they want you to like their product then pay for a full protection suite).

Second, people writing viruses are known to program around popular free AV programs. I found one a few years ago that actively saw AdAware and did an end run around it. On the flip side the recent PDF exploit that has been out actively did nothing if it saw Kaspersky (and one other). Something about those programs more active protection made the virus actually shut itself down and not attempt to hijack the system (I presume to remain hidden).

I agree Norton sucks. Yeah it does what it advertises but it is the worst kind of bloatware and gets insinuated in all sorts of unwelcome ways on your system and slows it waaaaay down.

Personally I use Kaspersky and while it is a bit pricey compared to others it works like a charm. It can be unobtrusive or enable all sorts of advanced features for an advanced user if they care. It is also quite speedy and does not notably slow my system at all.

YMMV of course but I would not rely on free stuff unless your computer use is very basic (e-mail, a bit of web surfing to sites you are sure will be safe like here).

Free AV programs all pretty much do the same thing at the most basic level; virus information is available to all AV companies so they’re all going to maintain more or less the same robust definition files to catch viruses and such.

There are some differences between paid AV software though. Some might give you extra protection in the form of scanning for spyware and other malware, some might offer heuristic virus detection that ostensibly monitors the behaviour of programs to determine if they are exhibiting virus-like behaviour (attempting to spread to other executable files, hijacking the TCP/IP stack to E-Mail copies of itself, attempting to disable AV software, etc.), some might offer firewalls, POP3/SMTP interception to catch E-Mail viruses before they even reach your mailbox, web link scanning, blacklists/whitelists with maintained lists of known spam domains, etc.

There’s a lot of variety when you get beyond the basics and not all offer the same degree of “extras.” The down side to all of these extra perks is you can end up getting bloated, inefficient software that bogs down your system. coughNortoncough

Personally, I use AVG Free, and it’s worked quite well.

AdAware also has a Pro version. The free version will not block malicious IP addresses that try to access your computer. It will not block rootkits or other viruses. It should be used as an adjunct to an antivirus.

The free version of an antivirus gives the same protection as the paid, but it will give you a newer version later and will not give technical support. You can buy the entire antiviral suite, which offers more protection for more malware (the same malware that AdAware, SuperAntispyware, etc) affords, but the antivirus part is the same as the free.

Oh, I should also point to ThreatFire. It is an adjunct to existing AV software that adds a heuristic, predictive form of virus detection to any AV software. The graph on the main page is almost certainly based on ideal conditions, but being that it’s an extra layer of protection, and pretty lightweight and unobtrusive, it’s probably worth checking out. It is NOT meant to replace your existing AV software though.

My stepdaughter has infected our laptop twice recently allegedly ONLY visiting MySpace layouts, Photobucket, etc, websites that AFAICT do not have viruses.

The first time it happened was when we were relatively unprotected, the second after I installed Avast and Malwarebytes.

Malwarebytes seems particularly vulnerable to the disabling of the “mbam.exe” file being disabled by relatively common viruses. Right now I have a Vario virus, and despite Avast removing many trojans, the whole computer is hijacked (she “noticed the computer was running slow and popups happening” TWO WEEKS ago and didn’t tell us, which of course allowed the virus to propagate itself to its fullest extent) and now its stuck in a logon/logoff loop.

I’m looking for the XP disk to reinstall the OS now. I don’t think I have any other options.

Anyway, on this machine here, and my other PC downstairs, Avast and Malwarebytes have kept me feeling relatively secure. The laptop is my wife’s, I told her not to let our teenager use it unsupervised, and now its toast.

Yes, that much is true. However, there’s a simple fix : simply rename the .exe file to anything else, as well as the directory it’s in, and you’re fine.

As for the logon/logoff loop, if she’s running windows XP (I have zero experience of Vista/7) you can usually root it out by starting the machine in error free mode (usually : F8 between BIOS and windows startup proper. Might be weirded on laptops - again, little experience there)