Page 1 of 4

Which Security Suite/Anti-virus package do you use?

PostPosted: Thu Nov 18, 2010 12:26 pm
by Bob Andersson
Hi folks,

This thread is primarily aimed at Windows users but others may, of course, chip in. For the record I use the free Sophos anti-virus package for my MacBook Air.

But this post is about Windows 7 (Ultimate x64) and my decision to dump Kaspersky ISS 2011 on my main machine. My reason is documented at great length here but, to be fair, I've not seen a similar performance issue on my much simpler Media PC.

Anyway, having over the years run anti-virus software from PC Tools, McAfee, ZoneAlarm, Norton/Symantec and most recently Kaspersky I seem to see a repeating trend: the software starts out lean, mean and fit for purpose and ends up bloated, cranky and occasionally quite offensive. A bit like me as I progress past middle age. :twisted:

After reading a few reviews and, in particular, taking note of the excellent scores (both in the "On-Demand Comparative" and "Retrospective/Proactive" tests) at AV Comparitives I've installed a trial of G Data's InternetSecurity 2011. A number of reviews have pointed out that this program has a fairly large RAM footprint but the detection/protection rates appear to be inarguably excellent. And, in stark contrast to my recent 12 to 120 second delay in start up courtesy of Kaspersky, I'm getting from Password to Desktop in just five seconds with a fresh install of G Data InternetSecurity 2011. If that changes I'll keep you posted. First impressions are very good - the interface is deceptively simple but you can drill down into some quite detailed settings if you want to. Best of all, so far at least, the program is unobtrusive though no doubt I'll be getting a few reminders as I get towards the end of my thirty day trial. Pricing looks quite attractive too, with only a very modest supplement for a 3 PC licence over the cost of protecting just one machine.

So what ISS or Anti-Virus software do you use? There'll be lots of forum members who use the more common packages but it would also be good to hear from those who use the slightly more unusual ones. 8)


P.S. Beware the increasingly common fake anti-virus packages. According to this PC Pro article the top fake anti-virus programs, with percentage of infections, are:
  1. SystemGuard2009 (12.51%)
  2. MSAntiSpyware2009 (11.67%)
  3. MalwareDoctor (8.14%)
  4. AntimalwareDoctor (7.21%)
  5. AntivirusPro2010 (4.57%)
  6. SecurityMasterAV (3.62%)
  7. Adware/SecurityTool (3.38%)
  8. ISecurity2010 (2.81%)
  9. SecurityEssentials2010 (2.39%)
Reminder: These are all fake anti-virus programs!

PostPosted: Thu Nov 18, 2010 1:51 pm
by grahamnp
"I seem to see a repeating trend: the software starts out lean, mean and fit for purpose and ends up bloated, cranky and occasionally quite offensive."

That's exactly what I've noticed. Been using the past 3 iterations of Kaspersky's anti virus and each one seems to have gotten worse.

How are you finding Sophos for the Mac? Was tempted to install it but removing AV software on Windows is a pain so I wanted to see what other people thought before I tried.

PostPosted: Thu Nov 18, 2010 2:44 pm
by Bob Andersson
Hi Graham,

Sophos for the Mac installed just fine and I've not even been aware of its presence since, apart from a little shield at the right of the menu bar.


PostPosted: Thu Nov 18, 2010 3:02 pm
by grahamnp
Thanks Bob

PostPosted: Thu Nov 18, 2010 3:04 pm
by theorigamist
I use Linux full time now, but when I used to use Windows I always liked AVG Free. It was very light on system resources, free, and I never got a virus.

PostPosted: Thu Nov 18, 2010 3:21 pm
by Razvan
I use Avira. Works great,as efficient as Kaspersky & less resource consuming.

PostPosted: Thu Nov 18, 2010 4:21 pm
by Citruspers
Microsoft Security Essentials

Free, free updates, lightweight, doesn't bug me about everything it does, and great protection according to the experts. Ditched AVG because it got annoying.

PostPosted: Thu Nov 18, 2010 4:41 pm
by DarkSoul
I'm mostly using Linux but I need sometimes windows too. I've Avira on Windows because it's for free and doesn't take much performance, but the updater is annoying. It minimizes games at the worst moment.

PostPosted: Thu Nov 18, 2010 5:13 pm
by Bob Andersson
Hi folks,

Thanks for the feedback so far. I was certainly tempted by Avira but then I read a review which asserted that one of its components couldn't be used on 64 bit versions of Windows, a fact confirmed by Avira here. But try finding that out from the Avira main product pages! That left me in doubt about the validity of the excellent "On-Demand Comparative" test score at AV Comparatives. AV Comparatives gave AVG a score of just 73.1% for "Scripts" in their August test and Microsoft Security Essentials fared little better at 88.1%. Sophos was as bad as AVG at blocking malicious scripts, a fact I am not happy acknowledging as I'm currently using Sophos on a Mac though at least OS X is, as I understand it, more resistant to attack in its own right.

By comparison my own choice of G Data to replace Kaspersky on Windows 7 x64 achieved a 99.9% score on scripts and, coincidentally, a 99.9% overall score. Kapsersky's figures were 93.5% and 98.3%.

But, as I understand it, these tests were done against known threats that arguably should have been included in the ant-virus signature updates which, to my untutored eye, makes any score not in the high nineties quite surprising.

At least as interesting is the performance of the various programs when tested with slightly out of date signature updates. The most recent one that AV Comparatives have done was back in February this year. They tested new malware that had appeared in just one week since the last signature update and the detection rates for worms, backdoors, trojans and other threats dropped dramatically. Overall scores were 53% for Avira, 34% for AVG, 61% for G Data, 59% for Kaspersky, and 59% for Microsoft. A graphic illustration of why it's important to let one's security suite keep itself up to data as frequently as possible. I don't have figures for any others but I'm happy to report that G Data updates every hour.

By the way, as I've quoted very selectively from the AV Comparatives reports I think I should urge those interested to read the reports in detail together with their testing methodology. They test 20 products each time and while they concentrate very much on just one aspect of performance I think the data they provide is essential reading when used in conjunction with the more usual magazine style reviews.


PostPosted: Thu Nov 18, 2010 5:29 pm
by Razvan
(true about Avira,me - I'm still running Xp because I find pointless an upgrade to Win7,until I change my PC hardware configuration all togheter)

PostPosted: Thu Nov 18, 2010 5:41 pm
by popo
I currently run... NONE on my main system. Guaranteed no performance drop! I have yet to find one unintrusive enough for me to put up with.

The biggest two issues I have in general are:
1 - excessive slowdown, particularly when accessing large files
2 - excessive false positives, particularly of "potentially unwanted software"

The only AV I've even stood to install have allowed me to install and TURN OFF all scanning except manual on demand, without nagging continuously that it wasn't turned on. That was the older versions of AVG but they've since gone the way of the bloat. MSSE is now the least worst to me.

Sorry, but to me the whole AV industry is built on invoking unnecessary paranoia. I do manual scan occasionally and I haven't had a confirmed virus or malware in a decade.

PostPosted: Thu Nov 18, 2010 6:00 pm
by Bob Andersson
Hi popo,

OK, I'll 'fess up and admit I don't run any anti-virus software on one of my Windows machines. Mind you, it's not connected to the Internet or any other computer at all! :twisted:

With the proliferation of buffer overrun vulnerability discoveries, some of which have actively been used in the wild (example), I think you might be walking a bit of a tightrope. And rootkits can defeat some scans. That said, if one is scrupulously careful in one's use of the Net and one has a solid hardware firewall then maybe one can survive without being compromised... :?


PostPosted: Thu Nov 18, 2010 6:13 pm
by Citruspers
As a system administration student with a passion for security, I can confirm what Bob says. Viruses are soooo 2002, driveby exploits is where it's at. You could be infected by a buffer overflow in flash, which installs a rootkit into your system and you could never know it (because virus scanners essentially rely on the kernel to list the files, and that's where a rootkit sets up shop).

PostPosted: Thu Nov 18, 2010 6:25 pm
by popo
As a matter of routine I do keep an eye on network and processor usage, so if there was anything doing much I'd probably notice anyway.

I guess I have to stress I'm not your average user. I know what I know, and also what I don't know. I do use a variety of other non-intrusive risk mitigation methods. Certainly I couldn't suggest everyone do what I do! I still believe that reports of risks are far over hyped.

PostPosted: Fri Nov 19, 2010 5:07 pm
by Citruspers
I've read some Hakin9 magazines and they are quite eye opening. Unless you do some packet filtering on a seperate device on the network, you probably won't know what's being sent. Just a tiny payload, hidden in a URL (GET parameters) containing your credit card information.

So no, I wouldn't call the risks overhyped. However, by using anything but internet explorer, blocking flash by default (and possibly noscript if you're serious) you are 99% protected.