Anti-malware software for Windows 7

[TDeacon]

(text removed)

Right now the AV market is a bit of a train wreck.

In my experience, it usually has been this way, at least with the Symantic products I used with XP. 

(text removed)

edit: after all that I had a look around at stuff again, for SMB/Home I would look at Webroot.

QUESTION 1:  If I don't want to pay $500. for the latest Enterprise AV technology, and am therefore stuck with signature-based, you are recommending Webroot instead of say ESET Nod32?

QUESTION 2:  Why, from a technology perspective?

Mark H. 

[Vulcan]

In my experience, it usually has been this way, at least with the Symantic products I used with XP. 
 
QUESTION 1:  If I don't want to pay $500. for the latest Enterprise AV technology, and am therefore stuck with signature-based, you are recommending Webroot instead of say ESET Nod32?

QUESTION 2:  Why, from a technology perspective?

Mark H.

Webroot and Cylance are using big data, heuristics, AI, behavior recognition to identify malware. This method detects unknown malware (and known malware).

Eset primarily relies on signatures. This method only really detects known malware.

AV such as Eset, McAfee, Symantec are all based signatures with a little heuristics and behaviour thrown in. However this usually picks up minor variants to known malware. Not something completely new or a significant changed variant to a known malware.

This is essentially why people get raped by crypto-ware infections. They are usually changed enough to get past signature based protection.

Eventually the signatures catch up, but until they do there is a window of opportunity.

As an example, one of my customers is sending me samples that are coming into his email server. He is a reseller who manages IT for a handful of small business users. He currently scans with Eset, McAfee, Kaspersky, and Cyren. From this month alone I have around 30 new not seen before malware samples that sailed through the above AV engines. And remember this small business stuff from a single site in New Zealand.

How do I know they are malware? Because I'm testing a new email scanning version of one of our products and it picks them up.

[Skuzzy]

As far as malware goes, Malwarebytes is much better than ESET.  ESET has an edge over Norton and McAfee in that it also has a significantly smaller footprint and really has almost zero impact on games when they are included in the ignore list.

Personally, I detest all of them and just live with disabling the delivery mechanisms for it all.

[AKIron]

Webroot and Cylance are using big data, heuristics, AI, behavior recognition to identify malware. This method detects unknown malware (and known malware).

Eset primarily relies on signatures. This method only really detects known malware.

AV such as Eset, McAfee, Symantec are all based signatures with a little heuristics and behaviour thrown in. However this usually picks up minor variants to known malware. Not something completely new or a significant changed variant to a known malware.

This is essentially why people get raped by crypto-ware infections. They are usually changed enough to get past signature based protection.

Eventually the signatures catch up, but until they do there is a window of opportunity.

As an example, one of my customers is sending me samples that are coming into his email server. He is a reseller who manages IT for a handful of small business users. He currently scans with Eset, McAfee, Kaspersky, and Cyren. From this month alone I have around 30 new not seen before malware samples that sailed through the above AV engines. And remember this small business stuff from a single site in New Zealand.

How do I know they are malware? Because I'm testing a new email scanning version of one of our products and it picks them up.

We just picked up a new client whose last MSP had them on Webroot. We spent a lot of time on the phone with Webroot yesterday trying to get it removed. It had for an as yet unknown reason to us started growing the c:\windows\temp\wrlog.log file until there was no room left on drive C on all of their Windows 2012 servers. I personally use Avira.

[Brooke]

I currently use Bitdefender.  I'm reasonably happy with it.

I used to use Avast up to a year ago or so, which previously I was fairly happy with, but there was something that cropped up that I didn't like (don't remember the details anymore).

At that point, I looked at
https://www.av-comparatives.org/

and based on ratings there tried out Avira (which I hated), Trend Micro (which I merely didn't like), and Bitdefender (which I liked).

With antivirus software, I find that there's a product I'm happy with, but they continue to add features, complication, and more resource/performance burden; and then I switch to something else that I'm happy with, but they continue to add features . . . and so on in an endless loop with periodicity about 2-4 years.

For free antivirus, I'd probably try Avast again.

[TDeacon]

(text removed)

For free antivirus, I'd probably try Avast again.

Just to be clear, the OP is perfectly willing to pay up to $100. per year, but it would need to be unobtrusive, and something more than signature-based.  If just the latter, then I'll have to settle for less than $50. per year, and reinstall Windows every 3 months (...). 

MH

[Beefcake]

I've used Norton, AVG, Avast, and for the last 8 years our so I've used ESET. So far I've never had any known problem and I think ESET does a good job. However, I'm still of the opinion that the best AV software is the person behind the monitor and I (for lack of better terms) don't venture outside of a small circle of websites and game programs.

I think Skuzzy has the best solution of just closing down all the loading docks so to speak but I'm not computer smart enough to fine tune my machine. I just use AV software, malwarebytes scans and safe web-surfing to hopefully keep my machine clean.

[Brooke]

Just to be clear, the OP is perfectly willing to pay up to $100. per year, but it would need to be unobtrusive, and something more than signature-based.  If just the latter, then I'll have to settle for less than $50. per year, and reinstall Windows every 3 months (...). 

MH

Even though it's free, I think Avast is decent -- I just liked Bitdefender better back when I switched about 1.5 years ago.

Both use heuristics, signatures, content filtering, etc., and AV comparatives tests how well they do on real-world viruses and malware, testing more than just signatures but all the other stuff, too.

We've things like Avast and Bitdefender for many years at home and on lots of machines at work (about 50 computer-years of operation doing lots of browsing and e-mail use every day).  In all that, one machine (as far as I know) got infected with something, and that was the result of opening a malicious e-mail attachment.

[TequilaChaser]

I use ESET smart security and have done so since about 2004 or so, along with using Malwarebytes <---- scanning with it about every 1 to 2 months with it

Also have a hardware Firewall in my router

I also am a firm believer in that the PC users are the most important part of any anti-virus/anti-malware software being used for protection.... the software is only as good as the knowledge of the person using it while on the internet/checking emails, etc....

Most think "now I got anti-virus/anti-malware protection installed, I'm now safe from everything and can do anything I want without fear of getting infected!"..... this is where most make their first mistake...

TC

[Electroman]

As far as malware goes, Malwarebytes is much better than ESET.  ESET has an edge over Norton and McAfee in that it also has a significantly smaller footprint and really has almost zero impact on games when they are included in the ignore list.

Personally, I detest all of them and just live with disabling the delivery mechanisms for it all.

This 

I'm an IT Manager for my company and we have used MalwareBytes for many years and I still consider it one of the best (if not the best) for anti-malware detection & removal. You can also tweak it for more in depth items like PUPS (Potentially Unwanted Programs). I'd highly recommend this and you can get either the free version (does not scan realtime and you simply have to execute manually to scan your machine on a regular basis) or the paid version which does realtime scanning.

Cheers!
Elec1

[Brooke]

I liked Malwarebytes a lot, too.

I had a problem, though, in that, when I used both an antivirus and Malwarebytes, a reboot of the computer took forever, with the disk thrashing for a long time at startup.  Uninstalling one or the other greatly reduced that (even though Windows does suck at startup).

[Vulcan]

However, I'm still of the opinion that the best AV software is the person behind the monitor and I (for lack of better terms) don't venture outside of a small circle of websites and game programs.

Which is a completely incorrect assumption to make.

I have seen malformed PNGs come into email, and try to pull in an infection with zero user interaction at all. I have seen the 'safest' of websites quietly hacked and silently server up malware.

[Vulcan]

At that point, I looked at
https://www.av-comparatives.org/

av-comparatives used to be OK.

But when you consider their retrospective tests only for ~1600 unknown malware samples over a 5 month period. Today we added 37418 signatures to our GAV signature set (these are heuristic signatures). That extrapolates to 5.6 million new malware apps identified in that 5 month period. And they only test for 1600?

I also wonder about how honest their testing is now, they did one of Symantec vs Cylance, Cylance lost by a long shot. Yet IRL I'm seeing Symantec fall flat on it's face detecting malware that Cylance happily blocks.

So I take av-comparatives with a big grain of salt these days.

[Chalenge]

LOL that is the biggest pile of smelly brown stuff I have heard in a long time.

Yeah, I thought the same thing. However, Steve Gibson is one of the best at what he does.

https://www.grc.com/securitynow.htm

The episode in question is labeled "Traitors in our Midst."

[Pudgie]

AFAIK they run a managed service using Cylance. Cyclance doesn't come in SMB or home form (I think the minimum license is 250 nodes). Quite possibly may not be the right product for home, but for a small business of 5-10 users. If you're a small business and you've had crypto-ware issues this is a great option.

The only reason I mention products like Cylance is that these are the features you should be looking for going forward. Products like Cylance and Carbon Black are the new benchmarks for AV. I had Cylance running for a year and it picked up EVERY SINGLE MALWARE SAMPLE I was playing with while McAfee and MSE were clueless for weeks.

Trend Micro has some similar tech I think but afaik it doesn't exist in the home user platform. Webroot might be another to look at.

For the layman, typical AV tech relies heavily on signatures. Signatures are derived from the malware itself. So you have to know about a virus to protect against it. These days a new piece of malware is release every second on average. Say it takes an antivirus vender 24 hours (very optimistic) to find this new malware, then write a signature and test it. That is around 48 hrs from malware release to a signature being available). That means you are typically exposed ~160000 malware apps at any time.

The AV products use behaviour testing and 'AI' to look for new malware. So no signatures required (though I like to have signature based AV to quickly clean out old well known malware stuff that pops up occasionally).

Right now the AV market is a bit of a train wreck.

edit: after all that I had a look around at stuff again, for SMB/Home I would look at Webroot.

Thanks!

I used to use the free version of Webroot about 10 yrs ago when it was still free..............

May give it another look................

PS--Webroot has an AV package specifically designed for PC gaming at a very good price w\ many good reviews on it..........have downloaded the free trial version to test it out. Will post on the results when I do install it.