Recommendations for anti-virus to replace Avast Premier.

Pathduck

@Dr-Flay Thanks for the recommendations, appreciated!

You best options for runtime AV are Bitdefender and Avira.

Yeah, Bitdefender has been high on my list of alternatives since I started considering.

I think in terms of detection rates and false positives, there's little difference to no between the top commercial products as tested by AV-comparatives, but Bitdefender comes out consistently good. Apart from performance I guess so that's something to consider...

Have you used Bitdefender and would you know about stuff like nagging (even in paid version like Avast) or some of the other features?

What's interesting is that Microsoft, which is integrated in the OS comes out so badly in the performance test. One would think that it would be opposite.

For a standalone I use OPSWAT Metadefender Client.
It uses multiple AV and also lists CVEs for software it finds during a scan (a great idea).

Good tip, I'll have a look, even if I'm not really interested in ad-hoc scanning, apart from scanning individual downloads I don't trust.

I remember F-Secure back in the good days had a feature where you could read a professional analysis about what it did when you found a virus, it was a really cool feature. As the amount of malware and viruses exploded in the 00's they realised it was impossible to maintain I guess.

By the way, the download gives me an "access denied" error at the moment.

Catweazle

Panda also has a Wiki where they explain in detail the intercepted malware.

kurai

I use Comodo Internet Security. It's free and have built-in firewall, antivirus, sandbox, cloud analytics, secure shopping, Comodo DNS, own browsers. All components can be flexibly configured or disabled if you don't need it. It also doesn't contain ads.

derDay

@Pathduck said

I think what I meant was more like some people will go all like "Duh, just use Windows Defender if you use AV you're an *****" and so on.

since you have made it clear that you are no longer completely negative to Win Defender, consider your choice after reading an article why you shouldn't install an antivirus software except the Win Defender

Catweazle

@derDay said in Recommendations for anti-virus to replace Avast Premier.:

@Pathduck said

I think what I meant was more like some people will go all like "Duh, just use Windows Defender if you use AV you're an *****" and so on.

since you have made it clear that you are no longer completely negative to Win Defender, consider your choice after reading an article why you shouldn't install an antivirus software except the Win Defender

In the past, Windows Defender really was little more than an interim solution and it was really necessary to install another AV, but currently it is a good antivirus at the height of others, with very good detection fees, which makes it unnecessary to install another AV. The only thing where it still fails is, that it sometimes overreacts with false positives.

Dr.Flay

I haven't used Bitdefender for a while sorry, though I do sometimes use their browser plugin "Bitdefender Traffic Light".
They do have promotional offers but you can easily switch them off
https://www.bitdefender.com/consumer/support/answer/25974/

Too many negative stories relating to Comodo over the years and they show no sign of changing. It is not a top 5 contender anyway.
https://www.theregister.co.uk/Tag/comodo
https://www.securityweek.com/comodo-issued-most-certificates-signed-malware-virustotal
Like Avast/AVG they also seem to think selling user data is fine.

Windows Defender is a very different beast in Windows 10.
I have an archive with a malware driver.
Theoretically Defender and MSE on Windows 7 use the same definitions as Defender in Win 10, however the malware passes examination by the Win 7 software and is detected by the Win 10 software.

The main defence Defender has against new malware is to distrust any new files with no certificate, and automatically trust anything with a cert, hence it shares the highest rate of false positives with only 1 other P.O.C. AV
This behaviour is called white-listing and is something you don't need an AV for.
Yes it tends to cause less trouble than other AV, mainly because it lacks features compared to others.
If it is't in there it can't go wrong.
However, the Microsoft security software has been used several times as an attack surface and been shown to make the system less secure.

All AV software has a bad day and bugs will creep in.
You have to weigh the effectiveness of the AV with the level of responsibility shown by the vendor over time (this is why good as it is, I can no longer recommend Kaspersky).

Worth noting.
If you have several devices to protect I know Avira is a good option.
You get a portal with your account where you can monitor all the installations and see useful info about each device.
This is actually very handy if you want to keep an eye on the status of your friends or family computers where they lack the skills to keep them secure.

A note for all AV users.
Some AV still let you set very specific scanning behaviour, but often these things disappear.
If you trust that your machine is currently clean, and your AV lets you disable scan when reading files, but still scan when writing files, this will remove the lag during normal day to day use.

Incoming files from the net or drives will be written so will be checked.

greybeard

I've used a couple in the past. CA, many years back, had a good product years back for commercial users and employees were allowed a free license. It was a good product but for some reason I switched to McAfee in the days when they were good. (I think they've now been acquired by Intel.)
Then it was AVG. A good product in it's day but with the nags, privacy issues and the merger with Avast I looked for something better. Their Rescue Disk was a great product though. I have saved many a computer with it.
After much research I settled on the free version of Sophos. Now I am using Sophos Home Premium Beta.
Have had only one issue and they were able to fix it promptly. There is also a Mac iOS and Android versions for those so inclined..
I have been happy with it for 2 or 3 years now and do not foresee myself changing.
It will protect up to 5 computers, good for the family, has all kinds of filters for sites and exclusions for older or trial software, operates in real time and many other features.
Also they have a Beta version (which I use) they are testing if you want to get involved.
They are more inclined to the Enterprise but have done a fine job by me since I have been using it.
I wholly recommend it.
Not that I get any viruses,, it's good to know I can protect the household with it. My security blanket.

P.S.
I am not in any way affiliated with Sophos, I just use the product.

Pathduck

@Dr-Flay @greybeard Thanks for the write-ups - very informative!

There's certainly a lot of choice in the AV market, I guess the best is if they have a fully-featured trial and try that first. Prices seem to vary quite a lot too, which is interesting as the products themselves seem quite similar, so not sure what to make of that.

It's just so hard to penetrate the marketing-speak of these vendors when visiting their site though...

I've contacted Avast Support about the issues, but I doubt they'll make changes any day soon. I still have a couple of months license to go so we'll see.

They also offered me six months of free VPN for my "feedback" - the one thing I told them clearly I was not interested in

@Dr-Flay

If you trust that your machine is currently clean, and your AV lets you disable scan when reading files, but still scan when writing files, this will remove the lag during normal day to day use.

That's a good idea - not sure if Avast will let me do that, do you know if it can be done in Bitdefender? Bitdefender has definitely been high on the list for potential alternatives the times I've had a look before.

@greybeard
I've looked at Sophos before, and it's probably a good alternative. Their subscription prices seem good value for the features you get. Only thing is they don't actually provide links to the reviews they refer to on their site so customers can check. Then again, I don't think other vendors do as well...

Has anyone had experience with Webroot AV? It seems really lightweight and fast, but also dependent on always-on internet which might be a drawback at times.

I noticed AV-comparatives has a new factsheet out just now, Bitdefender scores really well, as does Microsoft (but with a high number of false positives as expected).
https://www.av-comparatives.org/tests/real-world-protection-test-jul-aug-2019-factsheet/

Pathduck

@Gwen-Dragon Ouch. That might explain why Defender scores so badly on the performance tests, as the scans are really CPU-intensive.

I usually turn off regular scans though, relying more on real-time R/W protection and maybe semi-regular minor scans (memory, startups, usual locations etc).

Are you able to give an indication on how much resources Defender uses just running in background?
Like a screenshot from Task Manager? Here's how it looks on mine:

Of course, it might be harder to tell for Defender since it's so integrated into the OS.

jamesbeardmore

I did a few tests on a malware collection I've built up from e-mails that arrive in our company's generic "catch-all" inbox. Based purely on detection rate, I noticed the following:

• Windows Defender had a pretty reasonable detection rate, but not outstanding.
• Avira free and Bitdefender free detected almost everything.
• Emsisoft emergency kit and F-Secure detected absolutely everything.
• Qihoo 360, despite having the licenced Avira and Bitdefender engines turned on (in addition to their own engines) missed more than 2/3 of the malware.
• Comodo lagged a bit behind Windows defender.
• Immunet was better than Qihoo 360 but worse than Comodo.

I used to wholeheartedly recommend Avira, but they seem to have moved to adding unnecessary bloat such as a weird management centre, VPN and software-updater. It also pops up a nag-screen asking you to upgrade to one of the paid versions.

I wouldn't touch Panda, even with someone else's dirty stick, because I don't want to support a company with links to (a religious or philosophical group). I also had a bad experience at a previous company with it trashing a server - although that's obviously just a "one-off" event, so it might work perfectly for you.

If you are considering Qihoo 360, I think it'd be better to use Avira or Bitdefender's engines directly. Their implementation of both seems a bit ineffective. The performance impact is OK and the interface is quite reasonable, though. It's just that you're possibly better protected leaving Windows Defender there. Additionally, some people are wary of them because they're Chinese and assume it must be spyware. That argument is a little flawed, because it'd be running on a proprietary piece of NSA spyware. That said, if you only want to be spied-on by one government and set of corporate entities, instead of two, you might want to avoid it.

Don't be put off too much by Comodo's terrible detection rate, as they really shine on behaviour-based detection. One option might be to use Comodo's firewall (which has some behaviour-based blocking built in) with Windows Defender or another simple AV with a better detection-rate.

I can recommend Bitdefender free as it has all the protection you need, and is exceptionally lightweight with zero configuration. My only two concerns are:

• It breaks HTTPS by performing a MITM attack on your browser traffic.
• It auto-quarantines things without asking. Whilst you can restore from quarantine, this relies on a false-positive not bricking your system.
  In practice, it's been flawless on my relatives' PCs.

I can also recommend F-Secure Antivirus (you have to really scour the web site to just get the Antivirus, as they really want you to get one of the bloated solutions such as Total). Whilst it also auto-quarantines, it doesn't break HTTPS and it has worked flawlessly for me, with zero performance impact. It also does zero nagging whatsoever, until your subscription gets really close to expiring. I also prefer F-Secure's stance on privacy versus a lot of other companies. The only way they could improve their basic entry-level AV for me, would be to have an "ask me what to do" option upon detection. Otherwise, it's absolutely perfect, even on old hardware.

If you were really going to push me for a recommendation, I'd say take your pick out of Windows Defender, Bitdefender Free and F-Secure (Antivirus, not Total/Safe/etc.).

greybeard

@Pathduck Good Points. It is hard to differentiate the products as to what is best and how they work.
One of the reasons I chose Sophos was their Naked Security blog and Podcasts. I'd been following them for a couple of years before I switched and found them informative and down to earth.

Catweazle

@jamesbeardmore said in Recommendations for anti-virus to replace Avast Premier.:

I did a few tests on a malware collection I've built up from e-mails that arrive in our company's generic "catch-all" inbox. Based purely on detection rate, I noticed the following:

• Windows Defender had a pretty reasonable detection rate, but not outstanding.
• Avira free and Bitdefender free detected almost everything.
• Emsisoft emergency kit and F-Secure detected absolutely everything.
• Qihoo 360, despite having the licenced Avira and Bitdefender engines turned on (in addition to their own engines) missed more than 2/3 of the malware.
• Comodo lagged a bit behind Windows defender.
• Immunet was better than Qihoo 360 but worse than Comodo.

I used to wholeheartedly recommend Avira, but they seem to have moved to adding unnecessary bloat such as a weird management centre, VPN and software-updater. It also pops up a nag-screen asking you to upgrade to one of the paid versions.

I wouldn't touch Panda, even with someone else's dirty stick, because I don't want to support a company with links to Scientology. I also had a bad experience at a previous company with it trashing a server - although that's obviously just a "one-off" event, so it might work perfectly for you.

If you are considering Qihoo 360, I think it'd be better to use Avira or Bitdefender's engines directly. Their implementation of both seems a bit ineffective. The performance impact is OK and the interface is quite reasonable, though. It's just that you're possibly better protected leaving Windows Defender there. Additionally, some people are wary of them because they're Chinese and assume it must be spyware. That argument is a little flawed, because it'd be running on a proprietary piece of NSA spyware. That said, if you only want to be spied-on by one government and set of corporate entities, instead of two, you might want to avoid it.

Don't be put off too much by Comodo's terrible detection rate, as they really shine on behaviour-based detection. One option might be to use Comodo's firewall (which has some behaviour-based blocking built in) with Windows Defender or another simple AV with a better detection-rate.

I can recommend Bitdefender free as it has all the protection you need, and is exceptionally lightweight with zero configuration. My only two concerns are:

• It breaks HTTPS by performing a MITM attack on your browser traffic.
• It auto-quarantines things without asking. Whilst you can restore from quarantine, this relies on a false-positive not bricking your system.
  In practice, it's been flawless on my relatives' PCs.

I can also recommend F-Secure Antivirus (you have to really scour the web site to just get the Antivirus, as they really want you to get one of the bloated solutions such as Total). Whilst it also auto-quarantines, it doesn't break HTTPS and it has worked flawlessly for me, with zero performance impact. It also does zero nagging whatsoever, until your subscription gets really close to expiring. I also prefer F-Secure's stance on privacy versus a lot of other companies. The only way they could improve their basic entry-level AV for me, would be to have an "ask me what to do" option upon detection. Otherwise, it's absolutely perfect, even on old hardware.

If you were really going to push me for a recommendation, I'd say take your pick out of Windows Defender, Bitdefender Free and F-Secure (Antivirus, not Total/Safe/etc.).

Panda Security is an entirely Spanish company of many years, and therefore I doubt that it has relations with (a religious or philosophical group). This by definition would be more likely in a US company.I have used Panda practically since its inception and I have always had very good experiences with them and in the comparisons, with small variations, it has always been in the top positions.They were the first to base their definitions in the cloud in real time and not on a basis of frequent disk updates.I do not want to spam Panda and I do not say that it is the best of all, but I find it unfair to discriminate against a Spanish company with claims that need to be conclusively shown.

iAN CooG

@Catweazle said in Recommendations for anti-virus to replace Avast Premier.:

I find it unfair to discriminate against a Spanish company with claims that need to be conclusively shown.

https://en.wikipedia.org/wiki/Mikel_Urizarbarrena

I don't care what religion one follows, they're all a waste of time from a rational point of view, and I don't discriminate a program for what the founder/coders do in their private life. Infact I used McAfee for a long time during DOS times but then I found there were way better options as time passed, and tested many. Panda wasn't my fav ever but it was more than 10 years ago, and never tested it anymore. Better touch with your hand and do your own review than following some irrelevant rumours.

Catweazle

Panda CEO may be a follower of this sect, but Scienciology has no influence on the EC and less in Spain, nor is there any reference in this regard, neither in the AV nor in technical support or in the support forum they have.
To reject a good AV or other good product because of the CEO's creed, I find it somewhat fallacious, if we cannot discriminate against many other US products that we use, for this reason (Steve Jobs?)
Just this

Pathduck

@greybeard said in Recommendations for anti-virus to replace Avast Premier.:

One of the reasons I chose Sophos was their Naked Security blog and Podcasts.

Yeah, always a big plus for me if the company provides a blog about security. F-Secure has done the same for a long time too, their Labs blog is heavily technical (most of it way over my head) but their regular blog is very interesting reading.

I think it shows companies actually care deeply about security and has some highly skilled people working for them.

@jamesbeardmore Thanks for the writeup - lots of good information Even though I wouldn't worry about the old Panda/Scientology case, it was a very long time ago. Even though it did cause quite a scandal in France when it hit, from what I read - interesting digging up the information

Did you get a chance to test the performance of the paid Bitdefender not just the free one?

I would definitely pay for a good AV, long as the price was reasonable. My problem with Avast at the moment is that even if I pay for their Premium product they keep pushing me to buy more products through the installation itself, which is despicable.

@Catweazle You mean Steve and Woz selling blue boxes out the trunk of their car in the early 70s? It's a good story

Catweazle

Now with Win10 I settle for Windows Defender (for the moment). In the old computer with Win 7 I had Panda free (Panda Dome) that I liked quite, very light and only a small banner to buy the pro version in the AV menu. Very light and very fast, it even carries a VPN, although in the free version with a data volume limitation (150 megabytes / day) and automatic server selection. Sufficient for timely use on blocked pages or videos.

Dr.Flay

@Gwen-Dragon Wow, I thought MS AV would limit to 50% CPU but maybe that is something only in MSE.
I can see that killing a lot of laptops.

@jamesbeardmore nice comparison.
the Qihoo test confirms my suspicion.
Using good definition databases is all well and good, but they are not the component doing the physical scanning and detection.

With Bitdefender and the MiTM certificate thing, this is easily disabled in the settings with the option "Encrypted web scan".
https://www.bitdefender.com/consumer/support/answer/13426/
Any AV that has the ability to scan HTTPS traffic will be using the same system.
Same as most work PCs in offices, or if you install a tool such as Fidler to inspect your network traffic.
As for broken, that is only ever a temporary thing or the function becomes pointless to add.

I can't find any specific info but I would assume Bitdefender lets you change the default behaviour with detected files., because there is reference to 3 behaviours it can do after a scan.
https://www.bitdefender.com/consumer/support/answer/13450/

F-Secure trouble me.
They keep getting in the top ranks but not consistently and seem to suffer the same problem as Defender, of just blocking anything they don't recognise and call it malware.
This may well enough to block all unknown malware, but as I said before, this is just like using a white-list policy.
Last year Defender and F-Secure shared the same amount of time being the worst at false-positives.
https://dr-flay.vivaldi.net/2018-anti-virus-comparison/
I will be doing another roundup for this year once we make it through.

I used to use Sophos long ago, but as it's updater became a pain and it became less able to detect new malware I moved to AVG. When AVG became too much for a humble PC to deal with running, I moved to Avira.
Now I use a variety of layers of different standalone techniques and products, and have the majority of my AV scans done remotely before they touch my PC.

Secure In-browser sessions have become progressively harder to inject AV scanning into, so mostly these days all you effectively get is the link scanning, and the scanning of the downloaded data in your browser caches.

Catweazle

I think that in Windows 10, the Defender is enough to be able to do without a separate AV. Perhaps you can use other separate applications, such as AdwCleaner, DNS crypt, etc. Apart from certain extensions in Vivaldi, such as ad- and scriptblocker, fingerprint spoofer and common sense to increase security, if you want

Pathduck

@Dr-Flay said in Recommendations for anti-virus to replace Avast Premier.:

F-Secure trouble me.

Me too - I want very much to like them, they are Finnish underdogs, who for a long time had the (in my opinion) very best antivirus, standing strong against the US giants who were dominating the market at the time. They had a really great product, and I can't really remember what made me change to Avast, but at the time (2009 I think) Avast was "all the rage" and everyone was talking how good and light-weight it was.

Thanks for the blog post summary - really good, and the comments are just as interesting reading as the post itself

jamesbeardmore

I had a feeling that my mention of a certain religious sect would potentially get a few people discussing it. I'd just like to clarify my point. I deliberately refrained from "loading" my language (e.g. by saying "that terrible evil cult of weirdos" or something like that) by just saying I don't want to fund them, and that's it. I didn't even give a reason, because I didn't want to bias other peoples' viewpoint beyond what the basic statement would already do. I choose not to fund a lot of institutions. It doesn't necessarily mean that I believe there's anything wrong with them. However, in this particular case, all I can say is that I fundamentally disagree with everything to do with that sect on a moral, philosophical, scientific, and religious (in the humanist sense) level, and therefore don't want to personally do anything to help their cause. Whether someone else wants to or not, I don't care. If it's a fulfilling and beneficial sect for you, that's great. I just exercise the right not to support them or support a business which has been associated with them in the past and therefore might support them now or in the future. I seem to remember that in the past, the then-CEO had donated vast amounts to the sect, and I could only assume that he had earned that money from his business. I would not want to control what someone else does with their money, but I can control what I do with my own if I see the likely downstream path for it. I'm sure the AV software itself is great. The religion of a developer isn't what stops me using a piece of software. It's more a concern of what I'd be indirectly funding.

So basically, I don't want to fund that particular sect, in the same way that I don't want my money to go towards funding ANY other religion, sect or cult either. Almost all religious people are absolutely wonderful people and do wonderful deeds, often inspired by their religion. That doesn't change the fact that I'd just rather spend my money on causes closer to my heart and (for me) more important. Such as directly towards the good deeds themselves.

Regarding breaking HTTPS and "ask me on detection" - that's the problem with Bitdefender free. It has literally zero configuration options, so you can't turn these off. If you can in the paid version, then that would get my recommendation for sure. The problem with intercepting HTTPS is that almost all AVs that do it have been shown to implement it badly (at least at first). Maybe they have got their act together, but when they first started doing it, almost none verified certificates correctly, thereby lessening your security by preventing your browser from validating them. One or two used the same root certificate on all installations, meaning that a malicious person could produce a phishing web site, secure it with that root certificate, and victims would happily use it, as it was signed with a trusted certificate. Finally, considering the privileges an AV solution has on a system, it's a significant target for hacks and exploits. You could potentially end up with a compromised AV feeding clean, certified-genuine malware to your browser. Additionally, sniffing https traffic gives AV providers a perverse incentive to attempt to snoop on it to make money (probably more of a risk with free offerings from questionable companies, rather than the bigger players). I just think it's unnecessary and dangerous, when similar protection can be achieved with any one or more of: a behaviour blocker, ransomware protection, anti-exploit, and maybe a browser extension if you're really bothered (I'm wary of most browser extensions).

Like everything, you have to weigh up the risks and benefits, and consider both your threat-model and how much you trust your chosen AV solution. The reason there are lots of different AV solutions is because one size doesn't fit all. I can only recommend what fits my circumstances as I could never fully understand someone else's.

I personally find F-Secure give me zero false positives - but I'm aware of their reputation for having them, so it's something to consider. My fileset and browsing habits will be different to the next person's. I like F-Secure because it was the simplest, lightest-weight paid-for AV from a trusted company that I could find, and their privacy policy seemed reasonable when I checked it. The basic AV-only package does file-scanning and behaviour-blocking (including things like anti-ransomware) and that's about it. It doesn't have a lot of work to do, as I rarely ever boot into Windows. You might need something more full-featured like a suite or one of its competitors.

I used to love Avira and had been using it since the 90s, when it was called "H+BEDV AntiVir", but it has gradually got bloated and I remember a while back it nagged you to upgrade to a more fully-featured version, even when you'd already paid for the one you want. That put me off. Maybe they've improved since then though.

I want to like Sophos, as they come from my own country, and have a great reputation, but similar to Windows-NSA concerns, I therefore have Sophos-GCHQ concerns! That said, given the amount of cooperation between both agencies, if the NSA have a backdoor into Windows, GCHQ don't need to waste their time pressuring Sophos as they'd be able to get in anyway! Additionally, Sophos's privacy policy, "no backdoors" policy and ethics statement seem to be pretty good (from what they say publicly, anyway). I heard that at one time, they had been selling data-monitoring and tracking software to the Syrian government, but in their defence, it wasn't Sophos themselves - it was a company they'd bought - and they stopped that company doing it when it was discovered.

I guess it boils down to the fact that you have to be able to trust your AV company, not just your AV. For instance, if Kim Jong Un sat down and wrote the world's most effective antivirus ever, would you use it? Maybe if you were North Korean, or even Chinese or Russian you'd have no worries installing it. How about if you were American?

Additionally, the virus protection also has to keep your system usable. For instance you could completely stop a malware attack on a PC by consuming 100% of the cpu cycles and overwriting every sector of its hard disk and RAM with zeroes! You'd be left with no operating system and no data, but at least that virus would be gone...