Recommendations for anti-virus to replace Avast Premier.
-
@Catweazle said in Recommendations for anti-virus to replace Avast Premier.:
I find it unfair to discriminate against a Spanish company with claims that need to be conclusively shown.
https://en.wikipedia.org/wiki/Mikel_Urizarbarrena
I don't care what religion one follows, they're all a waste of time from a rational point of view, and I don't discriminate a program for what the founder/coders do in their private life. Infact I used McAfee for a long time during DOS times but then I found there were way better options as time passed, and tested many. Panda wasn't my fav ever but it was more than 10 years ago, and never tested it anymore. Better touch with your hand and do your own review than following some irrelevant rumours.
-
Panda CEO may be a follower of this sect, but Scienciology has no influence on the EC and less in Spain, nor is there any reference in this regard, neither in the AV nor in technical support or in the support forum they have.
To reject a good AV or other good product because of the CEO's creed, I find it somewhat fallacious, if we cannot discriminate against many other US products that we use, for this reason (Steve Jobs?)
Just this -
@greybeard said in Recommendations for anti-virus to replace Avast Premier.:
One of the reasons I chose Sophos was their Naked Security blog and Podcasts.
Yeah, always a big plus for me if the company provides a blog about security. F-Secure has done the same for a long time too, their Labs blog is heavily technical (most of it way over my head) but their regular blog is very interesting reading.
I think it shows companies actually care deeply about security and has some highly skilled people working for them.
@jamesbeardmore Thanks for the writeup - lots of good information Even though I wouldn't worry about the old Panda/Scientology case, it was a very long time ago. Even though it did cause quite a scandal in France when it hit, from what I read - interesting digging up the information
Did you get a chance to test the performance of the paid Bitdefender not just the free one?
I would definitely pay for a good AV, long as the price was reasonable. My problem with Avast at the moment is that even if I pay for their Premium product they keep pushing me to buy more products through the installation itself, which is despicable.
@Catweazle You mean Steve and Woz selling blue boxes out the trunk of their car in the early 70s? It's a good story
-
Now with Win10 I settle for Windows Defender (for the moment). In the old computer with Win 7 I had Panda free (Panda Dome) that I liked quite, very light and only a small banner to buy the pro version in the AV menu. Very light and very fast, it even carries a VPN, although in the free version with a data volume limitation (150 megabytes / day) and automatic server selection. Sufficient for timely use on blocked pages or videos.
-
@Gwen-Dragon Wow, I thought MS AV would limit to 50% CPU but maybe that is something only in MSE.
I can see that killing a lot of laptops.@jamesbeardmore nice comparison.
the Qihoo test confirms my suspicion.
Using good definition databases is all well and good, but they are not the component doing the physical scanning and detection.With Bitdefender and the MiTM certificate thing, this is easily disabled in the settings with the option "Encrypted web scan".
https://www.bitdefender.com/consumer/support/answer/13426/
Any AV that has the ability to scan HTTPS traffic will be using the same system.
Same as most work PCs in offices, or if you install a tool such as Fidler to inspect your network traffic.
As for broken, that is only ever a temporary thing or the function becomes pointless to add.I can't find any specific info but I would assume Bitdefender lets you change the default behaviour with detected files., because there is reference to 3 behaviours it can do after a scan.
https://www.bitdefender.com/consumer/support/answer/13450/F-Secure trouble me.
They keep getting in the top ranks but not consistently and seem to suffer the same problem as Defender, of just blocking anything they don't recognise and call it malware.
This may well enough to block all unknown malware, but as I said before, this is just like using a white-list policy.
Last year Defender and F-Secure shared the same amount of time being the worst at false-positives.
https://dr-flay.vivaldi.net/2018-anti-virus-comparison/
I will be doing another roundup for this year once we make it through.I used to use Sophos long ago, but as it's updater became a pain and it became less able to detect new malware I moved to AVG. When AVG became too much for a humble PC to deal with running, I moved to Avira.
Now I use a variety of layers of different standalone techniques and products, and have the majority of my AV scans done remotely before they touch my PC.Secure In-browser sessions have become progressively harder to inject AV scanning into, so mostly these days all you effectively get is the link scanning, and the scanning of the downloaded data in your browser caches.
-
I think that in Windows 10, the Defender is enough to be able to do without a separate AV. Perhaps you can use other separate applications, such as AdwCleaner, DNS crypt, etc. Apart from certain extensions in Vivaldi, such as ad- and scriptblocker, fingerprint spoofer and common sense to increase security, if you want
-
@Dr-Flay said in Recommendations for anti-virus to replace Avast Premier.:
F-Secure trouble me.
Me too - I want very much to like them, they are Finnish underdogs, who for a long time had the (in my opinion) very best antivirus, standing strong against the US giants who were dominating the market at the time. They had a really great product, and I can't really remember what made me change to Avast, but at the time (2009 I think) Avast was "all the rage" and everyone was talking how good and light-weight it was.
Thanks for the blog post summary - really good, and the comments are just as interesting reading as the post itself
-
I had a feeling that my mention of a certain religious sect would potentially get a few people discussing it. I'd just like to clarify my point. I deliberately refrained from "loading" my language (e.g. by saying "that terrible evil cult of weirdos" or something like that) by just saying I don't want to fund them, and that's it. I didn't even give a reason, because I didn't want to bias other peoples' viewpoint beyond what the basic statement would already do. I choose not to fund a lot of institutions. It doesn't necessarily mean that I believe there's anything wrong with them. However, in this particular case, all I can say is that I fundamentally disagree with everything to do with that sect on a moral, philosophical, scientific, and religious (in the humanist sense) level, and therefore don't want to personally do anything to help their cause. Whether someone else wants to or not, I don't care. If it's a fulfilling and beneficial sect for you, that's great. I just exercise the right not to support them or support a business which has been associated with them in the past and therefore might support them now or in the future. I seem to remember that in the past, the then-CEO had donated vast amounts to the sect, and I could only assume that he had earned that money from his business. I would not want to control what someone else does with their money, but I can control what I do with my own if I see the likely downstream path for it. I'm sure the AV software itself is great. The religion of a developer isn't what stops me using a piece of software. It's more a concern of what I'd be indirectly funding.
So basically, I don't want to fund that particular sect, in the same way that I don't want my money to go towards funding ANY other religion, sect or cult either. Almost all religious people are absolutely wonderful people and do wonderful deeds, often inspired by their religion. That doesn't change the fact that I'd just rather spend my money on causes closer to my heart and (for me) more important. Such as directly towards the good deeds themselves.
Regarding breaking HTTPS and "ask me on detection" - that's the problem with Bitdefender free. It has literally zero configuration options, so you can't turn these off. If you can in the paid version, then that would get my recommendation for sure. The problem with intercepting HTTPS is that almost all AVs that do it have been shown to implement it badly (at least at first). Maybe they have got their act together, but when they first started doing it, almost none verified certificates correctly, thereby lessening your security by preventing your browser from validating them. One or two used the same root certificate on all installations, meaning that a malicious person could produce a phishing web site, secure it with that root certificate, and victims would happily use it, as it was signed with a trusted certificate. Finally, considering the privileges an AV solution has on a system, it's a significant target for hacks and exploits. You could potentially end up with a compromised AV feeding clean, certified-genuine malware to your browser. Additionally, sniffing https traffic gives AV providers a perverse incentive to attempt to snoop on it to make money (probably more of a risk with free offerings from questionable companies, rather than the bigger players). I just think it's unnecessary and dangerous, when similar protection can be achieved with any one or more of: a behaviour blocker, ransomware protection, anti-exploit, and maybe a browser extension if you're really bothered (I'm wary of most browser extensions).
Like everything, you have to weigh up the risks and benefits, and consider both your threat-model and how much you trust your chosen AV solution. The reason there are lots of different AV solutions is because one size doesn't fit all. I can only recommend what fits my circumstances as I could never fully understand someone else's.
I personally find F-Secure give me zero false positives - but I'm aware of their reputation for having them, so it's something to consider. My fileset and browsing habits will be different to the next person's. I like F-Secure because it was the simplest, lightest-weight paid-for AV from a trusted company that I could find, and their privacy policy seemed reasonable when I checked it. The basic AV-only package does file-scanning and behaviour-blocking (including things like anti-ransomware) and that's about it. It doesn't have a lot of work to do, as I rarely ever boot into Windows. You might need something more full-featured like a suite or one of its competitors.
I used to love Avira and had been using it since the 90s, when it was called "H+BEDV AntiVir", but it has gradually got bloated and I remember a while back it nagged you to upgrade to a more fully-featured version, even when you'd already paid for the one you want. That put me off. Maybe they've improved since then though.
I want to like Sophos, as they come from my own country, and have a great reputation, but similar to Windows-NSA concerns, I therefore have Sophos-GCHQ concerns! That said, given the amount of cooperation between both agencies, if the NSA have a backdoor into Windows, GCHQ don't need to waste their time pressuring Sophos as they'd be able to get in anyway! Additionally, Sophos's privacy policy, "no backdoors" policy and ethics statement seem to be pretty good (from what they say publicly, anyway). I heard that at one time, they had been selling data-monitoring and tracking software to the Syrian government, but in their defence, it wasn't Sophos themselves - it was a company they'd bought - and they stopped that company doing it when it was discovered.
I guess it boils down to the fact that you have to be able to trust your AV company, not just your AV. For instance, if Kim Jong Un sat down and wrote the world's most effective antivirus ever, would you use it? Maybe if you were North Korean, or even Chinese or Russian you'd have no worries installing it. How about if you were American?
Additionally, the virus protection also has to keep your system usable. For instance you could completely stop a malware attack on a PC by consuming 100% of the cpu cycles and overwriting every sector of its hard disk and RAM with zeroes! You'd be left with no operating system and no data, but at least that virus would be gone...
-
@jamesbeardmore Don't worry about it mate
I agree with what you said anyway. One does need to exercise some thought on what companies to invest in on ethical grounds as well.
if Kim Jong Un sat down and wrote the world's most effective antivirus ever, would you use it?
If it was open-source I'd consider it
I agree on F-secure, I'd like to go back to it, they're a good company and I trust them. Hopefully they have a trial version so I can test once my Avast sub is over.
Are you using F-Secure now, the paid version? Are you able to give an estimate from Task Manager how much memory the F-Secure tasks and services use? Not that memory is a good indicator but it could show at least how "light-weight" it is.
-
@Pathduck said:
If it was open-source I'd consider it
Haha, I know what you mean, and that's a good point! I wasn't going to mention "open source", but most of the time, source-availability is my primary measure of trust in software. If Kim Jong Un's ultimate antivirus were released under the a source-available licence, there'd be absolutely no worries about anyone in the world using it, as any functionality deemed "malicious" by either North-Korean or American definitions would be visible. Even better if it were released under the GPL, as we could then also write patches to remove the "malicious" functionalities and redistribute them.
Yes, my Windows partition uses F-Secure. I will give you a resource-usage estimation next time I'm able to get to that machine and reboot it into Windows. It's a 64-bit dual-core laptop that's probably approaching 10 years old, with 4gb (or 8, I can't remember) of RAM, and a cheap SSD. It's a dual-boot setup. It's no speed demon, but it has no problem running Windows 10 Pro, and all I can say is FSAV hasn't affected the performance at all. If anything it operates a little quicker than Windows Defender did. Like Bitdefender free, it sits unobtrusively in the background, doesn't slow anything down and keeps out of my way.
-
@jamesbeardmore said in Recommendations for anti-virus to replace Avast Premier.:
Even better if it were released under the GPL, as we could then also write patches to remove the "malicious" functionalities and redistribute them.
Let's be honest here - even if the Norkies released something like that, and it wasn't GPL, we'd still patch it to hell
I will give you a resource-usage estimation next time I'm able to get to that machine and reboot it into Windows.
Thanks, appreciate
-
3 years i'm running ESET NOD32 daily and it is just perfect !
i'm donwloading (not necessarily legal download sorry...) quite a lot and i never had a SIGNLE virus or malware !
UI is incredibly pure and beautiful IMHP (just lack of dark theme)
And he runs security updates and other scan when u r not using your computer, so yeah it seems like ESET is really under the radar but for me it is the best
It is not free of course and quit pricy but it is worth it !!give a try ! u will not be disappointed !
-
ESET is not under the radar. It used to be one of the best.
Used to be.
Look at my roundup from last years stats and you will notice it never made it in the top 5 in any month.The July to August stats for this year (best to the left, worst to the right)
https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart2&chart_year=2019&chart_month=Jul-Aug&chart_sort=1&chart_zoom=3
-
@Dr-Flay said in Recommendations for anti-virus to replace Avast Premier.:
ESET is not under the radar. It used to be one of the best.
Used to be.
Look at my roundup from last years stats and you will notice it never made it in the top 5 in any month.The July to August stats for this year (best to the left, worst to the right)
https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart2&chart_year=2019&chart_month=Jul-Aug&chart_sort=1&chart_zoom=3
All AVs achieve a detection greater than 98%, which for practical purposes is sufficient, therefore counts more the personal experience of the user.
Windows Defender itself has an excellent detection rate, it just need to reduce false positives to be able to do without a Third Party AV. -
@Pathduck sorry for the delay in replying to you (and sorry to all the other forum users for resurrecting an older thread), but I've finally booted my Windows 10 partition, so can give my memory usage for F-Secure AV.
System: Intel Pentium P6200 / 8GB RAM / Win10 64bit / Crucial 500 MX SSD - so you can see it's a laptop that's at least 8 years old but the RAM and SSD were upgraded around 5 or 6 years ago.
I have identified all the processes I could that are associated with F-Secure, and these readings are straight from Windows' task manager. There are a bunch of processes that consume 83.4MB RAM altogether, and then 1 process whose RAM consumption varies from 30-80MB based on hard disk activity, for a total of 113.4-163.4MB RAM usage (from visible processes in task manager). Because I haven't run my machine for ages, everything wanted to update. I allowed F-Secure to complete updating itself before measuring. These measurements were taken while Windows 10 was performing automatic updates, hence all the hard disk activity. There are a lot of updates to apply! I hardly ever boot it!
The F-Secure program files folder on the hard disk occupies 838MB of space at the time of writing. I've no idea whether newer versions of Windows scatter stuff around various other folders like \windows and \windows\system, like they did in the days of "DLL Hell", but this should at least give you some idea of the hard disk footprint.
As a comparison, ClamAV on GNU/Linux (with the SecuriteInfo and SaneSecurity-distributed databases in addition to its own databases) occupies about 1.2GB of RAM, give or take (measured with "top"). The databases probably occupy about 600MB in total (including the custom dbs), and then the ClamAV binaries themselves are probably about 10-20MB (estimates based on the files in the zip archive of the Windows version). I know it's not directly comparable because ClamAV doesn't do rootkit/on-access etc. scanning.
-
@jamesbeardmore Thanks very much for coming back to give this information
I appreciate the estimate of F-Secure memory usage. It was no big surprise really, and I would suspect most of the big ones would be about the same size, give or take. Many of them are based on the same engine and have basically identical UIs, from what I can tell by screenshots. I do wish they'd stay away from all the fancy faff and focus on doing their job silently in the background, but I guess today's users want big friendly buttons and dancing pigs over simple functional interfaces...
Estimating memory usage is a bit of an arcane art on a modern OS anyway, there are so many factors involved. For instance my AvastSVC process is shown in Task Manager as using 23MB (Working Set), while in Process Explorer it's shown with 123MB (Private Bytes). Depending on how you read those numbers it could be a massive memory hog or pretty lean...
Hard disk usage would be about the same as well, I'm guessing most of that is made up by the malware databases and the aforementioned GUI fluff. Actually my Avast installation folder is a whopping 1.3GB but about 800MB of that is setup files that it (apparently) needs. I really wish developers would show some considerations for those of us who actually still care about how much disk space is wasted... clean up after yourself will ya!
I'm really surprised on the ClamAV numbers though. 1.2GB of memory used seems absurd. Does it really keep all its databases in RAM? It must take ages to load up as well with that footprint. Did you mean to write MB? I've always thought ClamAV would be really light-weight? I've actually considered using ClamAV for its supposedly small footprint.
My dream scenario would be something like F-Secure ca. 2001, but with modern malware databases and detection. Dream on I guess
-
@Pathduck said in Recommendations for anti-virus to replace Avast Premier.:
My dream scenario would be something like F-Secure ca. 2001, but with modern malware databases and detection. Dream on I guess
You and me both, my friend. I'd love to see a modern AV that had a simple, no-frills interface... AND more importantly, actually showed what it was doing, rather than just having a meaningless percentage or progress bar.
-
As others, off-topic posters also said, I also don't use any AV on my Windows machine for over 3-4 years now and never had any problems. Sooo much better in stability and performance, the OS performs as it was designed to do.
I use a "user account" since the days of NT and previously I would additionally extra-tweak some things in the group/user policies and access permissions to files, since Windows Vista things got better. Similar to @Ayespy I don't use cracked software, I use Libreoffice instead of anything MS, Steam for playing some games, don't download torrents, and don't visit "dubious" sites. For p0rn... just stay mainstream and you are ok If I have some suspicions I run malwarebytes or run it anyway every 3 months or so, but so far everything was clean. Rarely when I have to check some files I upload them to https://www.virustotal.com/ and all is fine :). But it's everyone's decision to believe or not AV companies (that want to sell their products) or take the "risk?"
Similar to @derDay 's link there are lots of threads and comments about it like https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/
-
How big a list should I paste of regular trusted big name sites that have been compromised to server drive-by malware to visitors ?
Being careful used to be good enough but this is 2019
-
@npro Are you using Windows Defender, or have you been able to completely rid the OS of it? The reason I ask is that the articles I've read often give it the worst score on performance (which is strange since it's basically a part of the OS anyway) and very bad on false positives. And getting completely rid of it on Win10 is not so easy as some would have it.
One reason I've considered ditching Avast is performance, but then I've never considered going without an AV. You'd need to be real careful what you download, and not sure I'd like to have to upload every downloaded executable/document etc to Virus Total. But respect to you I guess, if you are able to do without any AV at all.
I really don't trust running only on-demand scanners like MWB "once in a while" - too easy to get infected by downloading a file and running it, even if it's from a safe source. Like @Dr-Flay says above, download sites are regular targets for (successful) malware attacks.