Recommendations for anti-virus to replace Avast Premier.
-
@Dr-Flay said in Recommendations for anti-virus to replace Avast Premier.:
F-Secure trouble me.
Me too - I want very much to like them, they are Finnish underdogs, who for a long time had the (in my opinion) very best antivirus, standing strong against the US giants who were dominating the market at the time. They had a really great product, and I can't really remember what made me change to Avast, but at the time (2009 I think) Avast was "all the rage" and everyone was talking how good and light-weight it was.
Thanks for the blog post summary - really good, and the comments are just as interesting reading as the post itself
-
I had a feeling that my mention of a certain religious sect would potentially get a few people discussing it. I'd just like to clarify my point. I deliberately refrained from "loading" my language (e.g. by saying "that terrible evil cult of weirdos" or something like that) by just saying I don't want to fund them, and that's it. I didn't even give a reason, because I didn't want to bias other peoples' viewpoint beyond what the basic statement would already do. I choose not to fund a lot of institutions. It doesn't necessarily mean that I believe there's anything wrong with them. However, in this particular case, all I can say is that I fundamentally disagree with everything to do with that sect on a moral, philosophical, scientific, and religious (in the humanist sense) level, and therefore don't want to personally do anything to help their cause. Whether someone else wants to or not, I don't care. If it's a fulfilling and beneficial sect for you, that's great. I just exercise the right not to support them or support a business which has been associated with them in the past and therefore might support them now or in the future. I seem to remember that in the past, the then-CEO had donated vast amounts to the sect, and I could only assume that he had earned that money from his business. I would not want to control what someone else does with their money, but I can control what I do with my own if I see the likely downstream path for it. I'm sure the AV software itself is great. The religion of a developer isn't what stops me using a piece of software. It's more a concern of what I'd be indirectly funding.
So basically, I don't want to fund that particular sect, in the same way that I don't want my money to go towards funding ANY other religion, sect or cult either. Almost all religious people are absolutely wonderful people and do wonderful deeds, often inspired by their religion. That doesn't change the fact that I'd just rather spend my money on causes closer to my heart and (for me) more important. Such as directly towards the good deeds themselves.
Regarding breaking HTTPS and "ask me on detection" - that's the problem with Bitdefender free. It has literally zero configuration options, so you can't turn these off. If you can in the paid version, then that would get my recommendation for sure. The problem with intercepting HTTPS is that almost all AVs that do it have been shown to implement it badly (at least at first). Maybe they have got their act together, but when they first started doing it, almost none verified certificates correctly, thereby lessening your security by preventing your browser from validating them. One or two used the same root certificate on all installations, meaning that a malicious person could produce a phishing web site, secure it with that root certificate, and victims would happily use it, as it was signed with a trusted certificate. Finally, considering the privileges an AV solution has on a system, it's a significant target for hacks and exploits. You could potentially end up with a compromised AV feeding clean, certified-genuine malware to your browser. Additionally, sniffing https traffic gives AV providers a perverse incentive to attempt to snoop on it to make money (probably more of a risk with free offerings from questionable companies, rather than the bigger players). I just think it's unnecessary and dangerous, when similar protection can be achieved with any one or more of: a behaviour blocker, ransomware protection, anti-exploit, and maybe a browser extension if you're really bothered (I'm wary of most browser extensions).
Like everything, you have to weigh up the risks and benefits, and consider both your threat-model and how much you trust your chosen AV solution. The reason there are lots of different AV solutions is because one size doesn't fit all. I can only recommend what fits my circumstances as I could never fully understand someone else's.
I personally find F-Secure give me zero false positives - but I'm aware of their reputation for having them, so it's something to consider. My fileset and browsing habits will be different to the next person's. I like F-Secure because it was the simplest, lightest-weight paid-for AV from a trusted company that I could find, and their privacy policy seemed reasonable when I checked it. The basic AV-only package does file-scanning and behaviour-blocking (including things like anti-ransomware) and that's about it. It doesn't have a lot of work to do, as I rarely ever boot into Windows. You might need something more full-featured like a suite or one of its competitors.
I used to love Avira and had been using it since the 90s, when it was called "H+BEDV AntiVir", but it has gradually got bloated and I remember a while back it nagged you to upgrade to a more fully-featured version, even when you'd already paid for the one you want. That put me off. Maybe they've improved since then though.
I want to like Sophos, as they come from my own country, and have a great reputation, but similar to Windows-NSA concerns, I therefore have Sophos-GCHQ concerns! That said, given the amount of cooperation between both agencies, if the NSA have a backdoor into Windows, GCHQ don't need to waste their time pressuring Sophos as they'd be able to get in anyway! Additionally, Sophos's privacy policy, "no backdoors" policy and ethics statement seem to be pretty good (from what they say publicly, anyway). I heard that at one time, they had been selling data-monitoring and tracking software to the Syrian government, but in their defence, it wasn't Sophos themselves - it was a company they'd bought - and they stopped that company doing it when it was discovered.
I guess it boils down to the fact that you have to be able to trust your AV company, not just your AV. For instance, if Kim Jong Un sat down and wrote the world's most effective antivirus ever, would you use it? Maybe if you were North Korean, or even Chinese or Russian you'd have no worries installing it. How about if you were American?
Additionally, the virus protection also has to keep your system usable. For instance you could completely stop a malware attack on a PC by consuming 100% of the cpu cycles and overwriting every sector of its hard disk and RAM with zeroes! You'd be left with no operating system and no data, but at least that virus would be gone...
-
@jamesbeardmore Don't worry about it mate
I agree with what you said anyway. One does need to exercise some thought on what companies to invest in on ethical grounds as well.
if Kim Jong Un sat down and wrote the world's most effective antivirus ever, would you use it?
If it was open-source I'd consider it
I agree on F-secure, I'd like to go back to it, they're a good company and I trust them. Hopefully they have a trial version so I can test once my Avast sub is over.
Are you using F-Secure now, the paid version? Are you able to give an estimate from Task Manager how much memory the F-Secure tasks and services use? Not that memory is a good indicator but it could show at least how "light-weight" it is.
-
@Pathduck said:
If it was open-source I'd consider it
Haha, I know what you mean, and that's a good point! I wasn't going to mention "open source", but most of the time, source-availability is my primary measure of trust in software. If Kim Jong Un's ultimate antivirus were released under the a source-available licence, there'd be absolutely no worries about anyone in the world using it, as any functionality deemed "malicious" by either North-Korean or American definitions would be visible. Even better if it were released under the GPL, as we could then also write patches to remove the "malicious" functionalities and redistribute them.
Yes, my Windows partition uses F-Secure. I will give you a resource-usage estimation next time I'm able to get to that machine and reboot it into Windows. It's a 64-bit dual-core laptop that's probably approaching 10 years old, with 4gb (or 8, I can't remember) of RAM, and a cheap SSD. It's a dual-boot setup. It's no speed demon, but it has no problem running Windows 10 Pro, and all I can say is FSAV hasn't affected the performance at all. If anything it operates a little quicker than Windows Defender did. Like Bitdefender free, it sits unobtrusively in the background, doesn't slow anything down and keeps out of my way.
-
@jamesbeardmore said in Recommendations for anti-virus to replace Avast Premier.:
Even better if it were released under the GPL, as we could then also write patches to remove the "malicious" functionalities and redistribute them.
Let's be honest here - even if the Norkies released something like that, and it wasn't GPL, we'd still patch it to hell
I will give you a resource-usage estimation next time I'm able to get to that machine and reboot it into Windows.
Thanks, appreciate
-
3 years i'm running ESET NOD32 daily and it is just perfect !
i'm donwloading (not necessarily legal download sorry...) quite a lot and i never had a SIGNLE virus or malware !
UI is incredibly pure and beautiful IMHP (just lack of dark theme)
And he runs security updates and other scan when u r not using your computer, so yeah it seems like ESET is really under the radar but for me it is the best
It is not free of course and quit pricy but it is worth it !!give a try ! u will not be disappointed !
-
ESET is not under the radar. It used to be one of the best.
Used to be.
Look at my roundup from last years stats and you will notice it never made it in the top 5 in any month.The July to August stats for this year (best to the left, worst to the right)
https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart2&chart_year=2019&chart_month=Jul-Aug&chart_sort=1&chart_zoom=3
-
@Dr-Flay said in Recommendations for anti-virus to replace Avast Premier.:
ESET is not under the radar. It used to be one of the best.
Used to be.
Look at my roundup from last years stats and you will notice it never made it in the top 5 in any month.The July to August stats for this year (best to the left, worst to the right)
https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart2&chart_year=2019&chart_month=Jul-Aug&chart_sort=1&chart_zoom=3
All AVs achieve a detection greater than 98%, which for practical purposes is sufficient, therefore counts more the personal experience of the user.
Windows Defender itself has an excellent detection rate, it just need to reduce false positives to be able to do without a Third Party AV. -
@Pathduck sorry for the delay in replying to you (and sorry to all the other forum users for resurrecting an older thread), but I've finally booted my Windows 10 partition, so can give my memory usage for F-Secure AV.
System: Intel Pentium P6200 / 8GB RAM / Win10 64bit / Crucial 500 MX SSD - so you can see it's a laptop that's at least 8 years old but the RAM and SSD were upgraded around 5 or 6 years ago.
I have identified all the processes I could that are associated with F-Secure, and these readings are straight from Windows' task manager. There are a bunch of processes that consume 83.4MB RAM altogether, and then 1 process whose RAM consumption varies from 30-80MB based on hard disk activity, for a total of 113.4-163.4MB RAM usage (from visible processes in task manager). Because I haven't run my machine for ages, everything wanted to update. I allowed F-Secure to complete updating itself before measuring. These measurements were taken while Windows 10 was performing automatic updates, hence all the hard disk activity. There are a lot of updates to apply! I hardly ever boot it!
The F-Secure program files folder on the hard disk occupies 838MB of space at the time of writing. I've no idea whether newer versions of Windows scatter stuff around various other folders like \windows and \windows\system, like they did in the days of "DLL Hell", but this should at least give you some idea of the hard disk footprint.
As a comparison, ClamAV on GNU/Linux (with the SecuriteInfo and SaneSecurity-distributed databases in addition to its own databases) occupies about 1.2GB of RAM, give or take (measured with "top"). The databases probably occupy about 600MB in total (including the custom dbs), and then the ClamAV binaries themselves are probably about 10-20MB (estimates based on the files in the zip archive of the Windows version). I know it's not directly comparable because ClamAV doesn't do rootkit/on-access etc. scanning.
-
@jamesbeardmore Thanks very much for coming back to give this information
I appreciate the estimate of F-Secure memory usage. It was no big surprise really, and I would suspect most of the big ones would be about the same size, give or take. Many of them are based on the same engine and have basically identical UIs, from what I can tell by screenshots. I do wish they'd stay away from all the fancy faff and focus on doing their job silently in the background, but I guess today's users want big friendly buttons and dancing pigs over simple functional interfaces...
Estimating memory usage is a bit of an arcane art on a modern OS anyway, there are so many factors involved. For instance my AvastSVC process is shown in Task Manager as using 23MB (Working Set), while in Process Explorer it's shown with 123MB (Private Bytes). Depending on how you read those numbers it could be a massive memory hog or pretty lean...
Hard disk usage would be about the same as well, I'm guessing most of that is made up by the malware databases and the aforementioned GUI fluff. Actually my Avast installation folder is a whopping 1.3GB but about 800MB of that is setup files that it (apparently) needs. I really wish developers would show some considerations for those of us who actually still care about how much disk space is wasted... clean up after yourself will ya!
I'm really surprised on the ClamAV numbers though. 1.2GB of memory used seems absurd. Does it really keep all its databases in RAM? It must take ages to load up as well with that footprint. Did you mean to write MB? I've always thought ClamAV would be really light-weight? I've actually considered using ClamAV for its supposedly small footprint.
My dream scenario would be something like F-Secure ca. 2001, but with modern malware databases and detection. Dream on I guess
-
@Pathduck said in Recommendations for anti-virus to replace Avast Premier.:
My dream scenario would be something like F-Secure ca. 2001, but with modern malware databases and detection. Dream on I guess
You and me both, my friend. I'd love to see a modern AV that had a simple, no-frills interface... AND more importantly, actually showed what it was doing, rather than just having a meaningless percentage or progress bar.
-
As others, off-topic posters also said, I also don't use any AV on my Windows machine for over 3-4 years now and never had any problems. Sooo much better in stability and performance, the OS performs as it was designed to do.
I use a "user account" since the days of NT and previously I would additionally extra-tweak some things in the group/user policies and access permissions to files, since Windows Vista things got better. Similar to @Ayespy I don't use cracked software, I use Libreoffice instead of anything MS, Steam for playing some games, don't download torrents, and don't visit "dubious" sites. For p0rn... just stay mainstream and you are ok If I have some suspicions I run malwarebytes or run it anyway every 3 months or so, but so far everything was clean. Rarely when I have to check some files I upload them to https://www.virustotal.com/ and all is fine :). But it's everyone's decision to believe or not AV companies (that want to sell their products) or take the "risk?"
Similar to @derDay 's link there are lots of threads and comments about it like https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/
-
How big a list should I paste of regular trusted big name sites that have been compromised to server drive-by malware to visitors ?
Being careful used to be good enough but this is 2019
-
@npro Are you using Windows Defender, or have you been able to completely rid the OS of it? The reason I ask is that the articles I've read often give it the worst score on performance (which is strange since it's basically a part of the OS anyway) and very bad on false positives. And getting completely rid of it on Win10 is not so easy as some would have it.
One reason I've considered ditching Avast is performance, but then I've never considered going without an AV. You'd need to be real careful what you download, and not sure I'd like to have to upload every downloaded executable/document etc to Virus Total. But respect to you I guess, if you are able to do without any AV at all.
I really don't trust running only on-demand scanners like MWB "once in a while" - too easy to get infected by downloading a file and running it, even if it's from a safe source. Like @Dr-Flay says above, download sites are regular targets for (successful) malware attacks.
-
@Pathduck said in Recommendations for anti-virus to replace Avast Premier.:
@npro Are you using Windows Defender, or have you been able to completely rid the OS of it? The reason I ask is that the articles I've read often give it the worst score on performance (which is strange since it's basically a part of the OS anyway) and very bad on false positives. And getting completely rid of it on Win10 is not so easy as some would have it.
no, completely rid, full commando
One reason I've considered ditching Avast is performance, but then I've never considered going without an AV. You'd need to be real careful what you download, and not sure I'd like to have to upload every downloaded executable/document etc to Virus Total. But respect to you I guess, if you are able to do without any AV at all.
It's not that dramatic, usually it's about .exe files or installer files and if your sources are trusted/you don't install every trash lying around there is no problem (other than incidents like the hacking of the ccleaner website, which I don't use either), .dll files (infected or not) are called by an .exe so they are not active threats either, and who needs/downloads .scr (screensaver files) anyway, it's all about the use, if I'd use random templates/documents .odt of course I would be a little more careful for macros etc or if I were a software developer having to use .js too, but I'm not
I really don't trust running only on-demand scanners like MWB "once in a while" - too easy to get infected by downloading a file and running it, even if it's from a safe source. Like @Dr-Flay says above, download sites are regular targets for (successful) malware attacks.
yeah ok, no one can be safe 100% but if you "update your software and OS regularly and practice skeptical computing" as the article says and as described in my previous post you are pretty much safe and your OS is solid like it came out of the box today. But again this is a "risk" one decides for himself, can't tell you what to do
-
ESET Smart Security Premium has been my choice for years. Since you use Vivaldi you might like ESET because of its also more customizable than other AV. Being a power user I like as many options as possible. One option was logging. ESET isn't perfect logging but its the best I've seen. Even though I've used it for 5 years, I've also used Bit Defender and Norton 360 during that time. I used 360 for 8 years and this is better. Last holiday season I bought Bit Defender because the AV reviews said it caught the most exploits. Maybe, but the software is extremely limited in configuration. Also, ESET has a great infosec website and they're very involved in the community. Check out ESET.
-
@brenji Thanks for the input. I've heard good things about ESET, a couple of years ago.
What's the resource usage for the processes, like memory (private bytes/working set) and CPU time? -
@Pathduck Sorry to resurrect an old thread but yes, you read it correctly, 1.2 GB - but that's with a bunch of custom databases in addition to ClamAV's standard databases. If you were to use just ClamAV's own official databses, it'd be much lighter. I made the comparison that way, because it's only with the SecuriteInfo and SaneSecurity databases that I can get a detection-rate approaching that of commercial solutions such as F-Secure. It's also how I use ClamAV, so was easiest to test. I've just checked the size of the official ClamAV databases in /var/lib/clamav and they're currently occupying 268.4MB. I've just tried clamscan with the --official-db-only option, and RAM consuption during a scan of /home appears to be somewhere in the 500-700MB range according to "top".
I too miss the interface of that version of F-Secure, or the interface of McAfee VirusScan 2/3/4, or Dr Solomon's AVTK. Looking at that screenshot, it has all the options you want or need. Crucially, you can set a default option but there's still a "confirm operations" checkbox! It's clear and intuitive, and doesn't waste screen space. Fantastic! It'd be so easy to recreate that and just add an extra checkbox or tab for "Ransomware protection", etc. - without loads of fluff, big fonts, vast white spaces and dumbed-down options for idiots.
-
@jamesbeardmore said in Recommendations for anti-virus to replace Avast Premier.:
Sorry to resurrect an old thread but yes, you read it correctly, 1.2 GB - but that's with a bunch of custom databases in addition to ClamAV's standard databases.
Don't worry - the thread is still going far as I'm concerned
I'm not so much worried about memory usage during a scan, since that's something I'm doing rarely anyway. It makes sense that it would load the database into memory when scanning, for speed of lookup.What's more interesting is the memory use during regular background usage, and to a certain extent CPU usage during such background monitoring as well, but it's harder to get data on obviously.
For instance Avast in the background uses ~80MB, and to be honest I doubt I'll be able to find any that uses less.
loads of fluff, big fonts, vast white spaces and dumbed-down options for idiots.
I know, it seems every single AV solution is following the same UI design now, in the end they all look exactly the same... all for the sake of being "user-friendly".
I'm reminded of this quote:
The user's going to pick dancing pigs over security every time
-- Bruce Schneier -
This post is deleted!