Recommendations for anti-virus to replace Avast Premier.



  • I did a few tests on a malware collection I've built up from e-mails that arrive in our company's generic "catch-all" inbox. Based purely on detection rate, I noticed the following:

    • Windows Defender had a pretty reasonable detection rate, but not outstanding.
    • Avira free and Bitdefender free detected almost everything.
    • Emsisoft emergency kit and F-Secure detected absolutely everything.
    • Qihoo 360, despite having the licenced Avira and Bitdefender engines turned on (in addition to their own engines) missed more than 2/3 of the malware.
    • Comodo lagged a bit behind Windows defender.
    • Immunet was better than Qihoo 360 but worse than Comodo.

    I used to wholeheartedly recommend Avira, but they seem to have moved to adding unnecessary bloat such as a weird management centre, VPN and software-updater. It also pops up a nag-screen asking you to upgrade to one of the paid versions.

    I wouldn't touch Panda, even with someone else's dirty stick, because I don't want to support a company with links to (a religious or philosophical group). I also had a bad experience at a previous company with it trashing a server - although that's obviously just a "one-off" event, so it might work perfectly for you.

    If you are considering Qihoo 360, I think it'd be better to use Avira or Bitdefender's engines directly. Their implementation of both seems a bit ineffective. The performance impact is OK and the interface is quite reasonable, though. It's just that you're possibly better protected leaving Windows Defender there. Additionally, some people are wary of them because they're Chinese and assume it must be spyware. That argument is a little flawed, because it'd be running on a proprietary piece of NSA spyware. That said, if you only want to be spied-on by one government and set of corporate entities, instead of two, you might want to avoid it.

    Don't be put off too much by Comodo's terrible detection rate, as they really shine on behaviour-based detection. One option might be to use Comodo's firewall (which has some behaviour-based blocking built in) with Windows Defender or another simple AV with a better detection-rate.

    I can recommend Bitdefender free as it has all the protection you need, and is exceptionally lightweight with zero configuration. My only two concerns are:

    • It breaks HTTPS by performing a MITM attack on your browser traffic.
    • It auto-quarantines things without asking. Whilst you can restore from quarantine, this relies on a false-positive not bricking your system.
      In practice, it's been flawless on my relatives' PCs.

    I can also recommend F-Secure Antivirus (you have to really scour the web site to just get the Antivirus, as they really want you to get one of the bloated solutions such as Total). Whilst it also auto-quarantines, it doesn't break HTTPS and it has worked flawlessly for me, with zero performance impact. It also does zero nagging whatsoever, until your subscription gets really close to expiring. I also prefer F-Secure's stance on privacy versus a lot of other companies. The only way they could improve their basic entry-level AV for me, would be to have an "ask me what to do" option upon detection. Otherwise, it's absolutely perfect, even on old hardware.

    If you were really going to push me for a recommendation, I'd say take your pick out of Windows Defender, Bitdefender Free and F-Secure (Antivirus, not Total/Safe/etc.).


  • - Ambassador -

    @Pathduck Good Points. It is hard to differentiate the products as to what is best and how they work.
    One of the reasons I chose Sophos was their Naked Security blog and Podcasts. I'd been following them for a couple of years before I switched and found them informative and down to earth.


  • - Ambassador -

    @jamesbeardmore said in Recommendations for anti-virus to replace Avast Premier.:

    I did a few tests on a malware collection I've built up from e-mails that arrive in our company's generic "catch-all" inbox. Based purely on detection rate, I noticed the following:

    • Windows Defender had a pretty reasonable detection rate, but not outstanding.
    • Avira free and Bitdefender free detected almost everything.
    • Emsisoft emergency kit and F-Secure detected absolutely everything.
    • Qihoo 360, despite having the licenced Avira and Bitdefender engines turned on (in addition to their own engines) missed more than 2/3 of the malware.
    • Comodo lagged a bit behind Windows defender.
    • Immunet was better than Qihoo 360 but worse than Comodo.

    I used to wholeheartedly recommend Avira, but they seem to have moved to adding unnecessary bloat such as a weird management centre, VPN and software-updater. It also pops up a nag-screen asking you to upgrade to one of the paid versions.

    I wouldn't touch Panda, even with someone else's dirty stick, because I don't want to support a company with links to Scientology. I also had a bad experience at a previous company with it trashing a server - although that's obviously just a "one-off" event, so it might work perfectly for you.

    If you are considering Qihoo 360, I think it'd be better to use Avira or Bitdefender's engines directly. Their implementation of both seems a bit ineffective. The performance impact is OK and the interface is quite reasonable, though. It's just that you're possibly better protected leaving Windows Defender there. Additionally, some people are wary of them because they're Chinese and assume it must be spyware. That argument is a little flawed, because it'd be running on a proprietary piece of NSA spyware. That said, if you only want to be spied-on by one government and set of corporate entities, instead of two, you might want to avoid it.

    Don't be put off too much by Comodo's terrible detection rate, as they really shine on behaviour-based detection. One option might be to use Comodo's firewall (which has some behaviour-based blocking built in) with Windows Defender or another simple AV with a better detection-rate.

    I can recommend Bitdefender free as it has all the protection you need, and is exceptionally lightweight with zero configuration. My only two concerns are:

    • It breaks HTTPS by performing a MITM attack on your browser traffic.
    • It auto-quarantines things without asking. Whilst you can restore from quarantine, this relies on a false-positive not bricking your system.
      In practice, it's been flawless on my relatives' PCs.

    I can also recommend F-Secure Antivirus (you have to really scour the web site to just get the Antivirus, as they really want you to get one of the bloated solutions such as Total). Whilst it also auto-quarantines, it doesn't break HTTPS and it has worked flawlessly for me, with zero performance impact. It also does zero nagging whatsoever, until your subscription gets really close to expiring. I also prefer F-Secure's stance on privacy versus a lot of other companies. The only way they could improve their basic entry-level AV for me, would be to have an "ask me what to do" option upon detection. Otherwise, it's absolutely perfect, even on old hardware.

    If you were really going to push me for a recommendation, I'd say take your pick out of Windows Defender, Bitdefender Free and F-Secure (Antivirus, not Total/Safe/etc.).

    Panda Security is an entirely Spanish company of many years, and therefore I doubt that it has relations with (a religious or philosophical group). This by definition would be more likely in a US company.I have used Panda practically since its inception and I have always had very good experiences with them and in the comparisons, with small variations, it has always been in the top positions.They were the first to base their definitions in the cloud in real time and not on a basis of frequent disk updates.I do not want to spam Panda and I do not say that it is the best of all, but I find it unfair to discriminate against a Spanish company with claims that need to be conclusively shown.



  • @Catweazle said in Recommendations for anti-virus to replace Avast Premier.:

    I find it unfair to discriminate against a Spanish company with claims that need to be conclusively shown.

    https://en.wikipedia.org/wiki/Mikel_Urizarbarrena

    I don't care what religion one follows, they're all a waste of time from a rational point of view, and I don't discriminate a program for what the founder/coders do in their private life. Infact I used McAfee for a long time during DOS times 😉 but then I found there were way better options as time passed, and tested many. Panda wasn't my fav ever but it was more than 10 years ago, and never tested it anymore. Better touch with your hand and do your own review than following some irrelevant rumours.


  • - Ambassador -

    Panda CEO may be a follower of this sect, but Scienciology has no influence on the EC and less in Spain, nor is there any reference in this regard, neither in the AV nor in technical support or in the support forum they have.
    To reject a good AV or other good product because of the CEO's creed, I find it somewhat fallacious, if we cannot discriminate against many other US products that we use, for this reason (Steve Jobs?)
    Just this



  • @greybeard said in Recommendations for anti-virus to replace Avast Premier.:

    One of the reasons I chose Sophos was their Naked Security blog and Podcasts.

    Yeah, always a big plus for me if the company provides a blog about security. F-Secure has done the same for a long time too, their Labs blog is heavily technical (most of it way over my head) but their regular blog is very interesting reading.

    I think it shows companies actually care deeply about security and has some highly skilled people working for them.

    @jamesbeardmore Thanks for the writeup - lots of good information 👍 Even though I wouldn't worry about the old Panda/Scientology case, it was a very long time ago. Even though it did cause quite a scandal in France when it hit, from what I read - interesting digging up the information 🙂

    Did you get a chance to test the performance of the paid Bitdefender not just the free one?

    I would definitely pay for a good AV, long as the price was reasonable. My problem with Avast at the moment is that even if I pay for their Premium product they keep pushing me to buy more products through the installation itself, which is despicable.

    @Catweazle You mean Steve and Woz selling blue boxes out the trunk of their car in the early 70s? It's a good story 😉

    9923785c-5313-492f-87f9-57875c1904fc-image.png


  • - Ambassador -

    Now with Win10 I settle for Windows Defender (for the moment). In the old computer with Win 7 I had Panda free (Panda Dome) that I liked quite, very light and only a small banner to buy the pro version in the AV menu. Very light and very fast, it even carries a VPN, although in the free version with a data volume limitation (150 megabytes / day) and automatic server selection. Sufficient for timely use on blocked pages or videos.


  • Vivaldi Translator

    @Gwen-Dragon Wow, I thought MS AV would limit to 50% CPU but maybe that is something only in MSE.
    I can see that killing a lot of laptops.

    @jamesbeardmore nice comparison.
    the Qihoo test confirms my suspicion.
    Using good definition databases is all well and good, but they are not the component doing the physical scanning and detection.

    With Bitdefender and the MiTM certificate thing, this is easily disabled in the settings with the option "Encrypted web scan".
    https://www.bitdefender.com/consumer/support/answer/13426/
    Any AV that has the ability to scan HTTPS traffic will be using the same system.
    Same as most work PCs in offices, or if you install a tool such as Fidler to inspect your network traffic.
    As for broken, that is only ever a temporary thing or the function becomes pointless to add.

    I can't find any specific info but I would assume Bitdefender lets you change the default behaviour with detected files., because there is reference to 3 behaviours it can do after a scan.
    https://www.bitdefender.com/consumer/support/answer/13450/

    F-Secure trouble me.
    They keep getting in the top ranks but not consistently and seem to suffer the same problem as Defender, of just blocking anything they don't recognise and call it malware.
    This may well enough to block all unknown malware, but as I said before, this is just like using a white-list policy.
    Last year Defender and F-Secure shared the same amount of time being the worst at false-positives.
    https://dr-flay.vivaldi.net/2018-anti-virus-comparison/
    I will be doing another roundup for this year once we make it through.

    I used to use Sophos long ago, but as it's updater became a pain and it became less able to detect new malware I moved to AVG. When AVG became too much for a humble PC to deal with running, I moved to Avira.
    Now I use a variety of layers of different standalone techniques and products, and have the majority of my AV scans done remotely before they touch my PC.

    Secure In-browser sessions have become progressively harder to inject AV scanning into, so mostly these days all you effectively get is the link scanning, and the scanning of the downloaded data in your browser caches.


  • - Ambassador -

    I think that in Windows 10, the Defender is enough to be able to do without a separate AV. Perhaps you can use other separate applications, such as AdwCleaner, DNS crypt, etc. Apart from certain extensions in Vivaldi, such as ad- and scriptblocker, fingerprint spoofer and common sense to increase security, if you want



  • @Dr-Flay said in Recommendations for anti-virus to replace Avast Premier.:

    F-Secure trouble me.

    Me too - I want very much to like them, they are Finnish underdogs, who for a long time had the (in my opinion) very best antivirus, standing strong against the US giants who were dominating the market at the time. They had a really great product, and I can't really remember what made me change to Avast, but at the time (2009 I think) Avast was "all the rage" and everyone was talking how good and light-weight it was.

    Thanks for the blog post summary - really good, and the comments are just as interesting reading as the post itself 🙂



  • I had a feeling that my mention of a certain religious sect would potentially get a few people discussing it. I'd just like to clarify my point. I deliberately refrained from "loading" my language (e.g. by saying "that terrible evil cult of weirdos" or something like that) by just saying I don't want to fund them, and that's it. I didn't even give a reason, because I didn't want to bias other peoples' viewpoint beyond what the basic statement would already do. I choose not to fund a lot of institutions. It doesn't necessarily mean that I believe there's anything wrong with them. However, in this particular case, all I can say is that I fundamentally disagree with everything to do with that sect on a moral, philosophical, scientific, and religious (in the humanist sense) level, and therefore don't want to personally do anything to help their cause. Whether someone else wants to or not, I don't care. If it's a fulfilling and beneficial sect for you, that's great. I just exercise the right not to support them or support a business which has been associated with them in the past and therefore might support them now or in the future. I seem to remember that in the past, the then-CEO had donated vast amounts to the sect, and I could only assume that he had earned that money from his business. I would not want to control what someone else does with their money, but I can control what I do with my own if I see the likely downstream path for it. I'm sure the AV software itself is great. The religion of a developer isn't what stops me using a piece of software. It's more a concern of what I'd be indirectly funding.

    So basically, I don't want to fund that particular sect, in the same way that I don't want my money to go towards funding ANY other religion, sect or cult either. Almost all religious people are absolutely wonderful people and do wonderful deeds, often inspired by their religion. That doesn't change the fact that I'd just rather spend my money on causes closer to my heart and (for me) more important. Such as directly towards the good deeds themselves.

    Regarding breaking HTTPS and "ask me on detection" - that's the problem with Bitdefender free. It has literally zero configuration options, so you can't turn these off. If you can in the paid version, then that would get my recommendation for sure. The problem with intercepting HTTPS is that almost all AVs that do it have been shown to implement it badly (at least at first). Maybe they have got their act together, but when they first started doing it, almost none verified certificates correctly, thereby lessening your security by preventing your browser from validating them. One or two used the same root certificate on all installations, meaning that a malicious person could produce a phishing web site, secure it with that root certificate, and victims would happily use it, as it was signed with a trusted certificate. Finally, considering the privileges an AV solution has on a system, it's a significant target for hacks and exploits. You could potentially end up with a compromised AV feeding clean, certified-genuine malware to your browser. Additionally, sniffing https traffic gives AV providers a perverse incentive to attempt to snoop on it to make money (probably more of a risk with free offerings from questionable companies, rather than the bigger players). I just think it's unnecessary and dangerous, when similar protection can be achieved with any one or more of: a behaviour blocker, ransomware protection, anti-exploit, and maybe a browser extension if you're really bothered (I'm wary of most browser extensions).

    Like everything, you have to weigh up the risks and benefits, and consider both your threat-model and how much you trust your chosen AV solution. The reason there are lots of different AV solutions is because one size doesn't fit all. I can only recommend what fits my circumstances as I could never fully understand someone else's.

    I personally find F-Secure give me zero false positives - but I'm aware of their reputation for having them, so it's something to consider. My fileset and browsing habits will be different to the next person's. I like F-Secure because it was the simplest, lightest-weight paid-for AV from a trusted company that I could find, and their privacy policy seemed reasonable when I checked it. The basic AV-only package does file-scanning and behaviour-blocking (including things like anti-ransomware) and that's about it. It doesn't have a lot of work to do, as I rarely ever boot into Windows. You might need something more full-featured like a suite or one of its competitors.

    I used to love Avira and had been using it since the 90s, when it was called "H+BEDV AntiVir", but it has gradually got bloated and I remember a while back it nagged you to upgrade to a more fully-featured version, even when you'd already paid for the one you want. That put me off. Maybe they've improved since then though.

    I want to like Sophos, as they come from my own country, and have a great reputation, but similar to Windows-NSA concerns, I therefore have Sophos-GCHQ concerns! That said, given the amount of cooperation between both agencies, if the NSA have a backdoor into Windows, GCHQ don't need to waste their time pressuring Sophos as they'd be able to get in anyway! Additionally, Sophos's privacy policy, "no backdoors" policy and ethics statement seem to be pretty good (from what they say publicly, anyway). I heard that at one time, they had been selling data-monitoring and tracking software to the Syrian government, but in their defence, it wasn't Sophos themselves - it was a company they'd bought - and they stopped that company doing it when it was discovered.

    I guess it boils down to the fact that you have to be able to trust your AV company, not just your AV. For instance, if Kim Jong Un sat down and wrote the world's most effective antivirus ever, would you use it? Maybe if you were North Korean, or even Chinese or Russian you'd have no worries installing it. How about if you were American?

    Additionally, the virus protection also has to keep your system usable. For instance you could completely stop a malware attack on a PC by consuming 100% of the cpu cycles and overwriting every sector of its hard disk and RAM with zeroes! You'd be left with no operating system and no data, but at least that virus would be gone...



  • @jamesbeardmore Don't worry about it mate 🙂

    I agree with what you said anyway. One does need to exercise some thought on what companies to invest in on ethical grounds as well.

    if Kim Jong Un sat down and wrote the world's most effective antivirus ever, would you use it?

    If it was open-source I'd consider it 😂

    I agree on F-secure, I'd like to go back to it, they're a good company and I trust them. Hopefully they have a trial version so I can test once my Avast sub is over.

    Are you using F-Secure now, the paid version? Are you able to give an estimate from Task Manager how much memory the F-Secure tasks and services use? Not that memory is a good indicator but it could show at least how "light-weight" it is.



  • @Pathduck said:

    If it was open-source I'd consider it 😂

    Haha, I know what you mean, and that's a good point! I wasn't going to mention "open source", but most of the time, source-availability is my primary measure of trust in software. If Kim Jong Un's ultimate antivirus were released under the a source-available licence, there'd be absolutely no worries about anyone in the world using it, as any functionality deemed "malicious" by either North-Korean or American definitions would be visible. 😃 Even better if it were released under the GPL, as we could then also write patches to remove the "malicious" functionalities and redistribute them. 👍

    Yes, my Windows partition uses F-Secure. I will give you a resource-usage estimation next time I'm able to get to that machine and reboot it into Windows. It's a 64-bit dual-core laptop that's probably approaching 10 years old, with 4gb (or 8, I can't remember) of RAM, and a cheap SSD. It's a dual-boot setup. It's no speed demon, but it has no problem running Windows 10 Pro, and all I can say is FSAV hasn't affected the performance at all. If anything it operates a little quicker than Windows Defender did. Like Bitdefender free, it sits unobtrusively in the background, doesn't slow anything down and keeps out of my way.



  • @jamesbeardmore said in Recommendations for anti-virus to replace Avast Premier.:

    Even better if it were released under the GPL, as we could then also write patches to remove the "malicious" functionalities and redistribute them.

    Let's be honest here - even if the Norkies released something like that, and it wasn't GPL, we'd still patch it to hell 😉

    I will give you a resource-usage estimation next time I'm able to get to that machine and reboot it into Windows.

    Thanks, appreciate 👍



  • 3 years i'm running ESET NOD32 daily and it is just perfect !
    i'm donwloading (not necessarily legal download sorry...) quite a lot and i never had a SIGNLE virus or malware !
    UI is incredibly pure and beautiful IMHP (just lack of dark theme)
    And he runs security updates and other scan when u r not using your computer, so yeah it seems like ESET is really under the radar but for me it is the best
    It is not free of course and quit pricy but it is worth it !!

    give a try ! u will not be disappointed !


  • Vivaldi Translator

    ESET is not under the radar. It used to be one of the best.
    Used to be.
    Look at my roundup from last years stats and you will notice it never made it in the top 5 in any month.

    The July to August stats for this year (best to the left, worst to the right)
    https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart2&chart_year=2019&chart_month=Jul-Aug&chart_sort=1&chart_zoom=3
    Jul-Aug.jpg


  • - Ambassador -

    @Dr-Flay said in Recommendations for anti-virus to replace Avast Premier.:

    ESET is not under the radar. It used to be one of the best.
    Used to be.
    Look at my roundup from last years stats and you will notice it never made it in the top 5 in any month.

    The July to August stats for this year (best to the left, worst to the right)
    https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart2&chart_year=2019&chart_month=Jul-Aug&chart_sort=1&chart_zoom=3
    Jul-Aug.jpg

    All AVs achieve a detection greater than 98%, which for practical purposes is sufficient, therefore counts more the personal experience of the user.
    Windows Defender itself has an excellent detection rate, it just need to reduce false positives to be able to do without a Third Party AV.



  • @Pathduck sorry for the delay in replying to you (and sorry to all the other forum users for resurrecting an older thread), but I've finally booted my Windows 10 partition, so can give my memory usage for F-Secure AV.

    System: Intel Pentium P6200 / 8GB RAM / Win10 64bit / Crucial 500 MX SSD - so you can see it's a laptop that's at least 8 years old but the RAM and SSD were upgraded around 5 or 6 years ago.

    I have identified all the processes I could that are associated with F-Secure, and these readings are straight from Windows' task manager. There are a bunch of processes that consume 83.4MB RAM altogether, and then 1 process whose RAM consumption varies from 30-80MB based on hard disk activity, for a total of 113.4-163.4MB RAM usage (from visible processes in task manager). Because I haven't run my machine for ages, everything wanted to update. I allowed F-Secure to complete updating itself before measuring. These measurements were taken while Windows 10 was performing automatic updates, hence all the hard disk activity. There are a lot of updates to apply! I hardly ever boot it!

    The F-Secure program files folder on the hard disk occupies 838MB of space at the time of writing. I've no idea whether newer versions of Windows scatter stuff around various other folders like \windows and \windows\system, like they did in the days of "DLL Hell", but this should at least give you some idea of the hard disk footprint.

    As a comparison, ClamAV on GNU/Linux (with the SecuriteInfo and SaneSecurity-distributed databases in addition to its own databases) occupies about 1.2GB of RAM, give or take (measured with "top"). The databases probably occupy about 600MB in total (including the custom dbs), and then the ClamAV binaries themselves are probably about 10-20MB (estimates based on the files in the zip archive of the Windows version). I know it's not directly comparable because ClamAV doesn't do rootkit/on-access etc. scanning.



  • @jamesbeardmore Thanks very much for coming back to give this information 👍

    I appreciate the estimate of F-Secure memory usage. It was no big surprise really, and I would suspect most of the big ones would be about the same size, give or take. Many of them are based on the same engine and have basically identical UIs, from what I can tell by screenshots. I do wish they'd stay away from all the fancy faff and focus on doing their job silently in the background, but I guess today's users want big friendly buttons and dancing pigs over simple functional interfaces...

    Estimating memory usage is a bit of an arcane art on a modern OS anyway, there are so many factors involved. For instance my AvastSVC process is shown in Task Manager as using 23MB (Working Set), while in Process Explorer it's shown with 123MB (Private Bytes). Depending on how you read those numbers it could be a massive memory hog or pretty lean...

    Hard disk usage would be about the same as well, I'm guessing most of that is made up by the malware databases and the aforementioned GUI fluff. Actually my Avast installation folder is a whopping 1.3GB but about 800MB of that is setup files that it (apparently) needs. I really wish developers would show some considerations for those of us who actually still care about how much disk space is wasted... clean up after yourself will ya! 🙄

    I'm really surprised on the ClamAV numbers though. 1.2GB of memory used seems absurd. Does it really keep all its databases in RAM? It must take ages to load up as well with that footprint. Did you mean to write MB? I've always thought ClamAV would be really light-weight? I've actually considered using ClamAV for its supposedly small footprint.

    My dream scenario would be something like F-Secure ca. 2001, but with modern malware databases and detection. Dream on I guess 🙂

    1065c22e-42a3-42bb-914d-d8cc2150d399-image.png



  • @Pathduck said in Recommendations for anti-virus to replace Avast Premier.:

    My dream scenario would be something like F-Secure ca. 2001, but with modern malware databases and detection. Dream on I guess 🙂

    1065c22e-42a3-42bb-914d-d8cc2150d399-image.png

    You and me both, my friend. I'd love to see a modern AV that had a simple, no-frills interface... AND more importantly, actually showed what it was doing, rather than just having a meaningless percentage or progress bar.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.