For years now the traditional security programs have relied heavily on a definition data base to identify malware. This method, also known as signature based detection, is still being widely employed today.
New viruses and malware variants are being created daily and this system of detection cannot defend against them until samples have been obtained and signatures created then added to the data base. That is why this traditional method is largely considered ineffective at protecting against unknown threats (otherwise known as zero day threats).
Furthermore, in an attempt to stay one step ahead of signature based security software, the smarties are writing viruses which disguise themselves, either by encryption or other modifications, so they will not match virus signatures in the data base.
Now that all sounds pretty scary but please don’t be alarmed, signature based software remains a very effective way of protecting your computer plus, these days, most of the popular anti-virus freeware products are enhanced by the inclusion of a heuristics engine.
Heuristics is a system which helps identify malware via known behavioral characteristics, along the lines of…if it looks like a duck, walks like a duck and quacks like a duck it probably is a duck. Heuristics is also much more effective at protecting against zero day threats.
You may also come across the term ‘generic detection’ associated with heuristics; most viruses start out as a single infection but can modify into many different strains through a process known as mutation. Heuristic based software has the ability to identify all the variants within a family via one single generic signature.
Most popular anti-virus freeware products now also include other specialist components such as; anti rootkit and anti spyware. Although the anti spyware component would generally not be as thorough/effective as software dedicated to that task.
So, how much security is enough? The answer to that depends largely on the individual’s routine and surfing habits. Before we continue with some recommendations, here are a few general points to bear in mind:
- One of the most effective ways to avoid malware is to adopt a safe surfing policy. Stay away from disreputable sites and be careful what you click on. Ideally, everyone would follow that creed but in reality not too many do. That is simply human nature and one of the main reasons we need that ‘extra’ security.
- Never install more than one product from the same genre which employs real time protection. Compatibility issues would almost certainly ensue.
- All security products which employ real time protection use up valuable resources (memory). Installing too many, even from different categories, will noticeably slow your computer.
- Do not put too much store in anti-virus test results. All these tests are very subjective. It would be nigh on impossible to test all components of all contenders under identical circumstances in an identical environment. I am not advocating ignoring these results altogether, just not to make them the sole criteria for selection.
- Remember to always keep all your security software right up to date.
Anti Virus Software – is, in most cases, the number one defender of your computer realm and, it seems, many have a favorite to which they remain eternally faithful. Mine happens to be Avast. That opinion has been derived from many years successful usage, I can’t even remember the last time my machine fell victim to any malware infection. That, plus the knowledge I have gleaned about the various available freeware products keeps Avast on top of my list.
Avast protects via seven shields covering just about every online activity. It also has, in my opinion, the most comprehensive anti spyware component of the main contenders. Throw real time anti-rootkit protection into the equation as well as a superior heuristics engine and you have a truly excellent freeware.
Primary Computer Protection
Here is a short précis of the main contenders:
AVAST Antivirus
Positives:
- Full real time protection
- Fairly light on resources
- Low false positive rate
- Ability to perform boot time scans.
- Updated user interface in latest (v5) version
Negatives:
- User interface has been somewhat confusing in older versions
ANTIVIR Antivirus
Positives:
- Outstanding detection rate (best in its class)
- Light on resources
Negatives:
- Too many false positives
- No email scanner (not a major drawback)
- Nag screen
- Update process can be iffy
MICROSOFT SECURITY ESSENTIALS
Positives:
- Very user friendly with a simple intuitive interface
- Low rate of false positives
- Light on resources
Negatives:
- Slightly lower rates of detection than Avast and AntiVir
- Both scan and removal a little on the slow side
AVG
Positives:
- Provides adequate protection
Negatives:
- No anti-rootkit component
- Heavy on resources
- Not what it used to be
Secondary Computer Protection
Now let’s take a look at that ‘extra’ protection. First thing I would be looking at is some sort of HIPS based software:
Host Intrusion Protection System (HIPS) programs are fully compatible with traditional security software and compliment those products nicely. Protection is real time with constant monitoring of the system for any behavior which is characteristic of malware activity. They do come with a couple of issues however; decision making is, initially, largely based on user input and they can be quite ‘talkative’ at first. This behavior does recede in a relatively short space of time though, as the program learns from your responses.
THREATFIRE
Positives:
- Requires very little input from the user as it makes most decisions for you
- Works well right out of the box without the need for any additional configuration
Negatives:
- Rare compatibility issues with other software
SPYWARE TERMINATOR
Positives:
- Well established
- Full blown real time anti-spyware program with excellent HIPS component included
Negatives:
- Quite heavy on resources (not so suitable for older machines)
- No real time protection for 64-bit systems
- Reports of poor detection rates from on demand scanning
WINPATROL
Positives:
- Well established product with quite comprehensive protection
- One of the first products to employ behavioral based technology
Negatives
- None worth mentioning
Also extremely worthy of consideration are the free firewalls which monitor outgoing as well as incoming connections and also include a HIPS component. Based on ease of use combined with an excellent level of effectiveness, Online Armor is my number one recommendation. Another contender, purely because of its ease of use, is PrivateFirewall. Both are quite light on resources but PrivateFirewall is reported to be rather poor at self protection.
At this stage I should mention a couple of peripheral security products;
I have become so accustomed to having one of the site advisory services installed in my browser, I must admit I would now be lost without them. These small, unobtrusive apps are extremely light on resources yet offer an invaluable aid in avoiding dangerous sites. After using McAfee Site Advisor for quite some time I am now using the LinkExtend Firefox extension, which includes ratings from no less than 7 advisories, including WOT and MSA… highly recommended!
If, out of necessity, you are required to visit dangerous sites or regularly test obscure software you might consider using one of the freeware virtual environments, a process which has become commonly known as sandboxing. This involves surfing/downloading in a completely isolated environment, i.e. a sandbox. Nothing gets near the system unless you want it to and when your session is finished, simply delete the contents of the sandbox and everything is gone! Sandboxie is my current recommendation; it is simplicity personified, very easy to use and just works!
So, if you are a ‘safe surfer’ who uses the computer mostly just for the basics, one of better free anti-virus programs alone plus Windows Firewall would probably suffice.
If you are looking for just a simple layer of extra protection, anti-virus plus HIPS or firewall should do you nicely.
If you are prone to surf unsafe/disreputable sites or have a propensity for downloading copious amounts of software then go the whole hog; anti-virus plus HIPS/firewall* plus dedicated anti spyware plus a sandboxing tool. If you take either or both of those practices to the extreme then freeware security is probably not the answer for you.
I couldn’t leave this subject without at least touching on the latest trend… Cloud Anti-Virus. I currently remain unconvinced, not because I have any evidence to suggest this is not a viable solution. Rather, simply because of my own ignorance, the unknown factor versus the devil you already know. Many ‘experts’ are in fact declaring Cloud AV to be superior.
What security do I have installed? Avast free version (naturally) + Online Armor free firewall + LinkExtend + Sandboxie (so I can safely test freeware for you guys). Th-th-th-th that’s all folks!!!
*As with other real time monitoring security software, best not to install more than one product which includes any HIPS component.
Hey Jim
have read a number of your articles and always find them to be informative. I am currently using Privatefirewall after switching from Online Amour. Could you expand a little on Privatefirewall’s inablility to adequately protect itself?
Hey Tony – As I said in the article mate, during my research I had read reports that PrivateFirewall was not the strongest in self-protection. Can’t remember the exact details nor even where I read that information now…was so long ago.
Many types of malware will attempt to disable resident security software so they can actually infect the host machine, so self-protection is an important ingredient.
Ignore the date of the article mate, that was actually the date it was transferred from the old newsletter format to the new blog. The article was actually written and first published back in March 2010, not long after PrivateFirewall went freeware. There have been numerous new versions released since then, all incorporating improvements and enhancements. I would rate PrivateFirewall very highly now, as do many experts in the field.
Cheers…Jim