Thought I’d ask this here as it’s quite an IT heavy crowd.

What antivirus software is de-rigueur currently. I’ve used both Avast and AVG in the past and am currently using MSE following recommendations on here and that it integrates so well but I’m concerned it’s a minimal level of security.

Couple of online reviews I’ve just seen suggest Panda or Avira – anyone any experience or is there anything else anyone would suggest?

Oh and I don’t mind paying for it – £30 would be acceptable especially if it could cover a couple of PCs.

Cheers

Gary

How many viruses have you had since you used this “minimal level of security”? Stick with MSE and stop reading about products that are designed to do well in tests.

Moreover,

Make sure your software is up to date (particularly Windows, Java and Flash).

Watch for side-loaded adware when installing software.

Don’t click on anything stupid.

The biggest threat to a modern Windows installation isn’t online, it’s the bit in front of the keyboard. Fix that and you arguably don’t need AV at all.

Send me your £30 if you’re desperate to spend money.

As above MSE is fine, but Bitdefender & Avira consistently do very well in decent tests for both protection & performance.

Go here:
https://www.av-test.org/en/antivirus/home-windows/

Then click the sort buttons to sort by Protection.

Edit: for convenience

As above, MSE, don’t open emails you don’t recognise, don’t click links without being sure where the link goes to. Don’t sign into any website without being sure it’s the correct domain for that website.

For what it’s worth – Security Essentials is far from “minimum level” of security – it routinely beats many paid for AV’s in tests and is certainly up there as one of the best. It’s very highly regarded.

As a wise man once said,

stop reading about products that are designed to do well in tests.

Cougar – Moderator

As a wise man once said,

stop reading about products that are designed to do well in tests.

Are you suggesting those are designed to do well in tests, as opposed to doing well as a side effect of being decent AV software? Sort of like how VW cheat the emissions test?

If so, take go and take a look at the methodology for that AV-test.org result I linked.

Hint: It uses real viruses/malware captured that particular month.

I believe only two vendors have been caught cheating the tests, both were Chinese small players and were expelled from subsequent tests…

Microsoft Security Essentials is a ‘baseline’ product – it will provide you ‘some’ protection, but not as good as some of the other vendors who get higher ratings in the list above (which is sorted by detection then name alphabetically BTW, not by total overall detection). It won’t necessarily protect you against some of the more advanced attacks, as they are designed to get round ‘traditional’ AV packages.

Cougar

How many viruses have you had since you used this “minimal level of security”? Stick with MSE and stop reading about products that are designed to do well in tests.

And without your AV package popping up and telling you it’s detected something, how are you supposed to know that you have something nasty on your system? 😉 Malware is designed to be unobtrusive nowadays… That or encrypt your entire system and hold you to ransom…

The rest of your advice is reasonably good though – use common sense, make sure your system is patched and up to date, don’t download dodgy apps and don’t open emails purporting to be from the online fax system that don’t have or the UPS shipping receipt that you didn’t expect. A lot of people seem to struggle with these though…

I tend to broadly agree with Cougar, however this is an interesting one:

On that basis no virus protection at all would be perfect for me, as I’ve not had a single thing detected or blocked in the last 10 years or so (given other available evidence I’m reasonably confident nothing has slipped past which MSE has missed). The thing is, AV software is like PPE – the last resort when all else has failed, far better to avoid the AV software having to do anything by not allowing infection in the first place.

(Incidentally; that sad fact of that was that Norton actually did provide a decent AV solution, but it required a degree of configuring to make it less aggressive. Most people never knew / bothered, just declared it crap and moved on.)

On that basis no virus protection at all would be perfect for me, as I’ve not had a single thing detected or blocked in the last 10 years or so (given other available evidence I’m reasonably confident nothing has slipped past which MSE has missed). The thing is, AV software is like PPE – the last resort when all else has failed, far better to avoid the AV software having to do anything by not allowing infection in the first place.

Indeed. This is why I said you could “arguably” get away without AV at all.

If I were to connect, say, a Windows XP SP2 machine directly to the Internet with a USB modem, it’d probably have an infection of some sort in the time it took to brew up. But times have moved on.

Almost every home user will now be sitting behind a hardware firewall. That will head off many drive-by infections straight out of the gate. Windows itself has its own firewall which, despite shaky beginnings, is pretty decent these days.

Architecture changes have made the OS inherently more secure (for all that people bemoaned it, Vista was a big leap forwards under the bonnet). Vulnerabilities get patched, and these patches are being pushed more aggressively by MS. Everyone’s moaning about Windows 10 auto-updating, I say “about bloody time,” these are the same shitwits who were getting Conficker infections six months after the vulnerability was patched by MS.

Windows is actually really rather secure and stable these days. Anyone who vehemently disagrees is either selling AV products or still thinks “Windoze” is funny or relevant. So we don’t need AV, right?

Not quite. There’s still the issue of third party applications. The last time I looked into this in any real depth was a couple of years ago, but the single two biggest points of infection by a very very long way were exploits attaching the Java runtime and Adobe Flash clients. Or rather, unpatched, out of date versions of these.

And of course, as I said earlier, there’s the wetware to consider. People like to click on things, it’s like the compulsion to answer a ringing phone. And websites / software vendors can be sneaky, it’s all too easy to misclick even if you’re otherwise savvy.

So, we do still need AV, but as you said aracer, it’s the last line of defence against the scum of the universe malware infections and user error rather than the be-all and end-all of your security. I can’t quite bring myself to disable it entirely either, just in case a zero-day slips through (or I have an index-finger mishap).

What Operating System are you using? Worth noting that if it is Windows 10 there are a number of security improvements and enhancements inluded and coming that improve the built in Defender.

It’s all I use on my machine and no viruses.

Me neither – though given our requirements unobtrusiveness is quite high on the requirements list. I do admin a system which has no AV (and doesn’t auto-update patches 😯 ), but that’s a sandboxed VM system where every morning there is a clean system and is also sitting behind an obtrusive firewall (we ran XP beyond it’s end of support on that system and I only felt a little uncomfortable).

While I would say that you can use a machine with just the basic MSE if you know what to look out for.

If you want piece of mind against accidental clicks and pop up websites then you’re best off with something better.

Norton 2016 is pretty good and about the price you suggest. I’ve used Kaspersky, Bit Defender, Zone Alarm and AVG at home and Norton has been better than any of them so far.

Even then, it’s best just being cautious what you click and accept things. Even the very best anti-virus can be defeated by the user not paying attention and accepting an install without knowing the source.

We’ve trailed a lot of providers in work – nowadays we only recommend ESET, and if a gun is held to our heads Sophos.

Most of the systems work broadly as well as any other, some are overly demanding though – where they differ in support – for our commercial clients that’s far more important that how it effects boot time or how much storage it needs.

I’ll give an example – 12 months ago a client of ours had a virus introduced into their network via e-mail, their industry requires them to open attachments from e-mails they may not know – a fact of life for them and they didn’t have a mail filter (despite our recommendations) – a member of staff opened it, but it was ‘blank’ so she put it out of her mind and carried on – over the next few days it systematically deleted historic data from their server starting with the oldest first – it took 4 days for someone to notice.

Again, despite our recommendations they were using AVG, we contacted them immediately and their response was terrible “please e-mail us with your problem, we’ll respond within 48 hours” – this is a paid for commercial version, not a free consumer one, all the time their network is turned off to stop the virus deleting more data we can’t recover – we called ESET, who, even though didn’t supply their A/V gave us a fix, for free after a 5 min phone call – basically some software that works like a striped down OS you can boot to, to clean everything in a safe environment.

Even then, it’s best just being cautious what you click and accept things. Even the very best anti-virus can be defeated by the user not paying attention and accepting an install without knowing the source.

See, that’s half the problem with ‘chatty’ products. “sys123.dll is requesting access to the Internet, allow? [yes | no]” Who knows? So you end up just clicking ‘yes’ all the time, all the while thinking how great your AV is, just look at all these problems it’s finding!

we called ESET, who, even though didn’t supply their A/V gave us a fix, for free after a 5 min phone call – basically some software that works like a striped down OS you can boot to, to clean everything in a safe environment.

You could’ve saved yourself a phone call and just downloaded it.

https://www.eset.com/int/support/sysrescue/

Many AV companies have a similar offering, they can be quite useful. I’m quite a fan of ESET’s online scanner too, that’s saved me a couple of times historically when a PC’s been so riddled that I couldn’t actually install anything to tackle it.

I don’t use any.. I don’t feel I really need to.. I do a malware bytes spot check if I feel the need.

We run Windows 8.1 edit systems with up to date patches and have the basic windows defender stuff set-up. We’ve not had problems in years, but last week on of my colleagues ended up with a ransom-ware variant on his system – Teslacrypt 3.0 we think.

It made a mess, went through a good chunk of local drives (and network drives) – encrypting stuff that you have no way of dealing with (other than pay the ransom!) – anyway we are pretty well back-up here and removed the virus but it was a nasty piece of work.

We’re not sure where it came from or how it got on our systems – we suspect a piece of downloaded (legit paid for) software. But still not sure.

Either way my colleagues’ system let it run riot and my own system blocked it – but it sure was a wake up call.

Anyone else had run in with this?

We’re not sure where it came from or how it got on our systems

At the risk of banging the same bloody drum, its primary infection vector is vulnerabilities in Flash. Patch it or, better yet, get rid of the damn thing. Do you really need Flash on a work PC?

I don’t mean to be factious but I’ve not heard you drum before!

Given our work PC’s are built around occasionally producing Flash+video related content (though not much) – I’m not sure what the answer is!

Any other thoughts?

I said it just up there ^^ (-:

Given our work PC’s are built around occasionally producing Flash+video related content (though not much) – I’m not sure what the answer is!

Make sure you’re always on the latest patch / version at the very least.

I don’t know what you’re doing in Flash but if I were you I’d seriously be looking at alternatives. All other things aside, Flash is a dying technology.

Ok all that’s very informative but now I’m even more confused.

Basically so long as I don’t do anything daft online and practice safe computing I should be ok with MSE as much as anything else more comprehensive and probably more disruptive and I shouldn’t let the scaremongers scare me – correct?

Oh and I’m on Windows 7 (for now as I’m considering the upgrade to 10)

the only people who have ever recommended norton to me were reselling it i think, in which case it was worth it to them, or someone who’s bought and paid for it through PCworld or something.
i’ve had to put up with it on work PCs which it has literally ground to a halt because it’s so bloated. 5 minutes or more to boot or shutdown. as soon as the opportunity has arisen i’ve nuked the damn thing from orbit, reinstalled the OS, and then put MSE on.
this approach has given me back several PCs that were long in the tooth, but required due to the hardware we use and have to test.
norton is hateful.

Cougar – Flash is a dying technology but BIG clients (with old systems) still request it. etc.

We’ve trailed a lot of providers in work – nowadays we only recommend ESET

me too but the main thing it gives me over MSE is the ability to check that all machines have up to date signatures and have run a check lately. There is other stuff as well of course but that’s beyond what most home users want. The rest of the time it’s MSE

Basically so long as I don’t do anything daft online and practice safe computing I should be ok with MSE as much as anything else more comprehensive and probably more disruptive and I shouldn’t let the scaremongers scare me – correct?

Fair summary.

Cougar – Flash is a dying technology but BIG clients (with old systems) still request it. etc.

Having just read a bit more about how it works, the other thing you could do which would probably have mitigated Teslacrypt and its ilk is to block executables from running from temp folders. You can do this via Group Policy on a domain, blacklist %appdata% and %localappdata%. (This is what we did to prevent Cryptolocker and it looks like Tesla uses a similar bootstrap technique, levering Flash to download the payload).

Here’s an overview (it refers to an older version of Tesla but the principle’s the same). https://blogs.sophos.com/2016/01/06/the-current-state-of-ransomware-teslacrypt/

If you’re in any way interested in this stuff incidentally, Sophos’s blog and newsletters are very good indeed.

Thanks – helpful. The virus really is awful.

Aye.

Cryptolocker really scared me. If that runs amok on a corporate network we’re royally buggered.

Also, y’know, backups *gets other drum*.

Stick to Cougar’s advice …

I use:

1. MSE
2. Malwarebyte on demand.
3. NoScript for my Firefox browser.
4. Java disable …

5. Apply common sense by not clicking unnecessary links.

6. Backup your work from time to time.

7. I still need to do imaging on my current system … aarghhh …

🙂

Kaspersky if our gong to spend money. Norton and the like are too power hungry. Eset is slightly cheaper and almost as good, used most av’s at some point or other. Panda is shockingly bad btw!