Antivirus software recommendations
Antivirus software is always a contentious question. It seems that there are no right answers: nothing detects all viruses, and everything has an impact on the speed of the computers where it's installed.
Especially, there is a tradeoff between speed and detection rate: the scanners with the best rates, do the most work on each file looking for viruses, so they have the most impact on performance.
There are many websites with reviews of antivirus software. Actual benchmarks with hard data are useful to some extent, but we must remember that benchmarks are synthetic and don't directly apply to the real world:
- Detection benchmarks include a large number of viruses, most of which are extremely rare and failure to detect them is unlikely to actually affect you.
- Different benchmarks have different sets of viruses to check against, so they are not comparable with each other.
- So-called real world benchmarks use an arbitrary subset of this long list of all known virus species.
- Performance benchmarks are conducted on hardware different than yours (e.g. more or less RAM, faster or slower CPU).
Having said all that, I'm quite fond of the AV-Comparatives benchmarks. They are open, free of advertising, easy to interpret and seem quite comprehensive.
The question came up on the AfNOG mailing list today:
I need some advice from IT experts in academic environments on what antivirus would be good within an academic network one that is effective and user friendly.
As a university we are using McAfee 8.8 at the moment and it has been ok but we need something that is easily updated, can scan an external drive immediately it’s plugged in because users will not always remember to do so before opening and one that can catch as many viruses as possible.
Your independent views in this subject are welcome.
One user responded saying he had had good experiences with both Kaspersky and AVG.
At this point I had to jump in because both of these products have recently got my back up.
I was a loyal Kaspersky user for many years. I don't run Windows myself, but I have friends and relatives who do, and I always recommended it to them. Kaspersky rewarded me by bloating their software beyond belief. The system requirements are 1 GB RAM for a Windows 7 PC (32-bit), but I can tell you that on one, fairly recent 2 GB system it runs like a tortoise without legs.
It has flashy graphics, and security controls that completely disable remote access. I can see how that's more secure, but I need to administer these PCs remotely, when my relatives call for help, and I can't turn off or interact with the antivirus software in any way. If I disable this protection, it flashes big warnings that "your system is not secure".
So I recently felt the need to cut Kaspersky loose and swear off it forever.
AVG on the other hand, while admirable as free antivirus software that doesn't shout "AVAST virus database has been updated!" across the office every 5 minutes, has at least twice failed to detect infections on a machine that are visible to the naked eye, and arrived by USB stick, so they are probably fairly common/widespread. Therefore I don't trust it any more, although it's better than nothing.
So I did some research on AV-Comparatives, looking for antivirus software that had a minimal impact on system performance and maximum detection rate, knowing that there was a tradeoff between these two.
The programs with the top detection rates in the September 2012 test were, in order:
- G DATA
- AVIRA
- Panda
- Trend Micro
- F-Secure
- Kaspersky
The programs with the minimal impact on performance in the October 2012 test were, in order:
- Webroot
- ESET
- F-Secure
- Sophos
- Avast
- AVIRA
The only ones appearing on both lists are AVIRA and F-Secure. I decided to give F-Secure a try and so far I'm quite liking it, as it does seem to have a minimal impact on performance. I can't yet say much about detection rates as that hasn't been exercised.
Also, as Simon Vass responded to my recommendation, and I fully agree:
To be honest my instinctive response, to AV questions is still just use Linux ;-)