34 comments

[ 4.9 ms ] story [ 88.7 ms ] thread
ugh, AVG has always been my go-to AV for home Windows users.. I hope the Free edition will remain.. (Even though they have been trying to aggressively convert users to the pay version for years)
Doesn't Windows anyway come with a free antivirus solution these days? If so, this might be a good opportunity for Windows users to get rid of the nagware.
Windows comes with a solid piece of software called Windows Defender. It does the job very well. I've been running it for years without any problems. It never gets in the way, runs moderately fast, never bogs my system down, it's free, and it updates very regularly. I don't know what else I would ask for.
Back when I ran windows enough to worry about av software, I had good experiences with "nod32":

http://www.eset.com/us/products/nod32-antivirus/

I'm not sure if it's grown up to be a bit bloated like the rest now; but it used to do what av should do: scan for signatures fast.

I haven't used AVG or Avast in years. Personally, I have found that Microsoft Security Essentials and Malwarebytes antimalware has been sufficient for me.
Yes, that seems to be a good combo, using the same.

Both AVG and Avast have really annoying upselling techniques, even when you already bought the product there are always addons they are trying to promote. Some popups and notifications are as annoying as the ones Microsoft use to push Windows 10 updates.

I used to use MSE as it was so light, but it seems to be awful.

https://www.av-test.org/en/compare-manufacturer-results/

I'm quite skeptical about "independent" AV test sites like these, especially when they come to the conclusion that solutions that would essentially make the AV industry obsolete are inferior ("AV industry" meaning third-party AV solutions in this context). There's a big incentive for them to come to that conclusion, otherwise they'd have no reason to exist any further.

Relevant quote: “It is difficult to get a man to understand something, when his salary depends on his not understanding it.” (Upton Sinclair)

I don't think you'll find anyone, paid or otherwise, who would say MSE performs better than commercial solutions. It's weighted in favor of better solutions, obviously, but MSE is pretty much the baseline of the industry.
No doubt about it. The question is if it's worth it. Yes there is a risk - but a population that largely accepts risk from unhealthy eating or smoking should IMHO not be all that worried about the in comparison about the (a 2nd IMHO) small increase in risk when using MSE compared to an annoying product. Also, ones own behavior, like how do you handle or react to email attachments, how up-to-date do you keep your system, what websites do you visit (a 3rd IMHO) probably has a larger impact than your choice of anti-virus software.

In addition, if the anti-virus software annoys users enough they soon start ignoring its popups and always just click them away, so that they end up missing actual alerts.

In addition to those, there is also a risk that the 3rd party AV solutions themselves have security holes. I know Google Project Zero has found a few issues that make you question whether you are not opening yourself up to worse attacks by using these products than you would by not using them.
For general purpose computers (like my wifes Surface Pro, mom's Lenovo Yoga, aunt's Dell desktop) Sophos Home works great and having central management from a web portal makes keeping tabs on my families computers easy, did I mention it's free?

I stick with Windows 10's built in Windows Defender on my beefy gaming rig though, virtually anything 'better' (Defender works fine for what I need it for, but it's still very basic protection) than it tends to bog my system down too much when playing games (one thing that makes me consider purchasing NOD32 for my system again, lightweight and game mode).

I wonder by how much ego played its role in this acquisition and how much commercial terms. Prague based Avast acquiring its Brno based rival. There have always been rivalrly between those cities too. Definitely the biggest tech transaction in Czech Republic? If we can still say that with so many offices they have worldwide
Bejesus! One should assess environmental impact of CPU cycles wasted on antivirus protection. And based on result of such research - ban operation systems, which architecture allows execution of malware. Yes, a large market of "security" software will be lost. But this will be for good.
> ban operation systems, which architecture allows execution of malware

What's the difference, in architectural terms, between malware and non-malware software?

Or are you perhaps suggesting that we should go to a restricted, walled-garden world with a company like Apple as the gatekeeper that checks and approves any piece of software that might be allowed to run on the hardware you are basically renting from them?

So we should ban Linux, Mac, BSD, Android, iOS, and Windows... what's left? BeOS? Maybe we should assess the CPU cycles wasted by trolls on the Internet and band anyone who doesn't think about their comment for five seconds before posting...?
>ban operation systems, which architecture allows execution of malware

Ban everything except iPads?

It's hilarious how such a huge industry has become of something that has soberly assessed very little value or effect.

In fact, considering the massive vulnerabilities in AV software discovered by e.g. Googles Zero project, I'm pretty sure the security gain has already slipped into "negative effect" territory five years ago.

Without knowing the rates of use of each kind of malware it would be hard to tell. Since the issues in AVs were published by Zero, rather than found in the wild, there's a good chance they were not known, or used only for specific targets.

AVs are still useful for "we're employing 1000s of people, some of them are bound to open that bad word document in the email". Useless for targeted attacks, but useful for worms with signatures known for weeks. If you can't deal with the issue in some other way, AVs still give you something.

Anything that's been known for weeks can be stopped at the point of ingress such as the email server. They don't require a process actively taking up resources on your machine monitoring disk activity.
What about attachments with passwords? Or https? (assuming we're not using stupid ideas like ssl unpacking proxy)
Blocking and filtering email attachments is pretty easy. There's plenty of email gateways that remove attachments from unknown/unsafe senders and replace it with hoops a user has to jump through to get the attachment. This is enough to discourage users from opening most malware.

For websites, malware hosts can be easily blocked at the gateway level. This won't protect you if someone manages to host malware on a common site like yahoo.com but will catch the vast majority.

These days it's pretty easy to circumvent or disable Antivirus or obfuscate your malware form it. If malware manages to get itself onto a user's machine then you've already lost.

Some systems will scan the email content and try to guess the password; if they can't, they'll block the attachment.
I keep seeing this point of view around IT communities, and I think it shows how out of touch most people are with the average user capabilities, or just being pedantic.

AV software isn't there to prevent ingenious hackers to take control of random computers. Yes, it actually might create more surface for that purpose.

It exists because most users do not have any understanding of the platform, and will just click on "accept", "yes" and "ok" hoping things will turn out well. AV are pretty decent at mitigating that. At the cost of some performance loss, you'll avoid having a bunch of ads and popups take over your computer, or at least mitigate the phenomenon.

But for such a user the choice is not third-party AV or nothing - Windows comes with AV software - so the true benefit of an AV product is only in how much better it is than the integrated one. That difference needs to be more significant than the product's drawbacks AND price.
While these companies do sell products I thought one interesting point was 'The combined company will have access to “400 million endpoints”'. That's 400 million mobile devices and computers that are collecting information about accessed URLs, attempted exploits, installed software, usage patterns and a bunch of other potentially valuable information for consumer marketing, security analysis, and market analysis.
Huh. Avast, eh? The same company that sold almost uninstallable 3rd-party crapware in Germany, together with AVG, who're happy to MITM you to sell your data?

Do I remember that correctly?

Journos didn't take the opportunity to title this: "Avast acquires rival AVG for $1.3B to create a vast security software company".

Anyway, it's amazing how high the price ticket of a company is that is no match for the real security ones!