Ask ExeTools: Best Antivirus & AntiMalware 2017

[Kerlingen]

What exactly is the difference between "antivirus" and "antimalware" supposed to be?

Most companies sell "anti-virus" and "internet security" products. The first include only "anti-virus", the last include "anti-virus" + "firewall" + "<insert any number of words which somehow should sound to a stupid end-user like they do something important>".

Since the Windows Firewall has a default "allow all outgoing traffic" rule which you cannot change I would say it's mandatory to use an "internet security" product, not only to block (non-malware) "call home" software, but also to block malware which is not yet detected from connecting to its control server.

When you see any tests conducted by a website or a magazine, the rating will always be something like "60% detection rate, 30% resource usage, 5% user interface, 5% other features". This sadly means two things:

• Many products just have no way of configuration. You just get a big red "on/off" button and a "you are secure" text, but you cannot configure anything you might care for.
• Many of the "internet security" products with good rating include completely functionless "firewall", "secure banking", "child protection", etc. modules, just because these things are not tested and have no real influence on the final rating.

Two examples: In nearly all tests Kaspersky and BitDefender are on #1 and #2 in the list. These products might have a good detection and resource usage rate, but:

• BitDefender has pretty much no configuration settings at all. It just runs and that's it. Even the "advanced configuration" menu has just something like "allow NetBIOS yes/no" and "configure proxy for internet connection" and nothing else.
• Kaspersky has many (and good) configuration possibilities. However, the way the software works is that any unknown application will have full internet (and system) access on the first launch, since you can only configure a application after the first launch. You cannot change that behaviour by any setting, this makes the firewall (and HIPS) completely useless. To make it even more useless: All user-defined rules are deleted 30 days after the last edit, making a known applications "unknown" again. No "test" will notice that, since they only use default settings and don't run for more then 30 days.

So my suggestion:

• Always use a combined antivirus+firewall solution. Firewall-only products don't really exist any more and they probably don't play nice with anything expect Windows Defender.
• Do not use more that one "real-time" solution at the same time. Maybe with the exception of "Windows Defender", all other products will badly influence each other, making the system slower and less secure.
• Use addons like Ad-blockers and JavaScript-blockers in your webbrowser. Do not rely on your anti-virus to detect anything which is not saved on your harddisk and just exists in your webbrowser's memory
• Make sure that your anti-virus will scan encrypted connections (off by default in many solutions for compatibility reasons) and make sure that it won't downgrade the encryption parameters just because the programmers were to lazy to implement anything else than "RC4 40bit".
• Set any "preview" options in your email software to disabled. Disable anything which downloads data from the internet when you open an email. This makes sure you can delete a suspicious email without automatically executing the included malware. (if you ever meet a programmer who allowed JavaScript in emails, hit him somewhere it really hurts)
• Always update your important software: OS, anti-virus, webbrowser. Even if you have a pirated Windows version you will get Windows updates.
• Regulary update other software: media players, picture viewers, download managers, etc.
• Don't use cracked software. Cracked software might contain malware.

[TechLord]

Quote:

Originally Posted by Kerlingen

...[*]Don't use cracked software. Cracked software might contain malware.

Yes, it's always better to "patch" it ourselves

Yes, but seriously, for "normal users" (meaning those who are not security experts for example) , I would say that McAfee Antivirus+Firewall is a good solution.
We'd been using it and recommending it to our clients for more than 25 years and it had always stood strong.
Just the McAfee AV+Firewall is enough - don't go for the 10-in-1 suite etc which just slow down your system...

Sysmantec (norton) AV used to be good but now it has become too much of a bloat ...

Finally, remember that many of the "reviews" online and in mags are mostly paid (many are not aware of it).

So its best to take them with a pinch of salt.

You may notice that the "good" AV companies rarely bother to pay them to get them better reviews, which is why one does not see them very high up on the list.

Around 20 years ago, I remember that AVG AV used to be on the top of the review lists but it did a very sorry job of catching any real malware.

The Windows Defender is just Entry-level at best, even now, and fails to catch many of the sophisticated malware that's around. Further, it does slow down the system quite a bit.
I know since I removed it off long ago after benchmarking.

Finally. most of the security professionals do not have any AV on their system at all
Just good security practices keep the system safe.