I’m regularly asked by clients which security suite is best, and which antivirus will “guarantee” against virus or spyware infection. The first question has no single correct answer; the second has no answer.
Computer viruses existed well before the ubiquitous World Wide Web we know today; before Google, AOL and even Microsoft. Before high-speed Internet was commonplace, viruses could travel from PC to PC via floppy disks or CD-ROMs (we called this “sneakernet”). Some viruses could be avoided by simply not booting your computer on a particular day (Michelangelo virus), while others could be detected and removed with simple tools such as Microsoft’s MSAV (included with MS-DOS until version 6.22).
Today your computer is constantly at some risk of virus, malware or spyware infection, URL redirects, and drive-by downloads. But your computer isn’t at risk for every virus and every drive-by download. Windows Vista and later versions incorporate User Account Control, which can halt the system and warn you before running an unknown executable. Acrobat Reader, Flash and Shockwave regularly find themselves at the top of the list of “most vulnerable software” titles along with Java – so if you don’t use them, the DDOS and remote-control exploits won’t apply to you. If you do use them, keep them patched and updated!
These risks, however real, exist at varying levels. Your PC’s risk is best measured by your own activities. In an office setting where machines are regularly updated and monitored and casual web browsing is discouraged or outright forbidden, the risks of any type of infection are very low. Office intranets are typically not a fertile breeding ground for malware. Households with teenage computer users or compulsive file sharers, on the other hand, may experience a higher incidence of hijackers, viruses and other sorts of malware.
Keep in mind, security is a moving target. Symantec, McAfee, Kaspersky and Microsoft are constantly releasing updates and definitions to keep their subscribers protected. But the techniques employed by writers of these malicious programs are changing as well. And even as new variants of Zafi, NetSky and MyDoom are released, the old versions continue to make their rounds, ostensibly hoping for an unpatched, unprotected computer to infect.
Protection levels are not absolutes and they are not universal. More protection means lowered usability and diminished performance. Software firewalls and on-access virus scanners are very demanding on your CPU and RAM, but that’s part of the tradeoff. You should never surrender a reasonable level of security for performance. If your PC has become unbearably sluggish due to its security suite, it’s time for a part upgrade or a new PC.
Here is what I look for when determining an ideal protection suite for an individual machine:
- What is this user doing on his / her computer? What is the environment? (Corporate office = low risk)
- Will this machine spend most of its uptime editing locally stored Word documents and checking email in a browser? (Boring activities = lower risks)
- How many people will use this machine? (More users = higher risks)
- Is this machine running a fairly modern operating system? (Windows 7 = pretty good, Windows XP = not so great)
- Is this machine regularly updated and patched (Flash, Java, Adobe Reader, etc.)?
- Does this computer have a history of virus infections and OS reinstalls? Trends are trends.
- Does this computer have an unusually large library of uncategorized media named in all lower-case letters?
For a low-risk machine, I feel reasonably safe recommending Microsoft’s Security Essentials or Avast! Essential and Windows’ own Advanced Firewall. For a machine with multiple users or some history of infection or hijacks, I still can’t comfortably recommend purchasing a retail version of any security software since your dollars will not buy you a guarantee against virus or malware infections. Corporate installations require a high degree of customizability, centralized management and reporting, so corporate products exist in a different universe from their retail counterparts.
To further lock down your computer, take steps to immunize against compromised DNS servers and drive-by downloads by using SecureDNS or ThreatFire.
For every machine, keep a local copy of Combofix, Spybot Search & Destroy and Malwarebytes’ Anti-Malware available just in case.