Why pay for antivirus software?

Microsoft Security Essentials has protected my desktop computer from viruses, spyware and other malicious software for more than nine months. I’ve had no security problems in that time – and I’m a heavy-duty internet user spending hours online each day working in my freelance writing business.

It does the job so well, I barely notice the application. There have been a few occasions when I’ve seen warning messages, but dealing with them means a simply click or two and the problems go away.

Microsoft Security Essentials is free, but that’s not the only reason I think it beats paid-for security applications from companies like Symantec.

When I first looked at Microsoft Security Essentials in October 2009, I described it as "barely there" saying the software sips system resources so sparingly there was no noticeable effect on the computer’s performance. This contrasts with  Norton Internet Security which slowed my computer down from the moment I installed the application – then proceeded to get worse over time.

Better still, Security Essentials is unobtrusive. It never gets in my way. There’s no work full stop, no set-up, no tweaking and no worrying.

In my earlier report I said I wasn’t yet certain if Security Essentials was better than Avast. Since then, I’d say the results are in, and Microsoft Security Essentials has the edge.

We’ve run Avast over the same period on one of the family computers and the applications works just fine – although there is an annoying database update message. However, I’m planning to install Security Essentials on that machine too because independent tests show the Microsoft tool beats Avast on detection.

I’m still running Panda Cloud Antivirus on my laptops – it is at least as good as Microsoft Security Essentials – more about that later.

Microsoft Security Essentials is arguably the best free computer security tool. I looked at the free antivirus application in October and found it ticked all the important boxes.

It works well, it imposes hardly any overhead and the price is right. Yet as Simon Sharwood says at SearchSecurity, the lack of interest in Security Essential has Microsoft scratching its head.

Moreover, Sharwood asked security specialist Symantec what effect the Microsoft package had on its sales. “None at all” was the reply.

It seems Microsoft has a great security package, but the company can't give it away.

Microsoft can’t give away better security :: SearchSecurity.com.au

At first sight F-Secure's Health Check 2.0 seems a useful addition to a PC owners' box of troubleshooting tricks. It is OK, but it is nothing to get excited about.

The online application is a Java program. Itworks with Firefox or Microsoft Internet Explorer to check a computer's security status then reports on potential risks.

On the plus side it is free, quick and simple to use. The code loads directly from the Health Check web page and after the fuss of accepting terms and conditions it takes next to no time to download even on my erratic broadband connection. I clocked the first download at seven seconds.

Once leaded the software steps through a familiar wizard-style process with four stages. The first stage is automatic. It checks you have anti-virus, anti-spyware and a firewall installed and up-to-date.

The 'next' button moves things along to stage two which investigates back-up – we'll look closer at this in a moment. Stage three checks key programs are up-to-date. The last stage is a summary screen with links to 'solutions' to identified problems.

Even if everything was perfectly hunky-dory, which it isn't, PC Health Check 2.0 is of limited use.

For a start alternatives do the same job either as well or better. For example, Secunia offers the free Online Software Inspector and the more complete downloadable Secunia Personal Software Inspector.

But my big problem with Health Check 2.0 is it is mainly a crude promotional device for F-Secure's products and services. It's compromised by its commercial function.

My computer failed the second stage back-up test. The software told me it didn't find any back-up. This is wrong. There are three back-up applications on my computer. I back up regularly to an external disk and to a server.

When I clicked on the Health Check 2.0 'solve' button to troubleshoot the 'problem' found by the software it told me I could protect my "valuable content" with F-Secure Online Backup. And gave a link to the F-Secure store.

I live in New Zealand. My computer has almost a terabyte of data. I'm theoretically on an unlimited broadband plan, but with shaped bandwidth for almost the entire working day. In other words, online back-up isn't realistic. And yet PC Health Check tells me it is.

If the application gets this advice wrong – what use is the rest of its information?

Lastly, when the program finishes, there's the opportunity to register an email address with F-Secure. Now why would I want to do that?

For an alternative view see F-Secure refreshes online PC Health Check by Stephen Withers at iTWire. His found other shortcomings, but reached a similar conclusion.

Panda Cloud Antivirus is hard to beat when it comes to free PC security.

Unlike other security tools, Panda does most of its work in the cloud – it is software-as-a-service. Panda sends data about dangerous looking files to its servers for closer inspection.

Because your computer doesn't do the hard work, Panda imposes almost no overhead.

When I benchmarked my PC there was no performance difference between the system running the software and having the software switched off. If there's a network overhead, I couldn't measure it.

Panda's other big advantage is the malware checking database is always up-to-date. There are no signature files to download.

One issue I have with Panda is the program is so trouble-free, it is easy to forget. You barely notice it. I previously described Microsoft's Security Essentials as "barely there" – Panda Cloud is even less noticeable.

Panda is better than other free anti-virus products at trapping malware. I previously ran it for a month without any issues and have run it for the past three or four days with no ill effects.

I'd say it is the most promising free anti-virus application on offer. At some point the developers will need to make some money. I'll be interesting to see how. For now, this is possibly the best free choice.

Of course, you may prefer not to leave your computer's protection in the hands of free software makers.

I can't tell you if AVG Free 9.0 offers decent PC security. That's because the application was so annoying and imposed such an overhead on my computer I deleted it before testing finished.

There are times when free is too high a price.

AVG Anti-Virus Free 9.0 is still only two weeks old. It arrived about the same time as Windows 7 and is compatible with Microsoft's new operation system.

I downloaded the file in late October to test on my computer running Windows 7 release candidate version. The program is available at AVG's free web site – but as I'll explain in a moment, I don't recommend it.

It is only a small download at 869Kb – it takes seconds with broadband. The first file is a downloader which fetches and installs the rest of the software.

The process is easy enough. Yet the second screen you see is only the start of what becomes an annoying and shrill sales pitch designed to control your choices and trick you in to paying money. It appears AVG has learnt from the scam artists the software promises to protect you from.

Flakiness abounds

Your first choice is to select either free basic protection or a 30-day trial of the company's comprehensive protection.

The implication is responsible people will choose the second option – which means in 30 days AVG will ask you for money. Don't worry – you'll get plenty more opportunities to pay AVG if you choose not to do so at this point.

I thought I was downloading the free software – that's what I clicked on at the AVG web site – so that's what I proceeded with.

During the download AVG asks you to remove existing anti-virus software. This makes sense, anti-virus applications can conflict with each other and anyway, as each program imposes an overhead, the performance drop can multiply.

Annoyingly AVG doesn't remove the other software. It  halts and opens the Windows uninstaller so you can manually remove it. Even more annoyingly, the AVG installer closes itself at this point – you need to hunt around in your download folder to find it and start all over again – by now many megabytes have been wiped off your download cap.

Click, click, bloody click

There's a lot of clicking throughout this process – some of it unnecessary. Then it asks if you wish to install the AVG Security Toolbar.

The software has also helpfully pre-selected the option to change your default search engine to Yahoo. This is spam – of a sort. In both cases I choose No.

It is tricky – if you click off the first box, the Yahoo box stays ticked but grayed out. This can only be designed to trick you into selecting the search engine choice.

At this point the installer had to close Firefox. Not wanting to be sent all the way back to the start like that horrible long snake at the end of a game of Snakes and Ladders, I clicked to close Firefox held my breath. Phew. The install resumes.

We are now 40 minutes into the process. Even at minimum wage rate this free anti-virus program has cost me the price of lunch and a clutch of grey hairs.

Finally

Suddenly the process is over. A box appears telling me the install has finished. But wait, what is this?

More stuff to click.

Do I agree to give anonymous information? Oh alright then. And now would I like to receive spam? (Sorry news and alerts). Please enter your email address. Are you kidding? No.

While AVG starts its first scan. I reload Firefox. In the meantime I notice the program has installed an icon on my Windows desktop. Did I ask for this? No I damn well did not. AVG asks tons of questions during the install – but doesn't allow me to choose whether the icon despoils my desktop. At this point I'm starting to get angry.

Not responding

Meanwhile Firefox is failing to load. What's going on here? There was a string of open tabs – none of them are visible. Windows tells me Firefox is "not responding".

Eventually – more than an hour after the first download, Firefox opens. And what's this? AVG has installed AVG Safe Search. Is this the toolbar I choose not to install? The name is different, so let's assume it isn't the same thing. I wasn't warned or asked about it, but hey, let's go with the flow for a moment.  So, Firefox opens at the home page – my tags are all lost.

AVG is now scanning my computer looking for viruses. I open up the scanner's display and see what looks like a banner ad for the paid for software at the bottom of the screen.  Fair enough, the software was free and these people have to eat. I can accept advertising as the price to pay for free anti-virus.

But it has to go

Before long my computer started crashing, randomly. And things started being very s l o w   l i ke  w a d i n g t h r o u g h m o l a s s e s. There could be only one explanation for this. I removed AVG, reinstalled Microsoft Security Essentials and performance returned to normal.

Of course, you mileage may vary. AVG may rock your boat. But for me it has proved so disastrous I couldn't even test its efficiency as an anti-virus tool. I give it zero stars out of five.

Microsoft Security Essentials sips system resources so sparingly there's no noticeable effect on my computer's performance.

And yet the free application protects my system from malware and attacks.

Lightweight

Security Essentials is lightweight compared with Microsoft's earlier, paid-for, OneCare security.

It only uses 280k of system memory on my test machine. The download is 8.5Mb and the installed program occupies about 12Mb scattered between the Program Files and Program Data folders on my on my C: drive. Of course there could be other components stored elsewhere – getting the full picture about software installations isn't easy when you run Windows 7.

One week has passed since installing the software. There's been no noticable performance hit running Security Essentials. System benchmarks are the same with and without the program installed. This is in stark contrast to Norton Internet Security 2010 which slowed my machine by about 4 percent to begin with, then progressively worsened to the point where it became unusable after ten hours operation.

Microsoft's program took seconds to download, then another five minutes or so to go back and fetch the necessary anti-malware signatures. I'm running Windows 7 beta and am completely up-to-date which meant things went smoothly for me. The Security Essentials installer will insist you download and install all the Windows updates before the application installs.

Scanning goes on for ever

I immediately ran a full system scan and quickly regretted the decision. Scanning isn't fast. The software warns users scans may take some time, but my first scan was still running some six hours after first installing the software. I started another scan before writing this piece and one hour, 15 minutes later the software has only scanned 76,000 items. The indicator bar is only 5 percent of the way across the screen.

It is possible to scan attached drives with the software, but there aren't enough hours in the day to test this.

To date Security Essentials hasn't found anything untoward on this computer. To check the software's effectiveness, I scanned my machine with Panda Cloud Antivirus and Avast. Neither found anything. Nor did Norton Internet Security 2010 find anything before being removed.

Google-like interface

Microsoft clearly learnt a thing or two competing with Google in recent years. The user interface on Security Essentials is minimalist. It uses bright red to show problems and is green while everything is safe. There are hardly any controls – compare this to the user interface on Norton Internet Security 2010 which is like the flight deck of the Star Ship Enterprise. The good news is there are few things to tinker with and break. I didn't notice anything needing changes.

When a threat appears online, the real-time protection mode kicks-in and displays a message in a pop-up window. This appears in the bottom right hand corner of the screen. You can dismiss it with a click or get more information. A lot more information than you'll ever need.

Evil empire

You can't argue with Microsoft's price for Security Essentials. It is free. In fact it looks as if it was part of the operating system from the outset. And it may have been. But Microsoft doesn't include it as standard with Windows 7 because of anti-trust considerations. There are people who are wary of using security software from Microsoft – some argue security problems only exist because of flaws in the company's operating systems. Maybe. But the Macintosh is no longer immune.

Competitors

Norton's paid-for security products are far more advanced than Microsoft Security Essentials – but the name makes that clear. This software does about 90 percent of the job of protecting your computer from attack. If you run a home system, take security seriously, run a hardware firewall and keep all you applications and systems software up to date, Security Essentials should protect you from all but the most serious attacks.

Microsoft Security Essentials is not suitable for business users and not the best choice if your home set-up is, well, let's say anarchic. Paid for products may give you better piece of mind.

Microsoft scrubs up well against the free competitors, but without extensive testing I'd rate Avast ahead of Security Essentials, there's also a solid free program from AVG we run on some of our home machines. We experienced some problems with these at the Bennett household as the free versions are difficult to find among the paid-for alternatives at these two sites.

Another alternative is the excellent Panda Cloud Antivirus – one of the best kept secrets in the security business and neither nags nor hides behind a paid alternative. You can read more about Panda and Avast in Alternatives to Norton Internet Security.

Pluses:

• free
• downloads and installs in minutes
• works straight away
• simple, unobtrusive
• easy to understand
• no performance hit

Minuses:

• slow scanning
• relatively untried
• doesn't offer the best protection

Overall:

A basic security product from a big name at an unrivalled price. Get this if you have no budget and are not confident dealing with other free security applications.

Microsoft Security Essentials

I would like to try Microsoft's new free Security Essentials. I'm in New Zealand and locked out of the official download site. Yes, I know there are ways around the lock-out. I’m aiming to stay ethical. If you know how I can get hold of a legitimate copy please leave a comment or use the contact page.

Updated:Microsoft Security Essentials, an impressive alternative.

Avast

When I installed Windows 7 RC on my computers I loaded Norton Internet Security 2010 beta on the desktop and a free desktop security application from Avast on my Thinkpad. We also tried AVG’s free anti-virus software on a Thinkpad.

Both free anti-virus programs are functional and handle everyday security. We’re behind a NAT firewall and keep our machines clean, so our security needs are basic. The features not included in the free versions of the programs are of no interest to me, however I would like to schedule Avast to scan my laptop at regular intervals.

Avast appears to do a better job at hunting down problems, but AVG has a better user interface. We've now standardised on Avast on our laptops because the software appears easier to deal with and, when it comes to this kind of work, a good brain trumps a pretty face.

Both programs slow the computer down less than Symantec's Norton Internet Security 2010 beta – that wouldn't be hard. Their overhead is barely noticeable.

Free anti-virus negatives

Both free anti-virus programs are difficult to find and download. They are hidden behind paid-for products from the same companies. And both nag about updating – in ways that send you off to pay for versions of the software.

Of course, developers have to eat. I’m not complaining, the price of free security software is a small annoyance. Or to put it another way, there’s no such thing as a free lunch. On a point by point basis Avast seems less of a problem than AVG – but this could be perception and not reality.

One downside of the free software asking for updates and not automatically scanning is it  feels as if the PC lacks proper protection.

Update: I took a later look at  an updated version of AVG and hated it inAVG Anti-Virus Free 9.0: far too much trouble

Panda Cloud Anti-virus

For now I'm sticking with Avast on my Thinkpad and we've switched from AVG to Avast on my wife's Thinkpad. But Avast didn't feel satisfactory on my main desktop, so I searched for an alternative and discovered Panda Cloud Anti-virus.

Panda Cloud Anti-virus looks and feels very different from all other security software. Panda is a software-as-a-service application that sends data about dangerous looking files to its own servers for closer inspection. This means no noticeable performance overhead. It also means the checking database is always bang up-to-date.

Panda is still a work in progress. Or more to the point, a beta. But unlike Symantec's beta, it seems fully functional. I've run Panda Cloud Anti-virus for roughly one month without any problems. My biggest fear is I never hear from the program, so I need to check to see it is running – which it always is.

Given the ease at which Panda slips into the background, to the point where it is unnoticeable, I'd have to say this is the most promising security tool I have found so far.

See also:
Norton’s Windows 7 beta – security update

Kaspersky Anti-Virus 2009

Although at NZ$55* for a downloaded version it is one of the most expensive standalone antivirus programs on sale in New Zealand, Kaspersky is the most effective. The company is also quickest off the mark when it comes to delivering updates to protect customers against the latest emerging threats. The program is one of the easiest to use with a polished user interface and clearly labelled options – though you’ll have to set up its scheduled scan yourself. I’ve not tested Kaspersky’s Internet Security 2009.

* When I visited the online store points New Zealand customers to an Australian site where the download price is A$55.

http://www.kasperskyanz.com.au/

Symantec Norton Internet Security 2009

The best-known name in PC security combines a first-rate antivirus program that also pounces on spyware with a solid firewall in its security suite.

All the security functions are accessible from a control centre which clearly shows when something’s wrong – clicking this will normally fix things in a jiffy. If you run a home network, you can inspect the security settings of all computers from a single screen.

Norton Internet Security 2009 will slow your machine a tad, but in practice I find it far less disruptive than McAfee’s products and a noticeable improvement on earlier versions of the Norton software. Norton also stays out-of-the-way when you are working. At A$99 or NZ$99 to protect three home computers the price is good too.

http://www.symantec.com

Trend Micro HouseCall

If you’ve been slack with your computer security and suddenly feel under threat Trend Micro’s Housecall (http://housecall.trendmicro.com) is a free web-based antivirus and spyware service that can check your system for problems and then fix them. It works with both Internet Explorer and Mozilla Firefox, you download some code and then set it to work in your browser while you get on with other tasks. It works just like any other anti-spyware product and is at least as good at finding nasty software. While using HouseCall isn’t as safe as having security software running on your machine, it is a great quick fix.

Kaspersky offers an alternative online scanner at http://www.kaspersky.com/virusscanner. It works fine, but is  tricky if you’re running Windows Vista as you have to open your browser in administrator mode. That’s a non-trivial road block.

McAfee Total Protection 2009

In the past McAfee’s security tools haven’t been the best. I’ve found them to deliver less than first-rate protection while slowing down my computer and getting in the way of everyday work. What’s more, the company seems heavy-handed about extracting money from customers with pop-ups and constant email reminders.

And to cap it all, McAfee’s products are expensive. Total Protection 2009 costs A$130 in Australia and NZ$130 for customers buying direct from the web site. Computer stores may sell it for less but the rival programs are cheaper and have a better track record so why risk it? While I haven’t had the chance to test McAfee Total Protection 2009 personally, the marketing blurb says its simpler to user and uses fewer resources. It’s not the product I’d choose, but there are people who swear by McAfee.

http://au.mcafee.com/

Avast Antivirus

Avast is free for home users. You can’t argue with the price. Business users are expected to pay, but prices are low in comparison to other antivirus options. It’s a light program and uses hardly any computer resources which means it won’t slow you down. It’s also simple enough for non-technical people to use without being bamboozled. You’ll get regular automatic updates as required too.

http://www.avast.com/

AVG Anti-Virus Free Edition 8.0

As the name suggests, the price tag on AVG Anti-Virus Free Edition 8.0 is a big fat zero. Unlike Avast, AVG makes the free version harder to find on its web site and goes to great lengths to persuade you the paid for products make more sense, but in reality it’s a good anti-virus tool at keen price.

http://www.avg.com.au

Comodo Firewall

Don’t be lured into a false sense of security by the firewalls built into Microsoft Windows Vista or Windows XP, you need better protection. The paid-for internet security suites all include robust firewalls, Comodo is widely regarded as the best free option. You might find it a bit annoying at first when it keeps asking you about programs, but after a while it’ll settle down and keep the worst malware at bay.

http://www.personalfirewall.comodo.com/