Anti-virus software review

I have been using Windows Defender since it appeared in Windows 7 and have never had a problem.

It simply does its own thing and occassionally advises that it has completed a scan with no problems found.

And best of all, the price is right.

I used BitDefender for a few years, along with Malwarebytes Anti-Malware (MBAM). These had a few issues - both as a user and a nerd.

The biggest issue for me (other than false positives) was that BitDefender - like most anti-malware products today - installed its own root certificate to allow it to intercept and scan all Internet traffic. This immediately breaks the basic assumption of Internet security, that of ‘trusted certificates’. I was no longer able to verify that the site I went to was actually the site I intended to visit, because BitDefender had intercepted and modified the certificate. Instead, I had to rely on my AV software to be up-to-date - or disable this ‘feature’ (of which I was not immediately aware, and which required digging deep into the settings).

Windows Defender seems to be doing the job. Admittedly, I didn’t even worry about AV for most of my years on computers because common sense would generally protect you - and I have yet to even find an infection trying to get into my system. That of course does not mean that I am malware-free, it just means that if there is malware here it is very good at keeping quiet.

In AV-Comparatives testing it didn’t do as well but still rated an Advanced award.

https://www.av-comparatives.org/tests/real-world-protection-test-february-may-2019/

It keeps improving and is a capable AV product. There are other AV products that consistently perform very well and are free so it is a choice a user can either make to stay with Windows Defender or to choose another. Interestingly the AV-test and the AV-Comparatives had differing ratings on some of the more common products eg Avira, AVG, & Avast.

It’s good to see positive comments on another free AV option. One to look at again.

I have free products installed on the spare PC and a gaming PC, (no online gaming as the ADSL is too slow, high latency).

The everyday laptops in the household (more than one user) for my sanity and independence of the users, use a complete security and backup product on a multi user license. Norton360. The other users in the household have little interest in the devices, - age related perhaps, resorting to the basic turn it off and back on scenarios when it goes wrong.

Norton and similar products provide auto backups, reminders, auto update and have proven highly reliable. The annual cost of hunting down the cheap annual updates is soon repaid due to the reduced IT support required.

It’s one product and has minimal issues with interoperability that sometimes arise from using different packages for each task. The online Norton support in my experience has also been beneficial in several instances.

I am considering changing my antivirus software. Checking the latest Choice review (member content) I see that some of the free offerings are rated quite highly. Looking at Avira, Avast and AVG there is little between them but they all have in common: no anti spam and no email checker. My current antivirus (McAfee) is rated lower than these three but has these facilities.

So my questions are:

• How do products that lack these features rate so highly?
• Am I really exposed due to lack of these features?
• If coverage for email is important are there other products that would compliment these antivirus products and fill in the gaps?

The rating system is based on the software’s hit/miss rate. ie how many malicious files it blocks/misses vs how many safe files it blocks/allows. McAfee scored a bit lower because it may have missed some malicious files or blocks some legitimate ones. Choice also score how easy they are to use so that may factor in.

If you would like to see a more detailed breakdown check out a dedicated antivirus testing organisation.

To add to this the presence of an email checker doesn’t increase protection as such unless you or a member of your household are prone to ‘phishing’ scams. An antivirus without an email checker will still block a malicious file if it tries to run, it just wont scan your emails and alert to possible scam/spam emails. Having said this many email services also do this themselves

SE Labs ran their AV tests this year and Kaspersky & Microsoft Defender topped the results. Microsoft keep improving their product and currently the free built in package is the level best.

From the executive summary of the pdf

Annotation 2020-08-19 202845762×526 110 KB

BItdefender, a perennial contender among the best is missing, without an explanation.

curious … noted elsewhere also - I guess they missed the tennis and cucumber sandwiches?

"Alas, Bitdefender doesn’t appear in the latest report from SE Labs.

We have devised an algorithm that normalizes all the test results onto a 10-point scale and returns an aggregate lab score, as long as the product has results from at least two labs. Avast, Avira, and Kaspersky Anti-Virus are among the products that appear in reports from all four labs. In terms of aggregate score, Avira and Norton rule that group, with 9.8 of 10 possible points. Bitdefender holds the top score among products tested by three labs, a near-perfect 9.9."

… a rough but probably reasonable assessment which won’t surprise anyone.

Noted here also: Bitdefender antivirus review | Tom's Guide and a few other places - I’m sure it’s covered by some boilerplate somewhere in SE Labs “conditions”, some hoop they failed to cleanly negotiate which isn’t clear or published. Maybe a stray tennis ball got in the way?

Chuckles. Comparing tests and reports makes it look as if each lab/report has its own alternative universe. Microsoft has a top ranking on the SE Labs report but comes out middling on others. Some rankings are similar across reports while some are strangely different.

I go with consensus across multiple reports.

A cynic might suggest that consensus might also smooth out the effects of deals, bribes and weekend tennis games … probably not a bad approach … or do what I do and ignore most of it and grab the easiest to use free one I can find as long as its in the top 10 or so …

AV-Comparatives in their May testing ranked Microsoft’s as Advanced with a Protection Result of 99.7% (shared with Avast, AVG) and this compares quite well with Kaspersky & Panda at 99.9%. There were some 100%ers F-Secure, NortonLifeLock, Trend Micro. Bitdefender ranked lower at 99.3%.

The results still show Microsoft’s product is improving and certainly is showing these days that it is often better than mid range for it’s results.

I have been using it since it was originally released and have never encountered any problems.

Great stuff. Worth double the price.

One thing that is missing from all of these comparisons is whether the software creates new vulnerabilities. I used to use a paid security suite, and one of the first things I noticed was that it installed its own security certificate to intercept all Internet traffic! It of course wanted to be able to read encrypted traffic to make sure it was not malicious, but in doing so created a major security hole! I investigated, found out how to turn that ‘feature’ off, and deleted the certificate with extreme prejudice.

More broadly, Microsoft does not provide standard application programming interface (API) hooks for anti-malware software. The developers (except for Microsoft, which owns the code) have to find their own hooks into Windows to be able to execute the low-level processes and scans they conduct. This is not good, and again creates its own problems. I had enormous difficulty when trying to switch from paid protection to Microsoft, as the other product had littered junk all over the place and did not properly remove all traces.

I suspect that MacOS provides limited functionality for commercial vendors, but blocks them from doing what they do to Windows.

Microsoft provides their SDK for free to users/developers/coders. New APIs for Win 10 Version 2004 can be found at https://docs.microsoft.com/en-us/windows/uwp/whats-new/windows-10-build-19041-api-diff

Plus their reference for UWP apps https://docs.microsoft.com/en-us/uwp/

As to the clutter left behind on removal, the fault largely lies with the program’s provider in that they didn’t provide for a clean removal. Revo as an example sells itself on the premise that the original removal process was/is lazy many times. Is that MS’s fault? I think that fault rests largely on the producers themselves.

This does not include the low-level hooks that anti-malware software seeks. There are security APIs, but if you have a look at what they offer it is fairly high-level.

Early on it had enough False Positives (FP) and enough misses to ward me off, and for risky surfers it was a problem. These days I don’t feel it has the same issues so I am happy to leave it be if a user wants it that way. Even in this round FPs still happened with very few products getting a zero FP result, Kaspersky & ESET being the 0 FPs, Defender scored 6, Bitdefender & Total AV 2, AVIRA 1, Norton had 27.

In the interests of impartiality are we loosing the thread here?

There are at least two very different groups of users when it comes to AV and broader security suites.

The majority of users are happy to have a simple no fuss, set and forget product. Perhaps responding to regular prompts to back up or do a rare manual update, and ponder the meaningless reports produced.

The rest have varying degrees of knowledge and insight to the magic of a bios, OS and the multitudes of levels and interactions these provide.

I’d hope the answer to the first is not lost in discussion of the second. We use Norton 360. It’s not necessarily the best, but far from the worst. The automated backups are a single set and forget. The ability to create an alternate restore backup set in addition to the windows/OEM option is useful. It’s not a recommendation for Norton. There are other options - free as previously discussed.

Certainly there is a slew of product which would suit most users, many of which require payment for use. If a free product provides similar performance (or better) then why bother paying in most cases. MS Defender has improved to a point that it now plays/works as well as many of the best aftermarket AV products.

A cynic such as myself might think this is a step toward their ultimate goal of selling Windows as a subscription service. If one pays $ for an AV, one is more likely to pay 2X or 3X or more $ for a Windows subscription if one does not need the 3rd party products.

Microsoft long focused its business model on an almost complete product that was almost good enough across the board, so that others could also make a dollar filling in the shortcomings. That model could be as long gone as Bill Gates now?