My rant about antivirus (last updated Mar 26, 2011)
Commercial Anti-Virus – ESET NOD32
I like the regular testing that Virus Bulletin does. It demonstrates that different AV companies vary in their results over time. Among commercial anti-virus software NOD32 has performed quite well. It is unfortunate how much performance impact anti-virus and anti-malware software can have on a machine. It can cost too much in both $ and in performance. In some cases it can give people a false sense of security that increases the chance of infection or compromise as they become more careless.
If you are managing a large number of systems the “corporate” versions of av software have nice features for updating and reporting but it is wise to expect to be compromised, and be ready to mitigate the impact through generational backups and layered defenses. It seems users will never be as concerned about this stuff because they may think the systems admin is taking care of it for them and frankly they have other things to be worried about.
I personally don’t trust a machine that has been compromised and prefer to restore from a clean image or rebuild.
Free Anti-Virus – Microsoft Security Essentials, Avast Free, AVG Free (Windows), ClamAV (Linux/*BSD/Windows)
No anti-virus/anti-malware software is going to make you invulnerable. The best way to prevent a compromise of this sort is to change the way people use computers in a way that decreases the chances. Make sure you are using the latest updates on your operating system and web browser. Use the computer normally using a non-privileged account (use administrator rights only when administering). Don’t click on the tempting yet obviously socially engineered link or attachment. Use services like OpenDNS to avoid compromised web sites. Don’t use an unpatched, unfirewalled machine out in the wilds of the Internet. You would be amazed how quickly such a machine will be compromised. Don’t use/expose more services than necessary. Install software from trusted sources. Be prepared to do a nice clean and fresh install/reinstall now and then (many would disagree with me on this one but it is the only way to be sure, IMHO).
I like to think of anti-virus software as a safety net against old, well known virii. I tend to use Microsoft Security Essentials on my machines with multi core processors. AVG Free is only free for non-commercial use but I think that is a good compromise and a great marketing strategy. Recently, though, I have been concerned about AVG’s tendency to try to trick users into buying the commercial versions. Seems a bit sneaky and underhanded. Another alternative is Avast! Free Antivirus. I tend to use Avast and AVG Free on my single core machines since they seem to perform a bit better. There is also ClamAV which can also be used on your Linux/BSD based file server and on Windows as well.
Other products to consider using would be Spybot Search and Destroy, Ad-Aware Free
Since much of the malware out there targets the windows ecosystem because of it’s market share another strategy is to use alternatives such as Linux, BSD, Mac and many others. Once again this would decrease the chances only since nothing is completely immune and as popularity and market share changes so too would the focus of those who would seek to do evil.
Software Firewall – Comodo Internet Security (Windows), pf (OpenBSD, *BSD), iptables (Linux)
For windows machines I have been using the firewall in Comodo Internet Security. Although the package includes antivirus software you can choose to only install the firewall. A software firewall could prevent inbound and outbound network connections leaking out without your permission and give you another opportunity to catch funny business and give more fine control over those services that are exposed.
It is also wise to disable services that are not needed. You can decrease the risk of being exploited if there are fewer ways to exploit the machine.
