How to choose "The Best Antivirus"?

RoboMan

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
A good antivirus is a must have. It minimizes the times you have to enter damage control mode to clean up the mess caused by a successful malware attack. Antivirus has always been the go-to solution to fight malicious software and cyber criminal tactics. And it still is. Malware, phishing scams, ransomware, DDoS – these are just a handful of the threats that lurk on the Internet.

HOW TO CHOOSE THE BEST ANTIVIRUS


mejor-antivirus-gratis.png



To start with, you must know and have clear: there is no best antivirus ever created to give you online invulnerability. There are, still, some great antivirus software that may or may not suit you depending on your system software and hardware.

Then, how do i choose the best for me?

When it comes to your personal best security software, things you should check before making it your main security layer:

  • CPU usage and RAM consuming: make sure your system has enough hardware as to run the selected software. You don't want to turn your security into a nightmare.
  • File detection ratio and real time protection: despite nowadays signature based solutions are kind of...not so good, they still have years of useful life, even more now that AV Vendors are including more modules to complement the basics. To be sure your software has a decent detection ratio and real time protection security, the best you can do is test by your own on a Virtual Machine. Everything on how to do this can be found on the MalwareTips Malware Vault (reach 100 posts!). As well, you can find testings by our Testers or videoreviews by our AV Reviers.
  • Script blocking and Behaviour Blocker: now most malware is zeroday, more security layers are required. You can always install more software as to cover all weak points, but it's always nice to have one-for-all software that protects you as many would do. Be sure the antivirus you're installing has a decent Behaviour Blocker to analize on the background every file that tries to create, modify or whatever on your system. This would not only block malware that tries to run, but detect and stop active malware to download payloads.
  • Malware removal: research. Google is your best ally when you don't want to do your own tests. Google and our precious Malware Testers. Be sure your AV is capable of efficiently removing and disinfecting all malware. And if you're choosing a free product, be sure you don't have to pay for removal!
  • Ransomware protection: welcome to 2017, Ransomware party! Be sure your suite has a good ransomware protection, though many behaviour blockers will help you here, an extra security layer to avoid this head ache malware is a very good option. Many Security Suites have one now, as it's a must because of the danger it talks about.
FIRST LINE OF DEFENSE: deny by default

5-17.png


We should start with the most important security advice. Don't let a machine decide wether something's safe or not. That should be the last line of defence. The safest method to avoid infection, is trusting nothing. This can be achieved with modules or programs like Application Control or anti-executables. Let's sum it up: safest way to not get infected = don't let anything execute. Application Control modules (such as the one included in Kaspersky Internet Security), anti-executable programs (such as VoodooShield), and software restriction policies (such as Hard_Configurator by Andy Ful), can be configured to "not let anything execute", only what's necessary. Although this may seem crazy, it's the safest way to avoid malware. These kind of configurations will block the execution of any program, script, or software that attempts to run in your system. This includes malicious software and safe programs. Of course, these modules like AC or SRP include options to whitelist your desired software or executables, but the point is clear.


Things occur in the background, things to cannot see (such as scripts execution, payload downloads, process injections). The only way to keep your system under control is to restrict it from executing anything. Let's take Hard_Configurator as an example. Once downloaded and configured, this hardening tool will whitelist all the import files and software your OS needs to function, your desired used software and shortcuts. Any other software that tries to run which you haven't whitelisted, won't. For example, if you haven't whitelisted Discord, discord.exe will try to run from AppData/Roaming, but... news! It won't happen. You'll get an error, because nothing can execute unless you have indicated. Now imagine that shady crack you downloaded for Camtasia, which you whitelisted because your antivirus told you it was safe, uses powershell.exe to download a suspicious malicious payload into AppData temp folder, and gives the PS the instruction to execute. News! It won't. Because your default-deny software is configured to not allowing anything to run unless you've said so. Head to MT forums, read about anti-executables, Application Control and SRP. Check for Hard_Configurator, VoodooShield, Exe Radar Pro.

Another modules you would like include:
  • File Shredder, DNS Protection, Password Managers, Phishing protection, Antispam, Browser protection.

Let's talk about the firewall.

Some AV’s can filter and scan your internet traffic to detect incoming threats before they reach your device. A firewall is really a DO IT on this Internet Age. Windows built-in firewall is always a good option, but if you're considering paying for an Internet Security suite, make sure it includes a decent firewall that's actually worth disabling Windows'. Many security software include awsome firewalls, like Emsisoft, Kaspersky, Norton. Don't forget to research on that before using it. You can always combine your free product with a third-party firewall like Comodo or ZoneAlarm, even use Windows'.


Alright RoboMan, you just told us what to do, now what shouldn't i do?

Well then, thanks for asking mysterious stranger:
  • Don't rely on AV-Testing like AV-TESTS, AV-COMPARATIVES, PC-MAG, etc. Despite some of them may actually be, let's say, "accurate" they do not represent your system or how malware and antivirus software would behave on your specific system. For this, trust your own tests or MalwareTips testers, whose virtual environment is much more similar to yours.
  • Do not rely as well 100% on a single test: two days and two malware packs are not enough to conclude Kaspersky is the best against ransomware malware. If you're not willing to make your own tests, research for many tests that could actually represent your system. Make sure fresh packs are used and system configuration is settled as you would use it.
  • Do not use more than two antivirus or same software: OK, most of you knew that. Still many new members have no clue on what i'm talking about. Two or more antivirus suites or software with the same purpose, say two firewalls, will NOT give you more security layers. On the other hand, this will conclude on excessive CPU and RAM usage, BSOD, incompatibility and less security, since they will end up disabling components and highlighting as possible malware.

FINAL ADVISES:

windows-security-tips.jpg


At the end of the day, most antivirus will be the same. They'll all offer you decent protection and detection, and you'll find out you can choose the one that fits you the best. Most of the times, you will find this great security software you love. It includes awesome modules and it makes you feel protected. Still, you're not sure, because if has no firewall. But you will have researched, found out you could harden Windows Firewall with Windows Firewall Control. Maybe you feel Windows Defender is not enough , but you have read about ConfigureDefender which you can use to maximize its potential.

Harden your OS, cover all of your OS' weak points. Keep it simple, reduce the attack surface. Not always the more is the best. Sometimes less is more. Knowledge is your best tool. Educate yourself, surf safely.

Feel free to comment anything to add. :)
 
Last edited:

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
Don't rely on AV-Testing like AV-TESTS, AV-COMPARATIVES, PC-MAG, etc. Despite some of them may actually be, let's say, "accurate" they do not represent your system or how malware and antivirus software would behave on your specific system. For this, trust your own tests or MalwareTips testers, whose virtual enviroment is much more similar to yours.

This is gold, Great read and at same time great insights on choosing an AV. I use the classic method of testing every single one that can.
 

Janl1992l

Level 14
Verified
Well-known
Feb 14, 2016
648
Form me the best antivirus dosnt must have the best detection and so on. It must run perfectly fine on my system. Performance is importan for me because im a gamer. im carefull enough to have a medium av with high performance. the best one by the way are not avs. Best ones are antiexecutables with windows defender. 0 performance inpact and if u know what u do and know what to allow it almost is bulletproof. For other like my family who are happy clickers and doesnt know anything i mostly install avast free with hardernd mode. they never had a infection. Avast is for me by far the "best" free av for the average windows user.
 
S

Sr. Normal 2.0

Good advices.
Greet "mysterious stranger" and thank him for his questions :D

Putting PC-Mag on the same level as AV-Test and AV-Comparatives.

...Really?
Well, In Pc-Mag will always AVG and ZoneAlarm are on top, as well as any antivirus with Bitdefender engine. It is not necessary to read the review, if you have already read any of them, you have read them all
 

RoboMan

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
Putting PC-Mag on the same level as AV-Test and AV-Comparatives.

...Really?
It was not my intention to classify them as the same, just wrote them together. Still, despite there's a visible difference, none of them are to trust as to install the software blinded. They are more like a guide on which software is worth to be tested by us and which not.
 
D

Deleted member 178

A so true article , long time i didn't see one telling truths.

begin with, since just about every self-respecting anti-virus product contains a scanner (see above), you need a comprehensive collection of known malware. It has to contain pretty much everything known to exist, because, remember, a scanner that detects less than 90% of it is crap and you have to be able to measure this. You have to be a competent malware researcher, in order to make sure that what is in your test set is indeed malware. And if you think that you can determine that just by running a scanner on it and observing its output, you are an idiot and your place is not in the anti-virus testing business.

so true

And you have to test in realistic conditions. In real life, nobody is attacked by a multi-terabyte hard disk full of hundreds of millions of static malicious programs. In real life people are attacked by 1-3 malicious programs that they have executed on their computer.

so obvious

So, you have to execute the malicious program on the machine protected by the anti-virus suite you’re testing. This might sound simple, but it is not. Malware would often refuse to run (or to do anything meaningful) for the weirdest of reasons. [...] So, you have to reverse-engineer the malware and figure out why it isn’t working.

And then you have to wipe the machine and repeat the exercise with another anti-virus, for each of the anti-virus products you are testing.

And once you’re done, you realize that you have just tested how these products protect from one particular malware. Now repeat the above procedure 200 million times for all the known malicious programs in your (supposedly good) malware collection.

And once you’re done (good luck with that), you must also test all the products for false positives! Remember, the user is unable to tell whether a report from an anti-virus product is correct or not, so a wrong “this is malware” report can cause nearly as much damage as missing real malware (e.g., resulting in the anti-virus product deleting a program Windows needs to work and disabling your whole corporate network), so a good test needs to test for such things, too.

It’s an impossible task!

I can't say better

So, all anti-virus testing outfits generally fall into two categories — incompetent and incomplete. (Of course, some are both.)
- The incompetent ones often publish in popular computer magazines. They “test” irrelevant things like the user interface or whether the documentation is easy to understand. They use “malware” which somebody or something (usually — a scanner) told them is malware. They are idiots.
- The incomplete ones are the ones you usually see as professional independent anti-virus testing outfits — like AV Comparatives, Virus Bulletin, and so on. They have a generally sound testing methodology, but it is necessarily very limited — because, as we saw above, proper and complete anti-virus testing is simply not humanly possible. So, they use a small (and often obsolete) test set like a few hundred malicious programs, or only test one particular aspect of the anti-virus product (e.g., the scanner) and so on.

What i'm saying since ages.
 

Deletedmessiah

Level 25
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
Spot on with not relying on AV-TEST, AV Comparatives etc. Bitdefender and Kaspersky scores full in their performance test, but high resource usage in my system. I feel noticable slowdowns. Emsisoft didn't score full on performance test, but doesn't slow down my system. Even when I disable the memory usage optimization. I guess Security products performs differently on different systems.
 

RoboMan

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
Thanks for sharing the article. It somehows supports my theory that AV-Testing online is crap and somehow as well supports the theory that all testing is crap lol.

Wether it's true and the article is very interesting, i still refuse to use software without being tested before.

Spot on with not relying on AV-TEST, AV Comparatives etc. Bitdefender and Kaspersky scores full in their performance test, but high resource usage in my system. I feel noticable slowdowns. Emsisoft didn't score full on performance test, but doesn't slow down my system. Even when I disable the memory usage optimization. I guess Security products performs differently on different systems.

That's exactly my point :)
 

RoboMan

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
Strictly speaking AV don't come with a FW....Norton Security Standard is the exception here. Then you talk of a FW and the Internet Security Suite

So are you choosing the best AV or the best Internet Security Suite?
If i'm to choose i'd choose the power of love, but the guide means a general orientation on choosing a security program, the one it is, for a main layer security.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
If i'm to choose i'd choose the power of love, but the guide means a general orientation on choosing a security program, the one it is, for a main layer security.
Then your topic title should be changed to 'How to choose the best Internet Security Suite', no? Because having the best AV will not protect your system any better than the best Internet Security Suite especially when you want it as a main security layer, right?

Of course you can have the best AV and a separate FW with others as complements
 

RoboMan

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
Then your topic title should be changed to 'How to choose the best Internet Security Suite', no? Because having the best AV will not protect your system any better than the best Internet Security Suite especially when you want it as a main security layer, right?

Of course you can have the best AV and a separate FW with others as complements
I'm passing from this one since it makes me think you're only trying to create discussion.
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
Don't rely on AV-Testing like AV-TESTS, AV-COMPARATIVES, PC-MAG, etc. Despite some of them may actually be, let's say, "accurate" they do not represent your system or how malware and antivirus software would behave on your specific system. For this, trust your own tests or MalwareTips testers, whose virtual enviroment is much more similar to yours.

couldn't agree more...
 

Aura

Level 20
Verified
Jul 29, 2014
966
Thanks for sharing the article. It somehows supports my theory that AV-Testing online is crap and somehow as well supports the theory that all testing is crap lol.

Wether it's true and the article is very interesting, i still refuse to use software without being tested before.

More like, some Antivirus testing companies have better methodologies than others, but they aren't fullproof.
 

j2yazmnzn

Level 1
Jan 29, 2017
10
Form me the best antivirus dosnt must have the best detection and so on. It must run perfectly fine on my system. Performance is importan for me because im a gamer. im carefull enough to have a medium av with high performance. the best one by the way are not avs. Best ones are antiexecutables with windows defender. 0 performance inpact and if u know what u do and know what to allow it almost is bulletproof. For other like my family who are happy clickers and doesnt know anything i mostly install avast free with hardernd mode. they never had a infection. Avast is for me by far the "best" free av for the average windows user.
Agree 100%. windows defender+antiexecutable works great or Avast only.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top