Battle Lightest free AV

[brod56]

Hey guys.
I know many of you are a bit tired of threads comparing free AVs, but this one is a bit diferent.
I want to know what you think is the best performance free AV right now, which just has a new contester. I am aware of the detection rates considering the different modules of protection available (probably BDF>KAF>WD) but CPU/Ram usage is what Im looking at.
Compatibility with Voodooshield is also an important aspect for me, as I can't live without this wonderful piece of software.
Any comments (with Task Manager screenshots even better) are highly appreciated.

PS. Please do not suggest Avast or Avira as I had some pretty bad experiences with them in the past.

 

[Syafiq]

Avast is good and light on resources. If you hate avast, in my opinion Kaspersky is also light. Maybe you should try both(KAF then BD Free)

 

[212eta]

Windows Defender is very good and light

You will find many users turning Windows Defender off, because it was heavy on their Systems.

 

[l0rdraiden]

I'm not saying you cannot use the product as a standalone, but the product itself is designed to be used with the security fabric, so it's not the best solution as standalone with "static" signatures.

I don't know what you know about Fortinet, but I'm Fortinet NSE certified, so I know a thing or two about the product

LoL, so what feature is missing Forticlient compared with other consumer AV's? That It doesn't communicate with the Fortigate firewall (10K€) that the user has in it house plus the UTM yearly maintenance?

So I guess Sophos AV is not either good to be used standalone if you don't have a XG firewall in your infrastructure.

 

[AlanOstaszewski]

You will find many users turning Windows Defender off, because it was heavy on their Systems.

For the next time: please quote my whole sentence. I wrote: "Windows Defender is very good and light because it is a part of Windows." You only quoted "Windows Defender is very good and light". With good I mean that Defender is straight integrated in Windows 10. It works with Windows 10 and SmartScreen very well. With light I mean, that Defender runs in background and makes the job. Defender isn't annoying and is light on resources in my opinion because it is a part of Windows 10.

 

[roger_m]

Defender isn't annoying and is light on resources in my opinion because it is a part of Windows 10.

It's only light on resources if you have a fast CPU. On other systems it can cause noticeable slowdowns. Several other third party antiviruses are much lighter than Windows Defender on many computers.

 

[AlanOstaszewski]

It's only light on resources if you have a fast CPU. On other systems it can cause noticeable slowdowns. Several other third party antiviruses are much lighter than Windows Defender on many computers.

I wrote "in my opinion". I'm speaking about my CPU...

 

[TairikuOkami]

It's only light on resources if you have a fast CPU. On other systems it can cause noticeable slowdowns. Several other third party antiviruses are much lighter than Windows Defender on many computers.

True, I had so many problems with WD on multiple computers. Even when third party AV was installed, WD was dragging it down, like it took 5 minutes to boot, 2 minutes to start a browser, etc. That is the reason, why I have started to disable its services, to be completely free of WD's nightmare.

Yes and no. If you install Avast you can decide about the utilities.

Indeed, I prefer Avast installed with Minimal Protection, PUP, Cyber capture and Aggressive mode enabled. Silent mode ON. WSH disabled of course. It is like a breeze.

 

[mekelek]

i'm just going to say this, install win10 on a VM with 2 cores and enjoy WD's "lightness"
it's a painful joy looking at the cpu/ram/disk usage of "Antimalware executable" in task manager

lightest AV: ESET, FSecure, sadly not free.
lightest free AV: no idea.

 

[Windows Defender Shill]

so you have never been using avast for enough time
you would see avast uses significantly lower RAM than WD

I recently tested WD in Mt hub. I was crying about its performance hit. My HDD nearly died due because of WD especially during WD updates. Opening a folder with full of .exe and documents also caused huge performance impact

I haven't used Avast free in almost a year, but I installed it tonight and I do think it's lighter than Windows Defender.

 

[brod56]

it's a painful joy looking at the cpu/ram/disk usage of "Antimalware executable" in task manager

Well, here the Antimalware service uses around 60mb ram in normal usage, which is almost the same as Avast/BD services all combined.

 

[mekelek]

Well, here the Antimalware service uses around 60mb ram in normal usage, which is almost the same as Avast/BD services all combined.

i still don't get why people care about RAM usage. RAM usage won't slow your computer down, CPU / HDD usage will..
download a pack from malware hub, extract it and enjoy your task manager

 

[MTUser]

LoL, so what feature is missing Forticlient compared with other consumer AV's? That It doesn't communicate with the Fortigate firewall (10K€) that the user has in it house plus the UTM yearly maintenance?

So I guess Sophos AV is not either good to be used standalone if you don't have a XG firewall in your infrastructure.

Where is your zero day protection using only FortiClient?

If you don't understand that the forticlient is designed to integrate with the "security fabric" then it's not my fault. You can get zero day protection integrating the ATP solution, more particularly the FortiSandbox.

You have many other "consumer" solutions on the market with some kind of zero day protection.

• Is forticlient a valid solution for a domestic client? Yes.
• Does it make sense when there is many other better "consumer solutions" in the market with much better functionality out of the box? Not much.

P.S: A fortigate doesn't necessarily cost 10k lol

 

[drakester]

I wrote "in my opinion". I'm speaking about my CPU...

That's very good for your use case but I've seen i7 7700s and Xeon E3 1275 v5s getting a major CPU usage spike with Windows Defender while opening folders with executables or having some new application installed. They need to focus in performance improvement and scan optimization to go along their detection improvements.

Well, here the Antimalware service uses around 60mb ram in normal usage, which is almost the same as Avast/BD services all combined.

I agree that unless the usage is rather excessive (a significant percentage of your free ram) we are at a point were ram usage isn't a major priority, Chrome and other apps take way more ram than your usual security suite - unless it's really inneficient. Having signatures and other things cached on RAM will make scan speeds faster and everything quicker, it's actually a good thing in the long run.

 

[l0rdraiden]

Where is your zero day protection using only FortiClient?

If you don't understand that the forticlient is designed to integrate with the "security fabric" then it's not my fault. You can get zero day protection integrating the ATP solution, more particularly the FortiSandbox.

You have many other "consumer" solutions on the market with some kind of zero day protection.

• Is forticlient a valid solution for a domestic client? Yes.
• Does it make sense when there is many other better "consumer solutions" in the market with much better functionality out of the box? Not much.

P.S: A fortigate doesn't necessarily cost 10k lol

So what consumer solution provides you fortisandbox functionality in consumer market? according to you this is the only feature that provides 0 day protection to Forticlient, which is a lie but who cares. It provides 0 day protection as a stand alone product, ask at fortinet before embarrass yourself again.
I think you should renew your fortinet certs.

In avcomparatives is in the middle of the table so it must be the best antivirus in the world taking into account that it doesn't protect against 0 day malware I guess with the fabric it will reach 120% or more lol

On top of that they send unkown files to their servers Data transmission in Internet security products - AV-Comparatives
Call it cloud and add some buzz words on it like other vendors

And please don't boder to reply my post if you are not going to answer the questions like you already did the the previous post

 

[The paranoid one]

If you don´t Avast
Free Qihoo or BitDefender
Paid: Webroot
I had bad experiences with Panda, it didn´t work fine in my system and uninstalling it was a pain for me. Thanks to my Backup i didn´t format my computer

 

[brod56]

If you don´t Avast
Free Qihoo or BitDefender
Paid: Webroot
I had bad experiences with Panda, it didn´t work fine in my system and uninstalling it was a pain for me. Thanks to my Backup i didn´t format my computer

Testing BDFree+VSPro right now.

 

[Parsh]

Testing BDFree+VSPro right now.

Should be a nice experience. One thing will be missing: an anti-ransom protection for in case you allow a ransomware though VDS (I've seen a low to medium VoodooAI score for 2-3 ransomware). A dedicated protection with backup/rollback feature will be great

 

[MTUser]

So what consumer solution provides you fortisandbox functionality in consumer market? according to you this is the only feature that provides 0 day protection to Forticlient, which is a lie but who cares. It provides 0 day protection as a stand alone product, ask at fortinet before embarrass yourself again.
I think you should renew your fortinet certs.

In avcomparatives is in the middle of the table so it must be the best antivirus in the world taking into account that it doesn't protect against 0 day malware I guess with the fabric it will reach 120% or more lol

On top of that they send unkown files to their servers Data transmission in Internet security products - AV-Comparatives
Call it cloud and add some buzz words on it like other vendors

And please don't boder to reply my post if you are not going to answer the questions like you already did the the previous post

You are the only one saying stupid things...

Take a look at the AV Comparatives real world protection test, and you will see that they always use a Fortigate with Forticlient, also there is this note: "The cloud based behavior analysis feature of Fortinet is only available to enterprises customers who also purchased a Fortigate". Next time, don't say things out of the mouth without knowing about what you are talking about.

Automatic (or no) sample submission isn't new, and it's available on every security product for years now. There's nothing to do with zero day protection :facepalm: . That function is there to help FortiGuard labs create new signatures, not to protect from zero day.

There is also a automatic sample submission function to FortiSandbox (cloud or physical appliance) but that's another story that a normal "domestic" user doesn't have access. It's not something that comes "out of the box" and for free.

This is my last post about this, if you don't want to learn something then it's your right (It's funny that you think you know the product better than fortinet)

 

[l0rdraiden]

You are the only one saying stupid things...

Take a look at the AV Comparatives real world protection test, and you will see that they always use a Fortigate with Forticlient, also there is this note: "The cloud based behavior analysis feature of Fortinet is only available to enterprises customers who also purchased a Fortigate". Next time, don't say things out of the mouth without knowing about what you are talking about.

Automatic (or no) sample submission isn't new, and it's available on every security product for years now. There's nothing to do with zero day protection :facepalm: . That function is there to help FortiGuard labs create new signatures, not to protect from zero day.

There is also a automatic sample submission function to FortiSandbox (cloud or physical appliance) but that's another story that a normal "domestic" user doesn't have access. It's not something that comes "out of the box" and for free.

This is my last post about this, if you don't want to learn something then it's your right (It's funny that you think you know the product better than fortinet)

Ok, so uploading unknown 0day malware to analyze it and create signatures is not 0 day protection? Do you even understand the nonsense you wrote? lol
Obviously you don't know what are you talking about when you start to say that the 0day protection comes only from the cloud sandbox, it comes from anything even from signatures, heuristics, genetic detections, behavior etc.. But to understand this you would need to know first what zero data means which you don't.

Fortigate link and the cloud stuff is nice if you are the first one that get a file which is quite difficult since fortigate appliances and fortios are everywhere. At the point an unkown file is detected by any mean, signatures will be sent to forticlient so basically you get the same protection.

BTW you still didn't answer my question.

 

[MTUser]

Your concept of zero day protection is funny. Why you don't use an AV based on signatures only?

Zero day protection isn't provided by signatures, it's provided by other mechanisms like sandbox analysis (behavior) and many other mechanisms, depending on the product you are using, otherwise, why you don't use a tradicional signature only antivirus? Where is the zero day protection with signatures only?

When you send a sample to FortiGuard you are executing the code even if it malicious. FortiGuard labs will analyze the file and then create a signature (this normally take some hours, so you will get infected while the signature doesn't exist). Zero day protection is designed to detect unknown malware in real time, not to wait for a signature. That file submission is something that exists in every security product for years now, and It's there to improve their signatures, not to block zero day malware.

About the 2º thing you said: When you use a FortiSandbox appliance + FortiClient (or a Fortigate with cloud sandboxing) you can block execution of unknown samples while the sandbox analyzes and gives you a result. In this case, you are sending the sample to the FortiSandbox appliance (in the case of a physical appliance) and waiting for a result, all of this internally, on the enterprise network. Some companies share their sample submission with FortiGuard labs, but many choose not to share their samples, so take your own conclusions...

About your question: You have many different mechanisms designed to block zero day attacks on many "normal" security solutions. Many of them even use sandboxing, different from a FortiSandbox, because in most cases it runs in a virtualized container on the host system, but it's still a sandbox system ("emulation" as example). In the case of a FortiSandbox you are dedicating a completely isolated appliance, that doesn't depend on the host machine to make the analysis, so you get more security and more control over what's running on it.

I think I have answered your question now