Battle Lightest free AV

[brod56]

Hey guys.
I know many of you are a bit tired of threads comparing free AVs, but this one is a bit diferent.
I want to know what you think is the best performance free AV right now, which just has a new contester. I am aware of the detection rates considering the different modules of protection available (probably BDF>KAF>WD) but CPU/Ram usage is what Im looking at.
Compatibility with Voodooshield is also an important aspect for me, as I can't live without this wonderful piece of software.
Any comments (with Task Manager screenshots even better) are highly appreciated.

PS. Please do not suggest Avast or Avira as I had some pretty bad experiences with them in the past.

 

[l0rdraiden]

Your concept of zero day protection is funny. Why you don't use an AV based on signatures only?

Zero day protection isn't provided by signatures, it's provided by other mechanisms like sandbox analysis (behavior) and many other mechanisms, depending on the product you are using, otherwise, why you don't use a tradicional signature only antivirus? Where is the zero day protection with signatures only?

When you send a sample to FortiGuard you are executing the code even if it malicious. FortiGuard labs will analyze the file and then create a signature (this normally take some hours, so you will get infected while the signature doesn't exist). Zero day protection is designed to detect unknown malware in real time, not to wait for a signature. That file submission is something that exists in every security product for years now, and It's there to improve their signatures, not to block zero day malware.

About the 2º thing you said: When you use a FortiSandbox appliance + FortiClient (or a Fortiguard with cloud sandboxing) you can block execution of unknown samples while the sandbox analyzes and gives you a result. In this case, you are sending the sample to the FortiSandbox appliance (in the case of a physical appliance) and waiting for a result, all of this internally, on the enterprise network. Some companies share their sample submission with FortiGuard labs, but many choose not to share their samples, so take your own conclusions...

About your question: You have many different mechanisms designed to block zero day attacks on many "normal" security solutions. Many of them even use sandboxing, different from a FortiSandbox, because in most cases it runs in a virtualized container on the host system, but it's still a sandbox system ("emulation" as example). In the case of a FortiSandbox you are dedicating a completely isolated appliance, that doesn't depend on the host machine to make the analysis, so you get more security and more control over what's running on it.

I think I have answered your question now

Ok so there is no consumer AV using a sanboxing to run files virtualized and detect malware. You left me worried, I was right

Sorry I have stop reading at they point you said 0 day malware can't be blocked with a signature by the av or heuristics. Read the definition and then come back. If not is pointless.

 

[MTUser]

Ok so there is no consumer AV using a sanboxing to run files virtualized and detect malware. You left me worried, I was right

Where did I say that? Almost every consumer grade product uses file emulation & heuristics (if not all), HIPS, generic signatures, and many other techniques.

Sorry I have stop reading at they point you said 0 day malware can't be blocked with a signature by the av or heuristics. Read the definition and then come back. If not is pointless.

"if you found them, they wouldn’t be zero-day anymore" - Avast (I went to their website, because if it was me saying this you would say I was wrong lol).

Like @cruelsister said in another topic, some time ago, "whenever I want to demonstrate how poor a definition based security solution can be, FortiClient always comes to mind first." and also "FortiClient is very good, the downside is lack of 0-day protection." by @Kate_L

So, you don't have more arguments?

@cruelsister Can you explain to this user what's zero day protection, and why Forticlient "free" isn't the best solution for zero days?

 

[l0rdraiden]

Where did I say that? Almost every consumer grade product uses file emulation & heuristics (if not all), HIPS, generic signatures, and many other techniques.



"if you found them, they wouldn’t be zero-day anymore" - Avast (I went to their website, because if it was me saying this you would say I was wrong lol).

Like @cruelsister said in another topic, some time ago, "whenever I want to demonstrate how poor a definition based security solution can be, FortiClient always comes to mind first." and also "FortiClient is very good, the downside is lack of 0-day protection." by @Kate_L

So, you don't have more arguments?

@cruelsister Can you explain to this user what's zero day protection, and why Forticlient "free" isn't the best solution for zero days?

Hahaha, so a malware is 0day depending on the software you use? That's a good one
So if an AV doesn't detect a malware then is 0 day haahah, you made my day.

How long does it take to forticlient cloud protection once it has detected malware to spread signature to all forticlient free or not? Mins, hours? Isn't that 0dat protection for a malware that is alive 2 hours?

It will only be a problem if you are the first fortigate customer in the world to see an undetected unkown
malware. But even then if its detected in the cloud by a consumer product it might be late because they don't hold files, at least not by default, most of them allow you to execute the file while it's being analyzed, it doesn't always happens in real time.

BTW I never said that is was the best solution for 0day, my point is that will provide a solid protection to any user

And please don't come to me with a test of a YouTuber

 

[mekelek]

what is this fortinet mania on MT recently, since @ForgottenSeer 58943 mentioned it everyone is all over it when if i'm correct, it's only useful if you buy their $12k fortigate hardware...

 

[brod56]

what is this fortinet mania on MT recently, since @ForgottenSeer 58943 mentioned it everyone is all over it when if i'm correct, it's only useful if you buy their $12k fortigate hardware...

I agree, I searched a bit about this program and I found it pretty average.

 

[212eta]

@askalan

AV-Comparatives ~ Performance-Test (May 2017)
https://www.av-comparatives.org/wp-content/uploads/2017/06/avc_per_201705_en.pdf

Microsoft (Windows Defender) had the worst Performance!

 

[AlanOstaszewski]

@askalan

AV-Comparatives ~ Performance-Test (May 2017)
https://www.av-comparatives.org/wp-content/uploads/2017/06/avc_per_201705_en.pdf

Microsoft (Windows Defender) had the worst Performance!

I only can speak about the performance on my devies. Please don't write "had the worst performance!". I tested on my Intel Atom Netbook Microsoft (worst performance in test) and McAfee (pre installed bloatware) (one of the best performances in test (?? - my reaction: DAFUQ? HOW??)). So please don't judge me for using Defender, please! Panda is running on my brothers PC (Amd Athlon) very nice too and is "slow" for the tester. But not for my brother! Every Anti-Virus runs different on each machine!

 

[ForgottenSeer 58943]

what is this fortinet mania on MT recently, since @ForgottenSeer 58943 mentioned it everyone is all over it when if i'm correct, it's only useful if you buy their $12k fortigate hardware...

12K is a good bit of hyperbole, we don't even sell 12K Fortigate's to Fortune 500 firms. I just installed a Fortigate 200E for a well known large firm with 1,000 employees on 2GB Fiber and that device only costs 4-5K...

A Fortinet 30E Bundle will set you back $299 or less and will handle a 200Mbps connection easily. A 60E bundle will set you back $400 or less and that will get you 600Mbps throughput. The bundle is what you want because that includes all of the subscriptions and activated UTM features. If you want to add the sandbox you either buy another appliance, setup a VM for it, or pay another $100 a year for the hosted sandbox. Either way, way way less than 12K. However I would bet the majority of people on this forum wouldn't have the knowledge or training to setup, program and properly configure a Fortigate, so that might be a moot point - it might as well cost 12K.

But let's clarify something;

A Forticlient without a Fortigate is really a partial rather than complete product. You are missing out on Vulnerability Scanning, Sandboxing, Compliance Checking and Endpoint Control without a Fortigate powering your Forticlient installations. In terms of Fortinet, the FortiSandbox IS the zero day detection/protection system. I will admit, a Forticlient with XML tweaks (Extreme Database, Deep Heuristics, etc) is a pretty robust signature based product with strong heuristics, amazing web filter, good application firewall and decent rootkit, but that's about it. I would pair it with another product like VoodooShield - just in case.

In terms of signature response time Fortinet is very very fast. Usually under 15 minutes during outbreaks, seldom over 60 minutes. They have a very large lab with contingency systems. During outbreaks engineers shift locations to shore up their response time. Fortinet was one of the first to respond to Petya and before that BASH and Heartbleed. Their response time on those outbreaks including releasing of multi-level protection (IPS, APPC, WAF, AV, SB) was under 60 minutes. First in the industry.

Raiden has a valid point in that unless you are the first Fortinet customer to detect something, the process for preventing the malware is already moving along. For most people Forticlient would provide adequate protection because of all of these factors. Also any consumer testing of FortiClient, such as from Youtube, should be suspect unless the tester can provide evidence they've got a Fortigate powering Forticlient and have done sufficient best practice XML settings. If they make it clear they are testing a vanilla unconfigured/unmanaged Forticlient I suppose that would suffice so folks aren't misled.

 

[MTUser]

You confirmed what I've been saying since the beginning, and that l0rdraiden doesn't understand...

A Forticlient without a Fortigate is really a partial rather than complete product. You are missing out on Vulnerability Scanning, Sandboxing, Compliance Checking and Endpoint Control without a Fortigate powering your Forticlient installations.

In terms of Fortinet, the FortiSandbox IS the zero day detection/protection system. I will admit, a Forticlient with XML tweaks (Extreme Database, Deep Heuristics, etc) is a pretty robust signature based product with strong heuristics, amazing web filter, good application firewall and decent rootkit, but that's about it. I would pair it with another product like VoodooShield - just in case.

Also any consumer testing of FortiClient, such as from Youtube, should be suspect unless the tester can provide evidence they've got a Fortigate powering Forticlient and have done sufficient best practice XML settings. If they make it clear they are testing a vanilla unconfigured/unmanaged Forticlient I suppose that would suffice so folks aren't misled.

Conclusion: Forticlient is designed with the main focus of being integrated with the security fabric. There are better options for "normal" costumers, not only in terms of functionality (again, for a "normal" costumer), but also because many "normal" users want something that works "out of the box", or that's easy to configure.

P.S: When I @ some guys here on the forum, I wasn't talking about their tests. Normally I don't watch youtube av testers. I was @ them to show to user lord that FortiClient alone isn't the best defense against zero day attacks as he thought.

Btw, thanks for your reply!

 

[212eta]

Please, don't write "had the worst performance!"

You may complain to AV-Comparatives.org.
Their Performance Test found Malware Defender to be the worst in terms of System Impact.

End of story!

 

[AlanOstaszewski]

You may complain to AV-Comparatives.org.
Their Performance Test found Malware Defender to be the worst in terms of System Impact.

End of story!

You're trying to say me that Microsoft is ##### and McAfee is nice because of "the PERFORMANCE tests". That are numbers. N-U-M-B-E-R-S.
And I need to use Trend Micro because its scores with 100% in the protection ratio in the Real-World" Protection Test".
So I will explain that again: Every different computer and the users usage are diciding about the system impact. I saw computers running Kaspersky on 500MB Ram and below 250MB Ram. I saw that my netbook (1GB RAM and Intel Atom) doesn't run with Kaspersky and McAfee well. But for example Defender and Sophos are. End of story!

(Computer architecture, Windows Version, Updates and kernel are playing a much higher role than you think!)

 

[212eta]

Perhaps, you know better than AV-Comparatives...
Do not forget to post your expertise/credentials, next time...

 

[AlanOstaszewski]

Perhaps, you know better than AV-Comparatives...
Do not forget to post your expertise/credentials, next time...

You need to take this tests with a grain of salt.

 

[212eta]

You need to take this tests with a grain of salt.

I have always taken AV-Fanboys with a grain of salt .

Especially the ones who easily point a finger at well-established AV-Testing Organizations
when Results do Not favor their beloved Security software.

Especially, when Evidence has Not presented against the Results of well-established AV-Testing Organizations.

 

[Slerion]

why isnt there avast listed ? or Panda ? ( in the votes ) or any other free av that is considered light... Windows defender isnt light....

avast is like 3x lighter as WD ... everytime i leave WD alone on my machine with no other AV it spikes like hell on cpu usage alot of times...

 

[ziyerain]

TEcent PC MANAGER

 

[TairikuOkami]

I have just settled with Panda Cloud Free. It is running at 2-3% CPU and I/O at a few kBs only. I have not tried it for a long time, because of network disconnects, especially on WiFi. I have set blocking files to 10 seconds only and disabled process monitor. It is running great for several days already. I hope it will last.

AVG (too many services), Avast (too many BSOD), Avira (you have got be kidding), 360 TSE (not very light, some BSOD), Bitdefender (lacks everything).

Kaspersky (do not really need it, since it is emblemed within my browser, otherwise it would be my second choice, after properly setting it up).

 

[roger_m]

I have just settled with Panda Cloud Free. It is running at 2-3% CPU and I/O at a few kBs only. I have not tried it for a long time, because of network disconnects, especially on WiFi. I have set blocking files to 10 seconds only and disabled process monitor. It is running great for several days already. I hope it will last.

It will last. I've been using Panda for most of the year and in my experience it is one very few antiviruses which are extremely light. As well, the on access protection prompts me when finding a threat, rather than auto quarantining. Another plus, is very minimal false positives.

Like you, I also have disabled the Process Monitor.

Panda is giving me very occasional BSODs. I can live with that for now, because it seems to be the only antivirus which suits my needs at the moment.

 

[HaMeR]

My vote goes for windows defender

 

[Varok]

Based on my experienced the lightest is comodo cloud antivirus compared to Kaspersky free,bitdefender free and windows defender.