All that is wrong with the world…

November 17, 2009

A short comparison of AntiVirus products

Filed under: Security, Tech — Tags: , , , , , , , , , — allthatiswrong @ 8:10 am

The following summaries of AV software are based purely on my experiences with said software. I’ve been working in the field for about 15 years, and I’ve setup most AV products at one time or another, and seen them in action. I also keep track with reviews and tests, of which two are independent and recognized as somewhat authoritative: AV Comparatives and Virus Bulletin. If you disagree with my opinions, please do leave a comment, and let me know why.

  • AVG is recommended by people who don’t know any better, or had it recommended to them and recommend it in turn. It has poor detection rates, invasive behavior and can have a large impact on performance. While it may be easy to use, it is not reliable, and the company uses stupid techniques like flooding the internet to try and save a dying product. The free version has especially limited functionality in some ways, such as being unable to set exceptions. The product is not overly configurable, is not secure or reliable, and should not be trusted or recommended. There is absolutely no reason to use it in light of the other products available.
  • Avast is a popular choice, and quite decent. easy to use, negligible impact on performance, excellent scanning speed, very configurable, and decent detection rates. Avast is free for home use. I would recommend Avast as second to Avira, as within the last year the development team has been paying less attention to reported viruses, which is a shame.
  • Avira currently has the best detection rates, is free for home use, easy to understand, and relatively configurable. It does not have all of the features of Avast such as a web and IM protection, but this should not be a problem for most people. It tends to rely on ads, however this can be easily disabled after searching to find out how. There is a negligible, if any, impact on performance.
  • Microsoft Security Essentials is the newest product in this list, but it is also among the highest rating. It is released completely free to licensed Windows users, with no limitations. It is unobtrusive, has near to no impact on performance, and has a high detection and low false positive rate. It lacks some of the configurability of Avira and Avast, but is more intuitive and easy to use than both of them.
  • Nod32 tends to be recommended by people who are familiar with it. In reality, it is less effective and has less features than Avira, Avast or MSE. It has lower detection rates, slower performance, is not as easy to use and often does not clean up infections effectively. It also has a high false positive rate, which is just annoying. Considering that it is not free and has no technical advantage over the free products, there is very little reason to suggest this.
  • Norton 360 deserves a mention here. Norton has a well deserved reputation for being a resources hog, and requiring an obscene amount of effort to properly remove, while not being a terribly great virus scanner to begin with. This reputation however, is no longer deserved. Symantec have given the Norton product a complete rewrite, and it is now incredibly fast and efficient, and simple to remove. It has several innovative features that make scanning and threat detection fast and efficient, with detection rates close to or equal to Avira. However, the main drawback here is the price. There is simply no advantage that justifies paying for Norton over one of the excellent free products.

The well known products such as Symantec, McAfee, CA, Sophos and the like tend to be tailored more for a corporate environment, having features that are meant to make large scale administration and configuration simpler. For home use, they are expensive, slow and out of place.

The best choice is currently Avira. It has the right mix of ease of use and flexibility, while having high detection rates and being free. Microsoft Security Essentials is the next best choice, and may be more suitable for less savvy users.You should also use software such as Spybot S&D and Malwarebytes to scan for malware, which can be more of a risk these days. The very best advice is just to employ common sense when downloading and using the internet, and you may not even need a virus scanner in the first place. Stay up to date with security fixes, don’t download dodgy executables etc..

If you do decide to not use an AntiVirus product(a choice I intend to justify in an upcoming article), then two sites which may be of use are VirusTotal and Jotti’s Malware Scan. Both of these sites will allow you to upload a file, where it will be matched against several AntiVirus products(around 30 or more) to identify if a file is suspicious or not. These sites may also be used to verify if a suspected false positive is clean or not.

Warning:There are many fake AntiVirus products, which are actually malware of some kind pretending to be a virus scanner. They may even go so far as to pretend to find viruses and clean files. They tend to have dubious names such as “AntiVirus 2009”. Make sure to thoroughly investigate the software you plan to install on your machine if it is not listed here, or you are not familiar with it. If you think you may have been infected with malware, then my guide to removing malware may help you to restore your system to a clean and working state.

Disclaimer: This is accurate as of Nov 2009…things may well change.


  1. Thanks for summarizing!

    By the way, I think there is a slight typo in the sentence, “Symantec have given the Norton product a complete rewrite, and it is **not** incredibly fast and efficient, and simple to remove.”

    Comment by Ferda — January 19, 2010 @ 7:06 pm

  2. Thanks for the feedback!

    Also thanks for pointing out the typo, which has now been fixed.


    Comment by allthatiswrong — January 20, 2010 @ 7:22 pm

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: