Free Anti-Virus Software

Virus removal... part of what I do for a living.

First, Symantec (and its stablemate Norton, and any well known AV) is a target. There are viruses out there (trojans, typcially) that have built within them code to disable pretty much any antivirus out there. They're getting to where they load in safe mode (a year ago, we could still hop into safe mode and be pretty confident the viruses would not be active. Now, they still crop up.) Depending on the virus, *any* antivirus runs the risk of being disabled or hobbled when the "right" virus hits it.

The antivirus vendors keep updating, of course, to try to counter these, but new attacks show up constantly.

Some of these will - if run on the same system, not the way you've done it - rename and deny execute to several removal tools (from HijackThis and Malwarebytes to Combofix/GMER) as well. Makes removal and system repair *so* much fun.

My main beef with Symantec has nothing to do with viruses getting around it, because that happens with them all. My irritation is with how invasive it is. Put it on a system, and I'll have it basically hobble networking until I track down where they've hidden settings in *this* version, allow stuff through the firewall, etc.

If you remove it, be sure to get the removal tool from Symantec's website to make sure it's all gone.

If funds are a problem and you want a full "suite" (AV, spyware, firewall,) check with your ISP. Most I've seen offer heavily discounted or just flat out free versions of at least one of the major antiviruses to their customers.

Personally? Mine switched from Mcafee (which played nice with most of my programs) to Norton (which... see prior PITA comment.) I'm using Avast.

See my Guides and Tutorials

Market size is generally the reason given. However, the Mac OSX (and Linux, generally) are laid out differently as well. It's not impossible to write a virus for them, you just have to find a way to get it in and have it assign itself the proper permissions without letting the user know.

(Of course, "social engineering" attacks don't care - "click this link, or let me scare you into sending me your credit card information" are playing more on the user than the OS.)

See my Guides and Tutorials

Well, I'm going to need to frame what I say here, since I'm about to give you the long winded reasoning of why Anti-Virus products don't work like you probably think they do. So, if you aren't interested in knowing why that anti-virus you bought did not protect your computer, by all means, skip this post.

When I was working for Cox Communications through Sitel, I basically started collecting various viral applications and trojans, either downloading them directly from infected sources, or having an infected user email me an infected file. I'd store these viral programs on CD's, and then intentionally infect a network disconnected machine running Windows 2000, then Windows Xp, and now Vista.

With a fully infected machine state, I'll install various "popular" anti-viral solutions, which have included Norton, McAfee, Bitdefender, Avast, AVG, Kapersky, Nod32, F-Secure, Trend Micro, and Avira.

Out of all of these applications, the two least successful Anti-Virus programs you could use... were Norton and McAfee. Average hit rate on known, and confirmed, viral applications, as determined by the likes of ICSA Labs, Tom Coyote (now What the Tech), and CERT, was less than 30%.

Norton and McAfee have been, hands down, the least effect anti-malware tools, ever made. They simply don't protect your computer.

Now, to be fair, there are several valid reasons on why Norton and McAfee are horrible at protecting a computer. For starter Norton and McAfee are two of the biggest names in the security business, and many viral / malicious applications are designed specifically to get around either program. Then there's the problem of the base OS itself. No Anti-Virus program is going to protect a Windows based computer from attacks. Microsoft, after however many years of making operating systems, still can't follow basic fundamental rules of security.

Let me put it like this. Most Unix and Unix-Like systems are built with the idea that eventually somebody, somewhere, somehow, will gain unauthorized access to the computer. Most Unix and Unix-Like systems grew out of a need for tight security. Microsoft approached the computer market from a different perspective, focusing on what was easy and simple, rather than what was secure. Let me explain.

User Permissions

Under Unix and Unix-Like systems each user can be assigned a finely grained list of access protocols. For example, here's a list of the access groups exposed under Kuser in KDE 4.3:



Under Microsoft NT6 in Windows 7, you pretty much have Administrator and User... and that's it. Since Windows NT5 as used in Windows 2000, Microsoft also sets the first created user-name to be the administrator, and as of NT5 as used in Windows Xp, hides the administrator account. So, if you are logging into your Windows 7 computer as Owner? You're on an Admin Account. What's worse is that you, as the user, will be locked out of some of the admin controls unless you go through a process to unlock the original Admin Account... but malicious software is not locked out of your base OS files.

Basic File Access:

Most Unix and Unix-Like systems do not assign executable status to files. Any file added to the Operating System's storage is done so with file-execution turned off. When installing a program through a Unix or Unix-Like system's native package manager, scripts are automatically run by the package manager to assign executable status to a particular file.

Under NT6 as used in Windows 7, any file can be executable by default. That picture file you just downloaded? It can be an executable file. That .pdf file you downloaded? It can be an executable file.

Basic Package Management

Most Unix and Unix-Like systems have a native Package Manager and Native Application Repositories. What this means is that there is a central location for a User to install and remove all software. Most desktop Linux's provide a repository with commonly used applications, such as as the Debian Repository. These basic packages are often supplemented by the user base, which provides packages that the base operating system may not have, such as Debian-Multimedia, or the Mepis Community Repositories. Various software vendors will often host their own repositories, allowing users to get software directly from a trusted vendor, such as Google and Opera. Other vendors will provide packages in a format that can be installed through a native package manager, such as Transgaming's Cedega.

Most of these package managers require that somebody sign off on the package that is going into the repository. This means that you, as the end user, have some assurance that somebody has actually tested the package and made sure it works as intended. Most of these package repositories are guarded jealously. For example, one of the requirements to become a Debian Package Maintainer, you physically have to go and meet at least one other package maintainer in person.


Under Microsoft NT6 as used in Windows 7, it's a bit of a different story. Not every application is listed in the Programs and Features section of the Microsoft control panel. There is no unified front-end to download software and updates. You, the end-user, are responsible for downloading any and all updates to any programs and applications you have installed. There is no such concept as a central repository that trusted and verified users sign off on.


Partitioning and Folder Placement:

Most Unix and Unix-Like Systems support folder instance by mount point and or partition point. What this means is that a Unix and Unix-Like system has a robust method of handling folder and file assignment that can span multiple hard-drives.

For example, Mepis Linux's default installation uses three partitions.

• One partition is /(root)

  This partition contains the actual operating system as well as programs installed through the package manager

• One partition is (swap)

  This partition contains the virtual memory storage

• One partition is /home

  This partition contains all of the users data and program configurations

In this configuration the user's data is kept on a physically separate partition from the Operating System. Even if a malicious software package was capable of compromising the user's account and the user's /home partition, it still would not have write-permissions to compromise the /(root) partition. Some of the more advanced secure Linux's in use automatically wipe the /(root) partition on logout, and load from a locked and checksummed copy on Login.

Windows... on the other hand.

The default installation of NT6 as used in Windows 7... still uses a single large partition. All of the users data, operating system files, and virtual memory, are accessed off the same drive, with the same read and write permissions. If a malicious program is able to compromise the user's account and achieve read / write access, the malicious program will be able to set itself to read and write to the base Operating System files.

* * *

The loading structure of Unix and Unix-Like systems can be even more robust with multiple drives. If I wanted to, I could set an entry point for /home/Username1/Movies to point to a separate physical hard-drive. From the point of view of a user, they would simply open up the /home/ file browser, click on the Movies folder... and presto. They are accessing a completely different drive seamlessly.

In Windows... if you add in a separate physical drive.. it is a separate physical drive with a separate Drive Letter and Access path. If I wanted to add in a hard-drive just for movies, I can work around the brain-dead handling of Windows 7 drive and partition handling by creating a folder on a new drive, let's call it D:\Movies, and then creating a shortcut to that folder under C:\Users\Username1\Documents and Settings\Movies


Now, I could go on, detailing a list of security features that Unix systems have been doing since the late 1970's in systems like Version 7 Unix, UNIX/32V, and 2BSD, that Microsoft still can't even implement in it's most up to date NT6 release nearly 30 years later.

The point I'm trying to make here is that Microsoft Windows, as an Operating System, is built for security about as much as a Lotus sports car is built to pull a Sherman Tank out of a hole in the ground.

This has a grave impact on the ability of any security software applications ability to protect your system from intrusion. There's a reason why Unix and Unix-Like systems make up the vast majority of the computers in use in mission critical situations. The backbone of the Internet runs on Unix and Linux. There's a reason why Unix and Unix-Like systems are used in 99% of the worlds Top 500 supercomputers. There's a reason why major financial institutions, such as the London Stock Exchange, don't use Microsoft Products.

* * *

Now, does this mean that you should just give up and not run any security software at all? Is the situation really that hopeless?

Being honest, in the long run, yes, the situation is that hopeless. With Microsoft products it is not a question of if you get hit with malicious software, it is a question of when will you get hit and just how badly will you be hit.

However, I realize that not everybody wants to hear the honest answer.

There are some steps you can take to insulate yourself from attacks. For starters, don't use Microsoft Products. If you have to use a Microsoft Operating System, use a non-Microsoft browser such as FireFox, Opera, Google Chrome, or even Konqueror.

Do take steps to insulate your computer against known threats. Tools like PepiMk's Spybot Search and Destroy can help prevent DNS Cache poisoning, and block several malicious software packages before those packages can be installed.

Get a hardware firewall, software firewalls don't work. On Microsoft Windows 9x, NT5, and NT6, if I'm a malicious cracker at the point of your software firewall, I already own your TCP/IP networking stack and your firewall means jack excrement.

Get an Anti-Virus that has regular push updates. Two of the better non-paid are Avast and AVG. I wouldn't fault you for using either one.

The best Anti-Virus though... isn't exactly a standard anti-virus. It's Clam. For reference, Clam has been the default choice in Unix and Unix-Like systems for years for scanning email systems and network traffic. Clam has been credited for for halting the spreading of many major viral applications over the years. It is, hands down, the most powerful viral and malicious program detection application available.

There is a long-standing version of Clam for Windows, hosted at ClamWin.com. Unfortunately, it's produced by people who actually know what they are doing in Computer Security, not by marketing majors, and that means the graphical user-interface is best described as functional. This branch lacks features such as real time scanning. The good news is, since this version of Clam is just a file-scanner, it is compatible all the way back to Windows 98. So if you've got relatives with a really old computer... here's your solution. Since it lacks a real-time access scanner, there's no performance impact on your computer either.

There is a new semi-branch of Clam, branded ClamAV for Windows 2.0. This particular package has had input from marketing majors and does have fancy bells and whistles. However, these bells and whistles come at a performance price. Granted, I don't exactly have very many aging systems running a Windows install, but in my own experience, against a Turion X2 TL-60 ClamAV for WIndows 2.0 has a similar performance footprint to Avast. So, it's by no means as resource hoggish as the stuff by McAfee, Symnatec, or Trend-Micro. Support for this branch also stops at Windows Xp.


Okay, I hope this answers your question as to what Anti-Virus is probably going to be a good choice; why anti-virus's are not the be all / end all of computer security; and hopefully gives some-background into Operating System design that explains why Microsoft Products tend to be uniquely susceptible to malicious software intrusions.

First of all "YAY" to the op for (hopefully) getting rid of their virus.

2nd, I'm glad you asked this question because I was about to. I use the MSE programs because they got pretty good reviews from the computer magazine review guys. Read in a couple of different mags that it was up there at least with Norton and McAfee.

Although, based on what I've heard/experienced with norton&mcafee... that isn't exactly high praise.