Looking for a replacement Anti virus program (Windows)

[Halcyon]

After suggestions, good, bad, ugly, etc...

Requirements:

- Must run on both consumer and Windows server OS's (Windows Server 2008 and later) under the same license.
- No "internet security" features required, purely file-based virus scanning (if it has all those extra features, fine, by they must be able to be disabled).
- Doesn't annoy the user with pop ups unless something bad is detected.
- Need multi-user licenses (5 or more machines)
- Must not be Norton/Symantec.
- Must be affordable (I don't mind forking out a little more for a good product, but I'm not paying "corporate" or "enterprise" pricing for something I'm using at home).
- Need to scan files when they hit the volume in real-time

I'm currently running F-Prot by Cyren and whilst it does everything I need it to, I've found their customer service to be lacking/non-existent. There was an issue renewing my previous subscription to which I logged a support case and never heard back. They've lost a customer.

[Electro Detective]

ClamWin AV may offer you the flexibilty you require, you can be the boss, update it, it can run active (TBC)  and passive (my choice), and no nags afaik.

Been working for me for years   

no way would I ever again use most of mainstream AV money pits that grind PCs to a near freeze     

even when you're not connected to the internet !!!    


fwiw F-Prot used to be a great AV during the Win XP chaos days, my go to for years, not sure how it fares nowadays or who scripts it. Good luck

[Halcyon]

ClamWin AV may offer you the flexibilty you require, you can be the boss, update it, it can run active or passive, and no nags afaik.

I looked at ClamAV a while back, but from memory it didn't do real-time scanning (my original post has been updated). Can you confirm this?

[Electro Detective]

Mine is an older lite version of the program, with no real time function or background processes running.
That's why I chose it, it still updates and scans when and exactly where I need it.
Hasn't missed any malware or suspicious activity yet that the big AV$ also reported on other PCs.

The full version may have all the bells and whistles in the Preferences, that's all I know   

I got off the AV merry go round     years ago   

[Zero999]

Personally I don't like AV with auto-updates, real time scanning or anything which runs in the background. It hogs resources (probably not noticeable on today's hardware though) and introduces other security vulnerabilities.

Malwarebytes is a good one. The free version doesn't support real time scanning but the paid version does. I scan my parent's PC with it periodically.

At home, I run Linux, so don't have any need for this.

[wraper]

Personally I don't like AV with auto-updates, real time scanning or anything which runs in the background.

What's the point in a sort of antivirus which cannot detect anything until it's too late? BTW you can disable real-time stuff in a decent antivirus.

Hasn't missed any malware or suspicious activity

What? there must be no any in the first place.

[Zero999]

Personally I don't like AV with auto-updates, real time scanning or anything which runs in the background.

What's the point in a sort of antivirus which cannot detect anything until it's too late?

What leads you to that conclusion?

You just have to do it manually. The procedure is simple:

Download file.
Right click on said file, select scan with AV software.
Open file.

Unfortunately, no anti-virus software is perfect. One problem is, it won't detect anything until, thousands of PCs have already been already infected.

[Electro Detective]

Personally I don't like AV with auto-updates, real time scanning or anything which runs in the background.

What's the point in a sort of antivirus which cannot detect anything until it's too late? BTW you can disable real-time stuff in a decent antivirus.

Hasn't missed any malware or suspicious activity

What? there must be no any in the first place.

Excuse me, but please quote the entire sentence BEFORE you pass judgement on the comment

Again, in it's contextual entirety > "Hasn't missed any malware or suspicious activity yet that the big AV$ also reported on other PCs. "

Hasn't means HAS NOT,
i.e. it picked up on what was there, and what wasn't   



 

[perieanuo]

After suggestions, good, bad, ugly, etc...

Requirements:

- Must run on both consumer and Windows server OS's (Windows Server 2008 and later) under the same license.
- No "internet security" features required, purely file-based virus scanning (if it has all those extra features, fine, by they must be able to be disabled).
- Doesn't annoy the user with pop ups unless something bad is detected.
- Need multi-user licenses (5 or more machines)
- Must not be Norton/Symantec.
- Must be affordable (I don't mind forking out a little more for a good product, but I'm not paying "corporate" or "enterprise" pricing for something I'm using at home).
- Need to scan files when they hit the volume in real-time

I'm currently running F-Prot by Cyren and whilst it does everything I need it to, I've found their customer service to be lacking/non-existent. There was an issue renewing my previous subscription to which I logged a support case and never heard back. They've lost a customer.

Pure antivirus don't exist anymore in real Life.
If you can,take with internet security option.
Server and workstation are specific I think.
For workstations I used Kaspersky (no 1 for me),Bitdefender,Nod.all licenced course.Based on 10 years experience(before I used cracked ones)
Best regards , Ovidiu


Envoyé de mon iPad en utilisant Tapatalk

[digsys]

I've rolled out ESET Security suite, 8-11 now I think, on several dozen PCs, servers, laptops for the last 20+ yrs. It is highly configurable and hasn't missed a beat.
If you buy 5/10+ for 2-3 yrs block, it's damn cheap. We pay ~$12-15.00ea for 75seat yrs

[AntiProtonBoy]

Just install Windows Defender (formerly Microsoft Security Essentials). It pretty much covers all your bases in terms of requirements. Bonus, it's 100% free, lightweight and is regularly updated via Windows Update.

[WaveyDipole]

ClamAV generally has poor ratings and detection scores. Historically Microsoft has also produced poor AV products and although four or five years ago I would have agreed with Windows Defender as a basic minimal defence free product, it has unfortunately gone downhill and in the last couple of years has received some very poor detection scores. Independent lab testing results are far more telling than your average PC mag reviews which invariably are biased toward the sponsoring vendor.

ESET, Kaspersky and Sophos have consistently produced good AV software and are good commercial choices although I don't have any experience of their customer support. I am not affiliated with any AV company.

[Karel]

Why care about the known & recognized malware and not care about the unknown & not recognized malware?
Even the police now use specially crafted malware in order to get access to suspects' pc's.

Question, do you really think AV is allowed to report state viruses & trojans?

If you care about your windows pc, simply don't connect it to the internet.
For internet surfing, boot your pc from a Linux live cd.

Am I cynical? Maybe yes. But consider this:

Operation "Red October" was able to stay under the radar for five years:

https://securelist.com/blog/incidents/57647/the-red-october-campaign/


Antivirus software is now so ineffective at detecting new malware threats
most enterprises are probably wasting their money buying it, an analysis
by security firm Imperva has concluded.

http://www.cio.com/article/2390136/antivirus-software/antivirus-software-a-waste-of-money-for-businesses--report-suggests.html


Antivirus tools are a useless box-ticking exercise says Google security chap
Advocates whitelists and other tools that 'genuinely help' security

http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/


Several Symantec AV products allow an attacker to run arbitrary code under Linux, MacOS and WIndows. Yes, it's really bad. Affected products are Symantec Endpoint Protection Cloud Client, Symantec Endpoint Protection Small Business Enterprise Client, Norton Family, Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security and Norton 360.

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161117_00#_SYM16-021_/_Symantec


DoubleAgent: Taking Full Control Over Your Antivirus

http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/

http://cybellum.com/doubleagent-taking-full-control-antivirus/

[Zero999]

Why care about the known & recognized malware and not care about the unknown & not recognized malware?
Even the police now use specially crafted malware in order to get access to suspects' pc's.

Question, do you really think AV is allowed to report state viruses & trojans?

If you care about your windows pc, simply don't connect it to the internet.
For internet surfing, boot your pc from a Linux live cd.

Am I cynical? Maybe yes. But consider this:

Operation "Red October" was able to stay under the radar for five years:

https://securelist.com/blog/incidents/57647/the-red-october-campaign/


Antivirus software is now so ineffective at detecting new malware threats
most enterprises are probably wasting their money buying it, an analysis
by security firm Imperva has concluded.

http://www.cio.com/article/2390136/antivirus-software/antivirus-software-a-waste-of-money-for-businesses--report-suggests.html


Antivirus tools are a useless box-ticking exercise says Google security chap
Advocates whitelists and other tools that 'genuinely help' security

http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/


Several Symantec AV products allow an attacker to run arbitrary code under Linux, MacOS and WIndows. Yes, it's really bad. Affected products are Symantec Endpoint Protection Cloud Client, Symantec Endpoint Protection Small Business Enterprise Client, Norton Family, Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security and Norton 360.

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161117_00#_SYM16-021_/_Symantec


DoubleAgent: Taking Full Control Over Your Antivirus

http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/

http://cybellum.com/doubleagent-taking-full-control-antivirus/

I agree with all of the above, hence why I don't bother with AV myself. I only download software from trusted sources.

AV can be useful for scanning downloaded files before running them but only if you accept that it will only catch already known threats and the AV program is run with limited privileges.

[james_s]

I've been reasonably satisfied with Avast. It's not perfect, but then none of them are.

I also have all the realtime stuff shut off, I just scan any files I download and I'm careful where I go. Do a full scan now and then just for good measure.

[Jeroen3]

After suggestions, good, bad, ugly, etc...

Requirements:

1 Must run on both consumer and Windows server OS's (Windows Server 2008 and later) under the same license.
2 No "internet security" features required, purely file-based virus scanning (if it has all those extra features, fine, by they must be able to be disabled).
3 Doesn't annoy the user with pop ups unless something bad is detected.
4 Need multi-user licenses (5 or more machines)
5 Must not be Norton/Symantec.
6 Must be affordable (I don't mind forking out a little more for a good product, but I'm not paying "corporate" or "enterprise" pricing for something I'm using at home).
7 Need to scan files when they hit the volume in real-time

I'm currently running F-Prot by Cyren and whilst it does everything I need it to, I've found their customer service to be lacking/non-existent. There was an issue renewing my previous subscription to which I logged a support case and never heard back. They've lost a customer.

1 Don't run real-time anti-virus on servers, run it report only. The last thing you'd want is the AV to take down the server.
2 You can buy your own hardware firewall, it won't help much though.
3 This excludes consumer grade AV products. Except perhaps MSE and Clamwin.
4 This also excludes most consumer grade AV products.
6 This excludes most corporate solutions. It excludes what you're looking for basically.
7 This excludes consumer grade again. (they are on execute only)

So... you're left with basically nothing. And that is all you need!
AV is the last line of defense against layer 8 errors, such as downloading malware from an obvious shady place on the internet.
AV does not protect you from the malware in tomorrow's e-mail, content rules do. Why on earth do people still allow *jpg.exe's as attachments?
AV does not protect you from the malicious link in the e-email/website, application policies and proper share rights management minimise the damage.
AV does not protect you from the zero-days in the browser, backups do.

Where I work we've paid a lots of money per user to an IT company for an anti-malware solution ^{(it starts with an F)}. We got hit 5 times last year. None of the 5 times did the expensive software do anything.
What did the expensive software do? Well, it found and removed the keygens for abandonwares. 

If you're on the internet, you're in a war zone. You might not be at the frontline, but the shrapnel and landmines are real.
You can get the best minesweeper, but it'll still get hit by a rogue shell.

[video]

Hello, you can also read this test:
https://www.av-comparatives.org/
i personelly use Avira
Good reading

[Electro Detective]

@ Jeroen3 quote

"...Where I work we've paid a lots of money per user to an IT company for an anti-malware solution (it starts with an F). We got hit 5 times last year. None of the 5 times did the expensive software do anything.
What did the expensive software do? Well, it found and removed the keygens for abandonwares.     "

Best giggle I've had all week, and so true!     

[VK3DRB]

Personally I don't like AV with auto-updates, real time scanning or anything which runs in the background.

What's the point in a sort of antivirus which cannot detect anything until it's too late? BTW you can disable real-time stuff in a decent antivirus.

Hasn't missed any malware or suspicious activity

What? there must be no any in the first place.

Excuse me, but please quote the entire sentence BEFORE you pass judgement on the comment

Again, in it's contextual entirety > "Hasn't missed any malware or suspicious activity yet that the big AV$ also reported on other PCs. "

Hasn't means HAS NOT,
i.e. it picked up on what was there, and what wasn't   

The sentence is question does little to convey a perfectly clear message to the reader. Hence why Hero999 may not have not quoted the full text.  Maybe the sentence should read "To my knowledge, the older light version of the anti-virus program has yet to miss detecting any malware or suspicious activity that has been detected on other PCs using expensive commercial anti-virus programs." I don't know what your use of the '>' symbol means. Is it some sort of arrow? Greater than? Maybe the colon is the correct symbol to use.

But it is a free world and you can write whatever you want. But don't have a shot at someone when he might have just misinterpreted what you were trying to say.

[Messtechniker]

Additionally, I would think about using a firewall to control outgoing traffic a bit.
Like "Windows 10 Firewall Control", for example. Despite its name it works with W7.
Most malware today wants to load its actual malware engine from an internet server.
And also needs an internet connection for further infections.

[Electro Detective]

Apologies to Hero999      it was member 'wraper' that quoted only a portion of my comment. 


I'll try to be a bit clearer and hopefully deguass any previous misunderstandings:

The older lite AV program mentioned earlier has not missed a beat for me,
all PCs on my watch have no malware and work like the day they were purchased and software installed,
you would almost believe they were running a lean distro Linux with an eye candy GUI. 

When there is no user activity the Task Manager reports CPU usage at 0%, all processors at bottom flatline, memory at startup idle, blah blah.

Any suspect files or attachments scanned have given the same positive or negative results when those same files are compared on other PCs with 'popular' AV program$$$ 

And as also mentioned earlier, I got off the AV merry go round years ago,    once I realised how the game works   

If billions swear by certain AV products, be they free, subscription or trialware, great.   


I have better things to blow my time and scarce money on, like stuff that actually works >  test gear, tools, good software with author support, bulk discount dunny paper etc
and not horse f@rt around with suspicious hyped betrayware come placebo anti-malware,
smart scripts that embed themselves in Windows and refuse to leave via the normal uninstall methods.
Been there, done that, learnt my lesson REAL GOOD. 

Windows 7, Mountain Lion/Mac and Linux are reasonably secure (if you don't fill them with bloatware, crakkks, p0rn toolbars and faux anti-malwares) and good for another 10 years of more imho, and cover most bases.

How much will 10 years of AV expenditure set you back if it's useless? 

[DimitriP]

Why on earth do people still allow *jpg.exe's as attachments?

Hiding extensions for known file types is the second dumb thing they did and the third dumb thing they did is to have it enabled by default.

[Karel]

Look at it from the bright side. AV is big business and provides a lot of jobs.
Also, it gives most people the nice feeling that their pc is protected.
That must be worth something.

[Electro Detective]

Look at it from the bright side. AV is big business and provides a lot of jobs.
Also, it gives most people the nice feeling that their pc is protected.
That must be worth something.

Bang! well put and 100% on the money (not sure if there's a pun there)   

The "nice feeling that their pc is protected  " went south for me once too many, created unpaid work, downtime, stress, unnecessary PC upgrades/purchases and more AV money pits.. so I looked into it thoroughly and conducted my own tests and comparisons. 

If you need some real PC security, it can done but you'll have to work at it, starting with a legit program with excellent email or phone support and a 24/7 user group come forum,
one that isn't manipulated by a multitude of faux members and moderators consisting of the software authors (or re-branders) and their guard dog trolls ready to pounce on anyone exposing any shortcomings in the product.

Most FREE or 'crack and gen' AV programs, anti-keyloggers, memory optimizers, registry cleaners and temp file nukers are THE biggest joke in computing.     
Most unloved PCs in pawn shops and Ebay going cheap, are filled to the brim with this scripted garbage targeting user login details, shopping and general surfing habits, and whatnot.

If you want that "nice feeling that their pc is protected  " you have to roll up the sleeves and always be on top of it,
AV programs are not really something you can simply buy or subscribe and install like Excel, Firefox or test gear software and just open and close when required.

They are serious ongoing homework if you need to keep out handballed malware and guard against idiot or unsuspecting user    browser and attachment clicks 

Or go the 2 PCs route, 1 strictly for programs and one for internet related stuff, to minimize risk and impact   

[Halcyon]

Or go the 2 PCs route, 1 strictly for programs and one for internet related stuff, to minimize risk and impact   

The problem with that is, once you start sharing USB drives or network the two, the "air gap" is bridged and you defeat the purpose. Plus it's just not feasible for regular users. I run two air-gapped networks at home but for testing/research purposes only. Never shall the two touch.