a companion discussion area for blog.codinghorror.com

Choosing Anti-Anti-Virus Software


Hi Jeff:
You mention in “The Power of Defaults”:
"For most users, the default value is the only value. Your choice of default values will have a profound impact on how your application is used."
That’s why your friends don’t turn off all the new security features in Vista.
Vista IS slower than XP “BY DEFAULT”…
Evidently XP doesn’t include ANY security software. That’s “the reason” for the lack of performance in Vista. Well, that AND all the D.R.M. crap (it IS).
Why there is no Kaspersky on the benchmark? Its by far the best anti virus I had used (I’d use ALL of the mentioned above).
Great article as usual.



I agree. I’ve been saying for a long time to many of my associates - if you’re a sensible enough person, if you can recognise some of the (not very subtle) signs of a potential virus, etc, and if you run on a standard user account, and not as an administrator, you’re fine.

At least, you’re fine enough.

I’m happy to sacrifice my largely imagined protection from viruses that I get with virus software and subscriptions for speed. You know, speed. The thing that lets you use your computer and get work done.


The day will come when someone produces the necessary analytics software for the masses. It will be Task Manager on steroids. It will be the sunlight we need.

It will tell you what activities – services, apps, etc – are consuming disk, CPU, bandwidth

It will combine strong knowledge of what the governing process is. Right now if I want to know what AluSchedulerSvc.exe is, I have to Google it. But this app will know, and it will know that these 5 other services and this running process actually all run for the benefit of this app (Norton LiveUpdate, the pig), and it will be able to tell the user that.

Maybe it’s already written; if so I’d love to know about it.

But when it goes mass-market, the cost of anti-virus, and the cost of too many other poorly written memory-resident apps, will hit everyone’s radar screen.


I’m have about 6 Windows installations as Parallels images. If I install something, I create a copy before and after the installation. If something goes wrong, I just go back to whenever stuff was still working.


I think it totally depends on what you do with your computer, when I was back in University and had no money I had to download certain “tools” from untrusted sources (or do without). I recently switched to AVG because I was sick of all the extra crap that Norton tries to do and it found some viruses in those old archived files that Norton has missed for years.
Now that I’ve been out in the work force for a few years if I need something I buy it from a trusted source so I don’t have as high a risk anymore but working as a software developer I regularly need access to areas and files on my system that would be restricted to a “Power User”.


Hey, dunno if youve probbably already all seen this, but i find it holarious

’How to install Vista’


On a slightly unrelated note, I wanted to try out Vista on my main desktop machine but it turns out that my Motherboard manufacturer is behind on getting those drivers out. I would think that DFI would be a little faster since it caters to the DIY market of PC Geeks (DFI LanParty NF4 SLI-DR).
I’m also running RAID 0 (and I know the risks which is why I have a rigorous back up routine between internal hard drives, my two other computers and two external hard drives) and I couldn’t find drivers for Vista for that either (it didn’t like the ones on the floppy that came with the drives and of course no help from DFI either).


I couldn’t agree more. I have been running as a Limited User on XP for years without any antivirus software and I couldn’t be happier. I simply scan my computer with an online virus scanner every couple of weeks. The one thing I will say is that you really should have antivirus software that simply scans emails. My biggest fear is that I will get a virus in an email and pass it along to someone else (even though it doesn’t harm my computer). I can’t afford to have that happen when I have clients counting on me. So you don’t need full blown antivirus protection all the time. Just email protection.

I also couldn’t agree more on the idea that Microsoft has really blown it with Vista. They needed to FORCE people to run as standard users. The time has come to educate the masses. Instead, even so-called “computer experts” aren’t getting the message. How many times have you read articles by “experts” claiming that UAC is worthless because users will just learn to click “ok” and ignore it? Well this tells you that they are obviously still running as administrators because if you are running as a standard user you have to enter your username AND password. Not just click OK. So it just shows that Microsoft is obviously not doing enough.

Here are some thoughts on what could have been done.

  1. Force the user to create an admin AND a standard user account during install. Give ample information as to what each account is for.

  2. Do NOT show admin accounts on the login screen. Instead, have a link that takes you to a separate page called “Admin Accounts”. On that page put a big warning about what those accounts are used for. Only standard accounts show on the login page by default.

  3. When you log in with an admin account, pop up a big warning message that must be cleared EACH time (no checkbox saying “don’t show this message again”). Inform the user that the account is only for administering the computer.

  4. Allow all of these settings to be overriden using group policy so that people installing servers/appliances or who REALLY know what they are doing can use the computer the way they want too.

Until Microsoft FORCES its users to run in a safe manner we simply won’t be able to get rid of things like UAC for administrators.

As a side note, UAC is great for standard users. It is the feature that makes running as a standard user so painless. I just wish that you could turn off UAC on a per user basis. I would turn it off for the Admin account (which I rarely have to log in to) and turn it on for the standard user accounts.

Finally… "But shouldn’t new operating systems perform better than old ones? " implies that Vista should be faster than DOS. Hmmm…


Real-time antivirus software on client machines is for the birds.

Antivirus software on mail servers is essential. Even if you read your mail on Linux, you can be overwhelmed with the bulk of computer viruses during a virus crisis. The world hasn’t had a serious virus outbreak for the last few years, but back in the age of MYDOOM and NETSKY, I had addresses that would get upwards of 50,000 messages a day.

I do like Windows Defender. I’ve found that most Windows machines in real life do have several kinds of malware on them, and Windows Defender does do a good job of removing them.

Windows XP made a good deal of progress towards making it possible to work as a non-admin user. It’s sad that Microsoft didn’t bite the bullet and move closer to the Unix model.

Alas: Microsoft copied the idea of symbolic links from Unix, which could have been a great boon to Windows administrators everywhere. Unfortunately, the user-space in Windows can’t cope with them – deleting a symbolic link from Windows Explorer or with the DEL command deletes the original file.

Microsoft seems to be as bad as copying ideas from the Unix world as the Unix world is at copying ideas from Microsoft.


I seem to have gotten a lot better performance using Symantec Antivirus (the SMB version). It provides significant control over the real-time scanning and lets me push out common settings to all machines. I turn scanning off for my development and VM partitions to improve performance and limit all real-time scanning to “scan on create” so every file read is not scanned. Email is scanned in and out so I feel pretty good that I’ve got the borders protected. It does do a memory scan on boot which definitely extends boot time, but that can be turned off. I let it run a full scan weekly, but even when I do use the computer then its not really that bad. (This may be hardware to - dual core, 10k drive.) So far the price and renewal of a 5 machine license has seemed reasonable.


Egads! No anti-virus software? No anti-spyware software? And you rationaize that by saying you’ll just tear off a new sheet of paper towel and start fresh? Well, great. Without that software, how are you going to know your hands are dirty and you need a new piece of paper towel? You’ll have to observe some change in system behavior. What happens if that “change” is your bank accounts are empty because somehow you got a keystroke logger on your system yesterday just before visiting your bank? What if the “change” is that your customers start calling up asking why THEIR bank accounts are empty after installing your freshly compiled and shipped software which contains the same keystroke logger?

You’ve got to have some kind of software to notify you of bad behavior caused by malware as soon as it manifests. My personal preference is for software that notifies me of malware as it enters the system. Right now, I’m using OneCare on Vista. Unlike most of those other pieces of software you mentioned, OneCare doesn’t scan stuff as it enters the system. It either waits for the malware to activate, or it waits for its system-wide tune-up. Then it catches the bad stuff. I don’t quite like that method, but it’s acceptable. And, it sure beats eye-balling your system behavior as a metric of infection.


I’ve never run any anti-virus software

Dude, I’m glad I’m not the only one :-}. I mentioned in passing that I’ve never run AV software while I was talking to a Security MVP at a conference and I swear to god the guy started screaming at me at the top of his lungs going on about rootkits and trojans.

Like you I’ve never had a problem that would have been solved by AV software. Yeah, I’ve had IE eat s*it once in my 20 years of PC use, but I hardly call that worth a reason. I hate AV software with a passion - besides the tremendous performance drain it often mysteriously can screw up all sorts of other applications by deleting files on the fly, blocking ports even when configured not to. I have customers whom I support and good 50% of the weird problems reported are due to malbehaved AV software.

Hey, it runs in American Society. It’s the American way of life to be paranoid and fear the walls of your own home. After all Big Brother is watching, n’est pas? The more paranoid we ‘feel’ the more money the security vendors make. Remember Norton Utilities? Whatever happened to the tools stuff they made? They figured out there’s way more money in paranoia…


Dave A.: I think you are jumping the gun a bit.

#1: Use of a good firewall (I use Tiny Firewall) will tell you when a program runs that doesn’t have a hash it recogizes, and will ask you if you want to run it and if you want to trust it.

#2: If you get infected with a program that steals account information like that, chances are its cutting edge and won’t be detected by antispy/mal/virus anyways.

The important bit is that you don’t let programs freely access the internet. The most secure way IMO is deny all/allow some, not the other way around.

My setup uses tiny firewall (which i think got bought out, lame.), sysinternals process explorer and tcpview, firefox w/ adblockplus, and gmail. I just don’t get viruses or malware.


But shouldn’t new operating systems perform better than old ones?

Has that ever been the case? At best, any performance improvements offset slowness added by new features.

I’ve never run any anti-virus software.

I’ve only just started running AV at home - and only to protect myself from my company’s virus infected network when I VPN in. :wink:


I’ve been saying this very thing about anti-virus software for years and am in total agreeance with Dan’s post. I also use an older version of Tiny Firewall (before it got bought out and spammed up), block all access and set exceptions where needed. I run a basic anti-virus check online at McAfee once every six-months, use Ad-Aware once a month and in all my years in front of a Windows computer have not ever caught a single virus.

The worst thing is, convincing people that Norton and the like is not a good idea and it actually massively degrades your machines performance and is an absolute nightmare to configure and uninstall (like AOL in fact).


Here’s my two cents. I’m sick and tired of everyone trying to tell Micro$oft what to do. People need to realize that these products are not designed and released specifically for “you”. Microsoft has to cater to billions of people around the world, and that means that they have to find a common ground for every feature of their OS. If you don’t like what their doing, or specific features they’ve included, find another operating system (there are plenty to choose from). Security vulnerabilities exist in every OS and they always will. Microsoft controls the majority of the user market; which is the reason they are targeted more often.

It’s not up to Microsoft to force a user to do anything. Just like it’s not up to anyone else to tell me not to smoke, or to tell the fat guy over there to not have that second doughnut. Don’t get me wrong, I am in now way condoning what they’ve done with their new OS; in fact, the thing that irritates me the most is Microsoft telling me what my computer can, and cannot, do. You want a safer computer, then setup a non-admin account yourself, but don’t force me to use a user account that is useless to me. Let me decide how I want to run my computer. And if anyone want to argue that the average user doesn’t know anything about security, well then it’s time they become proactive and do some research. What are they gonna do if they get a flat tire out in the middle of nowhere and can’t get a signal on their cell phone. They better learn how to change a flat real quick. Quit being lazy and expecting people to do things for you. Google isn’t that hard to use, so use it. You don’t want a virus or spyware, then don’t open that email that claims to have nudey pictures of Brittney Spears, and don’t click on that porn ad.

As far as anti-virus software goes, of course you’re going to take a performance hit. If you think you’re safe just because you can use system restore to recover those corrupt system files. Think again. Some viruses are capable of corrupting file contained in the system restore folders. It may not have happened the last time, or today, or tomorrow, but it will one day. Think one AV software is better than the other, well then your wrong again. Different AV software may detect viruses that other won’t, and vice versa. No one AV software will ALWAYS detect everything, no matter what they may claim. Sure one may run faster than the other, and detect more viruses more often than another, but there will always be that one time when one virus is left dangling in your system32 folder. If you don’t want to run AV software well then that’s fine too, but don’t think that you’re not vulnerable to losing everything on your computer because you run an online virus scan once every couple of weeks. Who are you to tell Joe Blow over there that he doesn’t need to run AV software, because you don’t know what his surfing habits are. And if you’re using a separate backup, well then kudos to you because you’re in the small percentage that do.

To the System Administrators out there, if you don’t have some sort of virus protection on your network because “it slows thing down”, then I must tell you that you’re a fool. People can flame me all they want, but it only takes one idiot to open that email from the hacker in Thailand and you may never see daylight again because your too busy trying to remove the viruses from every computer in the office. Don’t want to run AV on the computers themselves, then put it on the router separating your LAN from the rest of the world, but have something or you’re just asking for it.

Well my venting is over, let the flaming begin!!!


(I like the name. Sometimes quote-success-unquote is truly Worse Than Failure - with failure you have to do it over again better. With “success” you have to live with all the problems, because why would the company spend time fixing something that works?)

Very informative discussion - I think I need to tweak some settings when I get home…


looks at post
looks at Firefox tabs
reaches for more coffee
Apologies to all.


And why, after reading the investigation results, did you only comment on the Norton Internet Security 2006 row?

From your table, my conclusion is:
Perfect! I’ll just use AVG Free, which does a good job with minimum performance issues.

Why risk a system restore, when a decent antivirus can scan my mail and system files without hogging the system?


Bro, you forgot about Kaspersky. Its by far the best right now. Runs only 1 process and the detection % is quite high. Ask CNET they reviewed it and its “By Far”