a companion discussion area for blog.codinghorror.com

Choosing Anti-Anti-Virus Software


Obviously you havent tested it, or you are using a P100 with 128M ram.


Great, great great. Now, will SOMEONE tell us how to copy user profiles from admin accounts to standard user accounts? Easily? Aaaaagh! Must I really reconfigure everything in a new standard account manually? Why isn’t this info easy to find? Gracias, gracias.


Re: AV. I’ve used F-Prot AV since before Windows, and have only had one infection in that time. It is reasonably quick to scan, doesn’t seem to slow down the machines much, and has a light install footprint (~8.65MB). But I never see it listed in comparisons such as this. Why? We are forced to use McAfee v8.5i or higher at work.

Re: Anti-Spyware. Anyone using CounterSpy Enterprise? I’m evaluating it at work as I have several users that can’t seem to help from getting infected on a semi-frequent basis. Personally, I had a bad experience with SpySweeper, though my boss (and his boss) swear by it. I’ve been using the free version of Ad-Aware (I know, I know) which seems pretty capable, though it’s a hassle that it can’t run automatically.

Re: Vista. We have one Vista machine in our office, and I’ve been asked to “upgrade” two more machines, although I’m dreading it. From a sysadmin POV, Vista, IMHO, SUCKS. And I don’t even have to use it every day. Can someone please explain why the default network view shows only the machine itself and not the network? And to get the full network view, I have to filter “workgroup” for the names of my domain?


so I am really confused - hate my Mcafee that came with Vista computer - I have a lynksys router - do I not need a firewall software - and am I to assume that by creating a non admin account as my user that I am safe?



It is worth taking note, these test results can be slightly misleading, it is not comparing like with like, Norton Internet Security is a whole suit of protection including antivirus, firewall anti spam etc, so it is bound to slow your computer down a lot more than a stand alone firewall like zone alarm or a stand alone antivirus like trend.
This test was done by PC Spy Sept 2006 It would be interesting to see a repeat test with the latest versions of those anti malware programs with the inclusion of, AVG Pro, Kaspersky, Esafe, and the new Vista Firewall.


I did not use AV or anti-spyware programs for a long time (XP pro), then my wife’s computer became infected with a hijacker and two different viruses … I cleaned them out and a month later it happened again (same malware). At that time I loaded up the Internet Security and Webroot Spy Sweeper and put them on auto pilot. It took a couple of months for her to stop complaining about how slow her computer was but I have not had to wotk on it since then.
The internet security and the spy sweeper certainly affect performance of the computer but they also have kept it virus and hijacker free.


The use of VMWare virtual machines can provide a secure system if the virtual disc does not access discs on the system where it resides and if the virtual disc where the operating system resides is non-persistent. You can be completely trashed with viruses on a non-persistent disc and once you reboot the virtual system disc is back like new with no changes made. Additionally, updates can be applied to the virtual disc by changing the disc to persistent, install updates, shutdown, change disc to non-persistent, and reboot. A secure solution with no need for virus scanning running is to run your OS behind a fire-walled router and use a backup scheme as stated by the author. I believe that evert major website does uses this solution and can totally recover from attacks quite rapidly.


Why not start making some killer appliations that will not run under administration privs?

Lets make the users beg for less priv accounts. :wink:


Yes, I like the article. I like virtualization as well so I can simply use all the programs I use without rebooting. When running a virtual Windows I agree with no AV, since I just create a clean version when needed (which is never).
Ok, I’m not an expert but, I’m not against AV Spyware tools.
On windows machines I use Avast without a schedule. I’ll just let it scan my complete system once in a while when my computer is idle. I use Ad-aware once every month. Sygate personal Firewall which does a very nice job by blocking everything except the once I allow. And I use Cache Cleaner once in a month to get rid of all the crap which was filling my registries. Those 4 programs aren’t really demanding at all.
I have 4 PCs and I have not reinstalled 2 of them in 3 years. The other ones are a bit newer which I use for gaming and I really don’t have any problems with the boot time / slow performance.
I agree that Norton is a nono, but Avast you hardly notice.
IMO it’s just a matter of the right tools to get the job done. So (imaginairy) safety and clean computers and backups of your files and images of your OSs.
With my new laptop (in a few weeks) I’m planning on setting it up like this.
Dual Boot: a. for work and study + b. for gaming
a. Ubuntu 7.10 (64 bit) - Virtual Box - WinXP (32 bit)
b. Vista (64 bit)
I don’t think I need any AV, but I still like to check once in a while if I can’t harm other networks with my computer. So I’ll still be searching for some compatible free (not much performance demanding) virus, spyware, cache removal tools for social reasons.
Just a matter of taste I guess, like always :wink:


Many of your comments are true and justified, personally i prefer and would recommend Trend Micro antivirus products, although there “home” version PC-Cillin is a bit like a Norton Anti-crap that does do everything (f/w, email, phishing file AV etc) but it is a good compromise if you want an “internet security suite”.

If you have trend officescan at the office (corporate version) install this, has almost all the same features without the glitter.

But where i disagree is that with vista AV is a must, if you look at the list at the top of the page Windows defender takes up basically no resources (this is a least the case on my system), is free and no doubt stable as it is built into the operating system (touch wood).

Yes…this is not AV and is not that good at picking up anything really, but if you change the setting to join Microsoft Spynet with an “advanced membership” it will basically notify you of any changes to your system, also providing feedback from the millions of other users who are feeding the info on there selections back to Microsoft.

Although the feedback you get on if you should allow or disallow a change to take place so far in my experience it is fairly obvious if you are installing adobe reader and Windows Defender asks you to approve for example a startup entry for Adobe and you want the is feature it is safe.

The key point, i have been using vista for years with NO AV, just Defender with advanced spynet membership. IT notifies me when changes are been made to my system before they are allowed (note this does not encompass all changes, but the vast majority of changes likely to be malicious, i.e. start-up entries) and have not had ZERO virus.

I occasionally go to www.trendmicro.com and run house call (free online scan) and have not yet had a single virus detected using vista and the above configuration.

Obviously part of maintaining security is keeping windows itself secure, this involves updating windows (which i think is pretty easy and well known), having Windows Firewall enabled and setup appropriately. But also disabling and or uninstalling software and services that are not required. This last step might be a little tricky for the average user, but there is always Google.

If anyone wants a comprehensive list on what to disable and or enable for Vista services email me at todd.parker@live.com.au and i will send you through some info.



Good god… I’m studying abroad in China, and the virus I just got here was pretty bad. I use a print station in my program’s office, bringing my USB disk on over, plug, print, and walk out. There was a virus waiting for me last time that jumped onto my USB in a hidden file (stupid me, I forgot the office probably doesn’t have the ‘see hidden files’ option enabled) and then put itself onto my computer as soon as I plugged it in. Symantec caught two Trojans in a scan, then rolled over and died as something in a virus it didn’t detect made it impossible to run. What’s worse, whenever I tried downloading new antivirus software, more than half the time it redirected me to a download from a different site (probably a good ol’ batch of viruses).

The only thing that worked? A backup of my system. Virus software did nothing. I totally agree with the guy who said Anti-Virus software isn’t worth it. Virus makers will always be a step ahead of the Virus protectors, so no matter how good it is, you can always get infected. Not worth it to get slowed down so much. Now I keep 2-3 backups, one made every week. And after reading all this, I don’t do things as an admin anymore :P.


While true for computer users in the know which are about 1% of people out there with a PC the rest of the users will need AV and security because they are “dumb” enough to click or something and not patch their system every day.

Vista is the way forward unfortunatly (or unix)…

10 000 or so strong botnets currently FORCED M$ to go the Vista way.


I go for the anti-virus free + backup solution myself.

Previously I got infected even when I was running antivirus, so for me it is just not worth the performance hit.


One reason that I’m not so worried on my Linux machine is that all of the pieces of software are separate, small pieces, and they all get updated regularly. It’s the regular updates that keep me safe, so I don’t ever worry about virus scanners. I would only rarely have to reboot, if I was of a mind to keep my computer running all the time.

On top of that, pretty much nobody runs as root in the Linux world.

The only real danger is that somebody might brute-force your root password via SSH, and then rootkit your machine. I handle that by turning off access to SSH at the router level, but leaving open the remote admin interface of my router so that I can turn it back on again when I need it.



I’m late to this one, but how on earth does UAC slow down system performance? You can say you don’t like it all you like, but you’ve included it in a list of things that improve performance when it makes no difference, unless you consider “the time it takes me to click the occasional message box” a performance factor.


Those who know what they’re doing don’t run AV (or if they lurk around dodgy areas of the net they use the lightweight ones like NOD32 or Kaspersky), those who don’t know what they’re doing usually have a friend who sets them up with a lightweight one for their own benefit.
Best recent giggle was when a Sky technician came around and didn’t notice the NOD32 installation I put on a friends’ XP Home PC (anything naughty is just silently dealt with, why bother them with scary red-bordered dialog boxes?), assumed there was no anti-virus at all and tried to get them to go for Norton Anti-Performance. Fortunately they said they’d get back to him…


Your “Percent Slower” chart does not list the number of threats protected against. I would like to know if the slower packages are protecting users against a larger set of threats. Then, I could decide if the performance decrease is worth the potential benefit.


If no antivirus solution will cover all virus, malware, and fraudware, then why bother installing any of them? I am surely not going to install all of them.

I will take my chances without rather than suffer through endless boot up times, shutdown times, and system freezes and crashes. I haven’t run antivirus for six years now, and haven’t had a single infection (win xp, firewall on) on my systems.

The reason I feel this way about it is I have recently repaired a friends virus infected computer that was running up to date Norton AV 2007. The antivirus did not “see” the virus “smitfraud” and what a complete annoyance that was. So not only did my friend have to suffer through slow boot times, “capp” errors, and the like, NAV didn’t stop the virus from infecting her computer!


After reading all this info, I decided to run my PC w/o admin privileges and removed Norton A/V 2008. I couldn’t tolerate the slow booting times and all the impact on my system performance even thought I do have a Quad CPU w/ 240 MHZ each and 2 G of Ram. I have made a backup of all my important files and documents and will take the risk.

I truly thank all of you for exposing your very valuable arguments here. It definitely helped me with my current situation.




I’m going to call you out here. You attack Virus Scanners, saying they are bad because:

  1. Takes longer to boot
  2. Uses up lots of CPU
  3. Slow down disk access

THen you claim that Virual Machines are the answer. Fuck! Virtual machines run like dogs and are much worse than virus scanners. You have to wait for 2 operating systems to boot. 100% increase in boot time at best? 2 operating systems in memory = twice the memory (unless we compress the inner one, in which case +1 for the CPU usage) and bad disk IO performance because the child OS thinks it has sole access to the disk when it doesn’t.

Seriously dude is the situation so bad we need throw away virtual machines? Because we’re on the brink of collapse if that’s the case. Why the fuck are operating systems so delicate? Why can’t we have some sort of transaction system update feature which includes a state backup to an 8GB USB keypen? After said update the OS software (on a separate disk from your documents) is mounted read-only until you update it again? You need version control for your documents and that is all things covered in my eyes. Why go to the extreme? Your recommended solution is complete overkill…wouldn’t you agree?