A Free Computer Security Lunch?
Some anti-virus vendors, that do not offer free virus program but only provide commercial anti-virus solutions, claim that free virus protection is not enough. Last year, I wrote a blog entitled “It Is Not Dangerous to Rely on Free Anti-Virus”, after reading a claim by Symantec that free AV is not enough. I’m sure many people who rely on paid anti-virus solutions will understand that it’s not about free or paid solutions, but the settings on the PC, the users’ actions while they surf, retrieve emails or download files, the support by AV vendors for their product (e.g. are the bugs being fixed, do they use advanced technology, etc), fast detection of new threats, and effective removal and detection. Also, if you look at several malware removal forums, you will find many Hijackthis or OTL logs that show that an infected computer actually uses a paid anti-virus program.
To help people understand the effectiveness of their preferred free anti-virus program, I decided to put the Top 10 free anti-virus programs to the test. What you’ll see here is not a feature comparison, but a test to see if the free anti-virus solutions will detect more than 95% of malware samples and measure how fast the detection works. Note that this is not the usual “number game” comparison on detections, but whether any malware samples that are not detected are executed. If a free virus protection program failed to detect 10 malware samples, those non-detected samples will be run to determine if the free AV will trigger an alert, block and prevent the infection. However, if the free real-time protection failed to detect at least 25 malware programs, it is considered below the 95% protection level.
Ten Free Antivirus Programs and 380 Malware Samples
The following free virus protection programs with real-time protection are tested and compared on detectection and infection prevention from any or all of 380 malware samples. It is recommended that you check the reviews on each linked free virus protection program to get an overview on the features and performance of a particular anti-virus solution. I’ll only provide brief information about each product together with what to expect when using the antivirus solution.
- Avast! 5
- AVG Free
- AntiVir 10
- ClamAV for Windows
- Immunet Protect
- Microsoft Security Essentials
- Panda Cloud Antivirus
- PC Tools Antivirus Free
Note that you’ll only see detection and prevention testing results and not the removal of any threats. The images below this section are the unique malware samples used in this detection and prevention test on free virus protection solutions. Each malware files’ MD5 hash signature is presented. There’s 249 executables, 91 files in zip format and 40 various malware files. All malware samples are flagged by several anti-virus programs (free or paid solutions). The samples contain adware, Trojans, worms, viruses, spyware, potentially unwanted programs, rootkits and other type of malware. Examples of these threats are Sality worm, Rustock rootkit, Fake AV, Koobface worm, Vundo trojans and many more.
380 Malware Samples and its MD5 Signature
Ad-Aware and Avast: The Best Free Virus Protection?
In this section, we’ll see how Ad-Aware, Avast and AVG perform in detecting and hopefully preventing a computer from being infected.
Ad-Aware Internet Security Free provides free anti-virus and anti-malware protection. The installer is bundled with the Google Chrome installer, which is optional and not required to continue using Ad-Aware’s protection. A computer restart is required prior to using the anti-virus solution. Daily detection updates are provided free-of-charge.
Detection result: 365 out of 380 malware, leaving the PC vulnerable to 15 malware samples.
Prevention performance: 4 out of 15 executed malware programs were prevented by its Ad-Watch Live module, leaving the computer infected from 11 threats. Note that 2 out of the 4 prevented malware were able to install a rogue program (PC Defender and Malware Professional). Ad-Watch succeeds though in preventing the rogue programs from auto-starting in Windows. The scanner by Ad-Aware will run to clean the computer.
Avast Free Antivirus offers free real-time protection against viruses and malware. The program requires Adobe Flash Player to view the statistics, which is the very first anti-virus that I met that requires this. Avast also requires Microsoft Visual C++ 2008 Redistributable, and if it’s not installed, the installer with Avast will automatically provide it. Like Ad-Aware by Lavasoft, the Avast setup file is bundled with Google Chrome browser, again, it is not required to enjoy the free virus protection from Alwil. A boot-time scan, an e-mail scanner and the useful network shield are the key features from Avast.
Detection result: 371 out of 380 malware, leaving the computer at risk against 9 malware samples.
Prevention performance: 1 out of 9 executed malware was blocked by Avast! real-time shields, which leaves the PC infected from 8 malware samples.
AVG Free and AntiVir Personal: Free Real-time Protection for Windows
AVG Free also provides protection against malware and viruses. It also includes AVG LinkScanner to block malicious and phishing websites when searching or browsing the Internet. The installer is bundled with a customized AVG Security toolbar, powered by Yahoo. The toolbar is not required, so don’t allow the installation if you would rather use only the AV protection. Note that a nag window is often displayed to promote the paid solutions from AVG Technologies.
- Detection result: 358 out of 380 malware which left the PC in vulnerable state against 22 malware samples.
- Prevention performance: Unfortunately, AVG did not prevent nor block any of the 22 malware samples, which means the PC is highly infected.
Avira AntiVir Personal, also known as AntiVir Desktop protection, provides a secure start mode to help remove malware, before the Windows logon. The program does not have an e-mail scanner because it depends on Avira Guard, the real-time module to find malicious activity on a hard-disk. Updating the free AV by Avira will display an AntiVir Notifier which you can moderate by changing the startup item and creating a policy using a group policy object in Windows. The installer is not bundled with third-party software, which is good for consumers since they don’t have to deal with unwanted or unnecessary programs.
Detection result: 368 out of 380 malware, leaving the PC vulnerable against 12 malware samples.
Prevention performance: 1 out of 12 executed malware was prevented by Avira AntiVir, which leaves the PC infected from 11 threats.
ClamAV for Windows and Comodo AV: Free Real-time Protection
ClamAV for Windows and Comodo AV are free anti-virus programs with free real-time protection against spyware, viruses and other types of malware. Find out how these programs will handle the 380 malware samples. Hopefully these free virus protection programs can detect the malware or at least prevent it from running.
ClamAV for Windows - The free edition of ClamAV for Windows is limited to only detect some infectable files. Malware inside archives is not going to be handled by ClamAV unless you pay for it. ClamAV for Windows is using Immunet Protect cloud-based interface and detections. The installer for ClamAV comes with customized Ask.com Immunet toolbar, which is not pre-checked and not required to use the protection offered by ClamAV.
- Detection result: 226 out of 380 malware, leaving the PC at risk against 154 malware samples.
- Prevention performance: Because it was a guideline for effective free virus protection and a rule for this test, I’ll again mention that an anti-virus that failed to detect more than 25 malware samples will not receive further testing. The free edition of ClamAV simply lacks proper protection since the 91 zipped were ignored due to its limitation and it did not detect another 63 malware samples.
Comodo Antivirus - One of the new kid on the block for free virus protection for Windows is Comodo AV. The program highlights Defense+ and Sandbox technology, in addition to protection against malware and viruses using traditional and in-the-cloud detections. A computer restart is required to finish the installation.
- Detection result: 361 out of 380 malware, leaving the computer vulnerable against 19 malware samples.
- Prevention performance: 0 out of 19 malware programs were detected when the remaining malware were executed. Comodo allowed the installation of 19 malware samples and it actually failed to protect itself and the system from a shutdown process by PC Defender, a rogue program. Note that the sandbox feature is disabled at the time the remaining malware samples were executed. This is to allow the malware to do what it has to in the non-virtual system. Virus detection does not require sandbox technology. Defense+ is configured to allow execution of the malware samples, since it is not used for virus detection but only asks the user whether to allow or not allow a file to run. What we need to know is if the anti-virus program blocks or prevents the execution or installation of what it finds as malware.
Immunet Protect and Microsoft Security Essentials
Immunet Protect - Readers should not use this program for virus defense without the help of another anti-virus program. The vendor of Immunet is advising people to use Immunet together with another anti-virus solution, but there are end-users who continue to use only Immunet for their free virus protection. The detection and performance of Immunet is exactly the same as that from ClamAV so kindly refer to the result of ClamAV for Windows. Note that the installer of Immunet is also bundled with the Ask.com toolbar, which is not required and is not pre-checked.
Microsoft Security Essentials - The highly rated anti-virus program by Microsoft has gained popularity in several forums. The program does not include an e-mail scanner but it will scan downloaded e-mail attachments for Microsoft Outook and other e-mail clients. A genuine copy of Windows is required before you can install Microsoft Security Essentials. It means you cannot install the free anti-virus program from Microsoft if you fail the Windows Genuine Advantage validation process.
Detection result: 361 out of 380 malware, which leaves the PC at risk from 19 malware programs.
Prevention performance: 1 out of 19 malware executable was prevented, leaving the PC infected from 18 malware samples.
Panda Cloud AV and PC Tools AntiVirus Free
Two more anti-virus solutions to check are from Panda Software and PC Tools. Both provide free, but limited, malware protection.
Panda Cloud AV - Panda Software offers virus protection in-the-cloud, instead of the traditional anti-virus solution. The setup file of Panda Cloud AV is bundled with the customized Panda Security toolbar.
Detection result: 355 out of 380 malware samples, leaving Windows at risk against 25 malware samples. Note that the cloud detection is slow. I also had to re-scan and restart often before Panda succeeded in detecting the malware samples. It also detected 7 malware files that it couldn’t neutralize. The program recommended restarting the computer to handle the non-neutralized malware, but it failed to quarantine the files.
Prevention performance: 1 of out 25 executed malware was prevented by Panda Cloud AV. We ended up with a highly infected computer due to slow detection by Panda Cloud AV.
PC Tools Antivirus Free - A limited edition of PC Tools Antivirus provides free real-time protection against Trojans, viruses, worms, spyware and other types of malware. Like Avast and Ad-Aware, the setup file of PC Tools is bundled with Google Chrome browser installer. The program will install PC Tools Search Defender, a search assistant for Internet Explorer which uses the Ask.com web search service. The URL that PC Tools is using to send the searches is www.search-results.com. A nag window is displayed when using PC Tools and the bad part of this is that you cannot close nor hide the nag window. PC Tools Antivirus Free offers e-mail guard to scan the incoming and outgoing messages using any e-mail program. It also provides a free File Guard that you can configure for monitoring malicious files or processes.
Detection result: 370 out of 380 malware samples were detected by PC Tools, leaving the PC at risk against 10 malware programs.
Prevention performance: 3 out of 10 executed malware files were prevented, leaving the PC infected with only 7 malware programs.
Quite a number of security vendors are offering free virus protection which end-users can rely on for protecting Windows and their data. Avast, AntiVir, Comodo, Ad-Aware, PC Tools and Microsoft Security Essentials provide over 95% of protection. Based on the real-time detection and prevention of these programs, below is the protection percentage to expect:
- PC Tools Antivirus Free - 98.5% protection in real-time.
- Avast - Provides 98% protection.
- AntiVir and Ad-Aware - Both will provide up to 97% of protection.
- Microsoft Security Essentials and Comodo Antivirus - Offer up to 95% real-time protection.
- AVG and Panda Cloud AV - Expect 94% of protection
ClamAV and Immunet needs some work by their malware research team, for only providing 59.5% protection. Ignoring archived files that are malicious is simply unacceptable for a free AV solution. We all know that malware spreads through SPAM, and often the attachments are distributed in zipped or .rar file formats. The 59.5% protection by Immunet and ClamAV antivirus programs is not what you should use on any computer that you can’t afford to lose.
Behavior and cloud-based protections can help, but it’s not going to beat the fast detection and prevention offered by traditional anti-virus solutions. Putting all these technologies into one anti-virus solution is better than relying on cloud-based technology alone.