Saturday, June 23, 2012

Antivirus protection (some are free)

In a previous article, I mentioned that a better practice is to run an antivirus on each computer. But what is an antivirus?

This is an application that will scan your disks and check the objects against a list of known bad signatures. This latter is a sequence of bytes indicative of a certain strain of malware. Depending on the product, it may also scan these files and objects as they are moved in and out of the memory, from example copied from the network or from a website. Certain have additional protections, such as detecting known attacks coming from the network or trying to exploit bugs in products such as Internet Explorer or Adobe Acrobat.

The fact is, the antivirus is as smart as its database: something new will not be detected by a pure comparison. That is why certain commercial products have a "heuristic" scan: they will detect patterns that are a possible indication of a malware, but without doing an exact comparison with a database. In a number of cases, there will be false positives, or non malware pieces of code flagged as potentially nefarious.

Another fact to keep in mind is the size of the database. Even if there are very fast algorithms to perform searches and comparisons, the fact rests that the larger the number of signatures, the slower the scan. This may be particularly true and sensitive during real-time scanning.

A few criteria to chose an Antivirus solution:

The number of signatures present in the database - the more signatures, the more viruses detected, but at the same time, the slower the scan;

The frequency at which new signatures are made available - how many times per month/week/day are new signatures released? Are they released on a schedule or when ready?

How does the vendor follow the discovery of new malwares? - What is the average period between discovery and availability of a signature? Does the vendor have its own malware lab?

What are the features of the Antivirus solution? - besides scanning files at rest (called on-demand scanning), does the solution provide in-memory scanning? Activity scanning? Does it protect against network attacks?

What is the cost of the solution? - No explanation needed, does the solution cost something? If it does, what are the benefits? Is it a one-time fee or an annual subscription?

A few free solutions:

Some opensource and free solutions exist. In addition, some vendors have free versions for personal use, or for a use limited in time, such as scanning a computer.

ClamAV:

This is a very good, opensource solution. For Windows, ImmuNet is available which runs the ClamAV engine. Initially, ClamAV was designed as an antivirus for e-mail gateways.

BitDefender, free version:

Although BitDefender is a commercial product, there is a free version which includes only the on-demand scanning.

F-Prot, Free for 30 days:

This is the full version, but with a limit of 30 days. After that, you have to either uninstall it or take a subscription.


There are plenty of other solutions to be found on the Internet. One word of caution though: beware of some fake antivirus, which are actually malware designed to scare you into installing it.

Happy Surfing!