Jump to content

Why free AntiVirus is better than no AV and worse than paid AV


Batu69

Recommended Posts

This article will detail the differences between free AntiVirus and paid AntiVirus. AntiVirus is used to protect from all kind of threats (commonly referred to as malware), but the greatest risk to home users are ransomware and banking trojans.

 

Before diving into the details, allow me to summarise my views on AV:

  1. Free AV is better than no AV
  2. Paid AV is usually (but not always) better than Free AV

image2.jpg

Issues with free AntiVirus Software

Although free Antivirus has the advantage of zero cost, there are some downsides when it comes to free stuff. The most popular free AV products are Microsoft Defender, Avast Antivirus, Panda Antivirus, Bitdefender Antivirus.

Lack of features

Almost all free Antivirus lacks advanced features implemented in the paid full versions. Some of these features might not be useful for the average user, but others might.

 

Paid versions can include features such as:

  • A 'safe' internet browser, which can prevent theft of sensitive information. AV can also install browser plugins to check the reputation of a website, and warn if the website has a low or bad reputation. This can also be used to block phishing attacks.

  • Sandboxing: it allows the analysis of unknown threats in an isolated environment. The advantage of sandboxing is that the suspect sample is executed in a safe environment, so even if it evades signature based detection, it can be blocked by detecting malicious behaviour.

  • An outbound firewall which can be used to control which applications can communicate with the Internet. This might protect against malware which uses outbound command and control channel.

  • Advanced exploit protection against in-memory attacks that attempt to avoid detection by not writing to disk storage. Detecting in-memory only attacks is hard, but the loading of the malicious code can be blocked at exploit stage. Flash plugin, Internet Explorer, Office applications and Firefox is commonly exploited by malicious actors.

  • Ransomware protection based on application behaviour. You only have to lose your files once to know how important ransomware protection is.

  • VPN access which helps keep your internet use hidden and secure from the local ISP, untrusted WiFi operators or neighbouring script kiddies.

Lot of marketing and upselling

Free Antivirus usually pushes a lot of advertisement to the user. It can be about buying the full version or cross-selling some other product. For some people, this might be annoying.

You are paying with your data

By offering free Antivirus vendors benefit by collecting telemetry data. The more users the Antivirus companies have, the better visibility they have on the current threat landscape. Whether you trust your Antivirus with your data or not is up to you. Be aware that this data might include your browsing habits, what applications you use, the identities of those you communicate with, etc.

 

For example, Microsoft collects telemetry data on newly executed files, and even the command line parameters are sent to Microsoft. The diagram below shows how Microsoft used this collected information during the NotPetya analysis. This diagram created by Microsoft shows the command line parameters, how the perfc.dat file (NotPetya) was started on the hosts, and which were the parent processes. Command line parameters might include sensitive information.

 

image5.png

Microsoft Defender

Microsoft Defender did not have the best malware detection rates in the past, but it is getting better based on multiple recent tests. Detecting less than 80% of the samples means 1 in 5 infection attempt will be successful, which is a lot when it comes to ransomware or banking trojans.

 

image9.png

 

For more information, refer to these tests:

A word about SmartScreen

SmartScreen is a hash based reputation system used in recent Windows versions. It can warn the users of unsafe downloads, or it can even block the start of an unsafe application. Combining Windows Defender with exploit defences in the Edge browser and the Windows 10 SmartScreen download and start protections, the total protection of the Windows 10 OS is developing into an effective, integrated AV solution. But Defender has one huge issue when it becomes the Nr. 1. used AV by popularity. And this issue is called diversity.

 

You may know from elementary grade biology lessons that the more diverse a population is, the more immune it is against viruses and diseases. This statement also holds true in the AV world. Competition between AV vendors helps makes the Internet a safer place, though at the moment it seems Microsoft is doing everything it can to be the only AV vendor in the market.

 

Microsoft is blocking access to key defensive features (e.g. exploit protections only implemented in Edge), it blocks access to the browser, and hooks which were used previously are not allowed to be used anymore. But this also has stability improvements, so there is always to side to the story.

Not everyone needs AV, but you probably do

While it is true that there are certain instances where installing AV will make a system less secure, your situation is likely not one of them. For example if whitelisting is used in your environment and the computers are air-gapped with external storage device connectivity disabled, installing AV probably makes no sense. But as more than 99% of the computers are attacked by common malware, you are probably on the safe side with a common AV. It is rare that malware targets the Antivirus itself, so even though the total attack surface increases with AV, but the total risk is reduced greatly by AV.

 

Based on years of independent tests, currently the following vendors provide solid, constant above average protection (in alphabetical order):

  • Bitdefender (or other AV using Bitdefender engine)
  • Kaspersky
  • Norton (Symantec)

Article source

Link to comment
Share on other sites


  • Replies 8
  • Views 2.2k
  • Created
  • Last Reply

The best AV is who is between the screen and the chair :whistle: 

Link to comment
Share on other sites


This topic is never-ending. What's the best AV? Let the user decide. What's the best AV in my opinion? It does not matter-it works the best FOR ME.

Link to comment
Share on other sites


1 hour ago, shorty6100 said:

This topic is never-ending. What's the best AV? Let the user decide. What's the best AV in my opinion? It does not matter-it works the best FOR ME.

 

Putting AV on a computer is like using a toy balloon for a condom.  It might give you a sense of security but does nothing at all to actually protect you.

Link to comment
Share on other sites


Free antivirus is the same as the paid one... What you pay for are the bundled apps/services.

 

12 hours ago, Batu69 said:

Almost all free Antivirus lacks advanced features implemented in the paid full versions

 

The "AiO" software packages are usually not the best and are mostly provided by companies that had one "famous" product and they thought it's a good way to increase the income by providing other adjacent software at a higher price... with a stunning GUI :P

 

There are free alternatives (usually)  that combined the right way are superior to any AIO security suite: Firewall, Antivirus, Ad block, the HOSTS file, VPN, etc... 


I noticed that if u pay for an AIO security suite u're most likely instructed, warned or reminded that u still need at least one more paid product to be on the safe side.... daily ! :P

It is not that once u pay they'll stop nagging (as i hoped)... U have to change (if u can) this default behavior: app settings, email preferences, the account (the one that came with the product) settings, etc. :pos:

 

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...