What anti-virus software do you use? - 2014 edition

[Anapan]

Drunk posting again, but I regularly do antivirus on computers - at least once a month. I consider all resident shields a fail (after all, most people have them and everyone's computers have viruses in my experience.). Actually, most of the viruses are old ones - passed around broken computers so when I'm done they're like nothing the owners ever saw.:

I tend to fix people's computers often, and advocate Windows XP over the newer operating systems due to the others being so resource-intensive on old computers and the newer operating systems providing no new ability to run any computer program other than new versions of Office and a handful of games.
Since Microsoft Security Essentials recently dropped support for Windows XP, I'm now in the market for a new, low-resource, effective antivirus program. It's not for myself, but my clients who have been getting warnings about the loss of protection...

I have not installed any Antivirus on my own computers for over 10 years. If I download something suspicious I upload it to Jotti's Malware Scan (it went down recently and I switched to VirusTotal). Since Jotti's back up I'll use it again.

Both sites will run any file (compressed or not) through a battery/gauntlet of antivirus programs and give you the result and adopted name if found (exe-compress or similar means the AV failed to decompress it and test it - run it through Universal Extractor if you like) of what it finds. Every executable will turn up one or more positives for a file, but you get a good idea of what it might be and if it's more than a few positives, don't run/install it. Simple - Viruses are installed, so don't install them. Adware, and malware are addons to your browser. If you're using IE, you just installed a virus, if you're using Firefox or Chrome, just uninstall it (Use Google to repair the damage to your search settings, or reinstall).

Jotti's service provides the statistics of the site AV Comparatives. It's a good gage for the ability of an antivirus program.
IMO, operating systems are fairly secure if you're running your computer through any type of router that's set up properly. I can understand the need if you're plugged in directly, but using the internet through an alpha-shield is stupid. Having real-time protection is horrible for a computer's efficiency - every executable is scanned and the resident shield will re-scan every potential file over and over again regularly. Your OS has 30+ that load on startup and every one will be run through the AV scanner before they can run every time!. Why use Brute Force method? Idunno - I guess it's because it's how they've always run and the "intelligent scan" also doesn't work on the nasty ones.
Add on top of that that your web browser's toolbars are usually exempt from being considered a virus - you clicked "yes" when they asked you if you wanted them so they're "Browser Helper Objects". If you use Internet Explorer, your interface to the computer "Explorer" is the same program. If it has a BHO (Browser Helper Object) it's installed on your computer from startup and you agreed to it's terms of service by clicking "Yes". You got an exempt virus and the antivirus will let it go, while still scanning-reading your entire hard-drive every single day. Your hard-drive will fail before it fixes the problem. (sad, but I encounter it regularly - while backing up there's a loud screech and my backup stops - hard-drive dead.)

When I'm fixing a computer, I usually proceed like this:

Disable any antivirus software! If that requires uninstalling it, I extract the key first, and save it to a text file on the desktop, with a copy on my thumbdrive after it's gone (the AV software would cripple the programs I use).

Remove all obvious "Viruses/Malware/BHO's" through the "add/remove programs" in the Control Panel. Being a program that was installed willingly, it can be removed just as easily most of the time (they'll popup a questionnaire asking "Why?!?". I fill it in for the client for some laughs.

Run Hijack This. This program will list most-everything that was installed on your computer from a clean OS install. This includes drivers, parts of your programs that need to be there to interact online (games that play online) etc. It lists the program's location on your hard-drive, and if you don't know what you're doing it'll cripple your Video Card, Printer, and IM App. It is very effective in disabling bad stuff since it works directly on both your Registry file and the various other "Runonce/run-on-startup folders". It lists everything with a check-mark for disabling, with the option of reversing the disable/delete. If you checked them all (not recommended, and I've never done it) your computer would probably be reverted to near it's first bootup.

I don't recommend anyone to run that program if they are not competent.

Next, I run the most powerful program I've ever run: Combofix.
Again, I don't recommend anyone who can't operate a computer from a command prompt to run this. It has the potential to break your computer as it's the equivalent of automated-open-heart surgery - scalpels and all on the operating system itself.

Combofix is a collection of scripts, freeware programs, tools, and a short-list of actually harmful applications that could be on any Windows computer. It has the scripts automated to disable and delete the offending programs on it's list (That's almost every bad virus except 3 that's I've ever encountered, and I run this program routinely). This includes the various rootkits that have been identified, key-loggers, and most-every malware I've ever encountered in the wild. On top of that, it takes an extended period of time after the computer re-start to provide a text document of that it did, and the entire state of the computer as it is when it completes it's sweep documenting every change it made. I then read through it's text file very carefully, and when it failed to get the last bit, I manually remove it. It's happened, but so rarely that I once again have to give SUBs credit for single-handedly putting every virus scanner company to shame - they all failed where his program worked.

I've had Combofix restart 4 times to completely remove the multitude of rootkits in a computer I was working on. I have several root-kit remover/detector apps on my thumbdrive, but nothing like this.

Everyone praises Malwarebytes Anti Malware, but I haven't done a scan on anyone's computer with it for over 6 years. I'd fully recommend it for someone who does housecalls while doing their routine virus fix. It's very dramatic about finding those horrible "Cookies" and telling you about attempted intrusions ("attempted" means they never happened anyway). It also takes a lot of time doing it's thing - paid by the hour means profit.

I've been using Combofix for about 6 years to fix people's computers. Since it does take around 10 minutes, I usually go for a smoke, but on badly infected computers I have an anecdote about it that I tell them while waiting for the process to complete:

Around 2011, I tried to download the latest version of Combofix, and found a warning and promise of a fix by SUBs (the author). Download not available. Not wanting to fix the computer manually, I searched Google for a mirror - I found that one guy had mirrored it on his blog, and was immediately charged with theft and a cease-and-decist order from a lawyer. Apparently, this one model of tower computer with factory-installed software was crippled by Combofix's new set of scripts. SUB's program broke that model of computer and he ordered it to be destroyed upon hearing about the problem. When copies of it were distributed, he threatened legal action. AWESOME! This guy takes this serious. It's something I mention when the program has it's blue screen showing because I'm bad at making small-talk.

In any case, when it's done it shows you what it did (Other Deletions) and also what was installed recently by file time-stamp. That means you can see what the user installed that caused the malware to be installed if they ask.

I've been running Combofix for about 6 years and never had a problem with it. I still don't suggest anyone run it without knowing how to do a system restore from command prompt - it first makes a system restore, and that's the only safety. Your computer could be broken like Norton's program used to do (horrible time for me - so many dos prompts, and only backup in dos and reinstall).

I recently installed Avast on a client's computer since MSE kept warning her about it's discontinuation and it failed - too many popups. Going to try Eset next as a replacement for MSE. I might have to build a resident script to disable popups about registering. Not that I don't want to support the companies, but my clients are friends and family, and the resident shield is all that's necessary - having more popups about those dreaded Cookies is not necessary.


Of course this is all my opinion - full of security risks and probably not valid. It's just what works for me. My visits take less than an hour, and would not be lucrative if I was doing it for a living. I get excited if some new virus can circumvent those 2 -very old - programs. Windows 8 is shit IMO and I cannot get through it's programs without a struggle therefore I cannot fix it efficiently.

Also, Adblock Plus with the popup add-on and a whitelist is necessary.

[ExedExes]

That was a lot of good stuff there Anapan.

If you installed MSE on XP before the end-of-support day this past Tuesday, you'll still receive its definitions for another year.

I knew about VirusTotal, but not about Jotti's Malware. They're good places to get an idea about a certain file.

I also knew about HijackThis and ComboFix, and if you go to any spyware forum that deals in handing off your HT reports to an expert member, they'll usually suggest running ComboFix. But yes, it is one program that should be used carefully.

I had no idea real-time protection could be such a strain on your computer. I wonder how bad Windows Defender's (the new name for MSE on 8.1) RTP is.

MalwareBytes I use for my technician housecalls, absolutely. I've helped a few computers with that. But I would also suggest ADWCleaner, it's a simple executable and does NOT require installation, therefore it's super lightweight and easy to use.

I too would suggest ABP with a good whitelist, because ads can be vectors for badware.

Again, good post there. As someone who works with and fixes and cleans up all sorts of computers, it's always good to educate people on all this.

[Hobie-wan]

On another note, a nicely fleshed out hosts file can help you avoid a lot of junk too. I haven't added anything to mine in years (and I should), but it's chock full of badness I never even see.

[ExedExes]

On another note, a nicely fleshed out hosts file can help you avoid a lot of junk too. I haven't added anything to mine in years (and I should), but it's chock full of badness I never even see.

Yah. MVPS Hosts has a good and updated frequently host file.

[Pulsar_t]

Didn't they disable HOSTS functionality in Win8?

[Anapan]

You gotta root an Android device to modify/add to the Hosts, but it's one of the first things you should do on it. It affects all the apps and removes ads from them. This is crucial since many do not even have a paid version. It's a quick fix that removes all the banners on top or bottom of the screen perfectly.

[isiolia]

Didn't they disable HOSTS functionality in Win8?

Not exactly. Given that malware also has been known to mess with it, it's within the scope of things that Windows Defender monitors. So if you're using that, and haven't set an exception up for hosts, it'll "correct" entries and instead rely on it's own block list.

If you have an established list of IPs to block though, you could also roll them into an ipsec policy.

[Hobie-wan]

Didn't they disable HOSTS functionality in Win8?

What is this Win8 of which you speak?

[jdotaku25]

avg which I've used for years and am happy with

[J T]