Synopsis: If you practice safe surfing habits and have a good backup strategy, consider de-installing commercial and free anti-virus software, such as AVG, and use Microsoft's MSE scanner. It is not perfect, but it appears to be 'good enough.'
Important update: 2011.06.01:
Microsoft has a new Beta Virus scanner that is very interesting. See this Keyliner article:
Microsoft Standalone System Sweeper. Use this when your machine is already infected.
I am asked to fix friend and family computers. And I get asked to fix friends-of-friends computers. The number-one complaint is invariably the same: "the computer is too slow," along with "it used to be faster -- should I buy a new computer?"
As I've worked on these machines, the most common reasons for slowness are, in order:
- Symantec Virus Scanner
- AVG Virus Scanner
- McAfee Virus Scanner
- Too many (legitimate) programs running in the background (system tray)
- Actual viruses and spyware problems
- Insufficient RAM; dial-up Internet; really-old computers
Commercial and free virus-scanning tools were causing
more problems than the actual viruses
more problems than the actual viruses
And yet, PC Magazine reviewed the best commercial (Review: 2010.03) and shareware scanners (review: 2009.12, specific MSE link) and generally liked them. Clearly they have more testing resources than I, and they have access to all vended software, but not once did they report what I had seen. My experiences were seen multiple times by me and my peers.
The Current State of Affairs
The expense and complexity of the commercial versions have driven me away.
It costs money to write, maintain and distribute virus scanners and if these companies do not make enough money, they go out of business. To gain market share and revenue, they add features and raise prices. In the end, the McAfee and Symantec/Norton suites are probably too complicated for most users and the software does so many things that system resources are fully-consumed.
The only shareware version I have tried (AVG) had slowness issues, while solvable, became a nuisance and I gave up on the program (see this Keyliner article: Slow AVG). Other free programs, such as Microsoft's "Defender," only scanned for spyware and not viruses, so it was an incomplete solution.
What I am Doing Now
In the previous 15 years, I've not seen a virus on my personal machines. Here are the most likely reasons:
- Strong software and hardware firewalls.
- Conservative surfing habits.
- Surf with Firefox (not Internet Explorer); this keeps ActiveX controls from running.
- Use Firefox AdBlock and Flash-block plugins.
- Up-to-date with Adobe Acrobat and Flash patches.
- Full-system disk image backups on a regular basis.
- Teenage children have their own computers and are locked out of mine.
- Periodic spot checks with temporary installs of AVG, RootRepeal or Super Antispyware. You need to run more than one software to make sure; just don't run them at the same time.
My plan has problems. If a keylogger or other subtle malware is installed, I would not know for a long time and by then the damage would be done.
But even with a tight ship, I still had fears. Because of this, I've decided to give Microsoft's relatively new "Microsoft Security Essentials" (MSE) a try. The program, written and distributed by Microsoft is free and is targeted to those users with no other virus protection or to those users with expired versions of commercial packages.
MSE: Microsoft Security Essentials
Although Microsoft claims they are not competing with commercial software, they are doing relatively well and by most accounts, MSE is a decent program. Almost all reviewers report the software is capable and does not sap system resources.Review links:
CNet Review 2009.09
Paul Thurrott's SuperSite 2009.09
Wikipedia
PCMech 2009.11
ARSTechnica.com
AnitVirus Makers applaud and Mock MSE
MSE is a repackaged version of their commercial software, "One Care," minus the other baggage the original software had. Tests show MSE has better-than-average virus and spyware detection and it improves daily.
Benefits:
- It is tightly-integrated into Windows and runs well in Windows 7 and XP.
- Performance is very good.
- Generally unobtrusive.
- Automatic updates; several times per day.
- A simple, straight-forward user-interface.
- It is free; no registration; fully-functional; no upgrades to paid packages.
Drawbacks:
Rootkit detection is weak (PCMagazine: Review: 2009.12). Also, because it can't be configured or controlled from a central server, it is not well suited for a business.
MSE (like many other products), is better at intercepting viruses than removing pre-existing viruses. You may find it is hit-and-miss when installed on a previously-infected machine and you will probably have to rely on other tools before MSE can be effective (see these popular Keyliner articles: Removing Win32/Cry-ptor and Removing Personal Secur-ity ). Finally, and probably the most damning, you can't call Microsoft for support if you are in trouble.
Symantec and McAfee have publicly ridiculed the software for being too simplistic, while Avast and NOD32 have welcomed MSE (indirect link), saying it is good to have the competition and it is good to keep more machines virus-free.
Downloading and Installing
Download directly from Microsoft by using this address:
http://www.microsoft.com/security_essentials
To be safe, type this address by hand and do not use links (including this one) or other download sites. Do not confuse this software with a virus named "Security Essentials 2010".
Installation is easy and even your grandmother can do this. Microsoft provides videos and other instructions, if needed. Un-install old virus scanners before installing MSE. If you have Windows Defender, it is automatically disabled.
Once installed, let it kick-off a full scan. From then-on, you can basically ignore the software. When it does have something to say, it is obvious and UAC nag screens appear, assuring you are not looking at a virus-look-alike.
Conclusions:
There is no need to write a full review here because it has been reviewed by others, but I will say I'm pleased and now use it on all my personal equipment. Microsoft Security Essentials may not be as powerful as other packages, but I have a low risk of infection and am comfortable with my backup strategies.
Compared with other freeware, MSE appears better than most. It is fully-enabled and has a large install-base. The software is free and fast. From most reviews, it appears Microsoft has done a good job. Because of its simplicity, it may be better than the commercial suites. Some day, I may give Norton/Symantec and McAfee another try, but for now, I am happy with MSE.
Related Keyliner articles:
Removing Win32/Cry-ptor
Removing Personal Secur-ity
Cleaning a Virus; Commercial Scanner commentary (now dated)
HowTo: Fixing Slow Computers
HowTo: Cleaning Windows 7 Startup Programs (Vista: Cleaning Startup Programs)
AVG Slow CPU Utilization
HowTo: CPU Utilization and Diagnostics
HowTo: Configuring Windows Fire-wall (Tested with Vista)
I've read on another blog that MSE can be run with Avast without problems. I'm looking for independent verification of this, since some people I've spoken to are very skeptical. Thanks!
ReplyDeleteYou can run multiple virus scanners simultaneously, but nobody recommends it. With two scanners, each file has to pass through two processes and performance can be very slow.
ReplyDeleteFor the same reasons, if you were to read my Win32/Crypt-or cleanup steps, I recommend uninstalling (disabling) your current virus scanner before attempting to clean the rootkit virus. This avoids file contention.
Periodically, I temporarily install another vendor's (free) scanner and run a secondary test -- I do this once or twice a year. Once that scan is done, I de-install (or disable) until the next time. When I do this, I disable the main scanner.
No single virus scanner can see all malware. A spot-check with different tools would seem wise for the paranoid.