Join 3,434 readers in helping fund MetaFilter (Hide)

Virus protection stats?
March 25, 2008 9:23 AM   Subscribe

I need your help to settle a debate. Could you suggest the safest antivirus setup, within the confines of Windows XP and a wireless internet connection, with the least bloat, and provide the statistics to prove it? I need more than simple AV comparatives. I need stats on the virtues of Firefox versus IE, on using two function-differentiated user accounts (admin versus everyday, with the 'everyday' account having no admin privileges), etc. Can you help?

In essence, my father trusts a bloatware "known vector" that is eating up my laptop's resources (Norton2008) to alternative setups that he claims would "let the vampires [viruses] into the house."

This is the same man who blamed the beginnings of a hard drive failure (which was at that point mainly limited to weird behaviour) on my installing Firefox and WinAmp "because [I] like to use 'weird' software just to be 'cool,'" which, you guessed it, "let the vampires into the house." He later recanted that position, given that virus scans were clean, and that the hard drive actually failed catastrophically due to a manufacturing defect.

Basically, I put in the anecdote above to prove that he prefers the things he knows, no matter their faults, to new, potentially better, solutions. This is why I need cold hard stats, lest I go crazy because of the slowness Norton's bloat brought to an otherwise pretty decent computer.

The fact is, Norton is still more efficient than some of the AVs I'm considering (AVG-free, avast!, and maybe shelling out a bit to get NOD32, etc.), but if my setup as a whole is safer that his setup, I may have a case.

Any help?
posted by flibbertigibbet to Computers & Internet (6 answers total)
and provide the statistics to prove it?

Well, I cant give you private data from my company but I can give you some generalizations off the top of my head:

Computers running as limited users with Symantec: Real infections I can remember: 1 or 2

Computers running as users with Symantec: Dozens this year alone.

Note: infections are both spyware and real viruses/trojans.

Items like which browser they use or email client honestly doesnt play too much into it. MS patches just about everything and we havent seen a red alter or sasser type exploit in while. Not that thats any guarantee of anything but the chorus of "Outlook and IE7 are insecure" really doesnt jibe with my experiences. THe Mozilla people are also good at pushing out updates.

90% of infections I see are back when we allowed executables in zips to get through. Home users Ive spoken to usually get taken by these. So I'm not really seeing exploits from anything but social-hacks like "Hey install software to view this card" or "Nakedphotos.exe"

What I recommend is just running as a limited user and learning to use runas or booting as administrator for admin tasks. It takes a little getting used to but once youre there its hard to go back.

Granted, malware writers could easily push out a trojan that runs purely in userland/profile but they dont usually. They also prefer mucking around in the system files to better hide their stuff.

So the best 'bloat-free' solution is to uninstall your virus scanner and make yourself a limited user. Put on something like AVG or clamav for win32 and do a weekly scan. If youre savvy about malware then you honestly dont need a full-time scanner, email filter, etc. Nor do you need a third party firewall. Just use the one in windows.
posted by damn dirty ape at 10:06 AM on March 25, 2008

An analogy I like to tell people is that running as local admin is like having a front door to your house that wont lock, and instead of fixing it so it locks, you just keep putting up more and more CCTV cameras to see who might be going through. Now youre spending all your time watching these cameras instead of enjoying yourself at home.

So your dad's approah of layering more scanning crap on top of scanning crap will always be the slowest and least secure approach. Moving to limited user accounts is like fixing that broken lock.
posted by damn dirty ape at 10:21 AM on March 25, 2008

Short answer: I'd recommend NOD32. It costs money, but as I recall, their website touts that they "havent missed a virus in the wild" in something like 5 to 10 years. (how they prove that quantifiably is beyond me)

Longer answer: You may find statistics to bolster your side of the argument, but the simple fact is : there is no 100% foolproof technical solution for a non-technical "human" problem. What i mean by that, is you can get the best anti-virus , and lock down the user security as much as possible, but 0-day exploits can still 0wn you, and he will (most likely) continually complain that the user-security is impacting his day to day functionality of getting things done. I've explained to people time and time again that email attachments, toolbars and unnecessary plugins ("I *have* to have my email-smiley program!!") are the door opening to wrecking their computer.. yet they do it over and over and over again. Granted, I dont expect everyone to be as technical as me, but dont complain about your computer not working right, if you arent willing to put the effort into understand how to keep it working smoothly. (no offense intended towards your father, this comment is towards users in general)

obligatory: Get a mac.
posted by jmnugent at 10:45 AM on March 25, 2008

NOD32 can be had for $18.45 (plus shipping) here, by the way. I just bought it for my laptop a a week or so ago after a 30-day trial that impressed me greatly with its almost complete lack of impact on the machine's performance.
posted by kindall at 11:01 AM on March 25, 2008

I'm happily using AVG-free -- mainly because it's lightweight and free. I login as admin equivalent, I use Firefox for most web browsing, and I'm sitting behind a linksys router that provides the NAT functionality of a firewall. I keep my system up to date with patches. I use basic internet apps -- media players and web browsers. I play it relatively safe by not visiting questionable sites. I like firefox's pop-up blocker and flash-blocker add-on. I agree with jmnugent about not installing all sorts of crap or opening unknown executables.

I can't remember the last time I got spyware or a virus.

My friends have gotten infected, most frequently from letting their bloated A/V subscriptions lapse all the while believing they were secure. They download unnecessary toolbars, search bars, shopping add-ons and other crap that doesn't just slow down their system but likely plants malware.
posted by indigo4963 at 11:04 AM on March 25, 2008

I think you're wasting a lot of effort on something that's not at all guaranteed to "let the vampires into the house." Antivirus products are only useful against viruses.

There are a lot of things worse than viruses nowadays. Malware, zombie computers, and remote-keylogging are bigger concerns than viruses - there's just not enough money in normal, computer-destroying viruses for them to proliferate, whereas a keylogger can capture your banking account/credit card/World of Warcraft logins. The computer is just a portal to even scarier things.

Using a limited user account is a good first step, and so is FireFox over IE, but the main difference is the user. A limited user account won't work well when all the previous files/applications were installed in an administrator account (permissions), and then the user will just go back to administrator. FireFox is helpful to prevent IE-specific targeted attacks, but if you can't trust files you download, it doesn't matter which browser you have.

The bloat-free solution is education, but since your father doesn't quite understand computers nor trusts you, this is going to be a bigger problem then picking an antivirus scanner.
posted by meowzilla at 12:29 PM on March 25, 2008 [2 favorites]

« Older What were those Apple ][e game...   |  How do you say "Damn kids... Newer »
This thread is closed to new comments.