Is paying for antivirus a waste of money?

Is paying for antivirus a waste of money?

Commentary: It's been a long time since anti-malware suites have found anything on my computers. Maybe the Windows Defender that comes with Windows 10 is good enough?


By Larry Seltzer for Zero Day | March 4, 2016 -- 19:15 GMT (11:15 PST) | Topic: Security

• I always run an anti-malware security suite on my PC. Over the years I've made a point of running a variety of products.
  
  At least for many years, perhaps more than ten, they've found no malware on my computers. None.
  
  More security news
  • Why CloudFlare can never satisfy Tor die-hards, and shouldn't try
  • HPE bulks up security offerings for mobile, cloud and IoT
  • Millions of OpenSSL secured websites at risk of new DROWN attack
  • Three years until connected cars are cyberattack-proof?
  • 'Fingerprint' security flaw ramps up malvertising campaigns
  Perhaps I'm a more sophisticated user and I'm less likely to be taken off guard, but that can't be the whole answer. By the same token of expertise I take certain risks with dangerous files and sites that I would urge others to avoid like the plague.
  
  But now comes news that could change the calculus: Independent test lab AV-Test's December tests of Business security suites on Windows 10 showed marked improvement for Microsoft's anti-malware engine, the one that comes free for Windows 10 users as Windows Defender. This program used to be limited to "antispyware," a strange and purposeless distinction from malware generally.
  
  Microsoft has long had a free anti-malware product, Microsoft Security Essentials, for users to run on earlier versions of Windows, and it has always been used as a baseline in AV-Test rankings because it was so reliably at the bottom of the pack. Microsoft is also working to improve its protection by adding a cloud-based retrospective analysis service to detect breaches that have slipped through.
  
  The results are for System Center Endpoint Protection which is its managed solution. The user experience is different, but the engine is the same and the AV-Test results should be closely comparable to tests on Microsoft's consumer product at the same time (November and December).
  
  It's definitely not at the top and it's definitely not "industry-leading," but is it good enough? What do you really get from paying for the full AV subscription? The answer is complicated.
  
  Because AV-Test has always shown BitDefender to have very high quality products, I decided to ask them for a response. I spoke with Bogdan Botezatu, senior e-threat analyst at BitDefender.
  
  While trying hard not to bad-mouth a competitor, he pointed out that for all its improvement, Microsoft's engine and updates are still behind the leaders of the pack.
  
  Until the recent results they were bad, but better than nothing and Botezatu is right about their place in the market. It's not an official position, but I've always assumed that Microsoft was intentionally trying not to use its free anti-malware to compete with the commercial products because its position with Windows would make that an unfair fight, something for which it has gotten in just a little bit of trouble in the past.
  
  So Botezatu is right that if you want the best protection, Microsoft doesn't give it to you. It's reasonable to believe that it's still not trying to, but by improving its product it prods the rest of the industry to do so, although it's already a highly competitive industry, one of the most for non-free client-based software.
  
  A better point is that the better commercial products like BitDefender's include a Host Intrusion Prevention Service (HIPS) which scans system behavior, including all traffic going to and from the Internet, for threats. If a threat gets through the file scanning it may still be detected by suspicious behavior. I haven't seen any of these detections either, but this is where I can reasonably say that while I might be willing to download malicious files for analysis, I'm not going to execute them (except maybe in a test VM).
  
  Many of the good commercial products also maintain reputation systems for Internet sites and files and block or warn the user when a suspicious one is encountered, and I have seen these warnings, most recently from Norton. Most of the time I've considered the warnings false positives and skipped around them, but for the average user perhaps it wasn't too paranoid.
  
  I should note that my anti-malware products all do find and remove tracking cookies, a "threat" I personally don't find all that threatening. I suspect they are aggressive with these cookies so they can be seen to be protecting the user.
  
  Another factor is the advances in recent years in Windows and the major browsers. Windows and IE have their own reputation service called SmartScreen for sites and files, the latter on Windows 8 and later. Google has a Safe Browsing API that checks links against a blacklist. Google Chrome, Microsoft IE and Edge and Mozilla's Firefox all spend a lot of time scrutinizing web code looking for common attacks and use techniques like ASLR which, while imperfect, make the job of the attacker much harder.
  
  
  Ransom malware costs $18 million in losses, says FBI
  
  The FBI says the file-encrypting malware can cost individuals anywhere between $200 and $10,000 each time.
  
  • Read More
  Ironically, this technological approach is becoming less relevant in recent years, as the initial vector for attacks is increasingly one of pure social engineering. Botezatu says that at their own offices they have been receiving a barrage of malicious Office documents posing as invoices in emails to back office staff. I suspect that this sort of attack is the main way ransomware, such as that which recently held a California hospital hostage, gets into systems. Security products can try to eliminate the human factor, but those pesky humans keep finding new ways to let the barbarians past the gates.
  
  Botezatu also argued for the other security features that come with modern suites, like anti-spam and even password managers. There is something to this. BitDefender's Wallet password manager is a Windows-only product but others, like Norton Identity Safe, are available on Windows, Mac, iOS and Android. I can't say how it compares to standalone password managers but, as they say about Windows Defender, it's certainly better than nothing. As for antispam, it's not a topic I've thought of for a while. I assume most people are using a mail service like Gmail that does a pretty good job of blocking spam.
  
  So are the paid suites worth the money? Looking at all these facts, I'm unclear. If I'm only concerned about the scanning engine then I might go with a free product from the likes of AVG or Avira or BitDefender. If you really have a problem with the money then this is definitely your best option. But the full suites usually work out to less than $20 per year per device. That's just not that much. If I'm not sure then I'm not comfortable switching to a solution that everyone agrees is inferior.
  
  It's like a motorcycle helmet. Lots of people don't wear them and never have a problem. Some people wear them and still get in fatal accidents. But it can make a big difference. If a real threat comes my way and the anti-malware stops it then it has definitely paid for itself.
  

 

I don't think it's a waste of money at all especially in a windows world dominated environment. However I would think one needs to be careful of what AV they run make sure it's one that is respected industry wide by security experts. Keep it updated with both program and definition updates and scan regularly. This in conjunction with a good paid malware program like Malwarebytes is a good idea, and of course safe surfing. Just my two cents.

 

Personally most of them are a waste of money if the user has a paid Malware solution that protects "at the gate".
I think part of what the article is saying is that Mse and Windows Defender have gotten a lot better. There are a few that are decent protection like Nod32, Sophos and Norman that have excellent heuristics and can protect against behavior. Kaspersky is probably another as is Webroot.

 

Kaspersky and Webroot were/are long known to be good solutions as well as Nod32. None of those programs are useless. WD (also known as MSE) is better yes but that was like saying AVG in it's hay-day back when the free version was supposedly very good and could supposedly replace a high quality top antivirus. So is WD better? Yep. Does that mean it can replace a top quality antivirus. Not in my opinion, though for a savvy user like myself and like you, we should be fine with WD and MWB, and it was the same way with AVG/Avast back in the day with Super AntiSpyware when it was a top spyware application. Not much has changed, only the writing in the articles has changed, and really it's the same thing regurgitated from a previous era.

 

I've never paid for it and haven't been infected in many years. I find Defender does a good job at catching things.

 

I think it does too, but like you I am very experienced. Most normal folks can benefit from a top antivirus solution in my opinion.

 

I agree with many user's they could benefit, but all the systems I do I never put a paid subscription and don't get many calls back cause they have a virus or malware. I would recommend paid protection if it's a companies computers for sure, but not the home user.

 

I gave up on Paid Antivirus. I have used freebies for the last 18mths and I am bored waiting for a serious virus to infect me. I look forward to the challenge of removing it. If it proves too much of a headache I can always fall back on my cloned copy of my OS which I update regular.
The best advice you can get into a customer's head is Backup Backup Backup.

 

On systems I sell, and they are top notch, I put links to Nod32 or Kaspersky or both on the desktop with a notepad article about basic PC/network safety. With Windows 7 systems I installed MSE but again, recommendations are there and I always interview the customer if I can - even if in IM if I have to ship the system. It's already a given solid companies use a paid antivirus especially large companies with crucial data to protect. With the newer Windows 10 systems I build I do pretty much the same and I tell them WD is good enough and coach them a bit on how to use it in conjunction with online scans and MWB but if I feel they need it I will recommend (and again I provide the links) to a top notch AV. Always have. Always will. That said most that I build for are already learned computer people so free is good enough. Not in every case though.

 

If the client wasn't infected then I am fine with Mse and free Malwarebytes and telling them what to do with them. If they are infected then they buy Emsisoft and I have to tell you my consistent "infected ones" have stayed clean in the last year with Emsisoft. This is the first year since I have been in business I went a whole year without a single infection among those I sold Emsisoft to and I did sell nearly 100 licenses. I am seriously impressed.

When discussing ourselves I think we all know that none of us is likely to get infected and if we did we would know it right away and handle it. And Dougie my worst failing as a business is in getting my people to backup, I don't do a good job of making them understand that at all and one of these years I will devote to getting that across to my crowd!

 

The business environment most users are responsible. The home user normally manages to find a way to infect themselves. If they didn't you guys would find it lean pickings.

 

I have been reading a lot about Emsisoft both in security articles and in reviews, and this is a new AV/secutity colution for me to take under advisement. If Rich and others that are good security experts also recommend it then I don't have an issues also recommending it as well. There are those few customers where you really have to recommend a fuller solution like that because sometimes they are simply not "net savvy" and or, it can be a family PC with several user accounts and each member that uses the PC will surf and download, and visit sites in a different manner. For that type situation a full paid more expensive AV is a good recommendation. Something like Emsisoft, Nod32. or Kaspersky.

 

You guys must have customers with a lot of money. I don't have a professional computer repair business.
I do repair and maintain a lot of computers for my friends. They always cry poor when I suggest anything paid.
The clown behind the keyboard is a computers worst enemy.

 

I use to cater to about a 90% high end crowd. Not so much anymore I pick of the extra work I can find and for about 1 year now starting to build more midrange systems, and also upgrading OEM systems as well. So it's a mix for me. I also do some low end stuff too and have some customers where I use used parts like the rig I recently told you about. If they cannot pay much, or need drastic discounts I can always find a way.

 

Everyone wants a discount these days. I tell people well you can pay more and get ripped of by Geek Squad if you prefer that route. I've lost count on the systems they've screwed up because they have no clue what they're doing. It seems all they want to do is make money and charge for things that are not needed.

 

There are plenty of horror stories on the Net of people who have used their services.

 

They're all about making money and could care less about the customer were I'm the opposite of that. Make money yes, but I never ever rip off a customer and sell them parts or services they don't need.

 

I have always played it straight with clients as if I am the client to make sure they get the best shake and that is why I have such good word of mouth
advertising.

 

HI If this has been mentioned in this thread, please inform me. Maybe you could lessen your chances of getting infected by following this suggestion! Works for me!
Why you should not run your computer as an administrator
Running your computer as a member of the Administrators group makes the system vulnerable to Trojan horses and other security risks. The simple act of visiting an Internet site or opening an e-mail attachment can be damaging to the system. An unfamiliar Internet site or e-mail attachment may have Trojan horse code that can be downloaded to the system and executed.

If you are logged on as an administrator of a local computer, a Trojan horse could reformat your hard drive, delete your files, and create a new user account with administrative access.

On a local computer, it is recommended that you add your domain user account only to the Users group (and not to the Administrators group) to perform routine tasks, including running programs and visiting Internet sites. When it becomes necessary to perform administrative tasks on the local computer, use Run as Administrator to start a program using administrative credentials.

You can use Run as Administrator to accomplish administrative tasks without exposing your computer to unnecessary risk. For more information, see Using Run as (http://go.microsoft.com/fwlink/?LinkId=28314).

For more information about how to use Run as Administrator , see Run a program with administrative credentials.

If you need to perform other administrative tasks, such as upgrading the operating system or configuring system parameters, log off and then log back on as an administrator.

 

It's not a waste of money if you're buying ESET - http://support.eset.com/?segment=home