The UX of Antivirus – Mar,2009

Lately, I have been really frustrated with Antivirus programs.  The user experience is usually painful.  I manage dozens of machines from friends and family and at work.  I install antivirus all the time and have used alot of them over the years.  Here is my rundown of the bad and the ugly.

Norton Antivirus
Every time I have ever installed or seen a machine with this program, it was ALSO infected with a virus.  I think this program just doesn’t work.   Maybe virus makers try to disable it because it’s the most popular? I don’t know, but it sucks.  I will never install this thing again.  Additionally, it uses alot of ram comparitevely.  As a business, Symantec seems to give this thing away as a loss leader, but  I can’t find a free version online.  Grade: F

I used to use Avast everywhere.  It’s pretty small.  Installs easy and has a free home edition. The only part that sucks is the registration.  You HAVE to regsiter and give your email and name.  Plus they have this bizarre captcha on the registration page that any bot worth it’s salt could crack.  Even so, I don’t mind registering.  What I mind is that you have to register and re-register and re-register ALL THE TIME!  It’s like, everytime it does an update, I get phone calls “Hey Glen, my antivirus says its expired!”  I couldn’t take it anymore.  I had to move on.  OH, and one other thing.  Avast has this stupid thing where is uses the speakers on your computer and yells each morning “Virus Database has been updated!”  I don’t need to HEAR that.  Who cares?  Shut up!  Good program, sounds should be disabled and HORRIBLE REGISTRATION PROCESS.  Grade: C

PC Tools AV / Threatfire
I was excited about threatfire at first.  I installed it and blogged about it.  Then, I heard from one of their employees that it should be considered part of “layered security”.  What does that mean?  So I asked and could not get them to give me a straight answer.  They insisted on me having PCTools AV AND Threatfire.  I asked them to please finish the following sentence:

If I have threatfire and NOT PCTools AV, my computer could be vulnerable to [FILL IN THE BLANK].

They would not (could not?) answer this simple question.  This one interaction with their employee made me so nervous about the company in general that I immediately uninstalled all of their products.  I have no idea what the real story is, but this one employee freaked me out.  If anyone knows the answer to that question, I definetely would be interested.  As far as the program goes, Threatfire seemed to run smoothly, but PCTools AV was alot bigger and alot slower.  It crashed a couple of times with strange errors.  I didn’t like it at all.  Grade: D

Clam AV
Clam AV is an open source project for anti-virus.   It is the only one I can find.  Ok, not the only one, but the only one that seems I could install and get working. Article why this is the case.  It doesn’t have a real-time scanner, just an on-demand one.  To me, that is worthless, Sorry.  I need a real-time scanner.  Grade: F

I was looking on Betanews for a replacement and saw Clam and someone posted that Avira was really good.  Another person agreed.  That was enough of an endorsement for me.  I downloaded it and installed.  So far, I don’t know much.  I know it was easy to install and I didn’t have to register.  It’s using about 13 megs of memory.  Will it stop viruses?  Gee, I hope so, but I just installed it. The configuration is a little light/confusing, but I don’t have anything I need to configure yet anyway.  Grade: B+ (So far, so good)

I don’t see a free version. I have heard nice things but I have never used this one. This program evokes a memory of a movie from 1992 called Sneakers with Robert Redford and Ben Kingsley (Also, Dan Ackroyd, River Phoenix and Sydney Poitier – Wow, great cast).  The movie had a device that could break codes, but not Russian codes; those were based on different ideas.  It only broke American codes.  I feel like Kapersky (A Russian company) can only block Russian viruses and not American ones.  This is a riddiculous assumption based on a pretyt goofy movie, but still…I keep thinking it.  Grade: ? for the program, B+ for the movie

This is the page that keeps me from installing AVG.  Notice how it says “Anti-Rootkit” not included?  Every time I see that, I think “Rootkit viruses SUCK!  I don’t want to get caught with that…AVG, sorry, no can do”.  Now, here is the rub…I do not KNOW that any of the others include it or not.  I just know AVG DOESNT include it.  I would like to know if the others do or don’t as a comparrison, but Wikipedia doesn’t have it.

I used this a long time ago and loved it.  But  it’s not free, so I don’t use it.  I need free.  Freeeeeeeee.  Sorry to all the companies that want to make money off anti-virus.  I feel like this is really unfortunate.  Seatbelts and airbags are included in the price of the car.  You don’t buy them afterwards. Which brings us to…

Microsoft One-Care
Microsoft is FINALLY making their anti-virus porogram free. The seatbelt and airbag has finally arrived!  I haven’t used it yet, but I hope and pray that it doesn’t suck.  Please don’t suck.  Please don’t suck.

There are other programs out there, but these are the ones I have used.  Right now, it’s Avira.  Let’s see how long I can use it before I get frustrated and bail.

9 replies on “The UX of Antivirus – Mar,2009”

As luck would have it, I got an email from the Threatfire team JUST as I posted this. Here is his reply:

While ThreatFire is a powerful tool and consistently scores very high in both our internal testing and outside 3rd party tests, no security product is 100% foolproof. This reason is precisely why we recommend a layered approach and encourage users to use TF alongside another traditional signature-based product. That being said, many of us here actually use TF as our only protection, along with a firewall.

Threatfire may not be the best at some categories like ransomware or simply destructive files that delete a file or crash a system, for example. That sort of stuff rarely appears in the wild, and AV scanners seem to perform effectively against identifying known ransomware and “disk killer” malware. But, it’s impossible to name which specific threat TF doesn’t protect against if we haven’t researched their behaviors yet, in which case we would add protection to the product. ThreatFire doesn’t promise 100% protection, 100% of the time, which is why we strongly encourage the layered approach.

Behavioral products like ThreatFire examine the runtime activity of processes on a system. So it will step in when it identifies something that is running as malicious. Spam, tracking cookies, phishing attacks, malicious files that exist in a folder that are just being copied to the system, are all things that a scanner may pick out and ThreatFire would not notice. However, ThreatFire identifies behaviors, so no matter how the malicious executable is obfuscated to evade AV, once it is running, ThreatFire will prevent malicious behavior.

You probably should try out both programs out and see which works better on your systems. Avast is not going to provide 100% protection either, so there will be gaps if you choose to use just that.

We have heard from many users who are using both TF and Avast as their preferred protection combo. There shouldn’t be any conflicts and it offers a pretty comprehensive protection: cutting-edge behavior-based with TF for all undetected stuff and decent signature-based backup for any threats that get in but haven’t yet performed any malicious behavior (p2p, email, etc). Also, you can always run on-demand scans with Avast prior to running any files on your system.

I understand Threatfire’s comment, however, I don’t really want to install two programs. I want ONE program with both benefits of behavioral and scanner-based products. If he had sent this reply sooner, I MIGHT have gone with just Threatfire, but I already installed Avira…we shall see how it goes.

eEye are customers of Marketo actually. Nice people. I am a little frightened by the size of the file. 70 megs! Also, the reviews have a theme of “problems uninstalling” and “difficult to use”. I want to install it, but I need to research more on the latest state of it.

Or of course, you could get a Mac and not need any antivirus software! 😀

(Sorry, had to say it……)

I am really interested in your take on NOD32. I am on a quest for a FREE AV program as I write, and am considering this as an option. However, I think they do not have a free version, now that I think about it, just a 30-day trial. I would still be interested in your comments, since at this point, I would be willing to pay if I get what I need.

Also, I almost forgot, what about TrendMicro PC-cillin?

Thank you!

Whatya think?