What anti-virus software should I use?

So, I’ve touched on this before, but I get asked this question alot. The short answer is: If you are on Windows, use Microsoft’s free built in system Security Essentials or Windows Defender depending on what version of Windows you are running, or none at all. If you are on a Unix/Linux based system, including MAC OS X, then don’t use one either.
For those who want to know why, Anti-Virus is always a cat and mouse game. Attacks constantly evolve so the AV has to chase it. Using good practices is far better than relying on a software program to deal with your mistakes. The newest malware are moving to file-less programs which get written straight to your systems active memory and only live until you reboot. This is a greater challenge for AV. Third party AV systems actually increase the attack surface of your machine and security professionals have been moving away from recommending AV for quite a while. One issue is that many AV products install their own root SSL/TLS certificates so they can insert themselves into your encrypted connections with other sites. While they are doing this for our benefit, this is the definition of a man in the middle attack. There have been documented cases of malware exploiting this proxy.  For a really good paper on the details of this problem click here.

AV products are also notorious for draining resources making your system run, sometimes unbearably, slow.  So why is Microsoft’s product any better?  As the operating system manufacture, they are able to put their AV in the OS where it is more efficient so it doesn’t drain resources, and if they want to proxy TLS connections, which I’m not sure if they do, they already have a root certificate in your machine so it’s not adding any attack surface there.

If you want to understand good security practices you can read my post here.  I also plan to put together a more comprehensive best practices document in the near future.

The bottom line is third party AV is a relic of the past.  Save your money and your sanity.  If you think you may have a virus I do recommend two products for specific scanning of your system.  Windows Defender Offline, and Malwarebytes.  Both of these should be downloaded to a USB drive from a clean computer and ran as needed on possibly infected machines.

Leave a Reply

Name *
Email *