What is the best antivirus software?

I get asked this question way too often. Truth? None of them work!

The belief that an AV program can stop all malware is a vulnerability that is easily exploited.

So the simple answer is – the one that works when you need it to.

There some 40 or so antivirus software programs available. With that much product diversity, there are the inevitable questions about which is the best antivirus software or virus scanner.

And there are a corresponding number of companies that will undertake to answer that question…(and plenty of websites too).

Some testing companies are independent and some are formed or supported by the antivirus companies. But they all have one thing in common – nobody can agree on which IS the best. Even the testing companies can’t agree. Here are quotes from two well-known testing companies:

“The majority of the products are performing 97 to 99.9 percent in large on-demand scanner tests. The products are often tested against millions of old samples which have not been seen spreading or distributed during the past few months.”

See the flaw? They’re testing using old virus samples that everyone already knows about. Of course the detection rates are going to be in the high 90’s. Does that mean your computer is protect from 99% of the viruses – NO! It only means that the AV detected 99% of the samples tested. That says nothing about the mass of viruses that have not been detected yet.

This is why you practice good updating of your OS. Vulnerabilities get patched by Microsoft but, if you don’t do your updates, you’ll fall prey to the next round of recycled viruses exploiting an unpatched vulnerability.

“…a more realistic rate of zero-day detection for an AV product would be 29 to 64 percent”, which is the range his lab got in its recent tests of AV products. Vendors tell him off the record that they typically can catch about 40 to 45 percent of zero-day attacks”

This is a report of another testing company arguing that zero-day exploits represent the real danger that should be tested. This tester also says that vendors of antivirus products tested in his lab have said, OFF THE RECORD, they can catch about 40-45% of zero-day exploits.

Think about it. Would you trust 100% of your computers security to a product that can only catch 45% of the real-time risk your exposed to?

Then why are we bombarded with antivirus products telling us how great they are and what a good job they can do of preventing infections?

It’s obvious that antivirus programs CANNOT protect as advertised. But that’s a topic I’ll discuss in greater detail on the <a href=”http://www.malware-removal-guide.com/free-virus-protection.html”> Protect</a> page.

This page is about attempting to repair your malware infection (in the unlikely event it is NOT a rootkit) using what, in my opinion, are some of the best disinfecting antivirus applications.

First, you’ve used the {MSconfig} utility to determine what programs run at startup and have unchecked any questionable, unneeded or malicious entries.

Using {Regedit}, you’ve found and removed entries related to things you found in the {Event Viewer} and {Task Manager}.

Scanning your computer with antivirus software should be done in Safe Mode (press F8 during computer startup) and Regular Mode. You should scan your computer several times with several different products.

Often, the detection and removal of one infected file can expose others if the first file removed was providing “cloaking” for others.

Since we know that any antivirus program is, largely, only as good as it’s signature updates, one is as good as the next. And remember, free virus scanners offer only a subset of the full, paid versions.

If a free virus scanner doesn’t detect anything, then consider getting the paid version. Paid versions will include more detection algorithms, not just virus signatures. These advanced detection algorithms may be able to detect more exploits that a simple file scanner cannot.

These are few of my favorites for a variety of reasons.

Avast Internet Security

I’ve used Avast in the past with expected results. What I didn’t like about Avast is the load it puts on older machines as it’s loading up the signature database. Their website touts their performance, but on the bench I’ve seen it put a good load on the Centrino/Celeron/Sempron class of machine.

What I do like about this product is that the Internet Security program includes technology based on the Gmer rootkit detector. Gmer is one of my favorite tools and it’s good to see an antivirus program include it.

Avast recently release a Master Boot Record (MBR) scanner that works in Win-64 (yes!) and will detect non-standard MBR (rootkit) as well as list modules called by the MBR. It claims some repair capability but I’ve had limited success with repair. Still – excellent tool!

The free version of Avast would be a good place to start your repairs though the paid versions give you a deeper level of detection and, post-repair, protection.


Malware Bytes has become one of the “must have” tools in any geeks toolbox. It works. It finds stuff that others don’t.

Highely recommended. Free version available to be used in your pc repairs. Once your system is clean and running again, purchase the paid version. As usual, the paid version has more “features” enabled.

Malware Bytes Support Forums are also an excellent resource for those of you that really want to try and dig out your virus infestation. They have some really great techs that give excellent advice and how to run some other support utilities.

Free Online Antivirus

Another tool to use in your computer repair efforts is an online virus scanner. Few will run directly from the internet and most will require you to download their tool, usually an ActiveX plug-in for Internet Explorer or a Firefox plug-in to run the ActiveX tool.

F-secure’s online virus scanner uses Javascript and will run in any browser. You may need to update Java before the scan will run.

These online virus scanners require a download:

ESET Online Scanner

TrendMicro Housecall

Bitdefender Online Scanner

Norton Security Scan will run in Firefox but requires Internet Explorer to check for installed antivirus software.

Panda Active Scan requires it’s own browser specific plug-in to be downloaded.

How well do these work? As well as they can. Read the forums from these companies. They are full of very helpful, and often successful, advice. They often recommend the same tools I use at my computer repair shop.

If you read the forums, there will be those whose efforts cannot remove everything. The computer may actually work better but exhibits strange quirks like the antivirus finding the same virus on each scan – self-replicated from hidden binary keys in the registry.

I’ve had the opportunity to manually examine the registry of one repair job that had a self-replicating virus. I found the virus code scattered in binary keys throughout the registry (after looking 100’s of computer, you begin to recognize things that don’t look right or shouldn’t be there).

I manually deleted the keys (it took me over 4 hours) and was able to disable the infestation so that the computer was useable. But the collateral damage done by the infection still required the full hard disk wipe and OS reinstall.

So what is the best antivirus software?

As I said at the top of this article, the one that works when you need it to.

Stupid answer, huh? I’ll get more into this on the <a href=”http://www.malware-removal-guide.com/free-virus-protection.html”> Protection</a> page.