Anti-virus software is frequently seen as bothersome. Warnings inevitably pop up at the most inopportune moments, breaking your concentration and intruding into your workflow. Occasionally, an overzealous anti-virus application will even block legitimate software.

Time for a brief look under the hood: What does anti-virus software do? How does it work? And is virus protection even worth paying for anymore?

What virus and malware protection can do for you

Anti-virus (AV) vendors like to imply that without them, you'd be lost. Or at least your data would be. Some Windows users hold the opposite view: Anti-virus tools reduce system performance, annoy users with unnecessary warnings and block perfectly harmless apps while actual malicious software may still slip through.

Even though anti-virus software can be extremely annoying, it does provide an essential safety net. Without anti-virus software, you would have be extremely careful about all interactions with others to prevent malware infection. To put it as succinctly as possible: Without anti-virus protection, no internet.

Current anti-virus programs are very similar in the way they protect users from malicious software, "malware" for short. Their real-time protection modules check all files as soon as they come in. A web protection module tries to prevent access to harmful sites. Finally, an on-demand scanner checks all local data for possible infections.

It's true that all these methods require computing power, i.e. they slightly reduce system performance. However, several methods are being used to reduce this impact. One of them is a multi-level approach to identify harmful software.

A brief primer: how anti-virus protection works

The most simple way to identify threats is by matching the code with "signatures" of known malware. Put simply, this boils down to checking whether the file being analyzed matches a checksum from a blacklist.

This approach has the drawback that attackers can bypass signature recognition through minor code changes. Enter heuristics analysis, where the anti-virus program widens the detection criteria by matching a broader pattern, such as a specific piece of code instead of the whole file.

Heuristic analysis has the advantage of easily catching variants of a threat. However... and there's always a however with anti-virus software ... since heuristics involve some degree of guesswork, they are prone to mistake valid applications for malware.

Another approach is a behavioral analysis. For this purpose, suspicious applications are first run within a "sandbox," isolated from the operating system. This detection method, however, is very resource-intensive – i.e. if run on your computer, sandboxing can significantly impact its performance.

To mitigate these issues, anti-virus developers have developed online reputation systems. If the local anti-virus program is unsure about a file, it can instantly contact its vendor's servers to check whether it is found in a centralized whitelist. If the code is known to be harmless, it will be allowed to run. Is the code unknown, it's sent as a sample to the manufacturer's servers for central analysis. There, the sample is run in a virtual Windows environment where its behavior is checked for unusual activity.

All of this usually happens without users having to worry about it. Think of anti-virus programs as kind little elves working in the background, keeping you safe. However, occasionally even elves can get things wrong.

When anti-virus tools go haywire

In spite of the safeguards of whitelists and online reputation checks, anti-virus software occasionally will overshoot its target. Harmless software isn't allowed to run properly, access to innocuous websites is blocked. These mistakes are called "false positives."

One recent example for a false positive is Comodo Internet Security Pro, which under certain circumstances prevents users from running SoftMaker Office 2018. Using standard settings, Comodo's integrated firewall may block access to SoftMaker's activation servers. As a result, the software cannot verify the validity of a license and activation fails.

Software developers affected by such an issue have little recourse but to contact the anti-virus manufacturer, convince them of the legitimacy of their software and request their product to be added to the company's whitelist. This can take time. In the meantime, users have to make do with workarounds.

In the case of Comodo Internet Security Pro and SoftMaker Office 2018, currently the only way to ensure successful activation is to deactivate the anti-virus suite's "Website Filtering" module. This is done by accessing the settings of Comodo Internet Security and navigating to Website Filtering. In this section, you should disable "Enable Website Filtering (Recommended)" and confirm your choice by clicking OK.

Generally speaking, you should be very careful when disabling elements of your anti-virus protection. The best solution is to create exceptions for specific applications – this essentially creates a local whitelist. However, before you add such an exception, you will want to double-check that this will not endanger the computer's security. Luckily, there are several free online services to aid in this assessment.

How to check whether a file is harmless

Some anti-virus applications are very draconian: Suspicious files are quickly deleted or sent to "quarantine," a special container where it can't do any harm. This usually happens even before the anti-virus program issues any kind of warning.

There are several ways to check whether such a file is a false positive or as malicious as the anti-virus software believes it to be. Often you will first have to restore the file from quarantine. Since the process is highly application-specific, you should check their anti-virus documentation for details. To avoid that the restored file is removed again right away, you may sometimes need to first create a temporary exception.

Then, you can upload the file to an online virus scanning service such as HerdProtect, Jotti's Malware Scan, Opswat Metadefender Cloud or VirusTotal. Be careful to never double-click a suspicious file before uploading! The service will proceed to check the upload using multiple virus scanning engines – this can take a few minutes.

The results of online virus scanners can be difficult to interpret. However, if more than a few engines agree that the file is malicious, your local anti-virus was probably right. Special care needs to be taken with results marked as heuristic results (commonly identified as "heur"). As mentioned previously, heuristic analysis is quite prone to errors.

Online virus scanning services aren't perfect: It can actually happen that all scanners fail to detect the maliciousness of an uploaded file. This can especially occur with files you may have received as e-mail attachments. This type of malware is often tailor-made to bypass virus protection.

Usually anti-virus makers catch on to the ruse within a matter of hours. Therefore, if you remain suspicious of a file after first analysis, leave it be for a few hours, then upload it again. This often results in markedly different results which should clear up any doubt.

Be wary of uploading personal data to online virus scanners, though. Most of them will forward suspicious files to the individual anti-virus vendors for further analysis. This is usually pointed out in the online scanner's conditions of use, which nobody ever seems to read.

How to choose your anti-virus

If you're a private user running Windows, Windows Defender is a decent anti-virus solution. It's developed by Microsoft, therefore it integrates seamlessly into Windows. Windows Defender relies both on signatures and online reputation checks. It tries to be as unobtrusive as it can be, even though it's free.

All other free anti-virus tools essentially are advertisements for their commercial brethren. This means that they spend more effort to call attention to themselves, because they have to sell a product. Windows Defender follows a different business model.

If you use your computer for business purposes, Windows Defender may not be the best choice. Usage of the software requires active participation in "SpyNet," Microsoft's somewhat awkwardly-named reputation service. Should Windows Defender find suspicious files on a computer, it will upload them to Microsoft without asking. This could potentially expose confidential data to third parties.

The reason for this behavior is that Microsoft also sells a commercial anti-virus solution called "Endpoint Protection" designed for corporate customers. Windows Defender essentially feeds Endpoint Protection with malware samples.

Professional users may decide to go with a commercial anti-virus solution instead. Most of them offer the choice to opt out of uploading suspicious files, even though this can reduce the degree of protection. In addition, they offer additional layers of protection – some of them useful, some rather questionable.

Commercial anti-virus vendors usually offer several packages with differing features and pricing tiers: The basic anti-virus program only offers essential functionality. The mid-range internet security suite includes additional features such as safe browsing environments for online banking, ad blockers, password safes and parental controls. A deluxe version will pile on even more goodies, many of them of questionable benefit.

When deciding which package to choose, you should first install a trial version to familiarize yourself with the application and decide whether it meets your needs. Take your time to check whether the application tries to "lock you in," i.e. force you to keep using their product.

Password safes, for instance, are a generally very good idea, but the ones bundled with internet security suites frequently lack the possibility of exporting the data into a format other password safes can read. In the worst case, you end up stuck with an inferior anti-virus program just because it holds your passwords hostage.

Tools to "tune" or "clean" the operating system are also of dubious usefulness, given that Windows already includes features such as "Disk Cleanup" and "Storage Sense" to recover hard drive space. A "registry cleaner" can actually damage the operating system and Microsoft has been known to decline support to customers using such tools.


Thanks for sharing such an useful software.
25 years in IT, and have used a lot of different AV suites and products in that time. I have used BitDefender Total Security for 5 years now. Highly recommend.
Hello Everyone!

First, I like to say that I Love Softmaker!
I have the paid version of the suite: These are easy to use and I Save a lot of money (not using the alternative out there).

Secondly, as for what I use to protect my Windows 10 Professional laptop . . . I employ the Windows Defender Security Center and of course my Tried and True, Malwarebytes!
I have the Life-Time option as I was "grandfathered" in before the new business model of the "subscription" was introduced some time ago.
In addition to these, all of my key ports are in "Stealth" mode which gives me some more cyber-protection from any unwanted intrusions.

We use an anti-executable "VoodooShield" PRO, not cheap but it out performs Bitdefender products and most other major AVs. Over the years I have tried most AVs
also running Free Bitdefender with VooDooShield purely for capturing phishing attempts.
Anti-executable stops intrusions the AVs dont know about yet.
False-positives detected by analytics are a frustration ... analytics are just a guess.

Staying away from risky sites ... porn, click bait, etc is a v.good start to staying clean.

HerdProtect is not available (as at Jun-2019) and is a download, not a true online scanner.
Jotti's Malware Scan ... 17 AVs ... less than half provided by VirusTotal
VirusTotal (IMO) is the most reliable of scanners, but then false-positives by lazy AVs can waste yor time.
What a market. Spend money every month or else. "I use this one. I use that one", then oops, we are sorry we had an issue with our software & your information got out (somehow), the hackers got in. Be sure to turn it off when you're playing a game, or you won't get the frame rate you want / it may interfere with doing. . .".

Because of the errors, the system slow down (clogging), the oopsies, it makes you wonder if they aren't the ones doing the hacking?
I'm not saying that it's unreal, just questioning the source of the issues?

"We solemnly promise that none of your information is being sent to our third party vendors. Or that is will be used maliciously, when we do".

Just some food for thought.
Linux works for me, but the truth is that nobody is safe on the internet, and malware is moving into web pages themselves, rather than just being sites where malware can be picked up, and into browsers.

The current internet was never for all the uses we have today, and never designed with all the safeguards necessary. We don't need better anti-virus, we need a better internet.
I absolutely agree totally that we need a better internet, first of all
Been a Fedora and Ubuntu and Linux Mint user. Fedora is secure but beware it has selinux installed. Ubuntu and Linux Mint are good for new user but beware you have to enable ufw firewall. Anyway Linux is stable but in recent years its rootkit preventive tools are in abandoned state. With security hardening not easily available, such as the GRsecurity modified Linux Kernel,the security state of GNU/LINUX is questionable today. Let's hope the Linux kernel team can get Linux Kernel to a par with the security of GRsecurity modified Linux Kernel.
I have used Comodo. It is very effective in prevention because of the Default Deny aspect of it's protection. It works but it is occasionally a pain.
I have used Linux.
Some really good information, a number of questions I have had in the back of my mine about anti-virus programs and how they work are answered.

Thank you for putting this up on web.
I have been using Norton 360 for years. I have every confidence in it. However it is becoming very expensive. Are there any tried and trusted equivalents for less than 90 pds/yr for three computers?
I use Malwarebytes Anti-malware, it is one of the best and a good price, normally $40 for 3 computers, cheaper when on sale. Also use a free or paid antivirus along with that since it technically isn't an antivirus program. Windows defender is fine since it comes with windows. I use Bitdefender because it is one of the best. I use the paid version as I get it on sale whenever it goes on sale on sites like Newegg or others. Haven't had a problem in years using this combo.Malwarebytes finds things normal antivirus doesn't look for. Both are very easy on resources and won't slow your computer down.
That's the 2 I use James. Tried them all pretty much. I find these the 2 best as well.
> Should Windows Defender find suspicious files on a computer, it will upload them to Microsoft without asking.

That is not an accurate statement -- the user has agreed to that action, and can disable that upload, at any time.

> This could potentially expose confidential data to third parties.

I disagree. A "suspicious file" is either an executable program, which typically does not contain any bits of the user's data, or it is an infected PDF or an infected Microsoft Office document, which obviously can contain the user's data.

Also, to which "third parties" does Microsoft release a copy of anything uploaded to Microsoft?
Probably none, but possibly there is a private network amongst the various anti-virus software companies, so that they can all add detection for the same malware. Can you trust the employees at those companies, and trust the "non-disclosure" documents that they signed, as a condition of employment?
> you should disable "Enable Website Filtering (Recommended)" and confirm your choice by clicking OK.

It is vitally important that you should immediately "activate" the previously-blocked software, and then immediately ENABLE what you have disabled.
1.Using Linux,any major or close distro.It is enough for all but games.
2.Using Win 10 with Windows Defender.he have a good rate of detection and protection.Tested.
3.Using rarely,IOS on an iPad.Without antivirus.No trouble.
For point 2,antivirus is a must have.Any antivirus.
I have used Ubuntu for the last ten years. I've never used anti-virus, and I've never had a problem of any sort with my OS. However, on rare occasion, I use Windows in a Virtual Box or dual boot, but I never go on the internet with it. If I use Windows in Virtual Box, I can run a software program one second, and be on the internet in Ubuntu the next second. And I never liked anti-virus software anyway.
I am also a Linux user. Windows 10 is very unreliable in my experience.
We use Bitdefender - relatively unobtrusive, no obvious virus issues & rated highly.
Well, Norton used to be a good buy for me here in the UK; Norton Internet Security was £25 for 10 seats. However Norton have played a Sony on us by coming up with "new" Norton 360 - which is a free "upgrade" but here's the kicker - renewal price is £90. Really?
Are you telling us that WinOptimizer is useless?
That is a surprise.
Isn't he being truthful about all system cleaners and anti-virus systems in general ,instead hyping up the product offered up by this website?
Is that not a "breath of fresh air " in this highly propagandised world of commercialism, that in itself would attract me to WinOptimiser not stop me from installing it .
Would you prefer the highly hyped , highly commercial , low on reality, high on advertising slogans/cartoons of most of the others ?
Please note that WinOptimizer is not our product, it's from Ashampoo.

Add comment