Vincent Steckler

4 August 2009

Can you Trust Free Anti-Virus?

I ran across an interesting article the other day that questions whether a user can rely upon free anti-virus: http://tech.blorge.com/Structure:%20/2009/07/04/symantec-its-dangerous-to-rely-on-free-antivirus/. The source of the quotes in the article is of course one of the big paid anti-virus companies. And it erroneously concludes that free products cannot be trusted, are not sufficient, etc. But then again why should a firm that makes a billion dollars a year off of paid anti-virus conclude that a free anti-virus product is good…..

The article does make very good points about what is needed in a security product. Its only error is in concluding that a free product does not provide these capabilities. So, here are the points the article makes and why they are wrong (at least for avast):

  1. Free antivirus does not provide the protection to avoid identity theft. This is wrong. Malware focused on stealing identity information is just malware. In principle it is not any different from malware focused on hijacking your computer, deleting your data, etc. There is really no difference in detecting this malware. Avast's ability to detect malware is unquestioned and is always at or near the top of malware detection tests. Talking about identity theft here is just marketing hype. Users are rightfully concerned about protecting their identity information. But, we and everyone else do that by protecting the user against malware. Unlike others we just don't hype it…..maybe we should.
  2. There is a big gap between what free antivirus protects against and the current threat landscape. This is wrong. The spokesperson is wrongly assuming that antivirus products do the same as what they did 10 years ago. In those days, an antivirus product looked at an executable file (exe) and based on some mathematics (e.g. signature) decided whether it was a virus. This approach is not very useful these days. Instead one needs what is called "defense in depth". One must catch the infection much earlier. These days the most common way of getting infected is over the web—by browsing web pages that are dirty or hijacked. Detecting these infections is one of the things that avast excels at. Our free product protects not only against the execution of malware but we also have heuristic detections, un-matched detections of infected java scripts, web shields, and behavior detections. This is at least equal, and sometimes better, than what is available in a paid product.
  3. Attackers are targeting legitimate websites…..implying that free antivirus in ineffective in these situations. This is wrong. While the statement that attackers are targeting legitimate websites is correct, the implication that only a paid product can protect against this scenario is absolutely wrong. In fact, I would be willing to bet that our free product provides as good or better protection against this scenario than any of the paid products.
  4. Antivirus should be a last defense. This statement is true in a technical sense. The spokesperson is using the very strict definition of antivirus that I described in point #2 above. But the fact is with avast there are many layers of defense and the strict definition of antivirus is in fact the last layer.
  5. Free antivirus may not protect against drive by downloads that target the browser or browser plug-ins. This is wrong. Avast provides just as much protection, if not more, against these threats as the major paid products. The vast majority of threats we currently see are of this type—they are typically java script infections on web pages. Here we believe no one does a better job of detecting these threats than us.
  6. Free antivirus only provides the last layer of defense and that is inadequate. This is wrong. Avast provides all the layers that the paid products provide.
  7. Free antivirus firms don't have the resources to stay on top of all the security threats. This is wrong. Companies do not scale their security research based on their revenue or number of users. I would bet our security research organization is of a similar size to that of the large paid providers. Our success in published malware detection tests show that we are just as good, if not better, than the paid providers. Instead, what the paid firms scale up is their marketing and sales organizations. While those firms may have hundreds of people in their marketing and sales organizations, we have just a few.

Now of course we do have a free and a paid product. And as I described in another posting, we are not entirely altruistic in providing the free product. But the free product is in fact very, very good. For many, if not most users it is perfectly sufficient. Our paid version does have some additional features—but the core security protection is very similar. Our upcoming Version 5 will also have additional features. But we do believe all users should have access to top notch security even if they can't or won't pay for it. That is why we have the free product.

So, don't worry that paid security companies claim your free protection is not good enough. It is.

If you still aren't sure, here is a review: http://www.pcmag.com/article2/0,2817,2282704,00.asp

Corporate News, Security News