Solved

Best Real-time anti-malware tool for windows?

Posted on 2014-01-22
24
2,415 Views
Last Modified: 2014-01-26
I have a user who keeps getting tricked into installing malware that the integrated anti-virus in Windows 8 seems not to catch.

Most recently, he installed:   "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup"

What's the best anti-malware solution which blocks these in real time BEFORE they get installed?

Thanks,
Mike
0
Comment
Question by:mike2401
  • 10
  • 10
  • 3
  • +1
24 Comments
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 50 total points
ID: 39800381
I would recommend MalwareBytes.

But you could  also try Emsisoft AntiMalware which has dual scanning engine (BitDefender definitions  and definitions created by Emsisoft)

https://www.emsisoft.com/en/software/antimalware/

Sudeep
0
 
LVL 24

Accepted Solution

by:
aadih earned 400 total points
ID: 39800397
There is no 'best' antimalware (antivirus) software. It's much a matter of personal preference. If interested in some objective test comparisons, please visit the AVTEST site (< http://www.av-test.org/en/home/ >) and other testing sites. And based on your own research after looking at these objective data, please make up your mind as to which one you prefer to use.

But, alas, there is no "best" solution; they all excel in ways and fall short in ways. The best security solution is found sitting in front of the keyboard; others are tools to help protect the PC to some extent and clean it up once some infection sneaks in.

<An opinion only.>
0
 

Author Comment

by:mike2401
ID: 39800496
Thanks @aadih , that av-test.org site is awesome!

Thank you for answering the question I should have asked!

In the first 30 seconds of looking at the site, I am alarmed that Microsoft Security Essentials for Win7 got: 0.5/6.0.  OMG !!  That's what I've been suggesting to people !!!

One thing I still remain confused about is the difference between malware an antivirus does not detect: like: "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup"  

and viruses that I presume av-test.org is detecting.

Is there a similar site that compares real time malware scanners? (where I might see where malwarebytes ranks?)

Thanks a bunch!

Mike
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800528
I do not believe there is a site for malware scanners; the reason being most of the antivirus include malware detection. As I said in the other thread, Malwarebytes Antimalware is a great program to have for scanning and cleaning in case of suspected infections (there are others also). And others use it and are happy with MBAM Pro as their primary vehicle for real-time protection.

Again, it's a matter of personal preference (given one's Internet habits and heavily dependent on it). Knowing that there is no such thing as 100% security is also a part of security as it protects one from taking 'unnecessary' risks.
0
 

Author Comment

by:mike2401
ID: 39800564
Do you think the problem that "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup" got through is he was using Windows 8's built in anti-virus?

In other words, had he been running: Avira , would it likely have blocked this kind of stuff?

Thanks,
Mike
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800593
I don't know for sure. Until I try to download one of these and see what happens, I cannot say anything about these. Generally, I have developed a sense of 'red flags' for sites or programs and avoid such programs. I have cleaned successfully (on my friends' computer) each of the above, however.

Note also the many antivirus will not flag toolbars and programs many do not like (as they are not really malware, technically).
0
 

Author Comment

by:mike2401
ID: 39800607
I share your sense of red flags.  I'm sure neither of us would google itunes and download the conduit junk which bundled all the malware with it.

Mike
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800630
I was editing my post while you were posting yours, and I lost my edits.

Gist of it is:

(1) I have had no nasties in a few years now.  I use Avira on one (for about 5 years now) and Webroot SecureAnywhere, which is cloud based, on another.

(2) I have let in malware knowingly as part of testing (like I'd have to do to download the programs you mentioned and find for myself) and I have been able to clean them using MBAM.

(3) Generally, I remain unafraid of any nasties.

Note: People generally swear by the security software they use. I consider them all equal, more or less, with safe browsing habits. Even ME (Microsoft Security essentials) on Windows 7 and WD (Windows Defender) on Windows 8 or 8.1 are okay.

BitDefender is rated very high; a free version is also available. I generally stay away from the ones that use a lot of resources (CPU or RAM). You could give BitDefender a try.

Before choosing Avira, I used one antivirus for a week, another for another week, and so on. You may also like to test a few like this for yourself.
0
 

Author Comment

by:mike2401
ID: 39800682
Thanks @aadih .  You obviously are an expert so you not getting nasties isn't impressive.  What would be impressive is if I install Avira for this problem user, AND the malwarebytes real-time-scanner, and he never gets infected again.

He just got a new win8 pc, and he basically does email and surfing, so I'm not at all worried about performance.

Does Avira work with the malwarebytes real-time?  

I know you never want to install 2 anti-viruses (like kaspersky and norton).  It sounds like malware bytes is designed to work in addition to AV.

Mike
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800717
Believe you me, no matter what you do, he'll get infected again. :-(

I'd suggest try BitDefender as it is rated best.

You could install two or more antivirus software. Disable real-time protection (and firewall) from all but one. When you need, scan with all of them, one at a time.

You could use (1) only MBAM Pro (paid) as the real-time protection (2) BitDefender (say) for real-time protection and MBAM (free) for scanning and cleaning if an infection is suspected (or once a week).

I may be wrong, but I do not believe that a paid antivirus program protects a PC better than a free one. (A preference, perhaps, of mine.)

Note: BTW, an expert (I am not) and a common person is equal in 'getting' the nasties. :-)
0
 

Author Comment

by:mike2401
ID: 39800783
What do you think of this source for comparison of AV products:

http://www.virusbtn.com/vb100/RAP/RAP-quadrant-Apr-Oct13-1200.jpg

I stared at this diagram and don't see Microsoft Security Essentials.  What's up with that?

Mike
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800819
MSE and WD are not as good as others (AVTEST calls them baseline). Therefore you will generally not see them.

As for the link you provided, it's okay, the results that is. After an initial research effort, more effort will not produce any more insights nor it is needed :-( (because if selection of an aniviruas program were something as objective as a scientific theory, proven and all that, then most of them will not be in business. ;-))
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:mike2401
ID: 39800823
@aadih : are you suggesting if I get him the paid MBAM Pro for real-time, that does it all, and I don't need an upgraded anti-virus scanner like bitdefender or avira for his win 8.1??
0
 
LVL 24

Expert Comment

by:aadih
ID: 39800843
As I said, several people swear by MBAM Pro only. I have no experience with Pro because I use only free products in this arena. Wait a bit and, I am sure, other experts would comment on using MBAM Pro only.

All security programs update their data periodically and automatically.
0
 

Author Comment

by:mike2401
ID: 39800941
Despite the subject: best real-time malware scanners, this thread has morphed into the best AV product (which has been  hugely informative).

BTW, I read at the pinned thread at malware bytes:

https://forums.malwarebytes.org/index.php?showtopic=9365

that:

"4.) Antivirus
An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free antivirus programs are Avast, and Microsoft Security Essentials. Please run only one antivirus resident at a time!
It's a good idea to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats."

If Microsoft's built-in defender is 0/6 stars worthless, I can't believe malwarebytes would suggest that?

Since bitdefender is top rated at:
http://www.virusbtn.com/vb100/RAP/RAP-quadrant-Apr-Oct13-1200.jpg
and
http://www.av-test.org/en/tests/home-user/windows-8/novdec-2013/

I think I'll go with that for AV and malware bytes pro for malware.

I remain confused that this somewhat arbitrary distinction between virus and malware: both are stuff I don't want.  You'd think that every anti virus program would incorporate both scanning functions.

Mike
0
 
LVL 47

Assisted Solution

by:dbrunton
dbrunton earned 50 total points
ID: 39801005
>>  What's the best anti-malware solution which blocks these in real time BEFORE they get installed?

Nothing is going to stop him installing software and stuff like that won't register in any of the anti-virus or malware products.

Possibly best is to make sure he is surfing as a) non-Administrator, b) uses Chrome rather than IE, c) no Java installed, d) fully patched.  If he surfs as Administrator then trouble WILL arise.  You've got a wide range of anti-virus products, none are perfect.   I use the Microsoft product despite it's poor rating.  Any of the other free options such as AVG, Avast, Avira, Comodo will do the job.
0
 

Author Comment

by:mike2401
ID: 39801060
1. In Windows 7 & 8, I have the impression that even if surfing as "limited user", when the UAC pops up, if the user types in the admin password, they have effectively been surfing as administrator.

If true, it sounds like the recommendation is to make him limited user, and not tell him admin password, which presents all kinds of hassles for someone's home pc.  I vaguely have the impression that sometimes, create or deleting a shortcut on the desktop provokes a UAC.

2. Is it really true that even malware bytes real time won't prevent a user from installing "fake antivirus 2013, Optimizer Pro v3.2, Conduit's ValueApps,  MyPC Backup"  

If true, I'm really sad.  I was really hoping that malware bytes pro would solve all my problems!

Mike
0
 
LVL 24

Expert Comment

by:aadih
ID: 39801090
Nothing solves all problems, Mike.  Sorry.  But true.  

Again, use a free good antivirus software (Avast, AVG, Avira ... Panda Cloud... ). Have MBAM (free) installed and updated just in case you suspect something.

And 'go with the flow'.  :-)
0
 
LVL 47

Expert Comment

by:dbrunton
ID: 39801145
>>  when the UAC pops up, if the user types in the admin password, they have effectively been surfing as administrator.

They then become Administrator temporarily.

>>  recommendation is to make him limited user, and not tell him admin password,

Not quite.  All his work and surfing should be done as limited user.  He should know what the Administrator password is but Administrator account is only for maintenance and software installation.

Malware Bytes may or may not stop him installing bad products.  Bad products change their identify to hide from anti virus scanners.  MB can remove some bad products eg http://www.bleepingcomputer.com/virus-removal/remove-win-7-anti-virus-2013 and there are other products that can remove similar installations http://www.afterdawn.com/software/security/antivirus/remove_fake_antivirus.cfm

But best is to educate the user.  If he wants to install software get him to verify that this is genuine software.  He can do this by doing a Google search on the name and looking for genuine and legitimate reviews of the product or better still asking a qualified expert as to the suitability of the product.
0
 
LVL 24

Expert Comment

by:aadih
ID: 39801162
This user is the 'top' executive, dbrunton. Hence all the difficulties (for Mike). :-(
0
 
LVL 47

Expert Comment

by:dbrunton
ID: 39801234
>>  This user is the 'top' executive

Oh, one of them.

In which case I'd alter the strategy a bit.  Keep a backup of a clean installation of his computer on an external hard disk so that it can be cloned back in case anything goes majorly wrong.

Do Restore points on a weekly basis so that the system can easily be rolled back.

Place the Documents folder on a separate partition or drive and back it up regularly.
0
 

Author Comment

by:mike2401
ID: 39810555
Ironically, the day after I purchased this problem exec malware bytes pro (real time scanner), he ignored my advice and attempted to find and download adobe pdf reader (even though I had foxit installed on his machine).

Instead of going to adobe, he did a google search for adobe reader and ended up downloading 4 pieces of malware (and conduit).  Ironically, this is how he got in trouble last time: he searched for itunes instead of going to apple.com

SADLY, MALWARE BYTES DID NOT STOP THE USER FROM DOING THIS.  I'm sad and disappointed.  I guess simply put: the technology isn't there yet :-(

I'm going to award the majority of points to @aadih because of how much time and kindness she showed during this thread.

Thank you!
0
 

Author Closing Comment

by:mike2401
ID: 39810558
Thank you!
0
 
LVL 24

Expert Comment

by:aadih
ID: 39810564
[M]ike2401, I did no such thing but to reflect back your kindness like a mirror.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Web Browsers Start Page Hijacker 14 78
DDOS against DYN 9 86
Ways to assess https/ssl websites 3 57
Question on security Audit 2 59
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now