Anti Virus/Malware Protection

Welcome to crazy IT, this is the first post in what hopefully will be many, for our first post lets talk about anti virus/malware protection as this is a huge topic that has heaps of misleading information online.

So you may ask, “Crazy, what’s the best anti-virus program?”

I’m going to answer this question honestly and as unbiased as I can, to do this we first have to establish how anti-virus and anti-malware programs work.

Lets assume that all AV (Anti-Virus) programs are made equal and do the same job with the same efficiency etc (not true but for the sake of the article).

AV programs work on a reactive basis, this means when a new threat comes to life that no one knows about, a certain number of customers will have to be infected and report an issue before the company that made the AV will know there is a problem and analyze it. Once they analyze it (lets again assume all companies take the same time to fix and block the threat) they then publish definition updates which protect the rest of the customers.

I know this seems odd, some people have to be infected before anything can happen, however this is the only real means to catch things beyond locking down the entire machine, which will make it almost unusable for the average user. Think of it in terms of human virus’s, people have to get infected, then when it is known to be enough of an issue the health department/anti-viral companies swing into action to help the infected and prevent the rest of us from getting it.

So you may be thinking, what does all this have to do with the best protection even though we are saying all programs are made equal and do the same job? Glad you asked, being a reactive process means that the best protection (again all other things being equal) is the one with the most customers. This comes down to a numbers game, the program with the most customers means it has a higher chance of seeing the infection and thus a higher rate of protection as they have seen it before everyone else.

Lets break that down, AV program 1 has 1,000 customers, AV program 2 has 10,000 customers.

Which program is more likely to see an infection on its customers? program 2 as it has a larger pool of users means it is more likely to see an infection than program 1, 10 times more likely statistically. As the gap of customers gets larger then the more likely this becomes, eg: program 1 has 1,000 customers, program 2 has 100,000 customers. this means program 2 is 100 times more likely to see a threat.

OK, so if this is the case, which program has the largest set of customers? the answer may shock you as not many people are aware it even exists. Since Windows Vista, Microsoft has built in Windows Defender, this is their version of anti-virus built into the OS itself. Now its first few versions were not the best at reacting and didnt get used due to the number of people installing third party AV programs that disabled Windows Defender. However MS has been quitely building and learning from past data. Enter Windows 10, Defender is an even more integrated part of Windows (you can turn it off, with many little warnings, but you can’t remove it as its part of the base OS). Being part of the operating system means Windows Defender already has an unfair advantage over third party programs as it sits under certain layers of the OS that an app or program just cant simply get to, on top of that, being apart of Windows means (key point here) EVERY Windows 10 device has it! Remember the part about number of customers being important? Windows 10 has over 500 Million active users and is installed on over 1 Billion devices! No other AV product has that kind of reach. The other factor here? Its made by Microsoft, for free, who also make Windows. If anyone knows the ins and outs of Windows its Microsoft, no one knows it better as they built it.

So we have established that Defender has the largest number of customers, this means with all things being equal Defender would be the best option. Lets weigh up some other concerns that I hear and see all to often.

I see so many machines with “free” AV programs on them, customers are always saying, “its free, I don’t want to pay for it when there is free ones”, Sure valid point on the surface. Defender is also free, and if you have Windows, you already have it, but lets break it down. To make software of any kind, you need to hire at least 1 developer (or be your own developer), to make an AV program and make it efficient and respond to changes like new virus’s and want people to use it, you need a team of developers, you need virus analysts, graphic design team (no one will use it if it doesn’t look good), marketing, a place to work, computers to make it all on (not cheap ones, we are talking $2,000 AUD MIN per person), bills to pay like electricity, etc etc, this is all a huge cost and outlay. So these “Free” AV programs have had A LOT of work and money thrown at them, how on earth do they give it away FREE? the answer is 2 fold, ads which no one wants or likes and the other is more sinister, install malware, virus’s or other things along with the program, either by sponsor (paid by a “company” to install it) or just plain old malintent (more on this in a future post).

Now the company may try to “cut corners” in order to make the program for less money, this results in issues like the program causing Windows to crash as its not compatible or does something it shouldn’t as the time and money wasn’t put into it.

Most “free” AV programs are made with good intent but are forced to cut corners or use ads to try get some money back. Time and time again I see the usual AV programs being the SOLE error with a customers machine. Remove it and it works great.

So lets talk about efficiency, in the real world not all programs are made equal, like in our example in the beginning. You want a program to protect you in a few ways, fast – as soon as something does get on to your machine you want it gone, effectively – you want it to be an AV, not a firewall and a AV and a network manager and browser and password saver etc (doing to much = stretched to far), efficiently – you want it to do its job WITHOUT taking all the resources or crashing Windows. this means it doesn’t slow the use of the machine and doesn’t cause issues to arise.

Remember Windows Defender being apart of Windows? that means its not likely to make it crash and means it does its job very efficiently and effectively (it only manages one thing, protection from virus’s and malware).

Ill finish up by saying Defender really is the way to go, in our workshop we have 6 overhead machines we use in part to plug customers drives into, customers infected drives. We have tried all the big free AND paid programs, interesting fact, defender beat them ALL to the punch and removed the threats before they even lifted a finger. We now solely run Defender and have never had an infection on a work machine, trust me when i say we see A LOT of customer infected machines.