What's the Best Anti-virus?

remm · 10 Dec 2017

I dumped A/V two years ago for Sandboxie. Runs your browser in a sandbox so it doesn't matter what you pick up online, it gets deleted when you close the browser. Nothing can escape the sandbox into the system unless you download a file and recover it from the sandbox. In that case I use an on-demand scanner before opening the file (MWB).

Can also optionally set Sandboxie to auto-sandbox your USB ports if you don't have full control over the computer, (i.e. others in the house that might have an infected drive), so that nothing can enter that way either. There are many options...

The Personal Home version works free for 30 days then becomes nagware without a license. The first time each day SBIE starts [after the trial period], a 30-sec <?> window first encourages to buy a license. But it will function without a license with some features missing that most people probably don't care about anyway. See details here.

When installing SBIE can also set it to show in the shell/context menu. This is very handy as you can right-click on a file to choose to "Run Sandboxed."

PC runs so much faster/better without an AV. Will never go back. AVs will always be subject to the occasional, smarter, zero-day threat and are not 100% reliable, plus there are privacy issues involved with an AV (for those who care about that).

Sandboxie's effectiveness is not subject to "unknown threats" or bizarre viruses or malware, as whatever happens to get picked up while surfing (if anything) can pose no threat to the system. Even ransomware. If the browser DOES pick something up, just close the browser and the problem is gone, deleted with the sandbox. Re-start browser and you're fresh and ready to go with a new sandbox.

IMHO there is no better security than running your browser in a sandbox and saying goodbye to AVs. Before starting this, however, I'd recommend a good full system scan to make sure there isn't already a virus in the system. SBIE is not an AV scanner... it's a completely different method of security.

Barman58 · 10 Dec 2017

The only issue with any single point protection is that it does not protect all methods of malware entry

How does the sandbox deal with downloaded data that you wish to retain, such as programs.

How does it screen against email
How does it prevent an infected update to the system or existing software.
How does it protect against infection over Lan or USB or Removable media

A full layered system protects against all these threats

remm · 10 Dec 2017

Barman58 said:

The only issue with any single point protection is that it does not protect all methods of malware entry

How does the sandbox deal with downloaded data that you wish to retain, such as programs.

How does it screen against email
How does it prevent an infected update to the system or existing software.
How does it protect against infection over Lan or USB or Removable media

A full layered system protects against all these threats

So does Sandboxie (edit: I should say with the same caveat I mentioned in the original post... if you recover a file from the sandbox an on-demand scanner s/b run on it)

1. When you download a program you can recover the file to your desktop then run an on-demand scanner. This uses far fewer resources than using a real-time scanner. OR you can run the program sandboxed by right-clicking on it. If you want to retain the program forever but don't quite trust it (for whatever reasons) you can configure SBIE to keep the sandbox instead of deleting it. Nothing can escape from the sandbox even if it persists.

2. I use an email client (Thunderbird) with text-only, for the purpose of not having to worry about email threats. However most people use webmail. This runs inside your browser... so again, you are protected. If you download an email attachment to your computer (recover it from the sandbox) you can scan it with an on-demand scanner, or right-click on it and run it sandboxed. (edit: Or if you use an email client with HTML-enabled mail, you can just run the email program sandboxed, permanently set so in SBIE config.) Games can also be run in the sandbox. That is, you can install any program inside the sandbox and run it from there permanently as long as you set the sandbox to persist. This completely protects your system though isn't necessary for legit programs as a rule.

3. USB can be configured to run in the sandbox by default.

As for LAN infections, I use a home computer and have never heard of an infections coming in over the LAN. In an enterprise situation I can't comment as I don't have any expertise in that case.

And updating software? I use W7 and have no intentions of upgrading, nor do I update it anymore. I also don't regularly update my other software. But if I wanted to, I'd run an OD scanner on it after... however infections usually don't come from updating legitimate software in my experience. JMO.

The greatest threat of infection by far is browsing. And SBIE is 100% effective, 100% of the time. It beats any AV hands down. (edit: I should say for home use, as I can't comment on commercial use... I imagine in that case someone could run a browser outside the sandbox intentionally or accidentally, though SBIE can be configured in the paid version to run specific programs or folders ALWAYS sandboxed, which would override a client's station. But again, I was speaking for home users of the type that frequent this forum.)

ICIT2LOL · 10 Dec 2017

And updating software? I use W7 and have no intentions of upgrading, nor do I update it anymore. I also don't regularly update my other software. But if I wanted to, I'd run an OD scanner on it after... however infections usually don't come from updating legitimate software in my experience. JMO.

Yes well I agree with what you have said in the main and Nigel has made some good points too and I think you have made the most obvious and pertinent observation of all when you say it depends on using the net.

Now as for using 7 and not upgrading I have to say I cannot blame you and if like me you want to try and alternative the latest Linux Mint 18.3 Cinnamon is as good as it gets. It surprised me quite frankly how much easier it is to use now compared to many years ago when I tried it.

But the choice is a very personal thing eh?

I have to say too that the forum here seems to be getting very slow and I have noticed the number of unanswered posts to have gone form a great number to very few and it leaves me wondering just what is going on.

kristen theron · 11 Dec 2017

Comodo Antivirus is one best free virus removal software available.

Layback Bear · 11 Dec 2017

I know little about Sandboxie; I have never used it but I do have a question.

Is their a problem running Sandboxie and a active Anti Virus program at the same time.

I personally believe in layered protection. My reasoning is, their is no one protection program that does everything well.

Jack

macgig · 23 Dec 2017

the problem is, things always change. whats good today may not be good months from now. I was using MSE for years. it found nothing on my system. malwarebytes found nothing. then I ran RogueKiller and it found some stuff. No one product seems to do it all.

their is no best antivirus. I wish there was. the free versions constantly nag me to buy the paid version which gets old really fast. lol

ICIT2LOL · 24 Dec 2017

No one product seems to do it all.

Yep well I think you will see all through any thread on AV issues will have this very statement in one form or a another I have been saying it for years now and when you think of the vast output of malware per day then how in the name of reason could any one "brand" of AV keep up with it because it is like trying to catch the burglar in the house unless you are there as he (or she) walks out then it will take time to find that burglar is it rocket science to understand that??

I have yet to see a piece of malware picked up as it comes off the drawing board it has usually been out for soem length of time and caused some damage before someone realises what is going on. We have said on more occasions than I care to think about that nothing substitutes for being careful using the net and regular checking with whatever one prefers.

The other thing is if one watches the regular reviews of say AV Comparatives it is easy to see that no brand is ever that stable even the Kaspersky I put my faith in for the general AV on my machine/s is not always at the top of the heap.

The perfect AV now we are talking of something that is truly impossible contrary to what my Mum used to tell us kids

remm · 29 Jan 2018

Layback Bear said:

I know little about Sandboxie; I have never used it but I do have a question.

Is their a problem running Sandboxie and a active Anti Virus program at the same time.

I personally believe in layered protection. My reasoning is, their is no one protection program that does everything well.

Jack

Sorry for the long delay in answering... issues arose at the homestead that kept me away.

You can run Sandboxie and an AV too, but it's unnecessary. Since SBIE is not an AV scanner but instead creates a kind of 'virtual OS' of system files inside the sandbox for programs to run within... those programs think they are running on your system when in fact they are only running in the sandbox. So one program CAN do it all. As long as you run on-demand scans for any file you purposely recover (remove) from the sandbox.

SBIE is much better than an AV. MUCH. I used AVs since 1995 ... researching them anew every year to see which had the best results in the AV tests... then also scanned my entire system once a month to make sure nothing slipped through... it was a lot of work. And slowed my computer.

Worse, as the years went on, AVs became more invasive and started using cloud resources, uploading your files to the cloud, using the cloud to scan your computer rather than it being done locally. This is like letting the AV company look at every file on your computer, and keep a log of it for their own purposes. If you care about privacy, that won't sit well with you.

Most of us have nothing to hide. But how many would welcome a stranger to walk through your house to look in every drawer?

SBIE doesn't need to upload anything anywhere. It doesn't have db files it needs to constantly update. And it uses almost no system resources. Your computer will run much faster and boot quicker. And you will wish you switched to SBIE 10yrs ago, like I wish I had.

Just b/c it was hard to get used to not running a real-time AV, I continued running monthly scans for a few months after I began using SBIE. It was quickly evident that was not needed. I do still run AdWareCleaner every 6 months or so, just b/c I like to dbl chk all is well. In the 3yrs or so since I switched to SBIE I have never had a single issue. Because... it's impossible.

But don't take my word for it. Read about sandboxes and how they work. They've been used for decades to study viruses b/c again... no virus can escape a sandbox. SBIE is the solution AVs don't want you to know about. FWIW, that's my experience.

remm · 29 Jan 2018

ICIT2LOL said:

[...] is like trying to catch the burglar in the house unless you are there as he (or she) walks out then it will take time to find that burglar [...]

Which is why Sandboxie instead creates a 'virtual house' so those burglars are not in your real house which means you don't need to go find them b/c they can't HARM your real house. They THINK they're in your house, but they're not. And when you close your browser, the house they thought they were in is deleted, along with them.

even the Kaspersky I put my faith in for the general AV on my machine/s is not always at the top of the heap.

I am in the US and Kaspersky has been linked to Russian spying. It's not even allowed on government computers anymore. I would recommend not using Kaspersky.

The perfect AV now we are talking of something that is truly impossible contrary to what my Mum used to tell us kids

Yes. The AV model makes a perfect AV impossible. That's why the AV model is trash.