[Chxta]

As everyone knows (or almost everyone), one of the biggest dangers of using the internet nowadays is the risk of obtaining a computer virus. By definition, a virus is a very nasty piece of software, something you don't want to have hanging around in your virtual neighbourhood, but something which is almost ubiquitous, especially if you spend a lot of time prancing around dodgy websites, an offence that most guys I've encountered (including yours truly) are guilty of even if not on a regular basis.

The original computer viruses were written by enthusiasts who in most cases did their thing just for the fun of it. Back in those days, viruses, worms and Trojans were written by people who were enthusiastic, or who did it for academic study, or who wanted to prove a point, or who in some cases were just plain bored. Times have changed, and recently, viruses and other malicious programs are being written by seriously big players with resources to keep researching for more vulnerabilities in your computer. They have an eye on one goal, and that goal is profit. This quest for profit has brought about the creation of 'new and improved' viruses, and in recent times a surge in the rates of infection by spyware, which to the mind of a security man like myself is infinitely more dangerous than the traditional virus. You see, a virus is nothing more than a regular annoyance which in some cases can crash your hard drive. But to someone who is careful, and who does his back ups regularly, a virus remains just that, a nuisance. However, spyware is a completely different ball game.

Imagine Yuri in Vladivostok installing shit on your '24-7 connected to the internet' computer, and with that shit is able to take over the system, and use it for even more shit such as being able to do something malicious to the SAC-NORAD network. If the NSA does a trace route, they'd find that the attack came from you, and you'll be in deep shit while Yuri walks away scot free.

But there is worse.

Imagine Kola in Lagos installing shit on your system, and his shit just sits there patiently watching your every key stroke, then reporting back to him. Let's say you do a lot of e-bay for example, I can assure you that before the day runs out, Kola would know all your passwords, bank details, card details, security questions, the name of your girl friend, whatever else there is to be known, and he can then go on a shopping spree with those details.

That is the potential of spyware.

Without a doubt then, you must protect your computer with a good anti virus program, and equally importantly, a good spyware program. It helps if the anti virus and anti spyware are bundled together in one package.

I must sound a note of warning here though: it is rather unfortunate, but since the virus thing and the spyware thing has become such big business, the major anti virus vendors (Symantec for Norton, McAfee, et al) are fighting a losing battle, and they know it. Nowadays there is no anti virus tool with which you can claim with dead certainty that you have absolutely no infection whatsoever. Multiple anti virus tools on your system may be a solution, but the effects of that on system resources are too well documented for that to be a practical solution. Truth is that there are malicious codes out there in the wild that no AV program can detect, and sometimes I wish I didn't know this to be a fact. I am subscribed to SANS, and each time I get something in the mail from them (which can be up to four a day - on a day that is not busy), it's like I want to just curl up in a foetal position and cry.

So is hope lost?

Well not exactly, but we are pretty damned close. During my Christmas holiday in Aberdeen last year I spent a lot of time cleaning up systems, and I encountered AntiVermins on the computer of a friend of Maestro. That spyware is a pretty nasty piece of work. I'd have put a link to the site, but chances are that if the link is there, you're in trouble. To be honest, the guy who wrote that stuff has my respect. Majority of the spyware tools in the known universe failed woefully to remove that thing from the PC, and for quite a while it looked like nothing short of a full system format would solve the problem. I eventually got rid of it by manually working his registry, something I hate doing as it is too risky, but hell, the guy was a paying customer...

Thankfully, in the intervening months the world has gotten wise to that monster, and if you check Spyware Guide, there are now tools designed specifically for it.

This brings us to the next question, what are the software that one can use to fight this menace?

Firstly, I'd recommend ditching Windows, and yes, that includes Vista. You see, most of the nasties in the wild are written for the Windows platform, and unfortunately it doesn't seem that Microsoft is doing anything too serious about changing that except to continue the cycle of releasing new patches all the time, patches which would be compromised in a few days at best, a few hours at worst. Frankly, I'm not confident in Vista at all, after all, I was able to compromise its activation within a few days of its release, and I'm no hacker...

In any event, this recommendation won't fly, I know that. Most people love to remain within the comfort zone, and Windows is the comfort zone.

In the absence of a complete OS switch, I'd recommend a change to the Firefox browser. Aside from the fact that it's lightweight, it is a lot more secure than Internet Explorer. You can change your default settings so that the browser doesn't retain any information when you close it. Most important, make sure it deletes all cookies after browsing. Cookies are files which send information back to their parent website, and God help you if those cookies are from malicious hosts. Have you ever wondered how over time the emails you receive from that advertiser you didn't apply to his lottery seems to become more and more personalised to your tastes? That is the work of cookies, so be careful. Another good habit is to remember your passwords in your own head. Saving them in the browser is a poor habit, and any nasty worth his salt would have them from the browser (even Firefox) in the time it took me to type T-Y-P-E.

Then there's the thrust of this article, what AV program should you use?

About a month ago, The Law wrote an article about his experience with an AV program that I recommended to him a while back. In the following paragraphs I would mention my top five, and why I think they are that good. My test machine was a VMware emulation code named Texazz running Windows XP at 1.7GHz with 1GB of RAM...

1) AntiVir.
For those of you with older systems, this may be gold. The advantage that AntiVir has over the competition is its incredibly low memory signature. I remember the first system I ever tried it on, a Compaq Presario laptop speced in at 350MHz processor, 128MB of RAM, so you can imagine that that system couldn't even run Windows XP properly. Installing AntiVir on it was a dream. System performance didn't deteriorate at all. Like any AV worth its salt, it has frequent updates. But I'd like to ask the makers a question: Just who the fuck is Luke Filewalker?
Pros: Low memory signature. Very intuitive interface, a novice user would find his way around very easily.Flexible scans allow you to chose when and what to scan. Uninstall is very clean, no traces left after reboot.
Cons: Annoying pop up upon updating telling you to buy the paid version. No anti spyware bundle in the free version. It slows down the system during a complete scan. It is difficult to get the serial number from the regular channels. Worst of all it doesn't detect the ROTXX virus, and for me that counts heavily against it.
Recommendation: Use if you have an older system and are not permanently online. Thankfully, ROTXX is not as virulent as quite a few other viruses that AntiVir caught.

2) McAfee
One of the two heavy weights in the field, this anti virus is almost guaranteed to be pre installed on at least one in every three computers you buy from an OEM. I was never a fan of McAfee at any point, and one attack too many on systems under my watch has solidified that line of thinking. But credit where it is due, the manufacturers put in a lot of money in updates.
Pros: Bundled anti spyware program, bundled firewall, bundled disk cleaner and defragmenter, bundled network security manager. They threw everything but the kitchen sink into this one. I guess it is an effort to win back a lot of the fans who have migrated in the last few years.
Cons: Incredibly high memory signature. If you have 1GB of RAM or less, forget this baby. It won't do it for you. The interface is not intuitive, a novice would get lost in the endless dialogues that are needed to set it up effectively, or change settings. Poor support, it didn't appear to update as frequently as I'd like. Uninstallation is a bitch, it leaves traces of itself all over the system.
Recommendation: Use if you have a monster of a system and are experienced enough to configure it well. Poor configuration can let in lots of nasties, something I'm sure we don't want.

3) Kapersky
To be honest I haven't tried this one as much as I would want to, but I can say that it did a reasonable job on my test machine. Most of the major threats were intercepted and quarantined.
Pros: Excellent for scans of documents and archived files. Reasonable memory signature, not too low, but on a decent machine it would pass. Very intuitive interface.
Cons: It's a bit expensive, and I couldn't find a working serial number in any of the regular channels, so I had to make do with a trial version. It failed to stop quite a few nasties, and once again, that counts against it in my opinion. Like McAfee, the uninstall was not at all clean.
Recommendation: Nothing much to say really...

4) Trend Micro
To be honest even before I began my series of tests a month ago I already had something against this program. You see, this is what is used on the server in my office (I don't know why in 2007 they are using a Windows server), and wetin the thing don use my eye see...
In any event, this being an attempt at an impartial review, I have to say all, and in terms of catching nasties, and in terms of customer support this is a damned good product. On that I have to doff my hat to them.
Pros: In built firewall, anti spyware and anti virus. Relatively low memory signature. Excellent updates. Includes parental controls (I love that one). Uninstalls very cleanly.
Cons: My major beef with this anti virus is that it behaves like a virus in one sordid respect, it grows. Install Trend Micro on a hard drive and finish the install process with 10GB of space for example, by the end of the week (in this case tomorrow), you'll have less than 2GB left, and that is sad. The only solution to that seems to be to reinstall the whole thing, and when you constantly do that, you leave yourself exposed. Another gripe I have with Trend Micro is that the support (vendor's website and forums) is not the best. There is a lot of work to be done in that respect.
Recommendation: Use if, and only if, you have a lot of hard drive space to waste. Even at that, the occasional reinstall would do you a world of good.

5) Norton
Probably the most popular AV program out there, and this is due to the practice of vendor lock-in, something they've learnt so well from Micro$oft. The one thing you have to give to these guys is the amount that they invest in research.
Pros: The new version has improved its virus detection. The memory signature has become moderate. Excellent update time. Good support, but that is to be expected.
Cons: The new interface is oppressive to say the least, and there should be more options than simply enable and disable. The uninstall process is the 'dirtiest' in the business, and unless you are willing to go into the registry to edit it, be prepared to keep seeing traces of Norton on your system long after you think you've removed it. I don't like the option of providing all your details to the manufacturer during installation. With the others, that option can be ignored, I'm adverse to any form of profiling...
Recommendation: To be honest, run. I used to be a major fan of Norton back in the day, but it has gone from bad to worse, and there's no silver lining to the cloud as far as my eyes can see.

6) AVG
This guy like AntiVir is a relatively new kid on the block, well compared to the others at least, but he is doing a relatively decent job of it. He isn't pretty to look at, and that ugly creature that shows up when a virus is found is an exceedingly lame attempt at humour...
Pros: Low memory signature, it doesn't task resources at all, probably the only program in this list that is less memory hungry is AntiVir. Intuitive, probably the best of the lot in that respect.
Updates are regular and effective. It is more effective than most as well in catching nasties. Support is excellent.
Cons: No inbuilt anti spyware.
Recommendation: Excellent choice, one I'd install any time, any where.

7) Zone Alarm
What can I say? This monster's head and shoulders above everyone else as far as I am concerned. Deploying Zone Alarm is almost like attempting to kill a fly with a sledgehammer, and gosh, this sledgehammer is effective. Starting from the triple layer firewall, to the anti spyware, to the process inhibitor, the guys at Zone Labs took care of almost everything. The only con was that like everyone else, it failed to kill AntiVermins. Unlike the rest of them though (except McAfee), it realised that something is wrong.
Pros: I found the interface very intuitive. Process inhibitor which can prevent a program from running unless you want it to. Triple layer firewall that enables you to select different levels of security for different networks including wireless and wired. Parental control. Excellent privacy options. Regular updates. Clean uninstall. Detected every single nasty I threw at it.
Cons: Nasty memory signature, only McAfee's was worse. The firewall's deny all first policy can get a bit tiresome to people who really don't care.
Recommendation: Need I say more? If you have 1GB or more of RAM, get this fast.