Free Anti-Virus Comparison Review

Guest_Jim_* - 2013-03-24 15:53:26 in Software, Bugs / Virus
Category: Software, Bugs / Virus
Reviewed by: Guest_Jim_*   
Reviewed on: April 9, 2013

Introduction

Computers are great and useful tools, but the cyber world is not an entirely safe one. Particularly unscrupulous programmers out there will create pieces of malicious software, or malware, with a variety of intended purposes. Sometimes they just want to annoy you with pop-ups or changing your homepage, but other times malware is meant to compromise your privacy and your PC. Luckily there are a variety of tools freely available for download to protect you and now we are going to take a look at some of them.

As we do not have a collection of malware to test an antivirus' detection capability, we are instead going to look at 'Full' or 'Complete Scan' performance, as well as some other characteristics of the security programs. Any remarks I make about a scanner being able to detect threats is based on the data available at AV-Test.org. These programs may offer Real-Time Protection that scans files as they are accessed, but thanks to the power of modern computers I feel it is not necessary to compare the performance of this capability. The only time I have ever seen a computer operate slowly because of real-time protection was when I tried running three antivirus programs at once on my old AMD Athlon 3000+ CPU (single core, 32-bit CPU clocked at 2.2 GHz). As there is really no need to run that many antivirus programs at once, this special case is hardly worth examining.

Unlike the previous articles I have written, the tests for this one have been performed on my laptop. The reasons for this are that it is easier to run such tests on a secondary computer, it has an SSD with a greater read-speed than my desktop's HDD, and the SSD is only 60 GB; less than a tenth the size of my desktop's HDD. The laptop has 3 GB of DDR2 RAM and an AMD Turion X2 RM-70 CPU clocked at 2.0 GHz and runs Windows 7 64-bit, Home Premium. Of course malware scan times depend just as much on the files being scanned as on computer hardware, but now you know what the tests were run on, in case you are curious. Also, to measure how many resources the scanners took, I used the built in Performance Monitor and collected data from before a scan started to a couple minutes into it.

With these preliminaries taken care of, let's get to the software!

Microsoft Security Essentials:

Microsoft Security Essentials, or MSE, is one of the two antivirus programs I run on my computers; the other being AVG which is on the next page. It is an evolution of the Windows Defender anti-spyware software first available for Windows Vista. It is also included with Windows 7, but MSE supersedes it, as MSE is a more powerful tool.

When it was first released, many were pleasantly surprised by its performance and light-weight design. It is not filled with un-needed features for an antivirus or anti-malware tool, and perhaps this is part of the reason why it is able to run its scans with a fairly minimal impact on computer performance. In the beginning it was also quite adept at detecting threats, but more recently it has fallen behind, especially when it comes to catching zero-day threats. This translates to it not being the best at protecting you, but if you are reasonably security minded in your activities, it should serve its purpose well enough. However, if you are so security minded that you want to be able to set every option for the scanner, you will be disappointed here. Aside from setting exclusions, the only option you have is if the scanner should analyze archive files.

 

 

 

 

 

 

 

 

 

 

A Full Scan of my laptop took roughly two and a half hours. Okay, it is a full scan, so it is not surprising that it would take so long. However, compared to the mode of the all the scan lengths, it would seem this is an outlier. One caveat to this point though is that, when completed, MSE does not provide any measure of how long it took. The other programs did, in one way or another. I had to actually watch for when it finished, but even then, a few days later I decided to have it scan again, just to make sure. The second scan also took over two hours, so it is very doubtful I missed when the scan completed.

Obviously it taking that long to compete a full scan is a knock against MSE, as is its lack of information when it completes a scan. It is feasible that someone could start a scan, leave the computer to watch a movie or something, come back having forgotten they started the scan and, unless it found something, they would never realize it ran. The only information is MSE saying when the last scan was and that your computer is clean and protected along with how any files it scanned, but this is not recorded. The 'History' tab only lists infections it has found and does not record information on clean scans.

I recorded the available resources before and during the full scan, to get an idea of its impact on performance. Unsurprisingly the CPU usage increased, at times up to around 97%, but tended to stay between 50% and 60%. The memory usage and disk transfers on the other hand did not seem to change much due to the scan, although, there are some points that both memory and CPU usage increase at the same time. This would make sense if MSE loads files into the memory for scanning. If that is the case though, the memory is promptly cleared as its usage varied little.

Perhaps this is part of the reason why the Full Scan takes so long: MSE is not pulling as many resources as it could. Is this good/bad? Depends on how you look at it. If you want the fastest full scan there is, this is not good. If you want to be able to run a full scan while still using the computer, this is good.

AVG Antivirus Free Edition:

AVG Antivirus Free Edition is the second antivirus I have installed on my computers and I have been using it for years. It has many features beyond its computer scanning ability, such as an E-mail scanner, web browsing shield, and even a tool for protecting your identity. That is all I am going to say about those features though, because the focus of this article is the computer scanner.

The scanner itself is quite capable and has a good record for catching zero-day threats, as well as older, identified pieces of malware. Considering it is free, it offers a pretty good package.

 

 

 

 

 

 

 

 

 

 

 

 

The scanner has many options including if it should look for tracking cookies, scan inside archives, and use heuristics to catch malware it cannot explicitly identify. Also you can set the priority of the scan process. For my tests I set it to high, allowing it to take what resources it needs from the system. Also, it is set to scan everything except for tracking cookies. (I have had issues years ago with cookies being caught and quarantined which are legitimately on my computer, so I do not scan for them. Instead I regularly remove all other cookies.)

Despite virtually all of the options being enabled, the scan still completes very quickly, taking just thirty three minutes. Looking at the resource use for my computer is actually somewhat interesting for AVG (but not the most interesting, as we shall see later). The start of the scan launches the CPU usage from around 10% up to 80%, before dropping to around 50%, ultimately returning to 80%. The memory usage also increases with the start of the scan, and then remains stable, so it is not very interesting. The disk transfers however are a different story. At the beginning of the scan it spikes quite high, and continues to dance around in the hundreds. However, once the CPU usage returns to 80%, the transfers almost completely drop off. Exactly why this happens is hard to tell, unless during that point of the scan AVG is looking at the already running processes, which would be in the memory and not on the disk. AVG does tell you what it is scanning while it is scanning, but I have no ability to directly connect that to the resource graph.

When completed, AVG presents you with a decent amount of information, including how long the scan took, how many objects is scanned, and the kind of scan it ran (in this case a whole computer scan). This information can be exported if you wish, but you are also able to view it later by visiting 'Reports.'

Overall, AVG offers a pretty good package with a strong scanner and multiple features. Its scans do seem to hog some resources, but that is the price you pay for speed. If that is a problem for you though, try playing with the priority setting or set it to scan when you are not using your computer.

Avast! Antivirus:

Avast! is more than just an antivirus with all of its neat features from multiple malware 'shields' to a nifty software updater. The software updater apparently checks some of the programs you have installed to see if any have updates available, and will then download and initiate the update for you. Of course that will help keep you secure as it will notify you when oft-attacked software, like Java, has an update which will close some security holes for you. However, we're looking at antiviruses and not general utilities, so let's talk about what this AV has to offer.

Along with a scanner, Avast! has shields to protect multiple aspects of your computer, such as the file system, email, network, and more. Such security is not unique to Avast! of course, but it is nice to have. Two things I feel worth mentioning about Avast! are that you do need to register to use the free version for more than 30 days and that it is not possible to disable it. Okay, most people are not going to be testing multiple antiviruses, so most people do not need the ability to prevent such a piece of software from loading, but I am just enough of a control freak when it comes to my computer, that I do not appreciate being given "Access Denied" messages when I try to turn something off. You cannot kill the process; you cannot change the Automatic setting in Services; you cannot disable the startup items. Once you install Avast! it is going to run when you boot-up your computer until you uninstall it. You can disable the shields through the tray icon, to minimize its impact one resources, but that is the most control you have.

 

 

 

 

 

 

 

 

Stepping away from that, possibly unique peeve of mine, the scanner for Avast! is not that bad. It has a very good record for catching viruses and other malware, and at around 49 minutes for a complete scan it is not terribly slow. It also is not terribly fast, but it could be worse. Without a doubt though, it is weird. Remember how one of the reasons I ran these tests on my laptop was because of the 60 GB SSD? Well Avast! found 82.9 GB of files to scan. Now THAT'S a thorough scan! Except that it actually scanned the third least number of files compared to the other antivirus programs I tested (literally half the one above it). Technically speaking, I guess it is possible it was double counting data size whenever it scanned archives, but I would hope that is not the case.

The weirdness does not end there though. The resource use information is definitely weird compared to the other programs. As expected, the CPU usage spiked when the scan started, but never really settled between two values, as it occasionally would leap from 50% to 100%. At the beginning of the scan, the disk was very active with transfers, but eventually relaxed down to only a few, possibly because the scanner started looking at processes loaded into the memory. Curiously though, the memory usage changed dramatically during the scan. Around one of the drops in disk transfers per second, the memory usage dropped a couple-three percent, but later on, with no apparent link to the disk, though perhaps one to the CPU usage, the memory usage dropped by an easy five percent. The only activity at the time was the scan running and performance data being collected, so it stands to reason that it was the scanner itself caused the drop in memory. How, I cannot guess though since starting the scan did not significantly increase memory usage. (By the way, this is true of every software I tested, not just Avast!)

While the experience of using Avast! has certainly not been my favorite, the reasons for that are so unimportant for most people, that really they should not be held against the program. If you are going to use Avast! as your primary antivirus/malware solution, I think you will be satisfied with it. If however you want something you can completely disable while benchmarking, this would not be it. (Hey, those few cycles and couple MB of memory dedicated to the tray icon could be a frame in 3DMark… or not. I'm just making up a defense for my control-obsession concerning my computers.)

Immunet (ClamAV):

I was first exposed to the ClamAV antivirus when I dual-booted Ubuntu as it is available for Linux. I remembered that so I decided to add it to the list of Windows antivirus programs for this write-up. ClamAV itself is not available for Windows though, but Immunet is, and it uses ClamAV for its scanning. Unfortunately it is not tested by AV-Test.org, so I cannot compare its detection performance to the other programs.

 

 

 

 

 

 

 

 

 

 

 

 

 

Without a doubt, this is one of the simpler programs on the list with few special features, but it does have your basic real-time protection, though even e-mail scanning capabilities are limited to the paid version. This lack of features is not necessarily a weakness though as it is designed to be light on your computer. Of course that only applies to the real-time protection. During a full scan, 'light' does not matter; being thorough and fast does. You do have the basic options of scanning archives along with some cloud scanning capability. Something some antivirus programs are now doing is connecting to a remote server for help identifying suspicious, but unidentified files. The ClamAV engine operates offline though, so you can still run a scan without a connection.

At roughly 34 minutes to complete a full scan, it certainly is fast. The resource usage however is not particularly light as my data shows the CPU usage jumping up to and holding at 100% for a time. While running a full scan though, Immunet does show you how much of the CPU is being used, and it does not remain at 100% for the entire scan. It is still the only one of these programs that reached and maintained that much CPU usage though. The other software would hit the ceiling briefly before falling again. Unfortunately, one thing I do have feel I have to point out is that it reported scanning the fewest files of all of these programs at just 177,157, which is less than half the next best and about a tenth the top two scanners.

Assuming Immunet is competent at detecting viruses and other malware, it is not a bad choice for additional real-time protection. That actually seems to be what it was designed for. As a primary scanner though, it leaves me unimpressed with its low file count and high CPU usage.

Panda Cloud Antivirus:

Panda Cloud Antivirus I found while looking up recommended AV programs, and since others recommended it, it made sense to add to the list. Though it says 'cloud' in the name, it is able to run without an Internet connection, but part of its strength comes from having the connection. With a connection it is able to compare suspicious files against others that have been uploaded by other installations of the software on other computers. All of that data is then analyzed by remote servers that have a greater ability to determine what is and what is not a threat, than your computer. Basically, a cloud antivirus is crowd-sourced.

Panda offers little in the way of features as it has apparently been designed with the singular interest of protecting you from malicious processes. At least that is the case with the free version. You get a firewall with the paid version, and that firewall benefits from the cloud like the scanner does. The moment you start up Panda, it starts scanning accessed files and running processes. Instead of it being a scanner with a real-time protection feature, it is a real-time protection program with the ability to scan your entire computer on demand.

 

 

 

 

 

Before running the full scan I went through the settings to make sure it was going to be as thorough of a scan as possible. I also enabled 'Advanced Logging' in order to make sure I got results, such as scan length. Over three hours later the scan finished, making it the longest scan of all of these. To find out exactly how long I started looking for that 'advanced log file,' and quickly found it… all 281 MB of comma-separated-value goodness. Literally, every single file it scanned has an entry in that file. Turning off the advanced logging setting dropped the scan time to 62 minutes, but expect the difference to be greater the more files you have to scan because constantly editing a file takes more resources the larger the file gets.

At just over an hour, this definitely puts Panda on the high-end for scan time, but it also scanned a lot of files; the second most actually. Of course the scanner that looked at the most files took much less time to do so, but perhaps the scanner is more optimized for real-time protection than on-demand scanning. The resource use would seem to support this as CPU usage, disk activity, and memory usage all increased when the scan started. The CPU usage leapt to around 95% and stayed there for a moment, before dropping down to around 50%-53%. Memory usage varied obviously through the scan, unlike other scanners, and the disk transfers did not settle much during the time I was recording data.

Thanks to its cloud capabilities (I assume) Panda is very good at detecting malware threats to your computer. However it does need to first analyze threats for it to detect them, so it is not the best solution for zero-day threats. Its performance is also not particularly great for a full scan, but that could be due to its real-time protection focus, which I have not looked much at for reasons stated earlier. If that is what you are looking for though, I do not think you will be disappointed by it.

Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware is a different variant of malware protection than the others on the list; at least its freeware version is. This software does not offer real-time protection from malware, nor does it have any feature to block infections. Instead it is only a scanner, but a scanner many swear by. (You are able to purchase a version of this software that has real-time protection and other features typically found with antivirus software.)

The free version of Malwarebytes, which I am using, exists, more or less, to get you out of a jam when other software have failed to find the malware plaguing your computer. To assist with that, the developers developed "Chameleon Technology" to get around a malware's attempt to protect itself by blocking the installation and operation of antivirus software. Of course I have no way to verify that, but it is a neat idea. Once installed you have the selection of a Quick or Full Scan, with Flash Scan listed, but only available to licensed users. The settings for the scanner are a little different from your typical antivirus because instead of asking if it can look inside of archives, Malwarebytes asks if it can check out memory objects, startup objects, registry objects, and a couple more.

 

 

 

 

 

 

 

 

 

 

With every option ticked, I started a full scan which took just shy of 52 minutes, as reported in the log file of the scan. The log file is actually quite nicely designed as it provides information about the system it is running on, along with information on the scan itself. The scan options enabled, objects scanned, how long the scan took, and what it found is all listed very neatly. Unfortunately I had stupidly forgot to start recording performance data before the scan, so I had to start another full scan after the first one completed. Curiously this second scan took only 34 minutes, 39 seconds. Why such a disparity exists for identical scans with otherwise identical results, I do not know.

Speaking of the performance data, Malwarebytes performed essentially as you would expect. Starting the scan triggered a jump to between 50% and 60% of CPU usage, which is actually not very high, relatively speaking. The memory usage did not change much, though there are some spikes in usage, and these seem to coincide with significant drops in CPU usage. The fluctuations were short lived though, and soon both memory and CPU usage returned to where they had been. The disk usage however varied quite a bit, but stayed consistently low, unlike other programs I tested. Of course the low number of transfers could be because the scanner was focusing on objects already in memory.

At the end of the day the question is, 'how well does Malwarebytes Anti-Malware perform?' The answer unfortunately hinges almost entirely on its ability to detect infections, which I have no data on. Performance wise, while it can take a reasonably short period of time to scan your system, it only scanned 406,486 objects on my computer, which is the second least of the software I have tested. Of course all that matters is if the program can find and stop malware on your system, but it would be nice if it could be faster about it.

Comparison:

Now we get to see how these different programs perform compared to each other! But first, my system specs more conveniently listed:

Testing Setup

Antivirus/Malware Software Tested

All of the tests were performed with the other programs as disable as possible. As some of the programs cannot be prevented from running upon startup, their real-time protection was disabled.

As we can see here, Microsoft Security Essentials took the longest time to scan at two and a half fours while AVG took the least. However, multiple scans reveal the length of time to complete a scan can vary, even when using identical settings. With the exception of the Panda time result, MSE, and AVG, these results are the time it took to complete the first complete scan with the program. (An unnecessary setting I enabled in Panda greatly increased its scan time and I already run MSE and AVG on the machine.) Of course, time is not everything because it is what the scanner does with that time that really matters.

(AVG scanned 1,921,932 objects.)

Here we see something interesting starting to take shape as some programs simply did more (occasionally much more) than others. Look at Immunet for example, which was one of the fastest scanners. It actually scanned the least number of files, so that fast speed may not mean a great deal. AVG took approximately the same amount of time (actually one minute faster) yet it scanned the most files of all the scanners. Based on its scores at AV-Test.org, AVG is not just skimming over the files for that speed.

 

Here we can really admire the performance of these scanners, besides how many computer resources they take. The latter data is really just anecdotal though, as I do not have information on the total length of the scans, so you will have to read the previous sections to get that.

 

Conclusion:

 

So which program would be the best choice? The answer seems to be AVG Antivirus Free Edition, given its exceptional performance and numerous of features. The next best is apparently Panda Cloud Antivirus, given its impressive performance, though it is lacking in features, and I have no issue with personally recommending it second, after AVG. I am not sure if I will replace MSE with Panda on my computers, but until Microsoft improves its zero-day threat performance, that may not be a bad plan. Hopefully they will not misbehave together, which they have not thus far.

As the other feature-rich antivirus, Avast! Antivirus comes in third, performance wise, to AVG. Personally though, my preference would be to consider Microsoft Security Essentials as third, but that may be my own bias talking. Avast definitely has a rich feature set which may go very far in protecting you, but I just found it too intrusive for my taste. Of course MSE is lacking in both features (not always a bad thing) and performance, so really only its simplicity and the Microsoft name gives a recommendation for it much weight. Perhaps it would be best to say Avast has won at this moment in time, but if MSE can get its detection-act together then the table may turn.

Immunet, very simply, is not something I can recommend. Its CPU usage can explode to and stay at 100%, unlike any other program on this list, and yet it is the slowest of all of these.

Malwarebytes occupies a different place on this list, given its free version's lack of features found in these other tools. Keeping it installed for emergencies is not a bad plan, but it is not a 24/7 security solution, without paying. It is neither particularly thorough nor particularly fast, based on the counts of things scanned and time for the first full scan I ran. However it has a reputation of catching and removing malware other scanners do not. That puts me in the curious position of recommending you remember it exists when something goes wrong, but otherwise, you will want something else.