The most thorough solutions that are generally recommended cover mutliple areas: Software updates, anti-virus, firewalls, and more. Multiple pieces of software are generally used to cover these different areas.
As later versions of software often contain improvements that eliminate older vulnerabilities, using later versions of software are recommended. Some software, including operating systems, contain a way to automatically check for newer versions and possibly to also install them automatically. For most users, at least enabling the check is recommended, and allowing the automatic installation is recommended for those who don't intend to rspond to notifications of new versions by manually investigating updates and then downloading and installing approved updates as appropriate.
The most important software to update is typically the software that is typically used when accessing a network. For many, this includes the operating system (such as Microsoft Windows), the web browser (such as Mozilla Firefox or Microsoft Internet Explorer), and the separate E-Mail client software (such as Mozilla Thunderbird or Microsoft Outlook Express).
Some versions of Microsoft Windows may support a feature of “Automatic Updates” which is recommended for users who would otherwise not take time to update their system at all. Some of the earliest operating systems to support this feature are Windows Me, Widnows 2000 Service Pack 3, and Windows XP. (Check the Control Panel for an icon related to Automatic Updates or a Windows Security Center).
Often software which claims to be a registry cleaner is actually malicious software. This is only meant for users of modern Microsoft Windows operating systems. (Users of most, by far, if not all, other operating systems simply have absolute no need for such a thing.) There is a section about Registry Cleaners designed to share information (and not necessarily to promote this type of software) located below on this page.
Anti-Virus software is generally dedicated to taking care of viruses (which are designed to be unknowingly spread), worms (which are designed to spread automatically, without user intervention), and possibly other “malicious software” (which is called “malware”). Users of modern Microsoft Windows operating systems are recommended to use two anti-virus products: One based on the ClamAV code and a different one which provides real-time scanning as well as frequent database updates.
Note that if one Anti-Virus software product is unable to remove a specific piece of malware, another software offering may commonly be more successful. For example, if there are known problems, some Anti-Spyware offerings may be more effective at removal than Anti-Virus software.
This section is for solutions that are free for not only home users, but also business users. (The next section includes some more options that are free for home users.)
ClamAV is free for not only home users but also business users. This is recommended for any users, however, as of this writing, real-time virus scanning is not provided by the ClamAV (nor the ClamWin) code. Therefore, using additional virus protection software that does provide that type of protection is recommended. Because ClamAV does not tend to conflict with other virus scanners (perhaps largely due to its lack of real-time scanning), and because ClamAV is one of the larger anti-virus databases which has sometimes added viruses earlier than other anti-virus databases, usage of ClamAV in addition to other anti-virus software is a good, recommended setup.
ClamWin is freeware that works with Win98/2K and newer. (The October 27, 2004 version of the page and earlier also mentions NT as being supported, but the version from October 30 does not, even though the same ClamWin version 0.35.3 is mentioned on both old ClamWin pages (as archived by Archive.org)).
This software uses the ClavAV engine.
Downloads: Find the latest version from the Clamwin SF files. Users of Windows 98 or newer can obtain the claimwin-0.??.?-setup-nodb.exe file (where the ?'s represent a numeric character). This file is over 20MB smaller than the main download, such as the one from ClaimWin's main page, because it doesn't come with the database. An option to download the database during the install procedure is available. Users of Windows NT 4 may want to check for the latest version of a clamwin-legacy-nt-0.??.?.exe file.
It is important that users understand what ClamWin is good for (detecting viruses when a virus scan occurs), and what it isn't good for. Unlike alternatives that have a real-time scanner, ClamWin does not monitor file access in order to detect a virus whenever a file is accessed, such as when a program runs. (This is a form of protection that is provided by many other virus protection software offerings, but currently not ClamWin.) This may be the main reason that ClamWin versions are still numbers below version 1.0.
[#clmwncst]: Once the program is installed, there may be some customizing that most people will want to do. For example, consider doing the following. Open up the main ClamWin window by running the “Virus Scanner” program from the “ClamWin AntiVirus” folder in the “Programs” or “All Programs” area of the operating system's Start Menu, or get to the same screen by right-clicking the icon in the “System Tray” (a.k.a. “Message Notification Area”) and choosing “Open ClamWin”. Then choose Tools, Preferences. In the “Scheduled Scans” folder, add a scheudled scan for each hard drive, making the “Scan Folder” point to the top of the hard drive (e.g. “C:\”). On the General tab, people who want automated protection should choose "Move to Quarantine Folder". (Although that option may cause some problems that would be avoided by the "Report Only" option, fixing those problems may often be easier than allowing a file to be reported (and possibly ignored) and not moved to the quarantine area. On the "Internet Updates" tab, make sure "Enable Automatic Virus Database Updates" is checked. A web page with ClamWin Info shows some pictures of installing and setting up some of this (with an old version which uses an old icon).
For some further changes to increase protection, the following steps may be performed (and reversed if it slows things down too much). In the Filters tab, one may wish to make the scans more thorough by removing all of the default extensions (*.dbx and *.tdb and *.pst and *.dat and *.log and *.evt and *.nsf and *.chm) by clicking on the red X multiple times. Also be familiar with the "Limits" tab. If there is a file size limit of 100MB, then a virus in a 250MB file would not be detected. One may type in a value of 99,999,999 MB (without specifying the commas) and press OK, and then return to find that the limit was reduced down to the maximum (which was 4096MB when checked with ClamWin 0.95.2). Also, one may wish to check into some of the later settings about browser integration (such as the Firefox Integration section listed below) and/or the information below about real-time scanning.
At the time of this writing, ClamWin has not introduced its own method of providing real-time protection. To add that sort of protection, check out Clam Sentinel or WinPooch. Neither of these have been fully tested by this site's staff at the time of this writing.
Firefox integration notes:
Winpooch Watchdog's SF.Net page indicates it is for “Windows (2000, XP, 2003, but only 32-bits).” (Unless that changes, it will be useless for not only users of Windows 98, but also the 64-bit release of Windows Vista). The software is designed to provide real-time services to files which, when combined with ClamAV or the commercial BitDefender, can provide real-time virus scanning.
This has not been tested by site staff, but it appears to be a free solution for those who it works for.
Update: I have checked one of the downloads from Microsoft, and it gives licenses for “devices in your household for use by people who reside there or for use in your home-based small business.” The license may not be available for other uses (namely uses in other organizations). The software may not be published for others to download, according to the EULA. The software may also include and update Silverlight, although a user may opt out of that and one or more other options. Note that the installer may start a scan immedidately, even before options are displayed to choose what to do with scanned files.
Here are some download links:
Microsoft's page has offered other “Locale or Language” settings which presumably would go to other downloads. This softwar emay require “genuine Windows”, indicating that Microsoft may perform some tests to make sure the running version of Microsoft Windows has a legitimate license from Microsoft. (Therefore, this software may not be an easy, available option for someone interested in using this with Wine.)
This product was announced quite some time before it was released, and so some online information may be available referencing this software by the pre-release “code name” for this product, which was “Morro” (or, more specifically, “Microsoft Morro”).
An initial review:
I decided to check out the Microsoft Security Essentials. Here's what I found.
EULA issues. Yes, I actually read EULAs when personally working on a computer. You may use this on "devices in your household for use by people who reside there or for use in your home-based small business." This EULA doesn't give any indication that any organizations other than home-based businesses are allowed to use this software at all. This may exclude the ability of some businesses from legally using this.
A requirement to installing the software is to "agree to receive updates using the Microsoft Update center." "If you do not enlist in the Microsoft Update center, you will not be able to install and operate the software."
"This software may contain Silverlight technology. If it does, Silverlight contains an Automatic Update feature that is on by default. Microsoft may change or cancel it at any time." "You may turn off this feature while the software is running (.opt-out.)." However, I didn't see Silverlight, and I certainly didn't see a feature to allow opting out. So either this text is meant to waste people's time, or just have them get used to ignoring EULA references to Silverlight, or Silverlight is installed and I just didn't see it, or perhaps Microsoft plans to add Silverlight at a later date (and opting out isn't available until that is done).
Publishing the software for others is prohibited.
Okay, enough with the MSE EULA issues. What else have I found?
The software doesn't want to work with other Anti-Virus software. (This recommendation doesn't seem too surprising for cases where the "Real-time protection" is enabled.) Some fairly general removal instructions are at http://go.microsoft.com/fwlink/?LinkID=152002&mkt=en-us
During the installation process, just before the "Finish" button, there is a check box (that is default checked) called "Scan my computer". After MSE is installed, it instantly starts updating. During the first part of this update, the user is not yet allowed to go to the "Settings" tab. Then, after waiting for the install to complete, if that checkbox was checked, a "Quick scan" is started. At this time, the user may go to the settings screen and change the "Default actions". For a "Severe" or "High" alert level icon, the choices for found software is to delete or quarantine. There is no choice to have the action be allow (or ignore) for the software for these categories. (There is a checkbox that controls whether actions are taken.) So, unless you change these settings before the first scan is deleted, this may delete or quarantine files.
Using this software allows either a "Basic membership" or an "Advanced membership" to Microsoft SpyNet. This controls how much information is sent to Microsoft. I didn't see any options for "No membership".
Uninstalling the software seems to also uninstall/disable Windows Defender. Maybe it's actually smart enough to know I wasn't using it before. (However, if it isn't, this might be a way that someone previously trusting Windows Defender may turn it off by accident.)
The software creates a system restore point daily (as noted in one of the Advanced Settings), although that can be disabled.
I found a forum post referred to a URL that may be used to “download and install the updates manually” ( https://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx ). Another URL, which may be similar, is MS KB 971606. That KB says it applies to Windows 7 Professional, and doesn't mention any other versions of Windows. However, the hyperlinks on KB 971606 for downloading the updates go to the same redirection URLs as the similar hyperlinks on the HowToMSE.aspx web page.
A forum post says that the first two numbers of a definition version refer to the version of a “major monthly update” and the later two numbers refer to a daily update.
This software may be limited, and so is not generally recommended for wide-scale usage, but it may be useful in some cases.
Limited to handling the viruses of Mydoom, and perhaps Doomjuice and Zindos (depending on the version), and varying in what operating systems this works on, this was later replaced with the Microsoft Windows Malicious Software Removal Tool which removes more software but doesn't work on as many operating systems earlier than XP. (If using an operating system supported by the Microsoft Windows Malicious Software Removal Tool, that tool appears to be more comprehensive and good to use instead.) KB836528 article expressed a lack of permission for people to redistribute the software, and so interested downloaders should get it from Microsoft. KB836528: Mydoom, Zindos, and Doomjuice Worm Removal Tool (v4.0).
Microsoft Security At Home has information about some of the above software, and other information about protecting one's self. For information about viruses, there is Microsoft's page on viruses.
The CA Online Threat Scanner page identifies this as being for “Windows XP SP2 or Windows Vista (32-bit only)”. (At the time this was checked, Windows 7 hadn't been officially released.) This uses ActiveX and (according to the Tools and Utilities page) requires Microsoft Internet Explorer Version 4 or later. There are also some free eTrust Antivirus Tools and Utilities which CA.com has available for download.
In addition to these fully free offerings, CA.com offers CA Anti-Virus for the Enterprise, including a web page about downloading the Trial/Evaluation of the CA Anti-Virus software (which appears to require registration). CA.com has also released software by some other names and a computer may be offering the latest available protection from CA if it is using “the current engine and signatures for eTrust Antivirus, Vet, or EZ Antivirus”, as noted by the page offering Tools and Utilities (hyperlinked in the previous paragraph).
AVGFree comes with a real-time scanner and is free for home users. It is also updated regularly. With versions earlier than 8.0, when installing this under Win98SE, a scanner that works in DOS is also installed. (This DOS scanner would have more up-to-date signatures than many other versions.) Because there are multiple versions that may be downloaded, the AVG-related software is available on a separate AVG page on this site.
Grisoft's announcement about Intel says that Intel Capital, a fund of Intel Corporation, has invested in Grisoft.
Software by “avast!” has been released for multiple operating systems. There is a free cleaner. There is also a more full amount of virus protection offered which can require registration which is freely available for home, non-commercial use on some operating systems including Windows 95 and later (including operating systems newer than Windows XP) and Linux. Less free versions may be available for commercial use and other operating system platforms such as FreeBSD and Mac. This is covered in more detail on a separate page on this site: “avast!” software.
It is recommended to check the avast! Latest Program Version Matrix before downloading any of the hyperlinked versions. This is because several products have home pages with major version numbers in their URL, and so it wouldn't be surprising if newer software versions may have newer home pages.
Some of this software may support some sort of trial which may technically make it shareware (or trialware/crippleware/etc.), however payment is expected by home users in order for them to have sustained protection with updated databases.
Note: This may be discontinue in the near future, if it hasn't already, as Microsoft replaces this offering with “Microsoft Security Essentials”.
A solution by Microsoft which can be paid for, Wikipedia's page on Windows Live OneCare: Criticism section has some interesting information, including a quote from a member of the Microsoft Security Research and Response (MSRR) team saying results will “results gradually and steadily increase until they are on par with the other majors in this arena.” (This, of course, implies they weren't on par.)
Some substantial names in the world of virus protection are McAfee and Symantec, the latter of which bought out Norton's AV software (and other Norton products). Many people have become familiar with them due to having versions of the software installed on their computers, bundled at a low cost (and possibly even free), only to find the software later becomes a nuisance when it continually asks for the computer's user to participate in paid-for updates. The companies are also noteworthy for working with Fortune 500 Enterprise companies, and making statements in mainstream news press releases when computer viruses are the subject of mainstream news. The E-Mail software may change a user's E-Mail settings to use a local proxy, which may be good in theory except for the large number of cases when this made software stop working.
Fully removing software from both of these vendors has proven to be challenging (at least sometimes, and for a large number of people). Special removal programs (downloaded specifically to help remove the software more fully) may assist.
Experience has shown that Symantec AV has often been known to be problematic for many small businesses who deployed Symantec AV, such as not updating properly and even leading to stability issues on a server. The only real benefits witnessed to this software are that it can be obtained fairly cheap and it has a high reputation, mainly from older versions of Norton AV when the product was an excellent choice. Maybe some users of this software, such as Enterprise companies, have had this work very well, but a great many people have not.
McAfee Security - Evaluation Software.
These are probably even more subject to change in availability than some of the other offerings. They may or may not involve running code on the computer with the files being tested, and unless they do, they probably do not offer any value except for when an Internet connection is available.
Users of this software may wish to look into other options that receive updates more. These are generally not recommended, but are listed here for reference.
At least some of the software on the DOS-based Anti-Virus Software page fits this description.
Sometimes features such as Anti-Spyware are included in software that also performs an anti-virus function. In other cases, software manufacturers have released separate, specific software packages. (The key reason for doing so is to justify the sale of an additonal product.)
In addition to software that calls itself AntiVirus software, there are now other scanning software applications available for other tasks such as an Anti-Spyware software.
Some people are concerned about web sites tracking web surfing behaviors. A generally bigger concern, though, is when software designed to track users (“spyware”) or display advertisements (“adware”) may update itself and include code which is more malicious, becoming more similar to a virus or worm which can not only gather non-personal information, but can also gather other information or perform other unapproved actions such as participating in an Internet attack. The code in adware and spyware is often not needed for basic functionality and may be called a “potentially unwanted program” (“PUP”) by anti-spyware. (The reason that PUP is used, instead of a more condemning term, is that some companies who have released such software have claimed legitimacy and threatened lawsuits about libel.)
Anti-Spyware may commonly find a large number, even hundreds, of browser cookies which the software identifies as “potentially unwanted”. These typically take up an amount of disk space which is generally considered to be a small amount of space. Some people consider such things to be a terrible invasion of privacy while others accept such automated, generally non-personal gathering of marketing data to be a common, harmless business practice. Some Anti-Spyware software has obtained a large amount of respect, partly from people who were simply ignorant of how commonplace such browser cookies have become and became surprised when hundreds of files that were “potentially unwated” were identified.
The software does not allow free re-distribution, but the free version may be obtained directly by a computer with working Internet access.
After downloading a SuperAntiSpyware program, be sure to click "Check for Updates..." before choosing "Scan your Computer". Online scan downloads a program which can be run fairly quickly, without any sort of installation procedure. It identifies itself as “SUPERAntiSpyware Free Edition”. Also downloadable is the download page for the SUPERAntiSpyware Free Edition. This is definitely free for Personal Use and for Home Users (as noted by an overview page). Also available is the download page for the trial of the SUPERAntiSpyware Professional, which the Comparison page for the Free and Professional versions of SUPERAntiSpyware refers to as a “15-day fully functional free trial”.
Visiting a SUPERAntiSpyware Shopping cart page has been known to offer “a lifetime subscription for a $9.95 one-time fee instead of our usual renewal fee of $14.95/year. This includes free program updates for the life of the product!” Such gimmicky pricing may be misleading (as some products are known to discontinue, only to be replaced with a different product so people are encouraged to pay again).
Some experience has shown that this software has been found to be quite effective, removing malware that other options haven't succeeded in fully removing.
This software was formerly known as Ewido before being acquired by Grisoft.
Found on May 4, 2008: Grisoft's web page about AVG Anti-Spyware and AVG Anti-Rootkit not being available says “As AVG Anti-Spyware and AVG Anti-Rootkit are now only included in commercial versions of AVG 8.0. Updates will soon be discontinued.”
Old FAQ for AVG / ewido Anti-Spyware: FAQ 1277 was “Does AVG / ewido Anti-Spyware work under Windows 95, 98 and Me?”. The answer was: “Unfortunately the AVG / ewido Anti-Spyware only works with Windows 2000 and XP as it was developed to use many of the features introduced with Windows 2000. Also we currently can't and most likely won't provide a version for older Windows versions in future.”
http://free.grisoft.com/softw/70free/setup/avgas-setup-22.214.171.124.exe is no longer available as it once was. AVG Anti-Spyware 126.96.36.199 http://free.grisoft.com/filedir/inst/avgas-setup-188.8.131.52-3339.exe was AVG Anti-Spyware 184.108.40.206 but now redirects to the path on download.avgfree.com and says the file “was not found on this server.” (found from AVG Advisor cache), AVG Anti-Spyware 7.5 PDF File Hippo's download area for AVG Anti-Spyware, an unofficial third party site, has download links for some older versions including Ewido products. An old “AVG Anti-Rootkit Free” download page was at http://free.grisoft.com/ww.download?prd=arw but now it rediects to the web page about it not being available. http://free.grisoft.com/filedir/beta/avgarkt/avgarkt-setup-220.127.116.11.exe is no longer available.
Both the origial German “developer's site” for Lavasoft (as identified by a forum post) and American download site for Lavasoft now simply point to the main Lavasoft.com page which identifies Lavasoft as “The Original Anti-Spyware Company”.
Ad-Aware SE appeared to be more popular than its successor, Ad-Aware 2007, based on forum comments such as Lavasoft.com forum post. Ad-Aware SE worked on more systems than its successor, Ad-Aware 2007, when the latter was released. For more details, information on downloading the older version, Ad-Aware SE, or other versions, see the local Lavasoft Anti-Spyware page.
Anti-Rootkit functionality may be separate from anti-virus and anti-spyware software, or it may be bundled with anti-virus and/or anti-spyware software. AVG has released a separate Anti-Rootkit. (For now, see the AVG Anti-Spyware section for details.)
Sometimes rootkits are simply handled by software which scans for viruses and/or software which scans for “spyware”. However, some software companies, such as AVG, have been known to release Anti-Rootkit software separately. If there is a separate bit of software available for detecting these, getting them is recommended.
There may be some misunderstanding as to what a “rootkit” is. A rootkit is a program that is designed to maintain superuser/administrator access by allowing a backdoor and often doing so while hiding itself by replacing key files that are frequently used to detect whether a rootkit is installed or not. Some people believe that a rootkit is designed to gain initial superuser/administrator access, and so that may someday be true for some software that calls itself a rootkit, but that certainly is not what all rootkits are about.
There are various strategies to having a firewall, including using a hardware firewall device or a dedicated computer. Additionally, a computer can simply run firewall software. In general, at least one firewall should be used. More firewalls can be customized, and certain configurations may cause even simple network traffic to not reach the desired destination, so explaining how to set up the firewall is beyond the scope of this website. This may be something that average users may want to get help for.
Simply purchasing a firewall device, and plugging things into it appropriately, may have default options that are sufficient to offer some basic protection and allow web surfing and E-Mail. This may not be the best option, but it is one that may work for several people.
For users of Windows XP and later Microsoft Windows desktop and server operating systems, there may be multiple ways to reach the Windows Firewall, generally reachable through the control panel somewhere, such as one or more of the following:
Reviewing the download history at File Hippo, it seems the “Comodo Firewall” product was renamed with version 3.0 from Comodo Firewall to “Comodo Firewall + Antivirus”, apparently replacing the old separate Comodo Antivirus product. With version 3.11 it has been renamed to Comodo Internet Securiy. The download from this product gives an option to install only the AntiVirus software or only the Firewall software or both of those offerings. Version 3.0 of Comodo Firewall was available for XP free for commercial use.
When checked while version 3.12 was current, this required Win XP SP2 or newer (including Vista), and had separate downloads for 32-bit and 64-bit. (The successor to Vista, “Windows 7”, hadn't been fully released at the time.) An old version, Comodo Firewall Pro (“CFP” 2.4, supported Win2K. However, the old download hyperlink at the bottom of CFP 2.4 seems to have disappeared. FileHippo's download info page for Comodo Firewall 18.104.22.168 has a download link in the right column of the page.
Software called “Internet Security Pro”, by Comodo, can be tried free for 30 days and supports more such as WiFi protection. Of course, this implies that the free version might not support this feature.
Jetico Personal Firewall v.1 is free and for Win98/NT+. This product has been frozen as of August 1, 2006 when v.2.0 public beta was released. There is a local copy of jpfwall.exe in this site's Firewall area; that is probably JPF version 1 obtained directly while it was more available. However, the web site now seems to focus on it's successor, jpf2, so specifying the old web page http://www.jetico.com/jpfirewall.htm or the download URL http://www.jetico.com/jpfwall.exe will redirect to information about jpf2. Under Windows Vista, a “Program Compatibility Assistant” may prevent the installer from installing the program. The software may be obtained with the help of Archive.org: e.g. the November 24, 2007 copy of Jetico's download page (as archived by The Internet Wayback Machine at Archive.org) has a download link to a jpfwall.exe that also can be obtained from Archive.org.
Jetico Personal Firewall v.2 is for 32bit and x64 Windows Vista/XP/2003 Server/2000 and its web page points to something that can be downloaded, although JPFv2 can also be bought and the web page doesn't refer to it being free.
Discontinued software. A member “ivan”, who appears to be the Cheif Technology Officer of Care Security Technologies (noted by this posting), posted on a forum post about Core Force, referring to “the original team of the project”, “we believe that there is no longer a reason to maintain active development and a long term roadmap for the Core Force project.” This was on November 5, 2007.
This was based on OpenBSD's excellent PF software (which is primarily released for the OpenBSD operating system, not Microsoft Windows). Core Force is meant for Win2K Pro/Server with SP4 or above and for XP Pro/Home with SP1 or above, and required MS IE6.
First off, a warning: Often software which claims to be a registry cleaner is actually malicious software.
This is only meant for users of modern Microsoft Windows operating systems. (Users of most, by far, if not all, other operating systems simply have absolute no need for such a thing, due to not having a “registry” or anything very similar. The closest thing to a registry in Posix, for example, would be a subdirectory called /etc/.)
Generally, registries do not need to be cleaned by such software. Although some registry cleaners can improve a system's performance, there are two other common risks. One is actually downloading malicious software posing to be a registry cleaner. The other is that the registry cleaner may incorrectly remove an important piece of data, such as a registry key, which isn't noticed immediately but it ends up preventing something from working correctly. Such a thing may be software code that isn't always run regularly, such as a software updating procedure or software used to file taxes annually, but which can cause problems if it isn't working.
One way to clean a registry which may be effective is to use anti-spyware offerings, such as SuperANTISpyware, or other protection software designed to clean up spyware and adware.
I have had CCleaner recommended by a source reliable enough to warrant mentioning the product here in this section.