Ask ExeTools: Best Antivirus & AntiMalware 2017

[Kerlingen]

What exactly is the difference between "antivirus" and "antimalware" supposed to be?

Most companies sell "anti-virus" and "internet security" products. The first include only "anti-virus", the last include "anti-virus" + "firewall" + "<insert any number of words which somehow should sound to a stupid end-user like they do something important>".

Since the Windows Firewall has a default "allow all outgoing traffic" rule which you cannot change I would say it's mandatory to use an "internet security" product, not only to block (non-malware) "call home" software, but also to block malware which is not yet detected from connecting to its control server.

When you see any tests conducted by a website or a magazine, the rating will always be something like "60% detection rate, 30% resource usage, 5% user interface, 5% other features". This sadly means two things:

• Many products just have no way of configuration. You just get a big red "on/off" button and a "you are secure" text, but you cannot configure anything you might care for.
• Many of the "internet security" products with good rating include completely functionless "firewall", "secure banking", "child protection", etc. modules, just because these things are not tested and have no real influence on the final rating.

Two examples: In nearly all tests Kaspersky and BitDefender are on #1 and #2 in the list. These products might have a good detection and resource usage rate, but:

• BitDefender has pretty much no configuration settings at all. It just runs and that's it. Even the "advanced configuration" menu has just something like "allow NetBIOS yes/no" and "configure proxy for internet connection" and nothing else.
• Kaspersky has many (and good) configuration possibilities. However, the way the software works is that any unknown application will have full internet (and system) access on the first launch, since you can only configure a application after the first launch. You cannot change that behaviour by any setting, this makes the firewall (and HIPS) completely useless. To make it even more useless: All user-defined rules are deleted 30 days after the last edit, making a known applications "unknown" again. No "test" will notice that, since they only use default settings and don't run for more then 30 days.

So my suggestion:

• Always use a combined antivirus+firewall solution. Firewall-only products don't really exist any more and they probably don't play nice with anything expect Windows Defender.
• Do not use more that one "real-time" solution at the same time. Maybe with the exception of "Windows Defender", all other products will badly influence each other, making the system slower and less secure.
• Use addons like Ad-blockers and JavaScript-blockers in your webbrowser. Do not rely on your anti-virus to detect anything which is not saved on your harddisk and just exists in your webbrowser's memory
• Make sure that your anti-virus will scan encrypted connections (off by default in many solutions for compatibility reasons) and make sure that it won't downgrade the encryption parameters just because the programmers were to lazy to implement anything else than "RC4 40bit".
• Set any "preview" options in your email software to disabled. Disable anything which downloads data from the internet when you open an email. This makes sure you can delete a suspicious email without automatically executing the included malware. (if you ever meet a programmer who allowed JavaScript in emails, hit him somewhere it really hurts)
• Always update your important software: OS, anti-virus, webbrowser. Even if you have a pirated Windows version you will get Windows updates.
• Regulary update other software: media players, picture viewers, download managers, etc.
• Don't use cracked software. Cracked software might contain malware.