[gui-talk] Free Anti-Virus Software - Review of Avast

[Steve Pattison]

Following on from the recent discussions on this list about free anti-virus software I thought people might be interested in the following review of the free edition of Avast.  I haven't tried Avast as I prefer to use anti-virus software that isn't free so I don't know how accessible Avast is.  -Steve.

Taken from PC Magazine /www.pcmag.com/print_article2/0,1217,a%253D226370,00.asp.

avast! antivirus 4.8 Home Edition
REVIEW DATE:  04.10.08

BOTTOM LINE:

Its virus protection isn't far behind that of the top antivirus products. It removes
spyware nearly as well as the top antispyware, and its resident protection against
new infestation is excellent. This is some seriously impressive protection, considering
that it's free for personal use.

PROS:

Certified by independent labs for virus detection (but not cleanup). Very good at
blocking spyware installations, decent at removing existing malware. Simple, skinnable
user interface. Free!

CONS:

No scheduled scan. Leaves many Registry traces and nonexecutable files when cleaning
up malware.

COMPANY:
ALWIL Software
SPEC DATA
Price: $0.00 Direct
Type: Personal
Free: Yes
OS Compatibility: Windows Vista, Windows XP

EDITOR RATING:
By
Neil J. Rubenking

When the version number of a new software release is just 0.1 higher than the old
one, I expect a ho-hum incremental update. So I was pleasantly surprised to find
that avast! antivirus 4.8 Home Edition adds significant functionality: It now protects
against spyware, rootkits, and other forms of nonvirus malicious software. Best of
all, it's free for personal use.

The $39.95 Professional Edition does include a few additional features. Its users
can switch to an advanced user interface that allows more detailed configuration.
It offers a command-line scanner and the ability to schedule regular full scans.
A script blocker watches for dangerous scripts on Web pages, and its PUSH updates
feature goes beyond the free version's automatic update checking. If you're using
avast! in a business environment, you must purchase the Professional Edition. But
the free Home Edition is 100 percent full-powered where it counts: clearing viruses
and spyware off your system and preventing any new infestations.

Great Detection, Decent Cleanup

As always, I rely on the large independent testing labs to certify the efficacy of
a product's virus protection. In a test of avast!'s ability to scan and remove viruses
on demand, AV-Comparatives rated it Advanced+, their highest level. In a separate
test of its ability to detect viruses using proactive behavior-based techniques,
it earned an Advanced rating, the second-highest level. Avast! also gets good marks
from Virus Bulletin. It hasn't missed any viruses on Virus Bulletin's tests since
2004, though it failed one VB100% test due to a false positive.

Avast! has certification for virus detection from both West Coast Labs and ICSA labs,
but neither one gave it its higher certification for virus removal. Results from
AV-Test in Germany were similar. That lab rated it very good (its top rating) at
spyware detection, good at malware detection, and merely satisfactory at cleaning
up infections. On that test, Norton and McAfee scored the same in those two detection
categories but rated very good at cleanup. The labs seem to agree, then, that avast!
is better at detecting malware than at removing it.

The product installs quickly, though it does require a reboot to finish the installation.
I found it to be quite chatty. It speaks the message "Virus database has been updated"
when appropriate. When it detects a virus, a siren whoops and a voice warns "Caution-a
virus has been detected." You can turn off or replace the sounds if they become a
problem.

In addition to the expected system tray icon for the product itself, you'll see another
for the Virus Recovery Database, or VRDB. This unusual feature takes a census of
the files on your system, retaining data about the three most recent versions. If
a virus manages to get past avast!'s initial protection, the VRDB can be useful in
repairing infected files. By default, it builds the database automatically when the
computer is idle, so you don't have to think about it at all.

The product checks for threats in memory each time it launches. If it finds malware
actually running, it offers to launch a boot-time scan-a powerful feature. The boot-time
scan runs before Windows has loaded so that rootkit techniques are prevented from
working, and most malware has no chance to defend itself against removal. You do
have to keep an eye on the text-only scan when launched automatically, because it
will ask what action to take the first time it hits a malware-related file and again
if it finds an infected file in a system folder. If you request a boot-time scan
manually, you can preselect the program's actions, thereby letting it run unattended.
The program's user interface looks more like a media player than like your average
antivirus. You click a few big buttons to select where it should scan; choose a quick,
standard or thorough scan; and click what looks like the Play button. Simple! And
it's fast, too. On my clean test system, the standard scan took less than 10 minutes.
The thorough scan took around 15 minutes, about the same as the spyware-only scan in
SUPERAntiSpyware Professional 4.0. It's much faster than Webroot AntiVirus with AntiSpyware
and Firewall or Spyware Doctor with AntiVirus 5.5.-Next: Testing the New Malware Removal.

Testing the New Malware Removal

I hadn't tested avast! against my malware collection before, because previous versions
promised only to remove viruses. For this inaugural test run, I started by installing
the app on a number of test systems infested with malware samples, including adware,
spyware, worms, Trojan horses, rootkits, and rogue antispyware products. One of my
samples tried to interfere with installation of security software, but avast! installed
without any trouble.

I frequently see problems with system stability when a security product's installation
requires a reboot. If a preinstall scan or real-time scanner deletes part but not
all of a seriously entrenched malware program, the system may blue-screen on reboot
or simply hang. While avast! does need to reboot to complete its installation, it
caused no such problems. It did offer to run a boot-time scan during this initial
reboot. To get a clearer view of the program's operation, I declined that offer.
Once I launched avast! it began detecting malicious software in memory: I heard its
siren and audible warning over and over again. In all but one test system it asked
to run a boot-time scan. After the boot-time scan completed and Windows restarted,
a couple of the systems requested another boot-time scan because they detected threats
still running in memory. What the heck-I allowed it. But on one system, avast! remained
locked in combat with a particular sample, never actually able to remove it or even
stop it from running. After four boot-time scans I had to admit that it wasn't going
to get any better.

Cleaning up these infested systems took a while, but overall it was quicker and less
troublesome than running Spyware Doctor through the same tests. The results were
surprisingly good. Allowing full credit for removal of all executable files associated
with a sample, and half credit if it detected a threat but left some executables
behind, avast! scored 8.0 of a possible 10 points. That's not far behind WAV's 8.3
points and Spyware Doctor's 8.7 on the same test. Do note that this is a new, tougher
set of malware samples, so the results aren't directly comparable to earlier scores
reported in the recent article "Nine Ways to Wipe Out Spyware." On a parallel test using commercial keyloggers, avast! scored 5.9 of 10, where both WAV and Spyware Doctor got 7.3.-

Pspyware Psychology

There's a serious difference between virus-type threats and other kinds of malware.
In order to propagate, a virus has to fly under the radar, remaining as inconspicuous
as possible. Typically the virus hides by infecting an existing executable file;
the virus code runs with a minimum of fuss and doesn't keep the infected file from
doing its normal job. Spyware programs don't have to be so subtle. They can slop
any number of files and Registry keys into your system and just hope you won't notice
right away. Trojan horse programs masquerade as useful programs, so they, too, have
no reason to hide.

A product originally designed to fight spyware and other nonvirus malware will typically
work hard to clean up all the traces it can find. Files and Registry traces left
behind may not be actively malicious, but they take up space and can gunk up your
system. A virus-fighting program, on the other hand, figures that its work is done
once it repairs or quarantines the infected executable.

This difference in psychology shows up very clearly when you compare avast!'s cleanup
style with that of Spyware Doctor. In most cases, Spyware Doctor cleaned up amazingly
well, deleting not only the essential executables, but all (or almost all) of the
Registry traces and data files installed by malware as well. Avast!, on the other
hand, left behind the vast majority of file and Registry traces even when it successfully
quarantined all essential executable files. You
do get a more thorough cleanup from Spyware Doctor.-

Powerful Resident Protection

Avast!'s Resident Protection module blocks many possible routes that malware could
use to sneak into your system. It scans files arriving via e-mail-POP3, IMAP, or
Outlook/Exchange. It examines any file received through almost 20 different instant
messaging clients and almost 30 different peer-to-peer download programs. Its "Web
shield" can abort the download of a malicious file before it even starts. And it
examines all programs on access. Clearly it will be tough for a malicious program
even to reach your system, and even tougher for it to actually execute.
To check the Web shield protection, I attempted to redownload all of my malware samples.
Naturally a fair number were no longer available from the original URL, but avast!
caught well over half of the still-available ones before the download began. Next,
I opened a folder full of sample malware installers in Windows Explorer. Even the
minimal file access required to display file details in Windows Explorer was enough
to set off the on-access protection-it wiped out over half the samples. When I tried
again using unique hand-modified versions of all the samples, it caught exactly the
same group, indicating that its detection system wasn't fooled by my tweaking.
For the samples that weren't immediately wiped out, I launched each in turn and noted
avast!'s reaction. In most cases avast! did not kill the installer process itself,
but it wiped out some or all of the executable files that were installed-I heard
a lot of sirens! I gave it full credit if it prevented installation of all executable
files associated with a threat and half credit if it tried but missed some executables.
On this test it scored a phenomenal 9.6 of 10 points. That beats both WAV's 8.9 points
and Spyware Doctor's 8.5. Again, this is a new test set, so we can't compare with
older scores. But avast! is clearly doing a superb job of preventing malware installation.-

Bonus Features

I'm not sure how many home users will need this feature, but you can configure avast!
to send a notification over the local network or Internet when it finds a virus.
Locally it can print an alert on a network printer or use WinPopup to send a network
pop-up message. It can send an e-mail alert using SMTP or MAPI. And it can alert
you via ICQ or Windows Messenger as long as the corresponding IM client is installed.
The avast! user interface is completely separate from the underlying protection engine,
which means it's possible to change the UI utterly just by selecting a different
skin. You can get dozens of skins from the company's Web site, some designed in-house
and some crafted by enthusiastic users. Skins don't have to be rectangular; they
don't even need to have straight sides. You'll find skins in all shapes and sizes,
including some themed on cultural icons like
Star Trek and Spider-Man.

 This feature has nothing to do with the product's level of protection, of course,
but it's fun.

Avast! has long been a popular free antivirus. The independent labs give it good
marks, though not as good as the very best. Now it also removes spyware-not as well
as Spyware Doctor or WAV, but better than most. And it's a seriously tough protector
against attacks on a clean system. I'm really pleased to find a free antispyware
product that I can recommend.

Regards Steve
Email:  srp at internode.on.net
Windows Live Messenger:  internetuser383 at hotmail.com
Skype:  steve1963