Antimalware software suites

When it comes to antimalware software, the first decision any Windows user needs to make is whether to go with an integrated suite of software or pick and chose specific products, such as a firewall, antivirus, and antispyware software. If a suite came preinstalled, it's certainly a tempting option. Dealing with a single company and not having to install new software has obvious appeal. But, I think it's the wrong way to go.

For one thing, the software suites can be complicated to use. Oftentimes they have been known to slow down the computer. And they cost money, whereas there are many free antivirus, antispyware, and firewall programs to chose from.

Plus, they may be overkill. In what has been called feature creep, they typically include many different types of protective software in addition to the baseline antivirus, antispyware, and firewall. This added complexity can negate the single product simplicity advantage.

Among the extras are antispam software that many people don't need, and, a case can be made that fighting spam is a server side thing, not something best done on your computer.

My colleague from The Personal Computer Show, Alfred Poor, has recommended against software suites many times on the show. He cites "bloatware" as the main reason:

"... the publisher piles on features not because they are practical or useful, but so that they can win the 'battle of the checkbox' where buyers go for the program with the most features. This leads to more software running in the background, which means a performance hit at the very least, and an increased chance of conflicts with other applications. My advice is to buy what you need, and no more."

Another big consideration is that, taken as a whole, software suites don't offer the best protection.

Leo Notenboom, made this argument last week on his Ask-Leo Web site. Quoting from How do I pick the right tools to protect my system?

"Would a bundled application (all defenses in one) be necessarily more effective than several standalone products? In my fairly strong opinion, no. I base that primarily on the four+ years of problem reports and feedback that I've received here at Ask Leo!. It just seems that the combined suites cause more problems and miss more malware or security issues than a well chosen set of individual solutions."

Why don't the suites offer the best protection? Here too, I agree with Leo:

"My theory is that the suites start with a really good single product...in order to create a suite the manufacturer then buys or creates what I can only assume are second-rate additional components..."

The ZoneAlarm firewall is a case in point. I like the free firewall and would buy the commercial version for the additional features. But I can't; at least not without also buying either antispyware or antivirus software from CheckPoint. So I pass.

Interestingly, I disagree with Leo's recommendations for antivirus, antispyware, and firewall software. But, even people who disagree on the specific choices, agree that making specific choices is the way to go.

As for Alfred's point about bloatware, a comparison of the assorted software bundles offered by ZoneAlarm/CheckPoint shows no less than 16 types of defensive software included in the top-of-the-line product.

Another example of an antimalware product being assimilated into a suite comes from Eset.

In his newsletter/blog last week, Scot Finnie discussed the stand-alone NOD32 anti-virus program vs. their suite of anti-malware software called Eset Smart Security. As for the new version of NOD32, Scot writes "...my preliminary impression of Nod32 3.0...was quite positive. That product is available as a standalone upgrade to Nod32 2.7..."

But regarding the suite he says "I looked pretty extensively at Eset Smart Security in late beta, and I didn't think much of the firewall at all. Plus I have no use for Eset's antispam solution. So I am definitely recommending *against* the new $60 Eset Smart Security (ESS)."

Finally, a note from the school of hard knocks.

After reading some good reviews of F-Secure Anti-Virus a while back, I installed it on a couple machines. On one machine, when I later installed Spy Sweeper, the antispyware product from Webroot, I learned about an incompatibility with F-Secure Anti-Virus.

Another machine had the free ZoneAlarm firewall installed. When I tried to install F-Secure Anti-Virus, it complained about ZoneAlarm, basically saying it's either us or them. The F-Secure product would not install unless the ZoneAlarm firewall was removed.

What possible conflict could there be between an antivirus program and a firewall? My guess is that F-Secure had a single installation program for both their software suite and their standalone antivirus, and they hadn't customized the antivirus installation to not bother checking for firewall software. Just a hunch.

The debate over individual antimalware products will continue until Windows truly becomes secure. Until that day, fight assimilation and opt for standalone antimalware products.

See a summary of all my Defensive Computing postings.

[ruminator]

The appeal of a suite, and that appeal is overwhelming, is that for the masses there "should" be no congflicts among the different purpose programs. This is "simplicity." Installing 3 or more separate highly rated programs performing different functions is not "simplicity.," and that setup is just beging for conflicts. Also, it is a purely gratuitous and unfounded assumption that one highly rated program will merely add other subpar programs to build up a suite. The truth is that every program added can't be the best and best to each user might mean different things anyway.

[john55440]

In the tests that I have seen, freeware antivirus/antispyware products have been less effective than Norton/Symantec products.

Norton Internet Security 2008 is not complicated to use. In it's default configuration, it's a nonchatty program that just does it's thing in the background. (My understanding is that Norton 360 is the program designed to be used by rank novices.)

Norton Internet Security 2008 is not bloated. I use it on a 2002 computer with only 512MB of memory, and have no complaints. My understanding is that, in the last two versions of NIS, Symantec has worked to improve performance. In addition, nonessential modules, like parental controls, have been relegated to an optional, downloadable, add-on pack.

Besides, Norton Internet Security 2008 is a PC Magazine Editor's Choice.

If you install seperate firewall, antivirus, and antispyware programs from three different companies, you have the additional complication of learning three different programs, with three different interfaces. In addition, there are potential conflicts/incompatabilities between the programs.

[Schratboy]

The best anti-malware defense is limiting what users can do via the Internet. When a user spends hours on-line surfing to hundreds of different sites each day, they increase their risk for exploit 1,000 fold. Notwithstanding what A/M products one uses, the best and most effective solution is clearly defining the dos and don'ts and manage accordingly.