What is the Best Antivirus Software?
Unfortunately, there isn’t a straightforward answer to the question of which Antivirus software is the best. No single solution can claim to be able to stop all malware, and each may successfully detect a virus that bypasses another, and vice-versa.
There are some things to look for when selecting an Antivirus solution however, that should help inform your decision:
– Detection Method – How the Antivirus product detects malware is important. Look for products that use a heuristic approach to detection as opposed to simply relying on signatures. Traditional signature-based detection can only detect malware that has already been detected, a heuristic approach looks at behaviour, giving you more chance to stop new, previously undetected malware.
– Deployment and Update Method – If you’re deploying Antivirus at scale, how you install it and keep it up to date is important to consider and will need to fit your environment and the profile of your workforce. If you have a largely remote set of workers for example, you’ll want them to be able to stay up to date when not connected directly to the corporate network for example.
– Central Management – Again critical for scale, having a central management function to create policies, report on version information and more importantly be able to see if any malware is detected is key.
– Features and Capabilities – These days it’s not just viruses that we need our Antivirus products to protect against. Malware, Spyware, Trojans and Ransomware are all evolutions of the ‘virus’ in a traditional sense and each have their own set of challenges when it comes to detection- but there are also malicious websites, application plug-ins and email-based threats to consider. Antivirus vendors commonly offer suites of products affording you protection against one or more of these threats, what level of cover you need or want depends on what other protection you have in place and what you see as your biggest threats. The more features the higher the cost though, so this can be a balancing act.
Whichever vendor you choose, you should not rely on Antivirus alone to protect your endpoints or your data. You should tailor your security policies to your needs when it comes to Antivirus in your organisation, incorporating the solution as part of your global security practices. Things like the use of external devices are critical in protecting your environment from malware, and your Antivirus should be seen as a last layer of defence against infection- not the only layer of defence.
If you frequently ingest data from external sources or devices, you may want to run the data through antivirus products from multiple vendors. Bypassing one product can be trivial but bypassing two is much harder so setting up a ‘sheep-dip’ for incoming data could be an option.
Free tools such as Virustotal.com could also be useful, this website checks files or URLs against many of the market-leading antivirus products so you can see for yourself which ones successfully detect and which ones may be bypassed more frequently than others.