Viruses, trojans, spyware. All of these fit under the general term of malware, software designed to damage a user's computer. But how to choose a package? There are many antivirus vendors; which one should you use?

Note: most vendors have a subscription model nowadays ... you buy the software and have to renew either the program, or the virus update subscription ... or both, after a year for a fee.

Do You Need a Firewall? Well, Windows XP has a firewall built-in ... it's simple, but it works. I wouldn't think you need to buy a different firewall. Also, if, like many people, you use a router with your broadband connection, you shouldn't need to use a firewall as hackers won't be able to get past the router ... unless you open up a lot of ports, that is.

The Big 2

The safe (?) choices would be the biggest companies ... the ones that most people have heard of. Those would be McAfee VirusScan and Symantec Antivirus. Both of these vendors offer security suites that include spyware detection and firewalls. Since these are considered the big 2, they are the safe choice. And, in fact, both do a good job of securing your system.

Negatives? Symantec Antivirus is notoriously heavy. It uses a lot of resources, and will bog down slower systems. Additionally, Symantec requires activation of its products ... personally, aside from Windows XP, which leaves me little choice, I refuse to buy products that require activation. The initial problems Symantec had with activation shows why.

As far as McAfee goes, I used to use it, and it was very light on resources. But I don't like its use of ActiveX technology. Obviously the use of ActiveX in an antivirus product shouldn't open vulnerabilities, but since ActiveX has such a bad rep ...

One other negative of buying the biggest: many hackers consider getting around Symantec and McAfee to be a challenge ... and, as outlined in this Business Week article, many are successful.

Choosing From the Rest

Just because they're the biggest vendors doesn't mean Symantec and McAfee are your best choices. Quite a few people use other software. How should you make your choice?

One thing I would do is check for a) reviews (not that easy to find), b) test results.

Virus Bulletin awards the VB100% Award to products that a) detect all "In the Wild" viruses during both on-demand and on-access scanning in Virus Bulletin's comparative tests, b) generate no false positives when scanning a set of clean files. You have to register at the site but it's free. Note: they do not test every month, and they usually test only one platform (OS) each time.

ICSA Labs certifies antivirus products. A list of the currently certified products is here.

AV-Test.org also tests antivirus products. One interesting spreadsheet on the site indicates how quickly vendors reacted to the Zotob virus that spread earlier this year. It also indicates which products detected the virus proactively, using heuristics. More on this later.

Now, the failure or success of one product over another in the tests does not necessarily mean a product is good or bad. What does count is if a product succeeds or fails consistently.

Now, heuristics. I like to look for antivirus products that have good heuristics, that is, they don't rely just on virus signatures but also analyze files to determine if the file could possibly be a virus which does not have a signature yet. Of course, this can lead to occasional false positives, but I'd rather have a few (note the emphasis on few) false positives than have a new virus slip by.

There are quite a few second-tier vendors that can be relied on to provide a reliable, effective scanner (I use one of them) ... for me, the final decision was based on effectiveness combined with light use of resources (I am a gamer and, although I could turn off a heavy antivirus program during gaming, I prefer not to).

Spyware

I don't feel it's necessary to have a background spyware scanner running. I'm just careful and make sure I don't opt-in or install anything I don't want. Also, many antivirus products look for spyware by default. I do occasional standalone scans using both Spybot - Search & Destroy and a-squared free edition. Both are free. Both are effective. Usually all I find are some tracking cookies.

Trojans

A Trojan (short for Trojan Horse) differs from a virus in that it cannot replicate itself. Frequently Trojans log your keystrokes or open backdoors to your PC so that the writer can turn your computer into a zombie. I prefer a stand-alone antitrojan program. This limits me, as there aren't that many vendors. You can look at BOClean (which has saved me more than once!), Trojan Hunter, ewido ... and there are a few more. But it's a smaller, tougher biz than antivirus, TDS-3 recently dropped out of the business.

What Have We Learned?

Honestly, if you don't go with the big 2 (and you don't have to) you need to do research at the sites I mentioned, as well as look for reviews. Determine if you can live with a heavier program or if you want a light one. There are even free antivirus programs (such as Avast and AVG) also, with limitations, usually on number of virus definition updates / day. Just be sure you have some protection. The amount of time an unprotected system can be connected to the Internet without infection has dropped to below 20 minutes.