In the olden days, and by this I mean in the days before Windows 7 (and also kind of before Vista, or maybe even XP SP2, but that’s a totally different discussion), the first thing you would do after installing Windows, would be to install an antivirus program and firewall. If you could combine the two in one product, or Internet Security Suite, you would be even happier. Keep in mind that in those days, 1GB of RAM was an exception rather than the rule.
Even after the release of Windows 7, I still did this, almost religiously. However, having had a number of issues with my “go-to” suite, Comodo Internet Security (CIS), I started wondering if this approach was actually still viable, and if you actually really need a stand-alone firewall, or if you can make do with the Windows Firewall and an anti-virus program.
Before we get to that, though, let me elaborate on my issues with CIS and why I decided to step away from it.
Before I start: to my knowledge, I have never been infected with a virus or spyware in the time that I have been using CIS. So, my contemplations are not about the level of security of CIS, because I was happy about that.
An internet security suite should protect you, while not limiting you in the usage of your computer. In essence, it all comes down to maximum protection with minimum intrusion. However, this was exactly where CIS was coming in my way. CIS includes Defense+, which, among others, looks at the programs you run, and protects you from harmful operations by those programs. If you are a “normal” computer user, this is fine and you’ll never get any problems. However, labelling myself in the “power-user” category, means that I want to be able to do more stuff than such a program would allow you to do. Things like rooting an Android phone and putting a new bootloader on it. And this was one of the reasons why I decided to move away from CIS, because I was not able to do this properly anymore.
CIS will recognize that a program is trying to tamper with a bootloader, and will block the program from accessing the bootloader. In itself, this is expected behaviour and I expect an Internet Security Suite to do exactly this, however, I would also like to be able to disable this behaviour for certain programs, so that I can do things like installing a bootloader on my phone, or even more simple, installing or updating programs via Ninite (which is awesome, also for a later post), or installing a program via the network. Add to that the fact that the search function of Outlook 2013 got broken by CIS, and I was pretty much done.
So, after some research, I decided that I could probably make do with only an antivirus program, as the Windows Firewall is pretty good nowadays, and I have router running OpenWRT, which also has a firewall active as well, so adding another layer of security is not bad, but you only need to go so far.
Thankfully, right in that period, Lifehacker was running a vote on the 5 best desktop antivirus applications. After the voting, Avast! Free Antivirus was voted the Most Popular Desktop Antivirus Application.
Of course, I do not blindly follow advice that is given on the internet, so I did a little research myself, and most stories on Avast! I read and had come across before were pretty positive, so I decided to give it a try myself. I will not go into specifics of memory usage, as I have not done any scientifically accurate measurements, but it seems to me that Avast! is not that heavy on the resources. As of now, I am only running it in one of my VM’s, but am planning to switch my desktop to it as well, in the coming days.
So far, I am happy with my choice to switch from CIS to the WIndows Firewall + Avast! . I am able to do all the things I was before, with less intrusions, which means less frustrations on my end. As Avast! comes pretty highly regarded, I do not feel I have made concessions to my security.
In the end though, as with most things computers, it comes down to your personal preference. Some people will argue that you need a dedicated firewall on your computers, where others will say you can make do with only the Windows Firewall. I must say that I am starting to lean more and more to the latter group, as the Windows Firewall seems pretty configurable now. Also, when running a good antivirus (which is still a must), and some common sense, you can pretty much avoid 99% of the problems.