Good antivirus software is a critical part of any Microsoft Windows system that communicates with other computers, particularly if it is connected to the Internet and deals with browser, email, or instant messenger traffic. It seems like everybody has his or her favorite antivirus solution and it is different from everyone else’s. For personal desktop systems, however, there are some rules of thumb that seem to be fairly universal among security experts:

  1. Install your AV software before connecting to the Internet. Any MS Windows computer should have antivirus software installed before connecting to the Internet. I have seen malware insinuate itself onto a computer in less time than it took to download antivirus software to use on the computer. If you have not seen that, and you use that as evidence you do not need to worry about antivirus until after you have opened a browser and navigated to a Website where you can download AV software, you are just playing Russian roulette with your computer’s security.
  2. Don’t use default AV software. Norton and McAfee, once among the most trusted brands for home antivirus, have taken significant damage to their reputations. These days, most home desktop security experts recommend that any computer that comes with either of these brands of antivirus software get something else installed instead, as quickly as possible. Regardless of what you think of Trend Micro’s enterprise antivirus offerings, the free AV software from Trend Micro that comes with some new computers has never been regarded by many as good enough on its own. In general, the “free” antivirus software you get with your computer will come from a big-name vendor that has more money for marketing than any of the others, and is not the best option for your purposes.
  3. Get AV with a real-time scanner. You need an on-access, real-time scanner to ensure that some of the most common infection vectors for viruses and worms are checked “live”, to prevent an infection from spreading when your computer first encounters the virus or worm. Real-time scanning can be a real burden on system performance, and there may be times when you will want to turn it off to get your performance back, but be very careful about that. Browsing the Web and checking email are not the times to turn off your antivirus real-time scanner for extra performance.
  4. Perform regular full-system scans. A real-time scanner is not enough. You should also make sure you perform full-system scans often, and automate the process with a scheduled nightly scan if possible. Real-time scanners only detect an incoming virus before it infects your system if it happens to pass through a point of access that the scanner can effectively protect, and even then sometimes something might get through before there is a virus signature available for your AV software.
  5. Don’t use two AV programs. Using two antivirus programs at the same time is just asking for trouble. Whether it is because their real-time scanners fight over access and between the two of them can slow your computer to a crawl, or because one might misidentify virus signature files maintained by the other as actual virus infections, many problems can crop up that make using two desktop antivirus applications effectively incompatible with each other.

My approach for a long time has been something like the following:

  • Get any installers downloaded from an already protected computer, and burn them to a CD-R.
  • Make sure the MS Windows computer is not yet connected to the network.
  • Remove any antivirus software that may have come with it.
  • Install AVG Free, configure it to my liking, and make sure real-time scanning is turned on. Run a complete system scan, just to be safe.
  • Install ClamWin, and configure it to run a complete system scan at a scheduled time once a day or once a week (depending on my expected usage habits with this computer) at a time when I’m unlikely to need to use the computer.

I know I just broke Rule Number 5: Don’t use two AV programs. I have found, however, that AVG Free and ClamWin tend to play nicely with each other, a rare trait in modern antivirus applications. Because no antivirus software is perfect, the fact there are two AV applications that can be used to provide simultaneous coverage is a significant advantage in the battle against infection.

Of course, part of the reason they play well together is the lack of real-time canning provided by ClamWin, which is the well-known ClamAV software used for virus scanning on many Linux and Unix-based mail servers. As the ClamWin site explains it:

Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.

I use AVG for its real-time scanner, and delegate periodic scanning to ClamWin. Every now and then, I’ll run a full system scan using AVG as well, when I know the computer is not going to be busy for a while and the ClamWin scan is not scheduled to run at the same time.

Other factors can play a role in protecting against virus infection, of course. A good firewall; good user practices when browsing the Web, checking email, or downloading files; and even MS Windows User Account Control can help sometimes — though the dubious benefits of UAC may be more trouble than they are worth.

Do not let all the hype about improving security in Microsoft Windows lull you into a false sense of security, in any case. Microsoft still neglects virus and worm exploitable vulnerabilities, default settings are still not what they could be, the fundamental architecture of MS Windows is still far from well armored against infection, and the behavior of the user is still one of the most important factors in determining how likely the system is to get infected.