Pros & Cons
-
- Certified by independent labs for virus detection (but not cleanup).
- Very good at blocking spyware installations, decent at removing existing malware.
- Simple, skinnable user interface.
- Free!
-
- No scheduled scan.
- Leaves many Registry traces and nonexecutable files when cleaning up malware.
avast! 4.8 Home Edition Specs
| Free: | Yes |
| OS Compatibility: | Windows Vista |
| OS Compatibility: | Windows XP |
| Type: | Personal |
When the version number of a new software release is just 0.1 higher than the old one, I expect a ho-hum incremental update. So I was pleasantly surprised to find that avast! antivirus 4.8 Home Edition adds significant functionality: It now protects against spyware, rootkits, and other forms of nonvirus malicious software. Best of all, it's free for personal use.
The $39.95 Professional Edition does include a few additional features. Its users can switch to an advanced user interface that allows more detailed configuration. It offers a command-line scanner and the ability to schedule regular full scans. A script blocker watches for dangerous scripts on Web pages, and its PUSH updates feature goes beyond the free version's automatic update checking. If you're using avast! in a business environment, you must purchase the Professional Edition. But the free Home Edition is 100 percent full-powered where it counts: clearing viruses and spyware off your system and preventing any new infestations.
Great Detection, Decent Cleanup
As always, I rely on the large independent testing labs to certify the efficacy of a product's virus protection. In a test of avast!'s ability to scan and remove viruses on demand, AV-Comparatives rated it Advanced+, their highest level. In a separate test of its ability to detect viruses using proactive behavior-based techniques, it earned an Advanced rating, the second-highest level. Avast! also gets good marks from Virus Bulletin. It hasn't missed any viruses on Virus Bulletin's tests since 2004, though it failed one VB100% test due to a false positive.
Avast! has certification for virus detection from both West Coast Labs and ICSA labs, but neither one gave it its higher certification for virus removal. Results from AV-Test in Germany were similar. That lab rated it very good (its top rating) at spyware detection, good at malware detection, and merely satisfactory at cleaning up infections. On that test, Norton and McAfee scored the same in those two detection categories but rated very good at cleanup. The labs seem to agree, then, that avast! is better at detecting malware than at removing it.
The product installs quickly, though it does require a reboot to finish the installation. I found it to be quite chatty. It speaks the message "Virus database has been updated" when appropriate. When it detects a virus, a siren whoops and a voice warns "Caution—a virus has been detected." You can turn off or replace the sounds if they become a problem.
In addition to the expected system tray icon for the product itself, you'll see another for the Virus Recovery Database, or VRDB. This unusual feature takes a census of the files on your system, retaining data about the three most recent versions. If a virus manages to get past avast!'s initial protection, the VRDB can be useful in repairing infected files. By default, it builds the database automatically when the computer is idle, so you don't have to think about it at all.
The product checks for threats in memory each time it launches. If it finds malware actually running, it offers to launch a boot-time scan—a powerful feature. The boot-time scan runs before Windows has loaded so that rootkit techniques are prevented from working, and most malware has no chance to defend itself against removal. You do have to keep an eye on the text-only scan when launched automatically, because it will ask what action to take the first time it hits a malware-related file and again if it finds an infected file in a system folder. If you request a boot-time scan manually, you can preselect the program's actions, thereby letting it run unattended.
The program's user interface looks more like a media player than like your average antivirus. You click a few big buttons to select where it should scan; choose a quick, standard or thorough scan; and click what looks like the Play button. Simple! And it's fast, too. On my clean test system, the standard scan took less than 10 minutes. The thorough scan took around 15 minutes, about the same as the spyware-only scan in
Testing the New Malware Removal
I hadn't tested avast! against my malware collection before, because previous versions promised only to remove viruses. For this inaugural test run, I started by installing the app on a number of test systems infested with malware samples, including adware, spyware, worms, Trojan horses, rootkits, and rogue antispyware products. One of my samples tried to interfere with installation of security software, but avast! installed without any trouble.
I frequently see problems with system stability when a security product's installation requires a reboot. If a preinstall scan or real-time scanner deletes part but not all of a seriously entrenched malware program, the system may blue-screen on reboot or simply hang. While avast! does need to reboot to complete its installation, it caused no such problems. It did offer to run a boot-time scan during this initial reboot. To get a clearer view of the program's operation, I declined that offer.
Once I launched avast! it began detecting malicious software in memory: I heard its siren and audible warning over and over again. In all but one test system it asked to run a boot-time scan. After the boot-time scan completed and Windows restarted, a couple of the systems requested another boot-time scan because they detected threats still running in memory. What the heck—I allowed it. But on one system, avast! remained locked in combat with a particular sample, never actually able to remove it or even stop it from running. After four boot-time scans I had to admit that it wasn't going to get any better.
Cleaning up these infested systems took a while, but overall it was quicker and less troublesome than running Spyware Doctor through the same tests. The results were surprisingly good. Allowing full credit for removal of all executable files associated with a sample, and half credit if it detected a threat but left some executables behind, avast! scored 8.0 of a possible 10 points. That's not far behind WAV's 8.3 points and Spyware Doctor's 8.7 on the same test. Do note that this is a new, tougher set of malware samples, so the results aren't directly comparable to earlier scores reported in the recent article "
Pspyware Psychology
There's a serious difference between virus-type threats and other kinds of malware. In order to propagate, a virus has to fly under the radar, remaining as inconspicuous as possible. Typically the virus hides by infecting an existing executable file; the virus code runs with a minimum of fuss and doesn't keep the infected file from doing its normal job. Spyware programs don't have to be so subtle. They can slop any number of files and Registry keys into your system and just hope you won't notice right away. Trojan horse programs masquerade as useful programs, so they, too, have no reason to hide.
A product originally designed to fight spyware and other nonvirus malware will typically work hard to clean up all the traces it can find. Files and Registry traces left behind may not be actively malicious, but they take up space and can gunk up your system. A virus-fighting program, on the other hand, figures that its work is done once it repairs or quarantines the infected executable.
This difference in psychology shows up very clearly when you compare avast!'s cleanup style with that of Spyware Doctor. In most cases, Spyware Doctor cleaned up amazingly well, deleting not only the essential executables, but all (or almost all) of the Registry traces and data files installed by malware as well. Avast!, on the other hand, left behind the vast majority of file and Registry traces even when it successfully quarantined all essential executable files. You do get a more thorough cleanup from Spyware Doctor.—
Powerful Resident Protection
Avast!'s Resident Protection module blocks many possible routes that malware could use to sneak into your system. It scans files arriving via e-mail—POP3, IMAP, or Outlook/Exchange. It examines any file received through almost 20 different instant messaging clients and almost 30 different peer-to-peer download programs. Its "Web shield" can abort the download of a malicious file before it even starts. And it examines all programs on access. Clearly it will be tough for a malicious program even to reach your system, and even tougher for it to actually execute.
To check the Web shield protection, I attempted to redownload all of my malware samples. Naturally a fair number were no longer available from the original URL, but avast! caught well over half of the still-available ones before the download began. Next, I opened a folder full of sample malware installers in Windows Explorer. Even the minimal file access required to display file details in Windows Explorer was enough to set off the on-access protection—it wiped out over half the samples. When I tried again using unique hand-modified versions of all the samples, it caught exactly the same group, indicating that its detection system wasn't fooled by my tweaking.
For the samples that weren't immediately wiped out, I launched each in turn and noted avast!'s reaction. In most cases avast! did not kill the installer process itself, but it wiped out some or all of the executable files that were installed—I heard a lot of sirens! I gave it full credit if it prevented installation of all executable files associated with a threat and half credit if it tried but missed some executables. On this test it scored a phenomenal 9.6 of 10 points. That beats both WAV's 8.9 points and Spyware Doctor's 8.5. Again, this is a new test set, so we can't compare with older scores. But avast! is clearly doing a superb job of preventing malware installation.—
Bonus Features
I'm not sure how many home users will need this feature, but you can configure avast! to send a notification over the local network or Internet when it finds a virus. Locally it can print an alert on a network printer or use WinPopup to send a network pop-up message. It can send an e-mail alert using SMTP or MAPI. And it can alert you via ICQ or Windows Messenger as long as the corresponding IM client is installed.
The avast! user interface is completely separate from the underlying protection engine, which means it's possible to change the UI utterly just by selecting a different skin. You can get dozens of skins from the company's Web site, some designed in-house and some crafted by enthusiastic users. Skins don't have to be rectangular; they don't even need to have straight sides. You'll find skins in all shapes and sizes, including some themed on cultural icons like Star Trek and Spider-Man. This feature has nothing to do with the product's level of protection, of course, but it's fun.
Avast! has long been a popular free antivirus. The independent labs give it good marks, though not as good as the very best. Now it also removes spyware—not as well as Spyware Doctor or WAV, but better than most. And it's a seriously tough protector against attacks on a clean system. I'm really pleased to find a free antispyware product that I can recommend.
More Antivirus Reviews:
Final Thoughts
avast! 4.8 Home Edition
Its virus protection isn't far behind that of the top antivirus products. It removes spyware nearly as well as the top antispyware, and its resident protection against new infestation is excellent. This is some seriously impressive protection, considering that it's free for personal use.