What are, in your opinion, best AV software for Windows computers that focuses heavily on privacy and do not "spy" on you or collects your data.
Also among those, what are good at actually defending against online threats such as ..well..viruses and such?
Well I am always suggesting to stick with Microsoft Defender. It is already installed on your system by default. So any privacy issues are irrelevant as Microsoft already owns everything in your system and can collect anything it wants. Installing 3rd party antivirus just adds another spying party to the team.
As to protection. The best and ultimate protection is yourself. Don't open unknown attachments. If you must see content, do NOT open the file. Save it first, then upload to http://www.virustotal.com It will be checked by 60+ antiviruses and if it safe you can open it. You get more chances to avoid infection that way than using any one antivirus. Besides, there is no protection for zero-day threats so antivirus just creates false impression of security.
There is none.
Your best protection is MAKING FULL IMAGE BACKUPS OFTEN !
In case of fatal accident, you can simply restore your backup.
Last but not least, store your backups on external drive(s). Buy 2 USB external drives so in case any one fails, you got second one to the rescue.
19 Likes
When you ask for ...
"best AV software for Windows computers that focuses heavily on privacy and do not "spy" on you or collect your data"
... you are asking for information that is not generally knowable and would take a considerable amount of technical investigation for anyone to determine. Any program gets installed on your computer and that executes, whether you know it is executing or not, and has internet access (and almost all do, unless you are very obsessive about managing your firewall), can collect information from your computer and "phone home" to send it to someone. You asking a question to which almost no-one would have an sensible answer. If anyone claims to have an answer to this for you, they are probably talking nonsense.
One thing you may have some control over is those A-V products that send all your web browsing page addresses to their owner and log everything you are browsing. Many A-V products install a browser plugin that does exactly this, and many also install their own search engine (for example, Norton "SafeSearch") which places all your web searching under surveillance and which are perfectly capable not only of logging your search history and selling that data, but also of presenting biased or edited search results to you, for example to push you to buy certain products. All search engines will bias or order or filter the search results they show you to some extent; some are worse than others. If you are concerned about surveillance of your browsing, find out about and take control of your browser extensions and your browser search engine and your browser options.
Aside from any A-V software, most web browsers have an option that switches on or off browsing protection (Google Chrome's wording is "Standard protection against websites, downloads and extensions that are known to be dangerous"). If this kind of option is turned on, you are giving permission for the browser publisher to log every web site you are browsing and send it to them. This can have good or bad consequences depending on to whom your browsing history is sent and what they do with it; you can make that decision or, by default, someone will make that decision for you.
You can consult various computer magazine web sites that occasionally publish league tables of A-V detection capability that they have tested. No one product ever comes out on top all the time in these tests. Most A-V products go through good and bad periods. Most of these surveys show that most products will catch about 80% of threats presented to them. 80% is poor if you are expecting A-V to protect you.
You are your first line of defence, in your browsing and downloading behaviour.
If you are an adventurous and incautious browser and indiscriminate downloader, you can expect bad infections, and no A-V software will save you. If you are careful and you never accept anything that pops up and offers something to you, you will be safer. If anything comes looking for you, you can guarantee that it will not be in your interest, and lots of things will come looking for you on the web.
After years of supporting and advising small businesses and home users, my experience is, when someone who follows my advice gets a nasty malware infection, it is almost always a new threat that no A-V has previously seen and that not one A-V product on the market will detect. My reference point here is the excellent Jotti's scanner site https://virusscan.jotti.org/ which submits any suspect file you upload (if you can find the file with the malware, which is not always possible) to about 20 A-V vendors.
Generally when I have found malware and uploaded it there, none of the companies have detected it as malware, or maybe one out of 20. When I have re-submitted the sample after about a week, by then about three quarters of the A-V vendors have been detecting it as malware. This is disappointing but it is a fact of life with malware. Do not expect A-V to save you from fresh threats.
Ironically, often free A-V products do a better overall job than paid A-V. Most free A-V products are very noisy and will constantly demand you upgrade to the paid version. In my experience it is a bad idea to upgrade. To justify the money, the paid version tries to do a lot more to "protect" you than their free version, and they often go over the top and start detecting false positives and damaging your system. I have seen the Amibroker program being removed without consultation as presumed malware by more than one A-V product, purely because the A-V vendor has not seen it very often and assumes that anything rare is malware. I have seen Google Chrome browser removed without consultation by the paid version of Kaspersky in the past. This is inconvenient and happens sooner or later with almost all aggressive A-V products.
The free built-in Windows A-V, currently called "Windows Security" in Windows 10 and a few different names in the past, is silent, has nothing to sell you, and usually doesn't cause problems although it may discourage you from downloading relatively rare programs it doesn't see often (but you can get around it if you read the options it offers). Windows Security also consumes low resources and, being supplied by the company who publish the operating system, is probably embedded quite deeply into the important parts of Windows so it would be in a position to detect threats at least as well as any other A-V. Windows Security turns itself on when you un-install all other commercial A-V products. It has gone through good and bad times since its introduction as Microsoft Security Essentials in Windows 7 or possibly earlier, but is currently probably as good as any other A-V at detection and is a whole lot easier to live with.
The very most serious malware threat is ransomware. You should read about this and understand the threat. If you get a ransomware infection, it will trash your system in such a way that you will lose everything and will never be able to trust your computer again. If this ever happens to you, no-one can help you and you will wish the world were the way it was yesterday.
There is only one way of being able to recover and indeed making the world the way it was yesterday, and that is to have a disk image backup of your entire system from which you can reload the entire machine's contents. Most people are lazy about backup; they may pay a heavy price, sooner or later.
You should use a disk image backup program that enables full disk restore and also individual file and folder restore in case you need that (some, including built-in Windows backup, don't allow file and folder restore, only full disk).
If you are being careful, you should do a full disk image backup to an external hard drive, and then systematically immediately remove that hard drive to a different location so that whatever disaster strikes your computer (theft, fire, lightning strike to the power lines, power surge, malware) does not also destroy the backup drive. And you should have at least two backup drives and alternate them.
You have to know that ransomware, if your computers gets infected, will not only trash your computer but will look for backups and connected file stores and network drives and will do its best to trash all those as well.
This means that you should specifically not leave your backup drive plugged into your computer.
You also have to know that full disk image backup programs require some effort and concentration to use properly, and that there are more bad ones than good ones. Some of the more highly-promoted ones I have had bad experiences with.
For those people who are a bit too lazy to do the above, then there is a compromise that you may find more palatable, although the protection is not as good but may be good enough against ransomware (if not physical and electrical threats). If you choose the correct full disk image backup product, there are a couple that are clever enough to lock the backup files they create so that malware cannot destroy the backups. If you use one of these products, then set up automatic full disk backup of your main drive to a second internal drive, or to an external backup drive that you leave connected all the time. There are only two backup products I am aware of that will do this, mentioned below. I have no commercial interest in either apart from using them having paid retail price:
The most user-friendly is the home version of Macrium Reflect, a UK product which, since a couple of versions ago, has a feature called "MIG" which locks backup files. None of these full disk image backup products are particularly easy to use - you have to very careful about what you are telling it to back up and where the backup archive should go (it's easy to make a mistake and backup from or to the wrong drive), but Macrium is the least difficult and worth the effort. It is easy to set up periodic (say, daily) full disk backups to an external drive that you leave connected. Of course you should still manually take other periodic backups on external drives that you disconnect and physically remove to a different location for the reasons detailed above.
The second product which also locks backup archives to protect them from ransomware is Image for Windows from TerabyteUnlimited.
This product has been around for a long time, is cheaper than Macrium and has more generous licencing. It doesn't promote itself that well and keeps its features a secret. It has a "simple operations" mode which performs, by default, incremental backups that are protected (I'm not a fan of incremental backups), but if you want to vary any of the options then suddenly the level of difficulty jumps considerably and it is much more difficult and less user friendly to use. This one is for IT tech people only. For most normal people, I'd say just pay for Macrium.
When buying external USB drives for backup, get the entry level product and not the deluxe product. I have had good experience with WD and I always buy the "Elements" version which is the base model. If you pay more you probably get the same physical drive but it comes with included "free" backup software which is almost always rubbish that you should not use. None I have seen to a good job; it's just there to justify a higher price for the model of drive.
Finally, you should find some way of practising (not on a live system) doing a full disk image restore. The above full disk imaging products are capable of performing a "bare metal" restore which is what you need to do once your hard drive is contaminated with malware. There are some advance preparations you should do (before you get trashed) so you can recover. Some people might need to call in technical assistance to recover post-malware, but at least you'll be able to recover. Many technical support services are clueless about this, and will make bad recommendations about backup software and procedures. You need to be prepared and to understand how the restore will work, and you need to test that you are indeed producing backups from which someone is capable of restoring your system. You should take responsibility for this yourself and not assume that someone else is looking after it. Plenty of people discover in a crisis that their backups are empty, incomplete, or simply not being performed any more.
Preparation can make restoring from malware infection painful or relatively painless - your choice.
5 Likes