What is best Anti-virus, spyware, malware?

[lyx]

I think that some of you are continuing to miss the issue with viruses. You that think you understand the basic principles of trust and computing...never trust anything unless you are buying a machine and never loading any software...period.

And a malware scanner can tell you if a software is trustworthy? Really? How does it do that? And how do you trust the malware scanner, if it itself does mistrustworthy things?

No matter how you twist it, you cannot get rid of the need of a competent user making decisions about whom he trusts. And not only that, why is it that even though i do scan my DLs and do make full hd scans once per month, i haven't had a single infection in the last 5 years? Hint: You may figure it out, if you think about the process of how malware typically gets onto the computer: By a user doing something.

If you ever did something in security, that didn't involve trust, you didn't do security work. And if you think that trust is an attribute of things - something that can be sold, bought, given, taken - then you don't understand trust.

Malware (the term used to describe spyware, viruses, etc.) use an incredible array of devices to make it onto your machine...

All of which requires a modification of the system behind the user's back.

...propogate itself...

Most don't anymore. There is no need to, when there is a user who can be tricked into just saying "yes".

You (edit by lyx: he means "I") want as comprehensive a solution as money can buy. I'm all about freeware, shareware, etc. but the problem is, you need an entity that is vigilantly geared for keeping up with malware as it continues to morph.

Strange, i always thought that malicious intents are driven by the desire to "exploit" someone, which in our society comes down to gaining a certain monetary value. Look at the current major spreaders of malware: Spammers (What? Spam from Commodo?), Fraud, Fakes on filesharing networks (oh, did i see a Norton Internet Security fake there?). What do all those have in common? A commercial agent that has an interest in spreading disease.

That doesn't exclude the possivility, that someone could make money simply for delivering a service, honestly and fairly. Unfortunatelly, the majority of commercial anti-malware vendors act differently: They write applications in a way that damages the users system, they engage in fear-mongering tactics, they play corporate wargames on the customers machine, they try to artificially bump up detections and warnings, they often aren't cleanly uninstallable, etc. etc. Your all too well-meaning commercial big brothers are guilty of the same crap as the crap which they're supposed to prevent. And at the end of the day, they cannot do as good a job as a competent user (actually, they not only NOT educate the user, they dumb him down), cannot offer disaster recovery (only backups can), and they for moral reasons cannot efficiently decide about grey areas (i.e. software that just damages the system as a sideffect, yet supposedly not intentional (just horribly and recklessly programmed)).

So, what DO they offer actually? Basically:
- For an incompetent user, slightly better security than would be the case by doing nothing.
- System slowdown
- Less money in your pocket
- Peace of mind
- Peace of mind
- Peace of mind
- You could adapt it into a really inefficient on-demand scanner

Unfortunately, volunteer efforts will never keep up with the pace the legion of professionals who are paid to spend all day everyday sorting out issues and programming against them. You (edit by lyx: he means *I*) need to buy a best-of-breed, comprehensive product, as rated by competent industry recognized security labs. Fortunately, these products are not expensive.

Do you by any chance work in marketing?

Occasional scans are not okay (a passive scanning method). You (edit by lyx: he means *I*) want active protection to keep malignant software from even getting onto your machine.

Wow, that sounds amazing. How can it detect something that isn't on my machine?

Much like cancer, there is a threshold at which point, removing some malware becomes next to impossible

Unless of course, your system is virtualized or you do have backups. Then its trivial and actually easier and much more reliable than an anti-malware application.

you (edit by lyx: he means *I*) can't afford to allow that to happen, unless you enjoy rebuilding your machine.

Oh, and you think by avoiding malware, a windows machine will be resistant to damage? I no longer need backups? Not? Okay, but if i do have backups, wouldn't it be faster and more reliable to just copy that back, instead of hoping that a malware scanner will be able to unhook everything from the launch phase, without.... uh, breaking the boot phase, as has so often happend by letting a malware scanner do its work?

Virtual machines are a wonderful device to contain potential threats. Use them as sandboxes to scan newly acquired software before moving them out of the sandbox.

Why ever move anything out of the sandbox?

As I have said, you (edit by lyx: he means *I*) need to buy a best of breed security suite...

Ah, so that i need THAT.

...however, much like contriceptives, your chances of success go up if you stack them--run as many scanners as you can (there are lots of free ones) against a new application before allowing it out of the sandbox.

Why ever move anything out of the sandbox? Why allow an application at all to mess with the system? So that i need someone to play watchdog?

Don't think you'll know when you have contracted malware. There is a class of malware called rootkits who's main job is to hide themselves from the O/S and security software.

For which they..... as all malware.... need to modify the system. If you are so much for prevention and the whole "not letting stuff get hold of the system", then why do you propose to LET A PERMANT INFECTION HAPPEN AND THEN REPAIR AFTER THE FACT?

Look, unless you are an experienced expert of your O/S and quite skilled, you are likely not to even know that the malware is there until it avails itself to you in a way that you don't like.

Unless of course, you simply do not let software modify the system.... this is becoming repetitive.

You are likely to unknowingly back them up in your archives too.

I cannot backup something that isn't there.

Do not under-estimate the brilliance of malware writers. On the planet, there are several Einsteins out there who are unfortunately geared for doing damage.

Blahblah.... "You the user are impotent against the bad black men out there. We are potent and have guns. You need us! We master, you slave."

Sorry for the ridicule, but your fear-mongering rethorics are LOL.

It is humbling when you fancy yourself to be an expert and then get infected by a rootkit that you are ill equiped to remove. I once identified a rootkit on my system and spent 6 hours collaborating with renowned Comodo experts only to find that none of us could remove it--I painfully rebuilt the computer.

Too stupid of you to not have backups. Even more stupid to trust people who send you unsolicited spam mail and at the same time dress themselves as your protectors.

Incidentally, I run fairly recent hardware and use ZoneAlarm's Extreme Security Suite on Windows 7. I have noticed no degredation in performance or stability, and knock-on-wood, I haven't had any issues for quite a while.

DOH, of course not, because a firewall is not a virusscanner. Of course, you do know that if you took your virusscanner as an example, you would had to admit slowness, but thats not the impression which you wanted to give, so you instead addressed the slowness aspect by replying with something unrelated.

However, if you wish to increase the likelihood that you will continue to compute trouble-free, be a student of your O/S, be a student of the best-of-breed security suites and buy one that you are comfortable with. Be paranoid. Use a virtual sandbox as a scanning lock. Today, buy a best-of-breed security suite that actively scans all entry points onto your machine, and always, always, always keep your definitions up to date!

Or: Get a brain and do something about security and trust, instead of following orders of people, who are only in the market to keep you dependend and impotent.

Oh yeah, to lyx...regarding the detection of 8 year old malware...those who forget the past are doomed to repeat it...good luck.

Doh, there is no need to slow EVERY system down with EVERY malware-signature that was ever devised. If we continue that road down, we at some day dont even need an infection to slow a system to a halt - we just need a malware scanner with a database so large, that everything will run at 10% speed. OR: We could be a bit smarter, by giving signatures of all remotely popular malware to every user, PLUS a random selection of old signatures..... and when then reports about infections from old malware come in, we just upload that sig to all machines. But well.... that would be smart, sane and efficient, and wouldn't look that "absolute" in adverts and tests.... so we cannot allow that to happen.

[SYSTEM]

There is one badly overlooked way to avoid damage caused by malware: backups.

My way to back my data up is quite extreme: I use Clonezilla Live to create complete disk images of my system every week.

Look, unless you are an experienced expert of your O/S and quite skilled, you are likely not to even know that the malware is there until it avails itself to you in a way that you don't like. You are likely to unknowingly back them up in your archives too.

In addition to the weekly disk images, every month I create automated restore DVDs which I retain very long time. I created the first discs over one year ago and I could restore their content right now if I wanted.

I need two discs monthly, and based on how much I originally paid for them, these back-ups cost me a bit over one euro per month. Much cheaper than a payware AV, huh?

Virtual machines are a wonderful device to contain potential threats. Use them as sandboxes to scan newly acquired software before moving them out of the sandbox.

Why ever move anything out of the sandbox?

As I have said, you (edit by lyx: he means *I*) need to buy a best of breed security suite...

Ah, so that i need THAT.

...however, much like contriceptives, your chances of success go up if you stack them--run as many scanners as you can (there are lots of free ones) against a new application before allowing it out of the sandbox.

Why ever move anything out of the sandbox? Why allow an application at all to mess with the system? So that i need someone to play watchdog?

Well, if you keep every application you use in your sandbox, you depend on the sandbox. In case something damages the sandbox, you simply don't want to recreate it from stratch.

Incidentally, I run fairly recent hardware and use ZoneAlarm's Extreme Security Suite on Windows 7. I have noticed no degredation in performance or stability, and knock-on-wood, I haven't had any issues for quite a while.

DOH, of course not, because a firewall is not a virusscanner. Of course, you do know that if you took your virusscanner as an example, you would had to admit slowness, but thats not the impression which you wanted to give, so you instead addressed the slowness aspect by replying with something unrelated.

ZoneAlarm Extreme Security Suite ships with a virusscanner.

----

I have been satisfied with Avira AntiVir Personal 10. I've considered the option to not install any AV after upgrading to Windows 7, but currently I'm still going to install AntiVir 10 again. It's free, doesn't consume too much resources and, in my case, false positives have been very rare.

[lyx]

Well, if you keep every application you use in your sandbox, you depend on the sandbox. In case something damages the sandbox, you simply don't want to recreate it from stratch.

Hmm, i didn't explain this complete enough. What i meant was that every application gets its own sandbox, similiar to what JauntePE and ThinApp does. The overall idea goes like this...

We think of stuff on a machine in 3 categories:
- System: The OS and its shared middleware
- Applications
- Data - your docs, pictures, music, videos, etc

What i meant was: Why allow an application to modify anything else besides of "data"? On windows, there is no reason for this, except of:

- Bundled libraries
- Settings stored in the system (i.e. registry)
- Resident integration into the GUI ("agents", shell-extensions, etc)
- The applications purpose is to modify the system

The first two cases are not necessary. Libraries can be kept in the application directory. Settings as well. Shell integration is something that works in a questionable way on windows anyways, so i dont want that (if i want integration, i do it myself portable). That only leaves system-administration apps, and those should only be used with a lot of caution anyways.

So, if an application can neither modify the system permanently, nor other applications, then what is left that it could damage? Only data, and of that you should have backups anyways.

- Lyx

P.S.: Since windows has no straight-forward way to let apps not write to each other (it can be done, but is tedious), i myself opted for a different approach: I have all my applications portable in an "Apps" truecrypt volume. Since a truecrypt volume is a single file, i can backup all my apps by copying just one file (and i keep a lot of generations of these backups - for the current year, i right now have 4 backups, but i also have yearly backups back to 2006). Access to the system is blocked via virtualization (Deepfreeze). So, the absolute worst thing that could happen, is:

- An app infects other portable applications, and the current system-session.
- I need to reboot to get the system into a clean state
- I then need to plug in my backup hdd, and copy a 1GB file
- I unplug the hdd and then mount the apps-volume
- I lose up to 4 weeks of changes that i made to apps (usually boils down to just a handful of changes, since my app-collection is rather stable now - i dont adjust it often anymore)
- For all this, i needed to invest about 5 minutes (the most annoying part is going to the opposite end of my room to get the backup-hdd).

Certainly not as ideal as apps not even being able to infect each other, but with such a low effort, its "good enough" for me. Far away from "starting/rebuilding from scratch", and works not just against malware, but against any undesired/unexpected behaviour (i.e. noticing that this new miranda version is kinda crashy, and thus restore the old version)

[SYSTEM]

Well, if you keep every application you use in your sandbox, you depend on the sandbox. In case something damages the sandbox, you simply don't want to recreate it from stratch.

Hmm, i didn't explain this complete enough. What i meant was that every application gets its own sandbox, similiar to what JauntePE and ThinApp does.

OK, makes much more sense than fpelletier's idea to use a virtual machine as one big sandbox.

[fpelletier]

Lyx, your rant is certainly passionate, I'll give you that much. Given the nature of your prose, it appears that you have limited exposure to the nature of the likes of ZoneAlarm and commercial level security packages. It suffices to say that given my experience as a seasoned software engineer for 2 1/2 decades, working for large enterprises, I can tell you that my delusions are shared by corporate America. I applaud you for your hands-on approach to your security methods. Given your testimony that it has been working for you, good for you. However, you are advocating a very manual approach (JauntePE and ThinApp) which takes time before you become proficient with these products during which, you are at risk. I personally have roughly 1000 portable apps stored on a 1TB external USB drive and don't have the wealth of time required to box these apps. It is a much simpler approach to utilize security products that are endorsed by industry respected pundits. You can cast dispersions and conspiracy theories, however it works exceedingly well for the vast majority of corporate America. Is it odd that such conservative institutions should put their implicit trust in such shoddy products when they are so notoriously slow to adopt new operating systems from Microsoft for fear of damaging the welfare of their businesses? I think not. I would much sooner put my faith in that methodology too. If it seems to you like I have sold my soul to the devil, so be it. I only invest a fraction of the time and effort that you do to get the same successful results. I would challenge you to answer the question of who's method is more expensive, mine or yours. I have invested about $45 to cover 3 PCs per year with only the time that it takes to install the security product. 2) use virtual PC for my scanning sandbox, and 3) I make occasional backups but my O/S also makes restore points for me...all of which redundantly serve to protect me. I'll bet that you have invested more than the 15 minutes that I spent installing Z/A in the last year, employing your method. I'll bet that you have spent more than $45 just regarding your investment of time.

Again, I'm not knocking your method as I am quite sure that it works for you. I'll bet you didn't reach the required proficiency to adequately protect your machine over night. I'll bet you had to learn some painful lessons over time to get to the level that you are today. To propose your methodology to anyone else is foolish unless you are going to write the book on how to teach and advise them on the pitfalls along the way. My way arguably keeps the typical user reasonably safe while they gain that education.

Let's just assume that you are correct in your romantic rhetoric that the security vendors are intentionally and maliciously trying to scare us with their "fear-mongering" tactics. What does that kind of behavior gain them? If there were any truth to those allegations, don't you think that they would be out of business by now, instead of becoming steadily more popular? Why should they wish to subvert their own success? Why risk mitigating their profit with guerilla tactics? Why would shrewd corporate America tolerate it? You must think the world is stupid or placid.

Just so you know, false positives are not produced by malice--they are produced by heuristic profiles which sometimes conservatively misdiagnose apparently dubious behaviors of well-intentioned software. If they are going to make mistakes, I would much rather deal with conservative mistakes than liberal ones. Heuristics are a necessary evil to identify malicious behavior by new, as-yet unidentified malware. It also dramatically reduces scanning time from the early methods of systematically iterating through known malware strains.

If you don't see any merit to this point of view, I am done defending it. It is not my intention to spar with you for no particularly good reason, my ego doesn't need feeding and I obviously will have failed in convincing you.

[lyx]

In other words: You agree that the sandboxing approach is more thourough and more ressource-efficient, but the problem is just that security vendors do not make software that automates this. Plus of course the problem is that on windows it has become so traditional (even strongly promoted by MS) to spread application stuff across the HDD, instead of keeping them selfcontained.

So, it's not like there is no better approach to security. It just isn't supported and promoted well, so that if one wants to do it, it requires a lot of manual experience and effort. Problem is: A big share (perhaps even the biggest share) of IT problems have their roots ultimately in the current approach: My clients regularily complain about AV-slowdown, do not understand why one cannot backup or massdeploy an application by copying, are annoyed that "portable" work environments and their syncing is such a big hassle, do not understand why an app can do whatever it wants as soon as one launches it, do not understand why AV software cannot reliably prevent damage (i can write you a batchfile in 1min that will wreak havoc on a system simply by issuing a lot of delete commands, and no AV can recognize if thats intentional or malicious), do not understand why AV software classifies software as threat just because it was UPX-packed, etc etc etc.

So, my point is: Yes, since a more sane approach currently isn't well supported, it requires an unreasonable amount of effort and knowledge. But the currently employed alternative is just one big headache, and it's taken propotions which are no longer manageable with reasonable effort too.

As for false positives:
1. They are not only the result of heuristics. They also are triggered by intentionally inaccurate patterns (which in the end is similiar to heuristics) - like i.e. flagging compressed binaries as threat

2. If such an inaccurate hit happens, the user isn't clearly informed about this. In general, the way in which AV-software communicates with the user, is a language geared for idiots. The communication is designed for people who do not want to think, do not want to understand and do not want to make decisions. AV software does almost zero education or information for the user - it presents itself as a big daddy, that classifies everything into good XOR evil - there is no "maybe" or "depends on X" or "could do X, you decide". But the user expects to be totally protected without the slightest thought-investment on his part.... thus, AV-software paranoidly flags anything it thinks could be dangerous (i.e. also system administration apps) as threat, thus frequently giving the user the impression that this is "a virus". This by necessity boils down to triggering a lot of false or misleading alarms. And why? Because AntiVirus software no longer just detects known viruses, no longer detects just known malware, but instead tries to make decisions about trust FOR the user - something which it cannot do efficiently.

You must think the world is stupid or placid.

Not the world, but a lot of humans, yes. That masses can easily be manipulated via tactics like appealing to fear, is neither a secret, nor without millions of examples. Plus, when all the magazines and "experts" repeat the mantra in addition to the vendors, it not just becomes "common opinion" but it also becomes difficult to receive alternative information - which again raises effort to a point, where it becomes unreasonable to investigate oneself, if all one wants is to use a tool to write some letters and surf the web.

[fpelletier]

After years of following this site with its expert level moderators (at least in my opinion), I put reasonable faith in the cleanliness of stuff that I get from here—this I allow Z/A to look at without sandboxing it first. When picking up stuff from other sites or when I have to package it up to be portable with JauntePE myself (like stuff I get from GAOTD), I put it into the sandbox and give it the third degree (also using Sysinternals tools). When I’m done with it, I then take it out of the sandbox and put it onto my 1TB jump drive. So far, after years of doing it this way, I have yet to experience a problem. Everything though, that is done on my machines must pass Z/A’s scrutiny. I use Z/A much like my radar detector, as a safety net. I don’t become lazy about it…I still know what I’m doing, however, it adds information to my decision making process. Z/A will flag some things that cause me to throw it into the sandbox and look it over, but if I find out that the warning is unwarranted, I then teach Z/A to leave it alone and it is then exonerated from that point on. A good portion of what Nir Soffer writes is flagged by Z/A, and as such, has now been told to leave it alone. As Z/A learns, it becomes the perfect big brother. Make no mistake however, I am always in complete control—if I didn’t think so, I would have gotten rid of it long ago. I warns me that it doesn’t like something and presents me with a short list of options. Occasionally it finds something that it finds to be a red flag and quarantines it immediately. And I want it to do that!!! Network sniffers that I have collected cause that behavior. I just teach Z/A to allow it and then pull it out of quarantine. It is an awesome tool that I use to my advantage. Rarely do I perform full-drive scans because it already actively inspects everything that is going on with my system.
You asked how the system could determine if something was bad before it gets on my system. It isn’t appropriate for me to elaborate here (we can take this thread offline if you wish), so I will be brief. All entry points onto your computer are covered by a monitor (chat, email, hacking through ports, browsing, viruses, spyware, etc.) as well as a 3 ring monitoring system (application level, O/S level, hardware/device level). Every email is scanned while getting it. As you go to run something, the exe is scanned before the run. While something is running, malicious behavior is scrutinized. While files are downloaded, they are scanned. The point is, nothing gets to run without scrutiny first. To another point of yours, if something is in a compressed binary and can’t be scrutinized through the compression, it is flagged as a potential threat—and you would want to know that!
When I first got Z/A, it flagged everything and was annoying for about two weeks. As I say, I want total control and insisted that it nag me. It can be setup to be silent, I just didn’t want it that way. It comes with a one month learning mode. Now, it asks me if I want to get out of learning mode. I like it so I keep it in learning mode. If it has something to say, I want to hear it. I never get warned twice about the same thing unless I want it that way. Roughly 2% of my jump drive has issued warnings at one time or another, but now Z/A is schooled.
Even after all of this rhetoric, although I know how to keep my system secure the manual way, I still prefer the easiest and time-free method that gets me the same results. It’s just me. My time is worth too much. $45 gets me there without the pain. All that stuff that you have poked at regarding commercial security software…I don’t have those issues. Like going down the highway with a radar detector, I’d rather brake for false positives than get a ticket without it. Having the radar detector on the dash doesn’t keep me from watching out for cops…it is just a tool that adds to my understanding of what’s around me.

...when all the magazines and "experts" repeat the mantra in addition to the vendors, it not just becomes "common opinion"...

if everybody on the playground complains about one kid who’s a bully, they may actually have a point...do we believe the bully's story or everyone else's? Considering that every magazine editor and expert is free-thinking, if they all adopt the same mindset, I may tend to go with the numbers.

[lyx]

Your description of your approach very well highlights the completely opposite approach:
You build a whitelist by letting security software guess what may be undesired, and then create rules case by case (of course, within limitations - as i mentioned, software cannot really understand applications and user-intent, but rather goes for generic patterns and similarities - which is why they're clueless about my batch-file example. The user may have intentionally written a batchfile that deletes all his documents, or he may not. And if i replace deletion with renaming, stuff becomes even less decidable by a machine on a generic basis).

I on the other hand propose that i on the filesystem-level just set up some basic rules (i.e., by defining that my applications may not write to other applications nor the system) - and then only rarely need to define exceptions. This takes all the "guessing" away from the security software, since i tell it whats okay, and anything else just gets denied. In theory, this would involve much less effort for the user and the machine, but since existing platforms and software isn't designed for this, it turns into a lot of manual work and research.

if everybody on the playground complains about one kid who’s a bully, they may actually have a point...do we believe the bully's story or everyone else's? Considering that every magazine editor and expert is free-thinking, if they all adopt the same mindset, I may tend to go with the numbers.

Magazines lost their "free-thinking" the day they no longer were able to cover their costs by selling magazines. Plus, magazines too can in a perverted way increase sales by promoting problems: If you provide a complete solution now, the case is solved - no need to for further advice. If you provide "patch" that perhaps even creates the need for more patches, the case is never solved, but via the intermediate patches an illusion of progress is created. In the case of security software: if you provide a complete solution to most current problems, there is no need for further help. But if you merely provide reviews of watchdogs that forever need to increase their arsenal to keep up with the mounting holes in the system, you can review security software forever. For this to happen, it is not necessary for magazines to create these problems - they just need a bias in deciding what to review and report about - and the amount of patches to report about is much higher than the amount of solutions to report about.

[fpelletier]

So briefly, what's your advice to the single mom down the street who's buying her first computer for her college-level boys to use? (in terms that she'll understand)

[lyx]

Install Ubuntu for work (or alternatively, buy a mac)
Buy a console for gaming.

There is no reliable, sane and low-effort solution for windows.

If she against all reason must use windows, buy a big external harddisk, and every month make a full-hdd backup. Keep the last 10 backups, and one backup for each year.

If both options are difficult to understand for her: Either learn, dont use a computer, or expect disaster.

[guinness]

I am not entering the conversation, but with response to the "Average Mum" question, I think Comodo products are well respected.

[fpelletier]

I wish that I had started this discussion with that question. It does explain why we are diametrically opposed on this issue. I understand the MAC point of view, also the Linux point of view. Both of which, don't have near the issues with malware. I have been coming from the Microsoft point of view...I live, breathe, and eat, Microsoft...it is their development platform that I make my living through. I will obviously concede that the Microsoft world is unnecessarily complicated. It is a love-hate relationship. Their IDEs and languages are far and away the most powerful and produce the most jobs, however, it is the complexity that necessitates people to hire me at my rates--the same complexity that is so difficult to secure. With each new iteration of Microsoft's development platforms and O/Ss, the complexity magnifies by another magnitude. I curse it and applaud it at the same time. It is unfortunately an insanely popular beast that needs to be dealt with some how. It is the reason that I have evolved the perspective that I have.

I will say however, that I have what, by all appearances, is a reliable solution to windows security whether you love it or loathe it. I have been trouble free for many years. You may call it lucky, however, my clients also share my successes once I set them up. I don't dole out my advice lightly as, if I am wrong, it would damage my reputation and credibility. If someone follows my advice, I take that very seriously. I simply won't take chances with anyone else's stuff--ESPECIALLY if it is production.

[lyx]

I'm not a "linux/mac"-guy. There are many aspects about mac, and even more about linux, that i strongly dislike. Especially linux wouldn't be an OS for me. I liked windows a lot, especially before it became unnecessarily complex, and turned into the worst of both worlds (dependency hell and bloatware from linux and abuse and unreliability from windows). I also acknowledge that despite what linux fanboys claim, linux and mac isn't really more secure than windows (most issues i described would as well apply to linux/mac, if malware were as popular there).

BUT, i also acknowledge that:
- windows has a general tendency to selfdestruct over time. Linux and mac dont.
- windows is a popular malware target. Linux/mac isnt.
- Solving (rather than patching) all the issues of windows would - as you pointed out - require an amount of effort and learning that "your nextdoor mom" isn't willing to invest.
- On windows, when software breaks, which is becoming ever more probable, thanks to microsoft churning out more and more complicated reinvented wheels that hook deep into the system, waiting to cause conflicts - when that happens on windows, what does the user do? What does the vendor do? Chances are: both have no idea anymore how to fix it. Could be anywhere. There is no reset button for this stuff, and uninstalling too may not work cleanly. Installing software on windows always is a little bit of "we'll stay together until format C: will divide us". On linux/mac? I may consider package management stupid for way too many reasons, but there is one thing that works: Uninstalling and reinstalling. Want to reset software? Just delete its config-folder, done. Yes, you could on windows again install a "watchdog" to patch that, and hope that it will magically be able to solve everything that is wrong with windows software (un-)installing mechanisms.... chances are: just like with AV-software, it will increase chances, but not actually "fix" it.

So, considering all those things, the only complete solution to the mom-scenario that just works, no matter what, is using ubuntu/mac. No malware, no selfdestruction, almost no user-hostile software. I as a poweruser may not like aspects of those OSes, but for someone who just wants to do office stuff, surf the web, chat, player music/vids, etc.... its the closest to "just works without you doing much" available.

The gaming console i proposed, because games is the one thing in which linux/mac lacks, and i'd guess college-grade folks would also want to play games. Plus, with a console you dont need to pay for hw-upgrades every year - not to mention that buying a gaming pc has become an arcane knowledge - not even i understand all the cryptic terms and inconsistent GPU productnames anymore without a lot of manual research.

P.S.: Regarding "where i and where you stand" and why our approaches seem to be opposite (actually "inverted"). In most topics where the usual two poles establish, i take a position that is outside of that dualism. To take security as an example: I reject both the "make stuff easy for the user by enabling as much access as possible" approach, as well as the "no admin-rights" doctrine of linux fans. Instead, i think that the whole account-based security model is flawed to begin with, plus that any approach that tries to replace the user, must be doomed to fail. The resulting alternative approach by me, strongly restricts application access rights (thus having a bit of the linux doctrine), yet gives the user full control and is easy (thus having a bit of the windows doctrine), and additionally is totally unpopular and unsupported (thus at the same time is neither of the two).

[waka2301]

I use ZenOK Free Antivirus has been improving their software for some time, I like it a lot. Virus updates are a bit slower than Symantec or McAfee. Norton’s Antivirus 2005 is a pain, but more secure. You have to turn off the worm protection and script blocking in NAV2005 to ftp with Lunarpages.

[Moderator note: edited syntax error in URL tag.]

[gavind]

Just for me, I don't think that a "best" one exist since each of them offers different feature. You need to find out which one works out well for you though.