What Makes a Good “Antivirus”?

Mar 8, 2021 | Antivirus, Security Products and Services | 0 comments

Ransomware message screenViruses and malware is a real and present danger for computers. While most malware is written for Microsoft Windows, Macintoshes are not immune from infections.

Typically, computers come with some sort of anti-virus software: Windows Defender (for Windows) or XProtect and Gatekeeper (for Apple). Is this enough?

Defender and XProtect are much, much better than nothing but they may be inadequate for a number of reasons: poor phishing attack detection; reliance on up-to-date virus definitions (which are not often up-to-date); blindness to attacks that don’t involve malware file downloads.

Windows Defender

Microsoft has put a lot of development work into Windows Defender since its release in 2009. Defender works by matching a downloaded file against a list of known malware “signatures.” However, Microsoft doesn’t update this signature file as often as it should. Newer malware can get through. Using Defender with Microsoft Edge only blocks about 68% of phishing sites–much worse than built in phishing filters from Chrome or Firefox.


XProtect scans downloaded files for signs of malware. If it finds something suspicious, it’ll usually let you know. XProtect is a basic level of protection. It matches downloaded files against a set of known malware “signatures”. Only files matching this signature will be blocked. Files loaded by a USB stick or off a trusted file server may not be flagged. If signatures are out of date, malware can get through. XProtect doesn’t provide any protection against phishing attacks.

What Makes “Good” Antivirus?

Malware increasingly is using scripts that access commands and features of the host operating system to infect a computer. These attacks often get past “signature” antivirus systems.

While we definitely want antivirus software to be accurate and effective in neutralizing all malware threats, we usually have other criteria as well:

  1. Software should work in the background. Any scanning or other activities shouldn’t stop us from doing our regular work.
  2. It shouldn’t annoy us by advertising features like VPNs or telling us that we haven’t backed up our systems recently.
  3. When a threat is identified they should neutralize the threat, maybe warn us, and not give us a bunch of messages, MD5 hashes, file locations, registry entries, and other stuff that the average user doesn’t understand. Power users can drill down into that stuff; most people don’t care.
  4. Scans, when required should be fast, very fast.
  5. In addition to signature based detection, behaviour based detection should be used to detect new or emerging threats.
  6. Protection should be available for our phones and tablets as well as our computers. Infected files can be transferred across devices by a user or within an organization.

Webroot SecureAnywhere

Webroot ticks all these boxes. In a review by PC Magazine of the top 13 antivirus products on the market, Webroot was one of 4 winners of an “Editor’s Choice Award” with 4.5 stars out of 5.

It assesses every new downloaded file into one of 3 categories: good, bad or unknown. Unknown files are typically installed but monitored. A copy of the file is uploaded to Webroot’s Analysis Lab for further research. In the meantime, Webroot goes into “journaling mode” by which it notes everything that the file or download tries to do on the system. If it looks like the file is behaving badly, Webroot will quarantine it until a decision comes from the lab–or the user weighs in on the issue.

Webroot User ScreenThe screen at left is what most users see when a threat is detected: yes there was a threat but it’s been neutralized. The scan only took 2 minutes for an entire computer. Webroot’s policies and reporting can be configured by organization.

Atlas is a Webroot Reseller. When the user encountered this threat, this is what our management console reported:

Webroot Management Console ScreenThe threat was first seen globally less than a month ago, on February 12. Less than 2,000 cases have so far been observed. This is the first time it’s been seen by any of Atlas’ clients. And it belongs to malware packages belonging to the W32.Adware.Gen group. This probably doesn’t mean much to most people but it’s a reasonably harmless (yet annoying) package that just flashes unwanted ads on your screen as you browse the internet.

In any case, we can respond appropriately to malware threats so our clients can focus on their normal work.

Is Webroot Worth it?

The cost for protecting a computer is $3/month or $36/year. Is the peace of mind that comes from knowing your computers are protected and monitored worth that price? And what is the time and effort if your existing anti-virus solution isn’t effective?

Contact us for more information on protecting your computers.

Other Reading

Check Out These Related Posts




  1. Mac Users Don't Need to Feel Left Out – Atlas Business Solutions - […] The fact that the software had a valid developer certificate issued by Apple means that Apple XProtect and other…

Submit a Comment