eWeek recently published a nice article covering survey data that shows user understanding of PC security threats is outdated, which of course may lead to poor security practices.  Overall I like the article, but I take issue with what they claim as “fact” in response to Myth #2, that free antivirus software is as good as paid antivirus software.  Rather than being facts, they are at best half-truths.

The article claims that free antivirus (or more accurately these days, anti-malware) software is missing three things: anti-SPAM, Web Filtering, and Behavioral Analysis. It is true that each vendor makes decisions on how to differentiate their free offering from their paid product.  But those decisions are neither as clear-cut as claimed in the eWeek article nor as relevant as eWeek would have you believe.  Let’s address them in reverse order.

Behavioral Analysis is one of the more modern techniques being used to fight malware.  What it does is look for patterns of activity that seem inappropriate for normal applications.  For example, if an application starts to make changes to the Registry (the database of settings maintained by Windows) that a normal application shouldn’t be making then the application might be malware.  eWeek claims that free anti-malware software doesn’t include Behavioral Analysis while paid software does.  That is false.  Perhaps some vendors use this as a differentiator, but Microsoft includes Behavioral Analysis in its free Microsoft Security Essentials.  Immunet includes it in their free offering as well.  I haven’t looked at others to see if they are using Behavioral Analysis as a differentiator, but just the two examples I cite show that eWeek is at best spreading a half-truth and at worse an outright lie.

What about Web Filtering?  This may be a more accurate claim in terms of technical fact, but is it relevant?  Microsoft IE8 and IE9 already include the SmartScreen Web Filter and thus Microsoft sees no reason to include it in Microsoft Security Essentials.  Instead Microsoft continues to throw resources at improving SmartScreen.  Chrome, Firefox, and Safari use a similar service offered by Google.  In fact, in most cases the Web Filtering offered by paid anti-malware products is redundant and you don’t need it anyway.  So now you aren’t down to a free vs paid decision, you are making a decision on if SmartScreen is good enough or if another Web Filtering client does a better job of filtering malware distribution websites.  (There is one other reason for a third-party Web Filtering client, if you want to disable access to legitimate sites for some reason; for example a small business that wants to block its employees from shopping on Amazon, etc. during business hours).  Overall though, it is disingenuous to claim that lack of Web Filtering in free anti-malware products is a significant issue.

Lastly anti-SPAM.  It may in fact be true to say that free anti-malware software doesn’t include anti-SPAM components, but is it relevant?  Microsoft has included anti-SPAM directly in Outlook, Windows Live Mail, the older Outlook Express, and Hotmail.  Both Yahoo Mail and Google’s GMail also include anti-SPAM support.  Any enterprise mail system, and most ISPs, will use an anti-SPAM product such as Microsoft’s Forefront Protection for Exchange to filter mail before it ever gets to your account.  So once again installing a third-party anti-SPAM product on your system is redundant and almost always unnecessary.

So how do the two vendors I mention, Microsoft and Immunet, differentiate their free vs. paid products?  In Microsoft’s case it is Management.  Microsoft Security Essentials includes none of the multi-system monitoring and management capabilities that all but the smallest businesses demand.  Those features are only in the paid Forefront Endpoint Protection product.  This differentiation is totally irrelevant for consumers.  In the case of Immunet they reserve two features for their paid Immunet Plus product, Rootkit Protection and a second on-device anti-malware engine.  If you use Immunet as your only anti-malware product then this is a significant difference.  However, Immunet pretty much only markets their free offering as a supplementary anti-malware capability that works with your existing anti-malware software.

There are certainly tradeoffs involved in using free anti-malware software rather than paid software, but for most users they are irrelevant.  eWeek got this one wrong.