I recently spent a week fixing my son's Windows XP computer after it was infected with a virus on the same day the machine's Norton 360 subscription ran out. As I was going from PC to PC in the house updating Norton, a virus infected a bunch of Windows system files and began sending out hundreds of Russian Viagra spams.
Norton apparently stops protecting you from viruses the second the subscription ends. I expected it to stop offering updates, but I didn't know it would refuse to scan new files using its existing virus definitions. This obnoxious policy, along with the fact Norton let another virus hit that computer a year ago, inspired me to look for a new antivirus program.
After wiping out the entire hard drive and reinstalling Windows XP, I decided to try ESET Smart Security 4, which includes the NOD32 antivirus program and firewall and spam filters. NOD32 gets pretty good reviews for catching viruses based on their behavior, not just on matching a database of known malware:
AV-Comparatives, a European test lab, rates it Advanced+ (the highest rating) for proactive non-signature detection of viruses, with few false positives. But it rated just Advanced on a separate test of on-demand signature-based scanning. That makes a lot of sense, as ESET focuses strongly on heuristic and behavioral detection of malware, even malware that's too new to have a signature.
I also installed Ad-Aware Pro, a program that has successfully caught and stopped viruses in the past that were missed by Norton.
Rebuilding the PC after a virus infestation was difficult because the HP computer did not come with drivers on a CD. Instead, HP started using a hidden partition on the drive you're supposed to be able to access by running a recovery program during system boot. This did not work, so I had to install a second wireless card just to get Windows updates and all the necessary XP service packs.
I'll post here if another virus gets past the new security regime. If anyone has tips for additional programs I should be running alongside ESET and Ad-Aware, please post them in comments.
Microsoft Security Essentials. I'll take Advanced (+free +never being nagged for a subscription) over Advanced+ any day.
whoops, I was looking at the wrong report - in the proactive one, MSSE is also advanced+. So why pay for what you can get for nothing?
I am not a big fan of Norton, either. I use MSE (so I agree with Joe) on my windows machines and I believe the M&M (crunchy on the outside, soft in the middle) security model is a very bad thing. I download all updates and install them as soon as I see them. I also run a firewall. The updates and firewall are applicable to linux, too. I've used Malwarebytes and it seems to work well.
Two other tools you _might_ be interested in are the AIK for Windows and a tool called nLite (there is a similarly named version specific to Vista, I think). These are not necessarily preventative but to ease the task you just completed. The AIK can be used to image a hard drive similar to the way Ghost does (after you've installed Windows) using the Windows Preinstallation Environment (WinPE). I built a UFD that can boot Win PE and can apply and capture images easily.
nLite will let you build a custom install disk by slipstreaming in special drivers (like SATA drivers when you need to install XP and the machine does not have a floppy). It will also let you customize the installer in ways that are known to astound and amaze those with a weak constitution.
Sometimes it isn't a bad idea to have such tools at the ready when the only alternative is the final alternative.