Review: ClamWin Antivirus SourceForge Project of the Month February 2005

Looking for some way to keep your Machine safe? Need a way to detect and remove virii? Then ClamWin Antivirus is the way to go. ClamWin AntiVirus 'What is that you ask?' Well to be short and to the point, it is an OSS AntiVirus Client. OSS being, Open Source Software. Now many are saying to themselves, 'Hey! I can get that done with Mcaffee, or Norton, or Panda, why do I want ClamWin?' You could go with one of the corporate alternatives I mentioned above. Why pay for a subscription and updates, when your hard earned dollar could be stretched a little further by using Open Source Software.

What is Open Source Software?
"The basic idea behind open source is very simple: When programmers can read, redistribute, and modify the source code for a piece of software, the software evolves. People improve it, people adapt it, people fix bugs. And this can happen at a speed that, if one is used to the slow pace of conventional software development, seems astonishing." http://tinyurl.com/6z6do [www.opensource.org]

Now my take on OSS is just about as simple. It's not communism, or and 'ism.' It a matter of many people having a similar hobby, and expanding on that hobby, adopting an idealogy that lets other benefit from the developers initial work. Allowing all to benefit from the 'better mousetrap,' as it were, or expanding upon the mousetrap. Some people might malign OSS, or grouse about Development, Quality or lack of Features, or try to confuse the OSS issue and muddy the waters by drawing distinctions that are not necessary. Let us not be mistaken here. You get what you pay for, and any additional bonus value is just that, bonus value. If anyone feels they can get more for thier dollar, by going the Closed Source route, then far be it from me to dissuade them.

Now this review wasn't written to be a Manifesto, or evangelistic diatribe about the OSS movement, so I'll get back to the bones of the actual review.

To start off, you can get to ClamWin from http://www.clamav.net/ [ClamWin.net] and Download the full version from http://tinyurl.com/3r5xw [Download Link] Here's the Bare bones about ClamWin
Description of project:
ClamWin is a free antivirus application for Microsoft Windows 98/Me/2000/XP/2003. It uses Clam AntiVirus scanning engine. ClamWin Free Antivirus comes with an easy installer and open source code at no cost. It features:

Scanning scheduler
Automatic virus database updates. ClamAV team updates virus databases on a regular basis and almost immediately after a new virus/variant is out
Standalone virus scanner
Context menu integration to Microsoft Windows Explorer
Add-in to Microsoft Outlook

Now that is the propaganda from the SourceForce website. http://sourceforge.net/ [SourceForge.net]

I downloaded the program, rather quickly. It topped out at about 4.84 Mb. Now I qualify my statement by saying I have a ADSL line and downloads go rather quickly. If you are on Dial-up it might take a bit. So start the Download going and go get a cup of coffee.
The Installation is pretty straight forward. I went with default directory. Now I have 'only just' completed this install of WindowsXP, and the amount of detritous collected on this machine is pretty low. I am behind a Firewalled Router and run Mozilla FireFox, so my infestations of Spyware and Malware should be realtively low. 'Right?' OK! I fire this baby up and it's pretty straight forward. Owing to the 'You get what you pay for...' reasoning, the initial screen of the program is sparse, yet functional. I choose to update the programs Viri Database. This is done rather quickly. I highlite my 'C Drive' and 'Click the Scan' Button. Away we go! It's whizzes and Whirls, and does it's thing. I wait a bit and it finds, a piece of trash Adaware and Spybot Missed. Now this wasn't a 'cookie' or similar 'negligable' tracking type info, it was an actual piece of trash.

Now what else can I say?

It works.
It works rather Quickly (as well as can be expected with a bazillion files to go through.)
It has definable mask for excluding file types.
It has Shell Intergration for 'right click' scanning of suspect files.
It integrates with MS Outlook to protect email issues
It is Updated many times a week and has quick response times to new 'in the wild virii.' http://tinyurl.com/6tur7 clamav-virusdb
You can check out the ClamWin FAQs located here. http://tinyurl.com/6kquh [ClamWin FAQs]

That's about all I have as a Review. I hope it helps, and the Software works for you as well as it does for me. Remember, you do not always have to pay for something for it to be a 'Good Value.'

Comments

Kobrano

on Feb 22, 2005

Let me correct some things here before people jump on board with ClamWin.

ClamWin is not sufficient to be used as an exclusive AV on any system. I believe last time I talked to ClamWin people, they had about 28,000 Virus/Trojans in their database. To let you know how inadequate this is, the average commercial antivirus has roughly 90,000-120,000 definitions.

Second, ClamWin doesn't utilize a realtime monitor, so its essentially useless at stopping infections BEFORE they happen, which is critical, because once the damage is done, who cares if an AV finds it? Its too late.

Third, its heuristics are extremely lacking. Without strong definitions, and product has to rely on Heuristics, but if neither are up to standards of modern commercial applications, then the product fails - most of the time.

Fourth, updating an antivirus is a time consuming and extremely busy task. Most commercial AV's have labs with 50-150 people working in them handling virus/trojan analysis, and signature updates, in addition to coding. A freeware AV will never, ever, be as competant as a commercial one because of this. This includes Avast, AVG, and all of the other freebie ones, they have substandard detections.

ClamWin, on the last wide scoring I saw, tested in the 30% range on threats. Considering most AV products score in the 80-99% range, this is pretty lousy. Now you might ask, what do I recommend? Well, I own licenses to every AV product on earth, and have done virus analysis for about a year for 4 different AV companies. I have three products I recommend, depending on your machine, and circumstances.

High risk, Light Gaming or otherwise general computer: Kaspersky AV

Medium Risk, General Computing system, Medium Gaming: NOD32

Medium/High Risk, High Gaming Machine, General Computing: Arcabit

The reason is simple. Arcabit has zero impact on system performance and gaming. There isn't a game on the market that it will crash. With great signatures and heuristics, its more than suitable for gaming rigs under medium/high security risks.. Kaspersky has the best definitions in the world, and easily the best detections, but can be a slight load on systems, and can interfere with many games. NOD32 is nice, and semi-light, but has been known to interfer with some games as well.

My 2 cents.

dissimuloorator

on Feb 22, 2005

Yes, you have a series of valid points. That is why I provided the Documentation Links, and quantified my opinions. Truth be told though, in all my years of Computing I have been hit by 3 actual Viri. I do not include all the ad/malware intrusions here. I try to practice as many safe principles as I can. Trusted Sources, scan attachments, and no previews in email are the Golden three for me. Not to be forgotten also is disabled vbs. My main concerns now are Spyware, Adware and Malware and SPiM. It would be nice if you could provide documentation to your comparisons though. I'd like to see the actual information, to be able to make an informed decision myself. I also use TrendMicros' Online scanner, in a pinch. I have found it to be of some use, although it has never found anything on my system.

Kobrano

on Feb 23, 2005

Common sense is the best antivirus. I've got a couple years of strong security experiance in Virus/Malware. A big part of that common sense is using Firefox instead of IE. I can point an unsuspecting IE user to 50-60 web pages where they'd have trojans installed on their PC just by viewing the page. Firefox? No such luck.

I use Arcabit on my personal systems because its so light, but in addition I practice common sense computing. Its served me well, nothing but my honeypot has been infected in the last 3 years. But i'm also a perpetual formatter. I can't stand windows and how it bloats up every day you use it, so I format and use a custom XP install DVD (with the registration code removed!) and I can be back up and running in 45 minutes with everything installed and updated because its all on the disk. So I sense that my constant reinstallation of Windows keeps me clean as well, provided anything would have slipped through anyway.

I can provide you all the comparatives you need, I have access to literally every security site, test service, and AV vendor database in the world. A good start would be the independant sites, such as this:

http://www.av-comparatives.org/
Link

One of the things that usually fails Arcabit on big tests is false positives, its horrid for them. However, being experianced in threat management, I can quickly distinguish false alarms and deal with them. Needless to say, its still a very strong AV, and the lightest on system resources, which is why I use it. False alarms or otherwise.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!