There are myriad anti-malware products that can protect you from the latest viruses, spyware, and other online threats. But when it comes to open-source antivirus software, the field is much more limited. Why?
There are only a few actively maintained open-source antivirus projects. ClamAV is the best FOSS download for Windows, Mac, and Linux. Other projects incorporate the ClamAV engine, which is generally not as capable as commercial counterparts. Open source antivirus for smartphones is also rare.
We researched the statuses of various antivirus software offerings that are truly open-source or used open-source components. We established a few criteria when deciding on what to recommend.
Antivirus Software Must Be Kept Updated
One important thing to consider about any antivirus software is the frequency of the updates. Cybercriminals release new Trojans and computer viruses every day.
Some of the malicious software targets computers in large numbers. Without regularly updating an antivirus, it won’t be a match to the newly released viruses.
There have been many open-source antivirus software released in time past, but many of them have dormant and un-maintained. For instance, we excluded the following antivirus projects because they’re old.
Best Open Source Antivirus Software
Moon Secure Antivirus
The latest download of this antivirus is dated 2016-09-24. Even though the program uses the ClamAV engine, it hasn’t been updated recently and can’t combat newly developed computer viruses.
The last virus definition for this antivirus was from May 30, 2004. So, the antivirus cannot protect your computer from the latest viruses on the internet from 2005 till date.
The last source code commit was four years ago, on Sep 12, 2017, showing that developers have abandoned it.
Anyone downloading Armadito antivirus might be exposed to security vulnerabilities.
One reason for the lack of updates on some open-source antivirus programs is that they don’t use signature-based detection to identify current threats. Commercial antivirus companies rely on signature-based detection to quickly identify current threats and update their programs to combat them.
Also, no FOSS antivirus programs are using a heuristic engine. Heuristic virus detection is capable of looking past known virus signatures but complicated. It is a method of using algorithms to identify the behavioral patterns of a particular virus during testing.
Many recent computer viruses can’t be detected through a typical scan. The developers use powerful encryption to conceal them. Given the advanced and persistent nature of current threats, heuristics is becoming a must for open-source antivirus programs if they must remain relevant.
Supports your computer or mobile operating system
Before downloading a FOSS antivirus program, check the operating systems it can protect. If your computer or mobile operating system is not listed, then it’s not compatible with it.
Cybercriminals create sophisticated malware such as spyware, ransomware, viruses, and adware targeting devices on different operating systems. Your choice of antivirus program must be designed for your devices’ OS and tailor-made to suit its computing behaviors.
Some open-source antivirus programs such as ClamAV are cross-platform, meaning they can work for Windows, Android, or even MAC. Others are specific and only available to certain OS or platforms. They might work for Mac but not Windows.
However, the main open-source antivirus project is used in several downstream projects. For instance, many downstream projects work with virus definition from ClamAV.
Clam Antivirus is one of the best open-source antiviruses that is frequently maintained and updated every four hours. It detects different kinds of malware and Windows viruses using in-built signatures.
ClamAV runs across multiple operating systems such as Windows, macOS, Solaris, Linux through its third-party versions. It is light and doesn’t slow down your device but somewhat improves its performance.
History & Ownership
ClamAV was created by five developers and sold to Sourcefire. The company acquired the trademarks & copyrights to ClamAV and announced it on Aug 17 2007. Afterward, the developers joined the Sourcefire Vulnerability Research team.
In July 2013, Cisco acquired Sourcefire, and the research team became part of Cisco.
Activity & Technology Used
ClamAV is actively maintained and updated by the Cisco Talos. The program has 46 contributors, including Micah Snyder. The ClamAV development team comprises 3 programmers, Andy Ragusa, Mickey Sola, and Micah Snyder.
ClamAV was written in C, C++, Assembly, Python, CMake, Yacc, etc. 85.5% of ClamAV codes were written in C language. 9.6% of the codes were in C++ programming language, CMake occupied 1.9% of the codes while Python, Assembly, Yacc and others were 0.8%, 0.9%, 0.4%, and 0.9%.
Effectiveness & Shortcomings
ClamAV uses signatures to detect malware. It detects viruses through their signatures or fingerprints. Virus signatures are bits of code or unique data that enable antivirus programs to identify them.
Signatures-based detection applies a pattern to the file being scanned. If there’s a fit, ClamAV reports a “positive result.” If the file is malicious, it is known as “true positive,” but if it’s not but was reported as malicious, it becomes a “false positive.”
ClamAV works well on Windows and Linux. It detected the CCleaner 5.33 malware when other programs didn’t. It uses signature-based detection for viruses but integrates heuristics for scans.
However, ClamAV is not a full-featured antivirus and has its unique vulnerabilities.
Number of downloads/installs
ClamWin is a suitable open-source antivirus for Windows owned by ClamWin Pty Ltd. It uses the ClamAV engine for antivirus definitions, and it comes under the GNU General Public License. The program detects viruses & spyware and removes every virus-infected attachment quickly.
ClamWin offers features such as automatic updates, scanning, scan scheduling, Microsoft Outlook add-in, etc. It also has plugins for Firefox capable of scanning downloaded files. There are other plugins as well that you can use to download and scan files using ClamWin.
85.8% of ClamWin codes are written in Python, while C++, Inno Setup, and other programming languages take 9.1%, 4.8%, and 0.3%. Presently, ClamWin has two contributors, and the latest commits occurred 17 days ago.
However, ClamWin doesn’t support real-time file scanning. You have to initiate the function manually.
Also, the scan is slow, and the detection rate is better with newer versions like version 0.93 and 0.95.2
ClamWin is the Windows front-end for ClamAV. So, if you aim to protect devices running on Windows, it’s best to use ClamWin. Also, ClamAV is simpler to run and can be used alongside other programs.
LibreAV is a free anti-malware program for android devices. Its source code comes under the GNU GPLv3 license, meaning that anybody can download and modify it. The program doesn’t feature ads and has no hidden charges.
LibreAV is built on TensorFlow and leverages machine learning functionalities to detect malware, especially in applications. The program performs scans on the application within seconds. The real-time scan features alerts users whenever a new app is updated or installed.
LibreAV was published on Sep 24 2020 by Lance Padrones.
The latest version of the android antivirus is 1.0.2, and you’ll need Android 4.1+ to use it. The program aims at detecting malware in every android device.
Android devices often get malware infections through the apps downloaded from different platforms. Malicious apps even sneak into legitimate app stores such as Google Play Store undetected.
So, LibreAV is an excellent way to detect and eliminate such malware-infected apps. The program doesn’t consume many resources and doesn’t reduce the performance of android devices, although it may increase your device’s battery consumption.
Antivirus Leveraging Open Source Code
Many anti-malware programs in the market use open-source code. Some of the programs using FOSS include Immunet, Bitdefender, ClamWin, Kaspersky, Sophos home free, etc.
While many of the programs responsible document their use of FOSS, others don’t. One of the commendable projects that disclose its use of open source code is Bitdefender. The program disclosed a list of the open-source software it uses for its enterprise products.
Other projects that use open source codes are not as open as Bitdefender in disclosing the information.
Is separate antivirus needed?
Separate antivirus software is necessary for operating systems such as macOS, Androids, and Windows.
Devices running on Windows require an extra level of protection to combat malware attacks from the internet. Android devices are also susceptible to malware attacks from app downloads. However, Apple’s iOS doesn’t succumb to malware infiltration.
Many mainstream operating systems such as Apple iOS, Linux desktops, Windows usually come with strong anti-malware software. Apple devices don’t usually need antivirus programs. The operating system is resistant to viruses.
Windows have built-in antivirus programs, but they don’t normally prevent malware attacks. Mobile operating systems are usually protected, but the devices get corrupted through malicious apps downloaded from the app store. So, stick to official app stores when downloading any application.
But for high-risk work, exposing your device to malicious sites and apps, you need an antivirus program for additional security.
Best Free, Closed-Source Antivirus
Avira is one of the best antivirus programs for Windows. It offers many free features such as a password manager, file shredder, etc. It works very fast and doesn’t consume system resources a lot.
Avira doesn’t detect or analyze threats through the PC but in the cloud. This is why it doesn’t slow down your system. You can run other programs even during Avira scans.
Kaspersky is a free antivirus that offers real-time malware security. It detects and removes malware very fast, and its allowable 200 MB VPN protection every day.
Kaspersky also provides a virtual keyboard and free data-breach monitoring for one account. Its password manager allows users to save up to 15 entries, and you can even check one email account for a data breach.
Bitdefender is a cloud-based program that doesn’t interfere with your activities. It is easy to use and protects you from phishing websites, malware infections, rootkits, and adware.
The program doesn’t interfere with your activities since it will be running in the background while you work. But it provides notification once it detects suspicious activity. The program scans, detect, and removes malware automatically.