/ Technology

Buying expensive anti-virus software won’t stop cybercrime

A new report has unearthed something we’ve known about for some time, namely that spending a lot of money on anti-virus solutions is a waste of money and not necessarily the best way to tackle cybercrime.

A report by Cambridge University reveals that the UK is spending £640m per year trying to prevent or clean-up cybercrime threats. And almost £110m of that is being spent on anti-virus software, whereas only £10m is on actual law enforcement.

The study suggests that although cybercriminals are only pulling in a few tens of pounds from every Brit per year, the indirect costs of buying anti-virus software come to much more.

It concludes that more money should be spent on law enforcement, rather than encouraging people to buy anti-virus software, as lead author Professor Ross Anderson told the BBC:

‘A small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase anti-virus software.’

The study echoes some of our previous reports, which show free anti-virus solutions are often just as effective as paid-for ones.

Focus on cybercrime

The report also argues that the government should spend less on monitoring phone and email communications, a policy disapproved of by privacy campaigners.

It comes at a time when the government is reportedly looking to spend £1.8 billion on implementing its Communications Data Bill. Under the proposals, the authorities will be able to access information such as the headers of emails you’ve sent and also the websites you’ve visited. I agree with Professor Anderson – this is money that could be better spent elsewhere. But where?

Security boundaries are blurring

The report recommends redirecting some of these vast sums of money towards improving consumer protection legislation for victims of credit card fraud, pointing out that the Netherlands, Finland and Ireland, already provide much stronger protection.

It’s a wise suggestion. However, the line between malware – such as viruses and trojans – and financial fraud blurred some time ago. Putting money in this pot or that pot isn’t the way to tackle online crime. There needs to be a multi-pronged attack whereby consumers are educated and know the value of installing free anti-virus software and keeping it updated.

A £650 million investment from the Cabinet Office to fund cyber-specialists in police forces across the country will help, too. Hopefully, then if people do fall victim to cybercrimes they’ll have an expert to whom they can report it. Something I believe is long overdue.


It’s probably true that much more needs to be spent on law enforcement, but equally it’s the same debate about having better locks and a burglar alarm on your house or more police on the streets (you do both). Tackling cybercrime in all it’s forms is an expensive and complex business and free security packages still depend on firms having resources (through subscriptions) to finance the detection, research and tackling of new threats as they crop up on a daily basis across a growing number of different platforms.

In truth you don’t have to spend massive amounts on what I would describe as a “Joined-up” security package (firewall/malware/email/site safety) if you shop around on Amazon or use some of the offers you find in computer magazines (making sure you read the reviews first!) – it is however worthwhile in my experience.

Brian Elwin Pomeroy says:
19 June 2012

The money is the key. The officials want everybody to be fighting; setting up firewalls so others are challenged to ‘out-smart’ the wall. This is how knowledge and or new ideas are born. That is just the way it is. Read your contracts, check your coverage in case of attack. I have a credit card with a three hundred limit for playing on the internet. Submit your tricks.


Two points:

1. Why pay money for anti-virus utilities when there are perfectly good free options for this? On Windows, Microsoft Security Essentials does the job – OK, it’s a ‘no-frills’ anti-virus, so you dont get anything else, but what else do you need? Similarly, on Mac there are good free options, including iAntiVirus and Sophos.

2. The law enforcement issue is an interesting idea, but you have to ask, WHOSE law enforcement. Most spam, phishing activities, viruses, worms et al, originate from other countries beyond UK law enforcement jurisdiction – and largely from countries that aren’t too likely to have a good reputation or willingness to do a lot of ‘cooperation’ with UK law enforcement. Spending any amount of money within the UK alone will achieve squat! Always need to remember that the internet is (largely) no respecter of national boundaries…..

JR says:
22 June 2012

This is very interesting. As is the report in the link. But is it dangerous to suggest we should not use anti-virus software on our home computers? In my experience the first thing the bank will ask after you have been invaded is ‘do you have anti-virus software?’. If you say no I suspect they will say you have been negligent and then not refund any losses you have sustained.

The great problem with all of these issues, like should you shouldn’t you, is free just as good as fee charging, etc., is that one can never get a categorical answer from anywhere. The more one researches via the internet the more confusing it becomes. Its is exactly the same reading product reviews. There is as many reviewers saying the product is the best thing sliced bread as there are saying the product is rubbish. Reading the reviews becomes an art form because the first trick is trying to discern the reviewers motive and qualification. Even the Which? reports are directly contradicted by some of the reviewers comments.


Sarah is not advocating that we should not use anti-virus software. Which? has reported that free software is more or less as effective as expensive software, so show the bank a copy of the report if you are unlucky enough to be a victim of fraud.

The introductory comments are personal views, which is only obvious when stated or if differing views are presented. I’ve often wondered if it is a deliberate ploy to encourage comments.


In Windows 7 the new security essentials is very good – it even includes heuristic scanning, although you have to enable it. Of other products check matsoutec.com for the most thorough testing I have seen anywhere. It is independent and very geeky but the results speak volumes. The big boys McAfee, Norton and AVG all score appallingly. On McAfee’s dismal 2% it agrees with my experience over 10 years in IT.

From matousec you can see the best are Outpost and Comodo both of whom offer free, superb products but seem rarely mentioned in consumer tests; including Which?
Both offer commercial versions but I would stick with free unless you have serious worries or deep pockets. The only other one worth paying for if pushed is Kaskerky. It is very good but Comodo is better and free.
Which? please include these in your next test.


In reply to Mike above:

Mike, thanks for your mention of matousec, which is a very informative site indeed! Being more of a Mac than Windows user myself, I wasn’t aware of it. It’s particularly interesting to earn that so many of the security utilities lose out in a big way when one switches from a 32-bit to a 64-bit system – who would have thought that could be such a big issue?

Just for the benefit of others, here are the full links to the test results pages:

32-bit OS: http://www.matousec.com/projects/proactive-security-challenge/results.php

64-bit OS: http://www.matousec.com/projects/proactive-security-challenge-64/results.php

Just one other thing I’ll mention, though I haven’t gotten to the bottom of it yet. matousec does indeed say that Comodo Internet Security is free, but Comodo’s own website says that only the standalone anti-virus utility is free, whilst the full internet security package is $20/year:


But I would say that that’s not a huge price to pay, when compared to the likes of Norton and McAfee, if you feel you want the additional functions of the full package. From her point-of-view, my partner already decided to switch her Windows machines to the free Comodo anti-virus, abandoning her current usage of Microsoft Security Essentials, which I was intrigued to note matousec doesn’t seem even to mention!

thunderer says:
3 February 2016

Comodo not free any more according to the matousec link in the next comment.

25 June 2012

This new virus called ‘Flame’ is a real Killer Diller, it was originally aimed at Iran, for obvious reasons, Obama gave the go ahead in conjunction with Israeli Techies!…Don’t believe?’….Google it.

But, not to despair, their is a company just set up to detect the signature of this virus!