Best Free Antivirus Software

  Read this article in Spanish
  Read this article in Chinese


To begin with let me say this: there is no best antivirus out there. Why do I say this? Any product that you take will behave differently against various virus samples since the AV engines and other components incorporated in them are of different technologies.

While one product might have higher detection ratio, another might have better malicious URL blocking or virtualization techniques, yet another might have lesser impact on system performance and so on.

Read more about Antivirus Engine and other related details at the end of this article.


Rated Products

Qihoo 360 Total Security  

This free antivirus is better than most commercial ones.

Our Rating: 
License: Free
  • Totally free, light on resources, extremely fast scan times and pre-configuration protection modes
  • Smooth running installer with no adware, pleasing UI and comes with many themes
  • Fast updates/fixes and excellent customer service with immediate replies
  • Great signatures with multiple engines and in-house cloud protection
  • Web protection addon, browsing locking, webcam, sandbox and usb protection modules
  • Online shopping protection, malicious URL protection and network threat blocking
  • Includes Glasswire Firewall and Windows patch-up components
  • Great detection rates, with very high zero day protection
  • Speedup and clean-up tools might not be for everyone (not present in Essentials version)
  • Bitdefender or Avira engines not enabled by default
  • Might encounter few false positives
  • PUP [Potentially Unwanted Programs] detection needs to improve
Read full review...

Avast Free Antivirus  

The only antivirus with a fully customizable installer and selection of user preference components.

Our Rating: 
License: Free (Limited features)
  • Extremely light on the system with a modern and clean UI
  • The only antivirus with a fully customizable installer, selection of user preference components
  • Works best in hardened or lock-down mode, which blocks all unknown programs (medium-expert users only)
  • Top notch detection capability, many secondary components to offer variety to a wholesome software
  • Excellent malicious URL blocking, network protection, outdated software checking, integrated password manager, and comes with a rescue disk.
  • Deep screen technology that includes Sandbox and Safe machine components for protection
  • Bloated default setup, some ads and pop'ups
  • Account creation for further protection after a month
  • Lack of an anti-ransomware module, and Deepscreen disabled by default
  • Cloud reputation, Malware signatures and HIPS module needs improvement
  • Offers Google Chrome and various bloated secondary components during install [Choose custom install]
Read full review...

Comodo Internet Security Premium  

Provides a multi-layered protection scheme with HIPS, sandbox, antivirus and firewall.

Our Rating: 
License: Free (Limited features)
  • Feature-rich with lots of options for customization along with setting tolerance against prompts
  • Tweaked settings gives the best 0-day protection among the pack
  • Multi-layered protection scheme with HIPS, Sandbox, Antivirus and Firewall
  • Industry grade firewall with options for learning and behavioural blocker
  • Low on resources with various graphical skins available and a clean user interface
  • Painful for beginners to use it, not very newbie friendly 
  • Av-module is a bit weak especially the signature based detection
  • Auto-sandboxing happens for various legitimate files, troubles with FPS games
  • Too many tweaks needed for better protection
  • Buggy software and updates are released slow.
  • Chromodo browser, Yahoo search engine, custom DNS and Geek Buddy offered during default install. [Click customize installation during install]
Read full review...

Avira Free Antivirus  

A free antivirus with high quality signatures, very fast updates and less false positives.

Our Rating: 
License: Free (Private/Educational use)
  • Pretty light on the system and runs smooth without system slow-downs
  • Clean ad-free GUI, Ad-free installer, No pop-ups or ads
  • High quality signatures, very fast updates, excellent detection on non-zero day threats
  • Deep file scans with very less false positives
  • Avira Protection Cloud makes for an excellent cloud engine
  • Browser safety Add-ons available for major browsers
  • Zero day protection (heuristic & behavioural shield) is very weak. 
  • Ineffective Browser launcher which is a memory hog (can be uninstalled)
  • Painful removal for detected files. Repeated scans from Luke Filewalker increases CPU & RAM usage. 
  • Multiple file exceptions needs to be added (real-time and on-demand)
  • No firewall/sandboxing/web shield technologies
Read full review...

Panda Free Antivirus  

Gives you antivirus protection with low memory and CPU usage, and collective intelligence cloud security.

Our Rating: 
License: Free (Private/Educational use)
  • Low memory & CPU usage thanks to cloud protection
  • Tiled UI with customizable interface and nicely rendered Settings interface
  • Collective intelligence cloud security - Downloading virus definitions is history
  • Good detection rates and behavioural analysis program
  • Fairly good web protection and hardware resource handling
  • Dependant on internet connection leading to weaker offline protection
  • Slow scanning speed, no fingerprinting (successive re-testing same files) and at times issues with virus removal
  • Not really light, performance impact in web browsing, installation and copying
  • Certain false positives despite the information available at cloud
  • Watch out for Panda security toolbar during install
Read full review...

Honorable Mention


Related Products and Links

How to make an antivirus engine

Other Articles By Chiron

Related Free Antivirus Software Articles

Related Security Articles


Antivirus Engine

It is used for Real Time malware protection of files and is the core component to scan data on your PC for detecting and removing malware from hard disk, memory, boot sectors, network drives, removable disks, or from external network traffic (internet).

  • How does an antivirus detect malware:

Firstly you got the signature-based detection which contains an offline database of known patterns of malware downloaded from the internet which can identify specific malware codes or family of malware. Then you have heuristic based detection that identifies pieces of code that are unlikely to be found in legitimate programs and hence is prone to false positives depending on the sensitivity of heuristics. Virtualization and sandboxing unpacks or executes unknown programs in an isolated secure environment so that their behaviour can be analysed and scanned using the antivirus engine. The latest one is cloud based detection that requires a reliable internet connection and sends the suspicious scanned file over the internet and the analysis is done by the vendors' machine running the cloud engine.

  • Scanning for viruses:

Most antiviruses include these basic scan types: On-demand scan/manual scan is initiated by the user from right click context menu or from within the software. On-access scan is initiated when the resource is being accessed like running an executable, copying files from external drives etc. Scheduled scan periodically ensures that the system is free from malware by setting the time and frequency for scanning. Startup scan/quick scan checks most important locations like running processes, startup items, system memory and services, boot sectors and so on.

To be Continued in the next update....... Firewall, Proactive protection, Web protection components and more.



This software category is maintained by volunteer editor George.J. Registered members can contact the editor with any comments or questions they might have by clicking here.

Back to the top of the article.


Please rate this article: 

Your rating: None
Average: 4.3 (2159 votes)


I'm sorry to hear about this. It sounds to me like there may be an issue with your computer. Perhaps another program is actively interfering, there is some sort of corruption, or remnants from a previously removed software are interfering in some way. If you make a topic for this in the forum, and send me a link to it, I can try to help.

FYI, I just visited the Comodo site using the link provided in the article. Download page states that Comodo free AV is for "Operating System: Windows 8, Windows 7, Vista", but nothing about WinXP. So I would not put it down to a computer problem - it's the second time this week I've run into this situation (I have a laptop and desktop w/XP, a desktop w/8.1). I'm sure that this will increasingly be the case, and wonder how many of the other AVs listed in the article no longer support XP. (No disrespect meant to the author - things change quickly.)

Thank you very much for pointing this out to me, and I very much do encourage that any reader who notices an issue brings it to my attention. I do keep track of all issues reported, and, if possible, these will be addressed as soon as possible. For this situation, I have edited the Quick Selection part to now explain this situation. There is an issue where there are significant limitations to Windows XP x64. These are such that if you are running the 64 bit edition I would advise that you use a different AV instead. However, Windows XP x32 should work fine. Please let me know if this answers your question, or if you have noticed any other issues. Anything you can bring to my attention would be appreciated. Thank you.

I guess you've been a bit unlucky - I've run CIS free for two or three years now with very few problems, although I do always install onto a clean system.

I've not tried GeekBuddy but the Comodo forums can be helpful.

We encounter these issues all the time with a variety of products and they are always local, due mostly to corrupt system files or the incomplete removal of other security software. MC - Site Manager.

avast FREE ANTIVIRUS now comes with OpenCandy.

"OpenCandy is integrated into SoftwareUpdater since a couple of months. We use it to offer additional software to our customers in avast Free under some conditions. It helps us paying for the traffic caused by Software Updater in Avast Free." (June 2014)

Thank you for pointing this out to me. I have now added a warning to the article.

Your warning: "Take care to avoid the default inclusion of the Chrome browser and OpenCandy during the install process by using the custom install option" (accessed 2014-08-24). That has been bothering me. :)

It would be very unusual to be given the option to reject OpenCandy. What you can reject are the downloads suggested by OpenCandy, but those come only AFTER OpenCandy itself has been installed, assigned you a permanent identifier, snooped through your stuff, phoned home info about your computer, your software, your geolocation, etc. It then selects downloads based on that info and on its previous interactions with you.

Last I checked, the user could avoid OpenCandy by not including the Software Updater component when installing avast or by removing it later. Note that Software Updater is not the avast updater.

the other thing: The OpenCandy offers are not made, or not only made, during the installation of avast. They come when the Software Updater functions, as long as it is installed.

According to Open Candy's own information, the OC component itself installs nothing on your system unless you accept one of the bundled offers. I've checked this for myself and it's true.

What happens is that when you run an installer that includes OC, the installer runs a dll which activates the bundled offers.

If you refuse all the offers then the dll is terminated and deleted after the original installer completes and nothing is left behind. I've also tested this for myself.

However, if you accept any of the offers then OC will install an auto-updater along with whatever offer you accepted.

The OC dll will "phone home" anyway, unless you block it, with the following information;

"A. Operating system version and language, country location and timezone of the computer running the installer, and the language of the developer’s installer
B. That the developer’s installer was initiated, and whether it was completed or canceled
C. Whether any third-party recommendations were made and if so, whether they were accepted or declined
D. If a third-party recommendation was accepted, whether the recommended app’s installer has been downloaded and the installer initiated
E. That the recommended third-party installer was initiated, and whether it was completed or canceled."

Note that the OC dll can be intercepted and blocked anyway, by programs like CIS.

LOL. The link removed in the paragraph below because of the bad WOT rating was to OpenCandy's FAQ; accessed accessed 2011-03-27.

Although you might like to think it's funny, our site rules are designed to protect visitors from potentially harmful links. Of course there are grey areas and situations when having a bad WOT rating does not present a hazard, but once we begin to make exceptions the whole system becomes meaningless. We do however expect members to read the rules before posting and abide by them for the benefit of the community. MC - Site Manager.

The comic element was the entrance of WOT in this particular conversation, in a rebuttal of the claim that OpenCandy is benign. The opportune arrival of reinforcements. I apologize for the unclarity.

I got the joke and enjoyed the irony too : )

I stand by my comments re; OC in general but fair cop, I hadn't properly looked into the situation with Avast in particular.

Not sure why anyone would be comforted by the fact that the dll is removed, when (1) the snooping has already been done at that point, (2) it leaves a permanent identifier on the computer, what OpenCandy used to call a "non-reversible identifier" [link with bad WOT rating removed as per site rules], and (3) its dossier on you is kept remotely.

Thus it is, or was, FALSE that "nothing is left behind."

In any case, you are describing the typical case in which OpenCandy comes with an INSTALLER. This is NOT the case with avast.

The dll is in fact NOT removed in the case of avast (not that it matters). You may "verify" that via the avast forum thread linked above. It remains and gets triggered repeatedly by avast's Software Updater component (which is something akin to the Secunia Personal Software Inspector).

Sophisticated users can block OpenCandy, certainly, but those are likely not the users seeking recommendations for free anti-virus programs. Also, the presence of OpenCandy gives insight into the values and ethics of the avast company.

360 Total Security Rocks!

It's like McDonald's "I'm lovin it!"

Yes I realize it is new. I've been on the net since all the others were new also. I too like to live dangerously.

* Patch windows with Windows Updates.
* Built-In System Cleaner.
* Built-In Start Remover.
* Built-In Sandbox. (similar to Avast)

One of the best guis I have seen in a while since others mucked theirs up. You ever try changing the detailed settings in newer versions of Avast?

It might just be me but it seems my machines run faster with 360 Total Security on. Probably because of the patches applied. It seems to find patches that Windows Update did not find.

* I have not run it on a purposely infected machine.
* It did remove startup items I did not want removed. (They were easily restored)

I would recommend only for an Advanced user for now. We don't know yet if their system cleaner is going to destroy something important.

Lenovo R60 Windows Vista 32-Bit
Acer Aspire 5532 Windows 7 Pro 64-Bit

This seems to be just an assertion. This does not necessarily mean it is true. Have you found any other sources which back this up. I found many which linked back to this same article, but are there any which have reached the same conclusion through analysis of the product itself? Thanks.
Your other post was deleted because of the racist content. Implying that something Chinese, or from any other source for that matter, must be bad will not be tolerated here. MC - Site Manager.
Thanks for providing this very helpful information. During my next re-write I will very likely be adding this AV to the article. It'll be interesting to see how it compares in tests. Thank you.
I'd be using it, if my internet was faster. To update 3 engines takes thrice as much time.

Few have commented on 360 Internet security and have told to wait until it is mature. I din't understand what it meant. I have already switched to 360 Internet security on my Windows 7(and also on my Android phone). Earlier I had Avast, AVG, Panda Cloud and Bitdefender. I liked 360 IS because it updates quickly. Also it doesn't install unwanted software during installation. I am also interested to know why it is not included in FREE AV list.

I will be considering this AV for my next re-write. Thanks.

Chiron how can we trust your review when many other sites rate Comodo very low and you stated that you are "a moderator on the Comodo forums" this seems to me to be a bias toward a product.

As a software developer i created 5 viruses for testing with and Comodo only detected 1 of them while BitDefender and avast detected all 5

How can you assure me that you are not biased

I absolutely understand your concern, and it is one which I would likely worry about for others as well. The difference between my approach towards rating these products and that utilized by other sites, is that I put protection first, and don't really care about detection unless it increases the protection. Most other sites put a premium on detection, which is not always a good indicator of the protection a product will offer. Comodo Antivirus does not have the best detection, and as you mentioned Avast and Bitdefender do tend to have better detection ratios than Comodo. However, that does not tell you everything you need to know about the security product. The main difference between Comodo Antivirus and the others in the list is that Comodo Antivirus utilizes a default-deny architecture, whereas the rest utilize a default-allow architecture. What this means is that with Comodo Antivirus any unknown application (which includes all malware not already detected) will be partially isolated from the rest of your computer. However, with a default-allow antivirus all unknown applications (which includes all malware not already detected) will be allowed to access your computer. Thus, I rank Comodo Antivirus higher than the others not because of detection, but because its ability to detect the user from real-world malware is much larger than the rest. Remember also that zero-day malware, which is what users should be most wary of, is not detected at very high rates. Thus, a default-deny architecture does provide significantly more protection, even though its detection rates may be lower. Of course, the downside to default-deny architecture is that the same isolation will be applied to legitimate programs which are not yet trusted by Comodo. Thus, the user will have to interact with it more than they would a default-allow program. This is why I mentioned that my top pick for advanced or intermediate users is Comodo Antivirus. This is because it requires some additional interaction. However, for those who do not want a piece of software which requires much interaction my top pick is Avast. I plan on making this distinction much clearer in my next re-write. I hope this explanation was helpful. If you still have questions I am more than happy to clarify/explain further. Thank you.

You have not given me any reason to think that you are not biased towards this product and only told me things i already knew about comodo and I even created one of my viruses to target programs that Comodo trusted, I was hoping it would still check these but didn't appear too, maybe there is a setting somewhere that I missed to make it check these programs if there is how do I turn it on ?

Also how can you not rate cleaning as important i don't want to have to install another program to do the clean up if i get infected, i put 20 viruses on my comp and Comodo wasn't able to clean them up for me where as even Norman got half them removed and it is well crap not worth the memory it takes up

Please do create a bug report for this vulnerability in this area: of the Comodo forums. I can then better evaluate this there and, if it does turn out to be a vulnerability, forward it to the Comodo devs for consideration. I believe that the architecture of any software intended to protect a computer is of utmost importance. Sadly, most free products which refer to themselves as Antiviruses do not utilize a default-deny architecture. If there are any others I am not aware of please do let me know. However, realize that this article ties my hands when it comes to products other than those which refer to themselves in the name as Antiviruses. As for cleaning, I considered including that in the comparison. However, the truth is that if a product has already allowed the system to be infected I would recommend using multiple products for cleaning. No one product can be trusted to entirely clean a computer. Therefore, I do not include cleaning because my main focus is on prevention of infection, not in cleaning an infection which is already there. Perhaps I should update the article to make this more clear. Thank you.
These types of comments hold no authority at all because absolutely no details are provided. This is the very reason why Wilders forum now disallows posts about home made "tests" because they are meaningless. Please provide details of the code you are referring to, how the tests were conducted and on what system using our site PM facility to so that Chiron can pass this on the the Comodo developers. Once this has been done, we will be able to respond here correctly, but not until. MC - Site Manager.
Sometimes I'm concerned about lab tests too. I mean AV-Comparitives doesn't test the free versions of AVG and Avira, and compares it against the free versions of Avast, Panda, Forticlient, Qihoo, which is an unfair comparison. Infact Avira came out first in the latest results, but they tested the IS version, not the free one.
Agreed, it is very frustrating. However, in order to try to introduce more impartiality to the review I stuck to using these reviews, which have stated methodology, and use only the results for the Free versions. Thus, I am not judging them with respect to each test, but over all three labs for the previous three times the Free version was tested. I also take into account AV architecture, meaning default-deny and default-allow, and use that in my recommendations. I use default-deny being higher, but less user-friendly. That is why Comodo AV is rated number one (as my main criteria is protection) but Avast is rated just after because of higher user-friendliness and detection rates. If you believe there is a better way to go about this please do let me know. I went through a lot of ideas before I came up with this one, but I also realize that there are issues with it. Thank you.
I've always been concerned about reliance on test results when choosing an antivirus solution but at least with the reputable labs you have access to the methodology. MC - Site Manager.