There are numerous antimalware products that can protect you from the latest viruses, spyware, and other online threats. But when it comes to open-source antivirus software, the field is much more limited. Why?
There are only a few actively maintained open-source antivirus projects. ClamAV is the best FOSS download for Windows, Mac, and Linux. Other projects incorporate the ClamAV engine, which is generally less capable than its commercial counterparts. Open source antivirus for smartphones is also rare.
I researched the statuses of various antivirus software offerings that are truly open source or used open-source components. We established a few criteria when deciding on what to recommend.
Antivirus Software Must Be Kept Updated
Threat actors (the bad guys) release new and creative exploits regularly. Some of the malicious software targets computers in large numbers. It’s critical for antivirus software to be kept updated. Without periodic updates, antivirus protection may not detect the latest viruses.
Over the years, many open-source projects have attempted to tackle virus detection, but many of the projects are now dormant and un-maintained. I excluded the following projects due to their inability to address newfound threats.
Moon Secure Antivirus
The latest release of Moon Secure Antivirus is dated September 24, 2016.
Even though the program uses the ClamAV engine, it hasn’t been updated recently and can’t combat newly developed computer viruses.
The last virus definitions for OpenAntivirus is dated May 30, 2004. Definition-based antivirus cannot protect your computer unless the fingerprint of known viruses is well-maintained.
I had high hopes for this standalone virus scanner as a market competitor to ClamAV.
The last source code commit was on September 12, 2017. The development team has abandoned Armadillo, so I cannot recommend using the antivirus.
On page 48 of SonicWall’s report, they found that more than 268,000 new viruses were identified in 2020, a trend that is increasing annually.
As mentioned earlier, signature-based threat detection requires stringent updates. Unfortunately, there are no free and open-source software (FOSS) antivirus programs employing a heuristic engine for virus protection.
Heuristic virus detection looks at previously-discovered virus signatures. These definitions guide an algorithm to identify the behavioral patterns of undiscovered viruses. This type of detection is complicated and often requires dedicated and focused engineering teams.
Supports your computer or mobile operating system
Before downloading a FOSS antivirus program, check if the open-source antivirus program can protect your operating system (OS). If your computer or mobile operating system is not listed, it’s incompatible.
Cybercriminals create sophisticated malware such as spyware, ransomware, viruses, and worms targeting the functionality of specific devices. Your antivirus program must be designed for your devices’ OS and tailor-made to suit its computing behaviors.
Some open-source antivirus programs such as ClamAV are cross-platform. They can work for Windows, Linux, and macOS. Others are specific and only available to particular platforms.
However, the leading open-source antivirus project is used in several downstream projects.
ClamAV is the best open-source antivirus program that is currently well maintained. It detects various malware and viruses using via signature-based detection. In fact, the project’s definitions are updated every four hours.
ClamAV runs across multiple operating systems such as Windows, macOS, Solaris, and various Linux distributions. It also offers a command-line interface on these platforms.
While detection using a virus definition is less effective, the methodology is lighter on resources. This AV option won’t slow down your computer while providing reliable malware protection.
History & Ownership
ClamAV was created by five developers and later was acquired by Sourcefire on August 17, 2007. The developers joined the Sourcefire Vulnerability Research team.
In July 2013, Cisco acquired Sourcefire, and the research team became part of Cisco.
Activity & Technology Used
ClamAV is written in C, C++, Assembly, Python, CMake, Yacc, etc. 85.5% is written in C language. 9.6% of the code is C++, CMake occupied 1.9% of the code while Python, Assembly, Yacc, and others were 0.8%, 0.9%, 0.4%, and 0.9%.
These are battle-tested programming languages.
Effectiveness & Shortcomings
ClamAV detects viruses by comparing scan results to a list of malware definitions or signatures.
Like law enforcement uses a known database of criminal fingerprints, ClamAV identifies malware by comparing computer files to its virus database.
Signatures-based detection applies a pattern to the file being scanned. If there’s a fit, ClamAV reports a “positive result.” If the file is malicious, it is known as “true positive.” If the suspect file is not a virus, this is considered a “false positive.”
ClamAV works well on Windows and Linux. It detected the second stage payload of CCleaner 5.33 malware before other programs.
ClamAV is not a full-featured antivirus and, like many computer security applications, has its own list of unique vulnerabilities.
ClamWin is a suitable open-source antivirus for Windows. ClamWin Pty Ltd produces the software.
It uses the ClamAV engine for antivirus definitions, and it comes under the GNU General Public License. The program detects viruses & spyware and removes malicious threats effectively.
ClamWin offers automatic updates, scanning, scan scheduling, and a Microsoft Outlook add-in. It also has plugins for Firefox capable of scanning downloaded files. There are other plugins that you can use to download and scan files using ClamWin.
85.8% of ClamWin’s code is written in Python, while C++, Inno Setup, and other programming languages make up 9.1%, 4.8%, and 0.3%. Presently, ClamWin has two primary contributors listed on the source code repository.
However, ClamWin doesn’t support real-time file scanning. You have to initiate the function manually or via a schedule. Also, the scan is slow, but the detection rate is better.
ClamWin is the Windows front-end for ClamAV. If you aim to protect devices running on Windows, it’s best to use ClamWin. Also, ClamWin is a little more user-friendly than its parent, ClamAV.
LibreAV is a free anti-malware program for Android devices. Built using TensorFlow, the app leverages machine learning to detect malware, especially in other applications. The program scans the application within seconds whenever a new app is installed or updated.
Initially published by Project Matris on September 22, 2020, the latest version of this antivirus supports Android versions back to version 4.1. Its source code is released under the GNU GPLv3 license, meaning that anybody can download and modify it.
The program aims to detect malware in every Android device and is offered without featuring ads or hidden charges.
Android devices often get malware infections through the apps downloaded from different platforms. Malicious apps even sneak into the official Google Play Store undetected. So, LibreAV is an excellent way to detect and eliminate such malware-infected apps.
The program doesn’t slow down your smartphone or reduce performance. However, it may increase your device’s battery consumption.
Side Note: If your phone’s battery is draining, check out these 15 FAQs, along with a list of the best smartphones based on their battery beefiness.
I suggest getting LibreAV via the F-Droid
- Download and install F-Droid using their official instructions.
- Within the F-Droid app, search LibreAV.
- After installation, launch LibreAV to finish the installation and familiarize yourself with the app.
For advanced Android users, you can download the official APK from the GitHub repository releases list and side-load the APK. This method is not secure, and you won’t be notified of new releases.
Other Antivirus Leveraging Open Source Code
Many antimalware programs on the market leverage open-source code or components.
Some of the programs using FOSS include
While many of the programs responsibly document their use of open-source code, others don’t.
One of the commendable projects that disclose its use of open source code is Bitdefender. The company lists and credits the open-source components used in its enterprise products.
Other projects that use open source code are not as transparent as Bitdefender in disclosing this information.
Is separate antivirus needed?
In general, separate antivirus software is unnecessary for most modern operating systems. Windows includes a malware program, while macOS and Linux are hardened by nature. Android devices are more susceptible to viruses than iOS, but users with risky online activities may consider adding antivirus.
Novice or inexperienced users or users performing higher-risk activities online might consider installing one of these best antivirus programs:
Best Free, Closed-Source Antivirus
Bitdefender is a cloud-based program that doesn’t interfere with your activities. It is easy to use and protects you from phishing websites, malware infections, rootkits, and adware.
This is the antimalware program I install for my family members who are not tech-savvy.
Kaspersky has a free antivirus that offers just the essential real-time malware security. The company encourages users to upgrade for more comprehensive protection.
Avira is one of the best free antivirus programs for Windows, Mac, Android, and iOS. It offers the essentials in its free, ad-supported product.