Best Free Internet Security Suites for Windows 10


  1. I’m so happy to see, here, that Comodo Internet Security (CIS) has been mentioned. It really is best-of-breed (though that was not always so) among the freeware security suites. Its learning curve remains a little steep, which it has always been, though less so now than ever in the past. It’s still not great, though. I wish Comodo would finally improve that. But sometimes tools which do a lot are necessarily less-than-easy-to-understand. Maybe that’s inescapble. I dunno.

    CIS’s firewall isn’t just good. It’s actually on-par, in independent testing, with top-of-the-line paid/commercial firewalls, such as the really excellent one that Kaspersky makes. Seriously. CIS need make no apologies to anyone for its firewall. If you don’t set it right, though, it will alarm too much, and so some tweaking may be required… and that’s part of where the learning curve comes in. There’s no question that CIS, in the hands of someone who’s completely clueless about how all this stuff works, may well not be the right tool. It all just depends on the user and the situation.

    CIS’s Hosts Intrusion Protection System (HIPS) is called “Defense+”. A HIPS’s job is to notice that a given piece of software has started to launch, and then stop it, dead in its tracks, before it can get far enough in the launch process to do any damage to the machine if it’s malware. Certain software program executable files are known to the HIPS component, and so it allows them to launch without a problem, and others the HIPS must be “taught” whether or not they’re safe. Defense+ was, in its early days, a little too over-protective; and it also wasn’t working from a very large database of known software out there. All that’s changed, however, and so Defense+ doesn’t alert quite as much as it used to; and it’s now easier to “train” it. And, boy-oh-boy does it ever work. Nothing gets past it. It, too, is best-of-breed.

    CIS’s anti-virus was one of its weakest parts for a long time, in part because it was still learning the best way to detect and alert, and also because its database of known malware hadn’t been sufficiently built-up yet. Comodo has done a great job of figuring all that out, and so the anti-virus compondent of CIS finally need make no (or at least few) apologies to anyone for how well it works. It can hold its own with, certainly, any of the freeware anti-virus tools; and probably most of the paid/commercial ones, too, truth be known. I now trust it completely.

    CIS’s anti-rootkit, anti-spyware, and anti-botnet are just a little bit too new to be quite that trustworthy. Oh, don’t get me wrong, they work. But I, for one, don’t let them carry the full load. I also use such as Malware Bytes and SuperAntiSpyware to augment; and also TrendMicro’s RUBotted (though I use that less and less, anymore); and also manual whole-system rootkit scanners like the one from TrendMicro and also the one from Kaspersky. I also use SysInternal’s Rootkit Revealer, but I don’t recommend that to anyone but a techie/geeky person like me ’cause ya’ kinda’ gotta’ know how to figure out what it’s telling you. In time, though (and if history is any indicator, it won’t be too awfully much longer), CIS’s anti-rootkit, anti-spyware and anti-botnet will be pretty close to fully up to the task. I doubt that I’ll ever stop using the above-named tools, though… just for grins.

    CIS’s sandbox is just so-so. It’s functional… I mean, it works, and everything… but it’s not really as capable as a specialst virtualizer like Sandboxie, or Virtual Box or VMWare. But it’s definitely useful if you need to isolate something in a pinch (which is really all it was ever intended to do, so I don’t actually know why I’m complaining). It works fine. But if you want a REAL sandbox, look elsewhere. I, frankly, just turn it off… but that’s just me.

    In case anyone’s interested, as long as we’re talking about all this, I augment CIS not only with the tools I’ve already herein mentioned, but also with…

    “Spyware Blaster” by Javacool Software. It’s important to understand what this does so you don’t have unreal expectations (and so get disappointed), or use it wrongly. Think of Spyware Blaster is an innoculation tool, not as a malware scanner or cleaner or anything like that. Yes, the pro (paid) version can be made to sit in the system tray and stuff, but even then it doesn’t so much as watch for things and then alarm about them, like a true piece of anti-malware software. Rather, all the pro version does, mostly, is keep itself constantly and automatically up-to-date, and then automatically re-innoculate the system. And by “innoculate,” all I mean is that Spyware Blaster has this list of known malware and how it affects certain system settings… particularly the registry. And so all it does, really, is do things to the registry that will render useless the malware it knows about, and against which it sort of “innoculated” the system. Simple as that. And, of course, its database is periodically updated however often Javacool does it… at least monthly, usually more often. So I always prescribe that a person just download and install the freeware version, and manually “innoculate” the machine at least monthly. And by “innoculate,” I just mean launching Spyware Blaster, then updating its database, then applying its database to all your browsers (Spyware Blaster senses which ones you have), and then closing Spyware Blaster. That’s it. Nothing more. It’s a cool and very useful tool, but people sometimes have trouble figuring out exactly what it does. Again, just think of it as like going to the doctor and getting a shot to protect you from whatever bad stuff is out there. That’s all it really does. Er… well…actually it does some other stuff, but don’t use any of it. It’ll just confuse things. Use only the anti-malware “innoculation” capability, at least monthly, and that’s it.

    McAfee SiteAdvisor. Installs as a browser plugin, and once properly configured, watches out for web sites it knows are dangerous, and warns you if you try to access them. And boy-oh-boy, is SiteAdvisor’s list of what’s good and what bad out there ever accurate and up-to-date and HUGE! SiteAdvisor will also put little green, yellow or red dots next to each search engine result (about which its database has information; if it doesn’t, then the dot is gray) to give you a little heads-up as to which of said search engine results should probably not be clicked on. And the meanings of green, yellow and red are obvious… like a stoplight in traffic. SiteAdvisor’s nearest direct competitor would probably be “Web of Trust” (WOT), but I, for one, don’t really like WOT because whether it says a site is any good is largely by the popular vote, in effect, of its vast body of users. I don’t know about anyone else, but I’d prefer that I be advised about a web site’s safety based on scans of it by McAfee’s servers. We all love to hate McAfee because its anti-virus comes on a lot of computers, from the factory; and once our free usage of it has expired, it pesters us to purchase an update subscription. And so most of us turn it off or uninstall it as part of the routine bloatware removal that most of us do to our new machines. But McAfee’s malware detection capabilities are nevertheless second-to-none; and so if its SiteAdvisor tells me to stay away from a web site, I bygod do (either that or only visit it in a sandbox). McAfee’s servers are constantly scanning, scanning, scanning, so the list of sites it knows about gets bigger by the minute… bigger, for a long time, now, than WOT’s database. I, for one, wouldn’t operate a browser without it… but, hey… that’s just me.

    Of course I use the expected Ad-Block-Plus. Who doesn’t. But I’m careful what database I let it use. I, personally, prefer EasyList… both the general one, and, because I chiefly use a Chromium-based browser, I also let Ad-Blocker-Plus use the EasyList database expressly for Chrome users.

    I also use’s DO-NOT-TRACK-PLUS! Yikes! What a cool tool. It’s really excellent… and, like everything else I’ve herein listed, it’s free, of course. I could not more highly recommend it… though, that said, I notice that when installed into Internet Explorer 9, it kinda’ goofed with the browser’s ability to login to certain web sites… DELL’s site, specifically. However, since I’ve now moved nearly exclusively to the use of SRWare’s IRON portable browser (the best-of-breed Chrome alternative out there), IE9 is moot. I use IE9, now, only when I absolutely have to… which is darned rarely.

    I also use a HOSTS file… and I gotta’ tell ya’: You would not believe how useful it is, and how well it protects. Yikes, yet again! The trick, though, is to use only certain of the available pre-configure, freely-downloadable HOSTS files out there; and to also use the proper freeware utility to manage them. I’ve tried them all and, trust me, the freeware “HostsMan” by AbelhaDigital has no rival. Seriously: Trust me. Look no further. It not only sits in the system tray and helps you manage the HOSTS file, and keeps up-to-date whichever ones out there that you choose to use; but it also — and this is just way cool — has a little companion web server (just a tiny little thing… uses almost no memory) sitting in the system tray (or “Notification Area,” as Microsoft now wants us to call it… oy) and serves-up a little 2×2-pixel transparent .GIF in place of any ad server (or other) web page which would have shown-up (probably as advertising) on whatever page you’re visiting, had you not been using HostsMan. Is that cool, or what? Until you see it, though, you may not appreciate it. If the web page is properly designed, with DIVS and CSS as its means of creating the little boxed areas where advertising normally appears, then said little boxed areas will just close down around the little 2×2-pixel transparent .GIF and so almost literally disappears off the page. It’s incredible! I just love it. I recommend using, as your HOSTS file, “Peter Lowes AdServers List” plus only the “Ad and tracking servers” list from “hpHOSTS,” and then, lastly the full HOSTS file from “MVPS Hosts”… and just letting HostsMan keep ’em constantly up-to-date. Beyond that all you have to learn how to do is use HostsMan to either add blocked sites to the exclusion list if you really want to be able to get at ’em; and add sites to the HOSTS file if you want to block ’em… both manual processes. After so doing, you also need to remember to manually flush the DNS cache (through HostsMan), too. You should also never allow HostsMan to “optimize” the HOSTS file, because it just puts like five to eight web sites on a line in the file, which makes it very difficult to findand edit stuff if you ever need to. And, finally, you should configure HostsMan to only merge updated HOSTS files into the existing one, rather than overwrite it; else any additions or exclusions you make between updates will just be lost.

    These all-freeware tools that I’ve herein listed combine, on my machine, to become a sort of pseudo-suite of defenses which, I kid you not, so works that, honestly, nothing bad has gotten through to my machine in literally years. And I mean NOTHING.

    And not just any other tools will do, by the way. My not including such as, for example, the venerable “Spybot Search & Destroy” or Lavasoft’s “Ad-Aware.” Both of those were king-of-the-hill once… but no longer. SuperAntiSpyware is better than either of them, especially of augmented by Malware Bytes. Malware Bytes, in fact, now has the best “zero day” detection — in other words, the best ability to detect malware that’s so new that it’s not even in any of the big anti-malware companies’ databases yet — among even paid/commercial apps of its type. Its database of malware is smaller than SuperAntiSpyware’s, but it can actually sometimes detect ever bit as much stuff as SuperAntiSpyware because it’s so capable of determining that something’s probably malware, even if it’s not quite sure exactly what kind. That used to be Norton AntiVirus’s big parlor trick, but other anti-malware has since caught-up.

    So don’t assume you can substitute anything. My list is what it is. Change any of it, or don’t use it like you should, and all bets are off.

    Let CIS, HostMan, SiteAdvisor, Ad-Block-Plus, and Do-Not-Track-Plus just sit there and do their thing. Then use Spyware Blaster to manually update and then “innoculate” at least monthly. Then do weekly, manual whole-system scans for malware using both Malware Bytes and then SuperAntiSpyware… probably in that order.

    If you want to make their jobs easier, then use something like cCleaner, or Comodo System Cleaner, or Glary’s system cleaning tools to remove as much crap from the machine as possible, including scanning the registry and removing bad stuff therefrom; and then use either Glary’s registry optimizer, or an old but superior freeware tool called “NTRegOpt” to optimze the registry. Always do those things just before you do the weekly manual whole-system scans, and the scanners won’t have to scan so much stuff, and so will finish faster. You may still need to start the scans and go to bed and just let ’em scan all night, though, ’cause if you’ve got a lot of stuff on your hard drive, it can take HOURS.

    Finally, at least four times a year, let the freeware version of PURAN DEFRAG have its way with your hard drive. You could do it weekly, whenever you do the whole-system scans, but that’s probably too unnecessarily often. Every two to three months is usually often enough, no matter WHAT disk defragging software companies claim. And while you can, of course, use whatever defragger you want, trust me when I tell you that most of them are worthless. In independent testing every couple of years by a guy in South Africa whose name I can’t remember, all of a sudden; but who’s very credible (and who’s well-known as a shaker and mover in the anti-spam world) the hands-down best and most effective defragger is a paid/commercial one called “Raxco Perfect Disk.” The paid/commercial defragger that comes the closest (and, seriously, it comes really close) to being as effective as Raxco is the paid/commercial version of PURAN DEFRAG; but, honestly, the little freeware version of PURAN is just as good if all you want to do is a manual every-once-in-a-while overnight defragging, while you sleep (which is what I recommend). I’ve tried most other defraggers; and I also read, very carefully, the South African guy’s findings. The bottom line is that if you can pay for a defragger, then get Raxco; else use the freeware PURAN DEFRAG. Simple as that.

    I’d add that a bi-monthly (that’s every two months, for those who confuse that term with “semi-monthly”) use of SysInternals “Page Defrag” couldn’t hurt. In fact… oy… hate to explain all this, but… Page Defrag can actually be used instead of NTRegOpt’s registry optimization…

    …but the thing is, NTRegOpt is just superior at that. Glary’s okay at cleaning the registry (that is, removing stuff from it that doesn’t belong), but nothing defrags/optimizes the registry like NTRegOpt. Nothing. And that’s because NTRegOpt doesn’t even try to defrag it in the same manner as does a disk defragger. Instead, NTRegOpt makes a whole new copy of the registry with all its parts all continguous on the disk, in one big block; and then NTRegOpt tells the system to use the new and defragged/optimized registry, and not the old fragmented one, when the system restarts. Can’t beat THAT method!

    But SysInternals “Page Defrag” also specialist-defrags/optimizes the paging file… which is kinda’ tricky, if you want to do it truly right. PURAN DEFRAG tries, and does okay at it, but it’s nothing like how SysInternals “Page Defrag” defrags the paging (memory swap) file. Sadly, Page Defrag defrags the registry, too; and it’s NTRegOpt with does the best job of that! And there’s no command line switch, or configuration item in Page Defrag’s GUI which allows one to tell it to defrag the paging file, but not the registry. Ugh! What to do, what to do.

    My advice to most people is just not worry about it; just never use Page Defrag, and just let PURAN defrag the paging file as best it can, and that’s good enough. And, actually, most of the time, it is. So maybe I shouldn’t have even brought it up.

    That said, I figure out a way to use Page Defrag at least every once in a while… even if it means running it just to defrag the paging file, and then running NTRegOpt to undo the way Page Defrag defrags the registry, and then to do it properly. That’s probably the best way…

    …but at some point this should all be EASY, forgodsake… right? [grin]

    I’d love to tell you that there’s just one really cool freeware product out there that does it all, and does it well…

    …but then I’d be lying. Sorry. Computers are what they are; and they’re chiefly a pain in the rear to properly (and that’s the operative word) maintain.

    Such is life.

    Hope that helps!

    Gregg L. DesElms
    Napa, California USA
    gregg at greggdeselms dot com

  2. Out of these, I think CIS is best out there because it has cloud protection, very strong antimalware , sandbox, powerful HIPS and firewall. Also CIS 6 beta is coming out in this August which includes some exciting new features like killswitch integration, file reputation, create comodo rescue disk and many more.

    Outpost has too very powerful HIPS and firewall but its antimalware engine(which is virusbuster’s engine) is not too great.

    I had heard about FortClient Lite but i didn’t know that it has firewall too. So I think I will check it out again.

    By the way, there is another free internet security named, Roboscan Internet Security Free, it uses Bitdefender and its own Tera engine. Its like having free version of Bitdefender. You can check it out here:

    Edit: I did posted comment earlier but it didn’t get publish. So i posted comment again. Sorry if it is posted twice. Thanks

  3. Glad I use Linux–never have had a problem for years, and never have had to deal with the long lists of programs to keep Windows safe. Linux was sort of a pain earlier in my life, but now that Windows Live is out along with Google Docs and Zoho, I’m not missing anything that I, personally, need. Wow! Good luck Windows users–sound like more time is spent protecting the dang thing than running it.

  4. Comodo is ok, it’s just that the some of the Comodo company drama makes me stay away from the product. Outpost uses the VirusBuster engine/signatures which are very average. Roboscan probably has the best antivirus engine around. And Forticlient has been testing better the last year or so. I think one product to keep an eye on is the recently released free ZoneAlarm antivirus/firewall. The av is powered by Kaspersky and there’s not as many frivolous ads and shenanigans as CheckPoint usually releases. Personally I think Avast free av, Sandboxie and the built in Windows firewall is the best combo available (along with a few other programs like WOT and scanners Hitman Pro and Malwarebytes).

  5. I have tried comodo and roboscan and I got to say roboscan is very good light and quick on picking up viruses and to be honest the only ad that you get from them is to upgrade to the pro and I really dont minde it at all. The differents between the free and pro are only 2 things reg scanner and a temp file cleaner anf for those things you can get free easy. so for me I would go with roboscan

  6. We don’t delete comments. It landed in Disqus Spam list. After seeing your comment I checked, and found many there. Unspammed the genuine ones.

  7. Thanks Gregg for the great reply…although I had to check once or twice to see if I had accidentally started another article…epic post my man. I have to agree that Comodo hasn’t received much respect in the past or lately, but their new suites of apps and security tools are quite impressive and do the job all the way around. From Comodo Dragon to Comodo Ice Dragon…the Chrome and Firefox variants from Comodo that while fast have built in security via DNS and other tweaks to the browsers. I am a big fan of Comodo System Utilities and Internet Security and glad to see them mentioned on The Windows Club. The point is…anyone that has used Comodo in the past and wrote them off…you might want to recheck what they offer…you might be surprised. Great Article…Great Gregg comment…thanks to ya both.

  8. I end up Baidu AV, its fast scanning of USB, there’s cloud scanning,Baidu av engine and Avira av engine. And its free no ads at all.


  10. Linux (VM or physical) for my online banking. No solution is perfect but should be better than browsing the web using Windows. As per AV products Avast used to be my top pick, but it just uses too many resources. Currently testing Qihoo on a Win10 VM.

  11. I use both systems for work, it’s actually not that bad on Windows. The main problem as usual sits in front of the pc. Being a little careful would be enough, but apparently it’s often too much.

  12. Can’t the dupes be removed by the Admin? especially when pointed out by the poster.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 9 =