Four antivirus programs depth-charge viruses before they can infect

These virus detectors each have speed, simplicity, intuition and tools

Antivirus programs used to be judged by how many viruses they could detect. That's no longer the case. Nowadays any vendor that is receiving suspect files from users on a daily basis can keep its virus definitions up to date.

Product differences lie in the efficiency of the scanning engines and the ease of the interfaces. Some products take a guide-users-by-the-hand approach. Others give users greater control but also a bigger risk of getting lost.

I tested four antivirus programs on a 2-GHz Pentium 4 system with 512M of RAM, Microsoft Windows XP and a T1 Internet connection. I put each product through the same four procedures: installation, download of updates, scanning, then removal.

As each product was installed and uninstalled in turn, the total number of files in a full drive scan would vary slightly. So, to compare scanning speed and efficiency accurately, I created a 1,795-file test folder with virtually every kind of file extension.

Hide and seek

It wouldn't be an antivirus test without viruses. To fill the bill, I downloaded test viruses from neutral organizations on the Internet and hid three in different places in my test folder: right up front, several folders deep and inside a zipped file.

I'm happy to report that all four products found all three viruses, and all claimed to scan the 1,795 files in the folder. There were minor philosophical differences between programs as to whether the single file inside the zipped file should be counted in addition to the zipped file itself.

Some products required registration at installation or at update, and total installation time reflected how long I spent filling out the electronic forms. A lengthy update might only mean a particular program came out in advance of a significant engine upgrade. So I gave that statistic less weight.

A day's work

The intervals between new versions of each program's virus definition list also varied depending on when new viruses were discovered. I tested all four products on the same day. Showing how many days old the definitions were indicated how often they might be updated, so I included that figure in the table.

One thing a user seldom has to think about is how efficiently a program uninstalls itself. As near as I could tell, all four antivirus programs uninstalled cleanly. Windows XP told me its registry health was unaffected. Each departing program did leave about the same hard drive capacity free as before its installation.

When I saw that Panda Software's Antivirus Titanium uses 'Titanium technology,' I didn't know what to expect. Usually that sort of nebulous claim means not to expect too much, but in Panda's case I should have expected the best, because that's what I got.

When I popped in the CD-ROM, the first screen indicated support for 19 languages. After I chose English, I had to wait for a Macromedia Flash-driven menu to load before I could begin installation. Even so, the Panda product clocked no more installation time than the rest of the bunch.

Although the interface permitted a full scan of all hard drives with a single mouse click, it was a bit more difficult to scan a single folder or specific drives or files. I had to click the not-quite-intuitive Other Items button, then choose the type of object to scan.

Once I got to the right window and started the scan, Panda shone. It ran up to three times faster than the others. Speed was mostly responsible for Panda's high marks, and the price couldn't be beat short of going to unsupported freeware, which is a risky business where viruses are involved.

Panda's default action after discovering a virus'what it does when you click OK in the popup window'is to rename the virus file as filename_extension.vir. The virus can't run effectively with that extension, so it's not a danger unless its name is changed back manually. But the file itself remains pretty much unaltered and lingers as a threat unless you tell the program to delete it.

Trend Micro's PC-cillin 2002 was the only product whose serial number had to be entered manually'and I had to register online to get a license key code, which also had to be entered before I could receive any updates. It wasn't the most painful process in the world, but I don't understand the necessity of the license key.

Fast and easy

Once that was over, however, I found PC-cillin incredibly easy to use. Its directory tree let me quickly select specific folders or files to scan. It automatically quarantined the virus files and showed a list of them to be dealt with at my convenience.

Overall, PC-cillin had the easiest scanning and scheduling. It also clocked the second-fastest scan time.

Network Associates' McAfee VirusScan 6.0 had a solid engine that found all the viruses slowly but steadily. At 50 seconds, however, it was the slowest of the four.

The update process was somewhat daunting. When I pressed the Update button, I was first directed to a long registration page and then on to another page where I had to track down the update file and download it. That explains the lengthy update time.

An inexperienced user might have real trouble finding the right file to download.

It's possible that when I dealt with the registration form, I was dropped out of whatever automatic process should have gone on, because the second time I clicked Update it proceeded automatically. Of course, there was nothing more to update by then.

Some style

McAfee's interface was the best-looking and most intuitive of the four. The colors didn't clash and the button placement felt right. The shrink-wrapped VirusScan box also included a firewall product'an extra value.

Symantec's Norton AntiVirus Corporate Edition 7.6 automatically took control of the scan, quarantining and cleaning or deleting files without being told. Generally that's good, but some users want more choice about what goes on in their systems.

The great thing about Norton AntiVirus was that, like all Symantec products, it had a Live Update function.

Live Update is one of the best update programs around, and it refreshes all Symantec products installed on the PC at the same time. But Symantec is famous for bundling products so that it's difficult to install just one desired program.

A bit proprietary

The Norton AntiVirus Corporate Edition included System Center, whose job is to keep track of all Symantec software installed. That might be handy if a user has several Symantec products, but it's superfluous for only one.

The Corporate Edition comes only in license packs of five or more, so I calculated one-fifth of the five-pack's list price for comparison purposes.

Each of these products excels in some area, and each has shortcomings. For lightning-fast scans, Panda is the obvious choice. For simplicity, PC-cillin is the way to go. McAfee has the most intuitive interface. And Norton puts a suite of programs at your disposal for a slightly higher price.

Any computer without virus protection today is an accident waiting to happen, and prevention is the only sensible way to go. If you don't already have an antivirus program installed, get one right now.

Greg Crowe is a free-lance software reviewer in Sterling, Va.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above