Five bug killers show their stuff

Where these antivirus applications differ is in how many potentially dangerous files they overlook during a scan

If computer classes were taught in kindergarten, the three rules of computer safety would be: Always back up your data, never open e-mail from strangers and always keep antivirus software running.

Antivirus applications are the first line of defense in case you open a malicious e-mail or Web site. They continuously scan the operating system looking for suspicious activity, such as a program that tries to access e-mail or the Internet on its own. But antivirus programs differ greatly in how they deal with a discovered virus.

Some programs halt every operation, notify the user and wait for instructions. Others automatically quarantine, clean or delete suspicious files.

The GCN Lab tested five end-user antivirus applications, not the enterprise variety. One previous participant, Panda Software Inc., was unable to meet our deadline.

The reason we concentrated on end-user products is that most government offices are now safe behind network firewalls. But teleworkers with home PCs or mobile users who carry notebook computers for both work and leisure are still very much at risk.

Without antivirus protection, they endanger not only their local data but also their office networks when they synchronize after a trip or unknowingly transfer corrupt data from home.

Good antivirus software should detect and stop hidden viruses. To get a passing grade, each reviewed product had to defeat everything we could throw at it from the lab's bug zoo. We also looked for effortless installation that didn't require a computer science degree.

We measured the strength of each product's scanning engine by calculating how fast each could examine our test machine, a 1.6-GHz Pentium M notebook with 512M of RAM.

Keeping busy travelers in mind, we also checked to see how fast a 56-Kbps modem could download the products and their antivirus updates from the vendors' Web sites.

Finally, we factored in price, cleanliness of software removal and quality of each company's Web site.

Detailed reports

Vexira Antivirus from Central Command Inc. scanned 32,625 files on the notebook in about 15 minutes'above average. Even better, its scanning report clearly described the number of files and folders analyzed as well as machine status.

But software installation wasn't as logical as the scanning report. The license key, required for the software to operate, required manual search and retrieval before it could be entered.

Central Command should provide an option to search the hard drive's contents for the key. That would be a big help for beginners who download the software from the Web.

Another area of confusion was an instruction about removing the update button from the main menu. The button connects the user to Central Command's Web site for the latest virus alerts and definitions.

Although removal might be useful, presenting it by default during installation was confusing'even dangerous.

Updating the software was quick and easy, however. It took a little more than 7 minutes to download a 1M file with one click.

Unlike the other products in the review, Vexira didn't guide the user smoothly to the important functions but rather hid them in a maze of buttons, tabs and icons. Another negative was that Vexira failed to detect a Visual Basic script we used in testing.

The script installed a series of .vbs files on the hard drive. It wasn't technically a virus because it didn't alter any files on the PC or harm the OS, but it did have virus attributes. If it were a virus, it could grow undetected by Vexira and eventually fill up storage.

Central Command's Web site was not as well-designed and easy to navigate as those of the other antivirus vendors.

Trend Micro Inc.'s PC-cillin 2003 Web site in contrast looked dynamic and was easier to navigate. We easily located virus attack news and fixes.

Although PC-cillin could protect handheld and wireless devices as well as PCs, it had its problems. Like the Web site, PC-cillin was logically constructed and simple to use. Navigation of both interfaces was organized by five tabs.

The default configuration, Standard, showed system status adjacent to the tab. From there we could tab to Scan All Drives or Update Now.

The scanning engine detected 27,063 files in 9 minutes, 2 seconds'not very long. Unfortunately the scanning log disappeared as soon as we clicked OK after the scan.

A 56-Kbps download took 25 minutes, 40 seconds to update the software, longer than for any other program in the review.

Like the other products, PC-cillin thwarted every virus in the lab's zoo. But, like Vexira, it failed to stop our executable .vbs file that planted other files on the hard drive.

Ultimately, however, PC-cillin has taken good steps in the right direction. Now that more and more handhelds are connecting wirelessly and use of IEEE 802.11b PC Cards is rising, viruses are beginning to enter through those ports. It's good to see an antivirus vendor bundling wireless features with the basic package, which Trend Micro sells for $49.95.

Fast scan

ViRobot Expert 4.0 from Global Hauri Inc. had a logically constructed and easy-to-use Web site. We downloaded 6.3M in 19 minutes on the 56-Kbps test. That's not bad considering the connection.

ViRobot's full scan, however, found only 26,930 files, which it completed in a record 5 minutes, 51 seconds. I would have liked the scan to look at more data, but the engine speed was impressive.

Another plus was ViRobot's comprehensive postscan report, which gave the time covered by the scan and named any infected, deleted or excluded files or folders.

ViRobot missed the .vbs script. And it had the most difficult uninstall in the review. Even though getting to the uninstall menu took only two clicks, three of ViRobot's files weren't removable. A user would have to either ignore the files or cancel the uninstall.

Despite ViRobot's fast scanning engine and easy interface, the missed script and leftover files were significant enough to downgrade the app to a C+.

Network Associates Technology Inc.'s McAfee VirusScan 7.0 was a good antivirus program with below-average scan and download speeds.

It stopped every bug we threw at it, including the .vbs script, and it was the easiest of all to register and install.

During the update, however, I learned why setup was so easy'most of the operational files had to be downloaded from the Internet. It took more than 40 minutes to complete the update and download 50 files over a 56-Kbps connection.

If you choose McAfee for telework and don't have broadband access at home, take your notebook PC to the agency and update it there to save time.

A full scan wasn't fast, either. McAfee initially found only 27,178 files in 19 minutes, about half as many files as the Norton product checked, and in twice the time.

But McAfee got better at doing its job the more we used it. Hawk, a program in VirusScan that monitors the OS for viruses, continuously scans for new files. By the next day, the number of scanned files surpassed 33,000. Although the McAfee site was more informative than Symantec's, as mentioned below, it still wasn't as good as the other vendors'. At first glance, it resembled an online store rather than a virus control center.

McAfee's Start menu had no uninstall feature, which would force users to uninstall through the Microsoft Windows Control Panel.

The $50 price was a little high, although a firewall was included. Temporary rebates push the price below $30.

More thorough

Symantec Corp.'s Norton AntiVirus 2003, perhaps the best-known commercial product in the review, had a well-constructed interface and was easy to install and use.

A full scan took more than twice as long as with PC-cillin 2003, but the scan covered 59,306 files'32,423 more than Trend Micro's product.

The reason for the discrepancy, some would say, is that Trend Micro doesn't scan .txt, .jpg or .doc files that don't contain any deadly viruses.

Our test PC, however, had at most 1,000 such immune files, not 32,000.

Norton, like PC-cillin, found all the virus files and defused them. It also immediately found the in-house .vbs files and offered the options of keeping them, authorizing or quarantining the script, or stopping the script completely.

Unlike PC-cillin, Norton required a reboot after installation. But it more than made up for the extra time in the initial system download and update, which broke the speed record in 9 minutes, 30 seconds'16 minutes faster than PC-cillin. Navigation also was easier and, at $29.95, Norton was less expensive and uninstalled just as easily as PC-cillin.

Despite the fact that all the products detected and stopped our zoo viruses, most lacked some other important attribute such as easy use. Vendors should take note and make their Web sites as navigable as their software.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above