Bring in big guns for virus eradication -
- By Jason z_rne
- Jul 14, 1997
How about a minute and a half a day?
That's the time it takes to do daily virus scanning of executable files. There's no
need to remember to scan, because most programs can be set up to execute automatic scans.
The GCN Lab staff took a look at five anti-virus programs designed for end users to run
under Microsoft Windows 95. We tested the programs on a Hewlett-Packard Co. Vectra VL
166-MHz Pentium PC with a 1.2G hard drive.
We declined to be pulled into the arms race being waged by anti-virus vendors over how
many strains each company's product can find; anti-virus companies come up with their
numbers in different ways.
Viruses usually are classified by what they attack, such as boot-sector or Microsoft
Word macro viruses. Under each classification are families of viruses. Then there are
versions of viruses with the same name or basic code.
Because virus programmers like to share their source code, other hackers can easily
take a building block they like and fit it to their own ends. Sounds like truly
object-oriented programming, doesn't it?
Each anti-virus company classifies viruses differently at the family level on down,
which determines the number of viruses each claims to guard against. Of about 11,000
strains, there are close to 400 viruses in the wild.
When a package is NCSA-certified, the National Computer Security Association has
confirmed that it protects against these common viruses.
All the packages we tested are NCSA-certified, except for the newly released Dr.
Solomon's Anti-Virus Release 7.69. However, other Dr. Solomon's software with the same
virus detection engine is certified, so it is likely just a matter of time.
Most anti-virus reviews entail loading a test machine with thousands of viruses, then
turning the software loose on it. But most users will never encounter a machine with more
than one virus at a time, so GCN's lab team considers this testing procedure irrelevant.
The lab instead came up with various grading criteria. The biggest factor from the end
user's viewpoint is not how many viruses a package can catch but how easy it is to use.
Let's face it: A product might capture all the viruses in the world, but if it's
frustrating to use, it might as well not even be there. So usability played the biggest
role in grading.
The lab staff often hears complaints about how much time virus scans take. A package
should not take most of the morning to finish. So scanning time was important, too.
Anti-virus programs detect viruses by means of information profiles. The vendors
release updates of these files as new viruses are discovered, so it is vital that upgrades
are easy to get. This was another testing criterion.
Finally, we checked how well the programs did in fact stop viruses. We loaded common
viruses, one at a time, and ran the programs against each one.
We tried many types, and not a single virus was missed by any package.
We could have tripped up the candidates by throwing exotic or rare viruses against
them, but we didn't think that would coincide with most government desktop users'
If an office is at risk for rare viruses, it's important to install a stringent
anti-virus scanner at the firewall or server level and not leave things up to desktop
So how did the packages fare? The lab named one package its Reviewer's Choice and gave
one honorable mention. The Reviewer's Choice goes to Symantec Corp.'s Norton AntiVirus,
the honorable mention to Command Software Systems Inc.'s F-Prot Professional.
These two products combined power and speed with easy interfaces. The one mark against
F-Prot is that new virus profiles, though accessible via the World Wide Web, don't
automatically update the software as they do with Norton AntiVirus and with McAfee
Associates Inc.'s VirusScan.
Dr. Solomon's Anti-Virus 7.69 comes with Windows 3.x and Windows 95 versions in the
same box-a nice touch. Dr. Solomon's Software Inc. produced the Dr. Solomon's Anti-Virus
Toolkit for years before recently releasing Anti-Virus 7.69.
This pared-down version of the tool kit is somewhat limiting. In executable file
testing, we timed the scanning of five file types: .exe, .com, *.dll, *.do? and *.xl?. Dr.
Solomon's was the only program not flexible enough to look only at the desired files.
In other areas, the package performed well and was easy to use. We were a little
puzzled at the separation of the scan and disinfect features. When the virus scanner finds
a virus, the program goes into repair mode, rescans the disk and repairs the file. With
some other programs, repair can be done on the fly.
Dr. Solomon's does get points for updating its virus profiles on line, via either a
dial-up connection or the Internet. But you get only one free update of profiles plus the
latest version of the program when you register. Further updates cost an additional $29.95
Charging for major updates is understandable, but the definition files updates should
be free, at least for the first year.
Anti-Virus turned in good times on test scanning runs, though it bogged down when we
asked it to scan all files. Normally you would scan only for files with executable code,
but it's a good idea to scan everything on your drives occasionally just to be safe.
The big hangup came with compressed files on the hard drive, where Dr. Solomon's
scanning speed slowed to a crawl.
The package has a powerful scanner and can identify any program that exhibits viruslike
activity. It flags the programs and notifies you of potential infection.
A memory-resident component runs in background and scans files when they are opened,
accessed or run. Included is an emergency disk that can boot your computer in almost every
F-Prot Professional from Command Software Systems takes an interesting approach: It
lets you set up tasks that reflect the way you want to scan files.
You can scan pretty much any combination of files or drives and set up the program to
repeat that sequence whenever you wish. You can even schedule scans to run after a certain
amount of computer inactivity. This program is easy to customize.
A component called F-Prot Agent runs in background, scanning any accessed files. Such
memory-resident scanners often are more reliable than the command interface versions
because they scan when virus activity is easiest to detect.
If the main program or the memory-resident agent detects a virus, you can configure
F-Prot to send an e-mail alert to anyone you wish-most likely your network administrator.
An invaluable aid in an enterprise environment, it can warn a sysadmin of possible
F-Prot's only failure is the inability to update the virus definition files from within
the program's interface. But it does have one of the most reliable scanning engines in the
industry and could be a good fit on many government desktops.
IBM AntiVirus from IBM Corp. lacked the bells and whistles of the other programs, but
it was by far the easiest to use.
Install the program, start it up and you see only one button on the screen: "To
check your system for viruses now, push here." You can't get more user-friendly than
The program is not underpowered. Customize, log and schedule to your heart's content.
The menu options are not intuitive, and the interface may scare users with its sparseness.
Updates are downloadable from the Web, but not within the program itself. Included in
the package are versions for Windows 95, OS/2 Warp, Windows and MS-DOS. For users who
don't care about pretty pictures and cute animations, IBM AntiVirus is a sure thing.
McAfee Associates' VirusScan has a well-respected scanning engine, but the lab found it
slow, especially on compressed files. The interface is basically a glorified dialog box
and somewhat confusing to navigate.
VirusScan has one memory-resident component and one that scans when your screen saver
You can enable a scan at startup, during operation and while your screen saver is
active. But with no scheduling feature, you can't schedule a weekly scan of all your
You get free virus profile updates for the life of your application and free scanning
engine upgrades for a year. All this is available from a selection in the pull-down menu.
It may be slow, but the scanning engine catches almost all viruses, and McAfee has a good
reputation for quick turnaround on updates.
If you can live with the interface and don't mind the lack of a scheduler, McAfee
VirusScan gives solid, consistent protection and exceptional support.
Norton AntiVirus 2.01, the Reviewer's Choice, might not be the choice of serious
techies, but it has everything an end user could want or need. In fact, its interface
could serve as the model for end-user anti-virus programs.
It combines the simplicity of IBM's AntiVirus, the customization of F-Prot's interface,
and all the features that an anti-virus program needs-except for scheduling automatic
downloads of monthly updates.
Norton AntiVirus does not keep you waiting. It turned in the fastest scanning scores on
our benchmarks, passing an average 6M through the scanning engine every second. The
package also includes Norton Auto-Protect, a memory-resident scanner.
Norton AntiVirus doesn't really have a single feature that sets it apart from the pack,
but its integration is way beyond the competition. This is the perfect defender for PCs
running Windows 95