Antivirus apps fail to stamp out bugs effectively

Antivirus apps fail to stamp out bugs effectively

The four programs reviewed by the GCN Lab came up short in their ability to quickly and thoroughly scan for viruses

BY CARLOS A. SOTO | GCN STAFF

Be careful what you choose to keep your computers bug-free, or it might end up bugging you.
All high-end antivirus programs perform the same basic functions: monitoring the hard drive for suspicious activity and examining data packets as they arrive for recognizable lines of virus code, or so-called signatures.


A second line of defense in many antivirus programs is heuristics, or trial-and-error searching for suspicious behavior such as accessing e-mail applications or the Internet. Heuristics attempts to deflect such attacks by unrecognized viruses. But the results are often incorrect and, depending on the particular program, heuristics can be extremely annoying to users.

That was the case recently when I took a look at four leading antivirus programs. No two were alike, and not one of them was ideal.

Although each antivirus program operated differently, I evaluated them by the same criteria. The first and most fundamental test was how quickly and thoroughly each contender could scan for viruses.

Although speed is of prime importance to busy users, it's better to be safe than sorry. I would rather have an antivirus scan take an extra couple of minutes and deal with all files'not just program files'than miss something and subsequently force me to format the hard drive, reinstall all the software and try to restore lost data.

Update frequently

No matter which program you use, frequent antivirus updates are essential, and not just for desktop systems. Some users' most valuable data travels in a notebook PC. When the office's high-speed T1 or T3 line is unavailable, it's important to know how long an antivirus update will take over a 56-Kbps or slower dial-up line at a hotel.

The other testing criteria were price, installation time and whether the program checked the floppy drive whenever the computer shut down.

Checking the floppy at shutdown is an important safety measure. Users often download something from the Internet onto a floppy and then forget about it. Then during the next boot-up, the computer launches a lurking virus when it spins the floppy drive.

All packages in this review incorporated the floppy-check safety feature.

Symantec Norton Internet Security 2001, like its predecessors, worked remarkably well. Step-by-step menus detailed the tasks that must be performed daily to keep the computer safe. A logically constructed menu window made the 2001 version easier to use and navigate than Norton 2000.

Norton 2001 was the largest bundle of software in the review. Weighing in at a hefty 20.9M, it took the longest time to install: 3 minutes, 30 seconds.

Norton 2001 offered more than just antivirus protection. It also incorporated privacy control to block cookies and Web advertising and, more importantly, a firewall against hackers.

Because Symantec prices all that at around $40, about the same as the other antivirus products in the review, Norton Internet Security 2001 gets the GCN Lab's Bang for the Buck designation.

It wasn't perfect, however. A few flaws kept it from being my Reviewer's Choice. In fact, none of the antivirus software in this review distinguished itself enough to earn a Reviewer's Choice.

One of the flaws of the Norton product was that it sometimes seemed to trip over its own feet. There were two components to the antivirus part of Norton 2001. The Internet security section, which incorporated the firewall, kept sending warning messages about suspicious activity by other programs.

I noticed that it fingered its own application, Norton Antivirus, whenever that component tried to access the Internet and link to Symantec's Web site for a virus update.

Even more annoying were the messages I got while clocking how long it took Norton to scan the hard drive for viruses.

The first couple of times, I couldn't complete an entire scan because Norton 2001 kept saying there was a program trying to access other programs and folders in the test computer. What it didn't say was that the suspect program was simply the Norton Antivirus sweep.

Such problems can be eliminated by running Norton's system analysis, which details the actions of every program on the PC. The catch is that you must repeat the system analysis whenever you install a new program so that Norton doesn't bug you every time the new app does anything.

With all the interruptions, Norton 2001 managed to scan the hard drive in 4 minutes, 50 seconds. That was pretty slow considering that it looked only at the program files'14,496 out of a total 26,692 on the drive.

Norton Internet Security 2001's overall ratings were above average. Several minor irritations kept it from receiving an A grade.

For example, it automatically placed its icon at the right corner of the screen, which I found distracting. By default, it kept heuristics always on. User control was limited, and virus scanning ignored some files.

Central Command AVX Professional 5.9.3 exhibited the reverse behavior. AVX, short for antivirus expert, had no bells or whistles. It lacked the multiple options that can frustrate a new user.

Also unlike Norton 2001, everything about AVX was fast and small. The 12M program installed in only 25 seconds.

On the other hand, after completing the instant update, AVX volunteered no information about it. I had to repeat the high-speed download a couple of times to see how much information was being transferred, because afterward the window would close without a comment.

I didn't have the same feeling of protection I had after a Norton 2001 update. I was, however, more satisfied after a virus scan. AVX did a good job of detailing what went on during the hard-drive exam.

On average it examined two boot sectors and was the only program in the review to do so during a routine scan. It checked 19,164 files'about 4,000 more than Norton 2001'and 1,620 folders.

AVX was the only program to tell me how many folders it checked. It also gave its average checking speed, which was 69 files per second, lasting on average around 4 minutes, 42 seconds. That wasn't too much faster than Norton 2001 but still was the fastest scan in the review.

For $40, AVX is small, fast and easy to use. Its heuristics software never bothered me as Norton's did. If anything, at times I was afraid it wasn't working.

One interesting thing about AVX is that it can monitor peer-to-peer communications such as instant messaging and File Transfer Protocol traffic. It claims to stop possible IM or FTP bugs from entering. Also, if the PC tries to send out an IM transmission with a bug, it'll stop the transfer.

McAfee VirusScan 4.5 combined the compactness of AVX Professional with the substance of Norton Internet Security 2001 to give passive but solid antivirus protection.

The software occupied 15M and took about 45 seconds to install, but that's where its speedy performance slowed. Over an 18.8-Kbps connection, it took 10 minutes, 40 seconds to download a whopping 2M update. At 56 Kbps it was still close to 10 minutes, and at 300+ Kbps, it took about a minute.

Updating wasn't the only thing McAfee did slowly. Scans were also time-consuming. An average scan lasted 7 minutes, 10 seconds, although it did cover almost all the installed files'26,118. Scanning only the 2,673 program files'McAfee defines them differently than Norton'took 1 minute, 30 seconds.

Although Norton scanned a greater number of program files, McAfee scanned more files overall.

VirusScan 4.5 is part of a $50 suite that includes other software for Microsoft Windows NT 4.0 networks and Exchange Server. Buying the suite is worthwhile for network use.

The fact that the VirusScan 4.5 application is unobtrusive and that you don't have to install or use any extra software such as a firewall or ad blocker makes McAfee competitive with Norton.

Without much searching, VirusScan's logical windows displayed the options for scanning program files or all files, or enabling heuristics, which was disabled by default.

McAfee offered more options than AVX or Norton 2001, but it was definitely slower.

Although bugs aren't part of the diet of giant pandas, they definitely are the favorite food of Panda Software USA Antivirus Platinum 6.0.

It was the most expensive package at $60, including three months of technical support. Panda was also the strictest about updates, but I had to keep entering a user name and password to update it.

Let me stress the annoyance of having to supply user name and password each time to update something so important, plus the difficulty of finding where to put the name and password. Such crucial information should be entered at installation to avoid repeated inconvenience. Instead, Panda forces the user to explore a confusing window to find the places for entering required information.

It took Panda 6 minutes, 4 seconds to download a 1.02M update at 18.8 Kbps. At 56 Kbps, it took 4 minutes, 50 seconds, and at 300+ Kbps, about 35 seconds.

Although I disliked the Panda update procedure, it was among the best at scanning the drive. It spent 5 minutes, 2 seconds to do the most thorough job in this review on 26,692 files.

Panda Software should improve the user name-password inconvenience by putting them into the installation. The configuration menu should also be easier to use. As it stands, it's the most confusing menu in the review.

Like the McAfee package, Panda disabled heuristics by default. When enabled, it was fairly easy to configure.

The hardest part about Panda's package came in finding where to perform the changes.





































































These four packages scan for viruses, but some function at a quicker pace than others
Norton Internet Security 2001McAfee VirusScan 4.5
AVX Professional 5.9.3Panda Antivirus Platinum 6.0
Vendor
Symantec Corp.

Cupertino, Calif.

tel. 408-517-8000

www.norton.com

McAfee.com Corp.

Sunnyvale, Calif.

tel. 408-992-8100

www.mcafee.com

Central Command Inc.

Medina, Ohio

tel. 330-723-2062

www.centralcommand.com

Panda Software USA

Glendale, Calif.

tel. 818-553-0599

www.pandasoftware.com
Pros and cons+ Comes with three other programs
+ Improved menu window
- Doesn't check all files
- Slow
+ Easy to configure
+ Thorough virus scan
- Heuristics easy to configure
- Slowest in the review
+ Simple and easy interface
+ Overall fastest in the review
- Little information about scans
- Scanning somewhat ambiguous
+ Most thorough scanning
- Confusing menu interface
- Most expensive package
- Name and password needed for updates
Scanning Speed14,496 files: 4 minutes, 50 seconds26,118 files: 7 minutes, 10 seconds
19,164 files: 4 minutes, 42 seconds
26,692 files: 5 minutes, 2 seconds
Update size667.2K2M20K1.02M
18.8 Kbps4 minutes, 40 seconds10 minutes, 40 seconds40 seconds6 minutes, 4 seconds
56 Kbps3 minutes, 42 seconds9 minutes, 50 seconds24 seconds4 minutes, 50 seconds
300+ Kbps1 minute, 10 seconds1 minutes, 15 seconds1 to 8 seconds35 seconds
Price$40$40$50 (includes suite)$60
Overall Grade


Blue text indicates a desirable attribute or best performance; red text indicates an undesirable attribute or worst performance.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above