Lab looks at antivirus Tools
- By John Breeden II, Carlos A. Soto
- Mar 17, 2004
You have been infected, or at least affected.
Anyone who has used a computer for any length of time knows about computer viruses. Perhaps one of them once ruined your files or randomly mailed an infected attachment to your friends. Maybe a self-replicating worm squirmed though your system looking for private information.
Even if you have been lucky enough to avoid direct contact with a virus, you probably know someone who was hit hard. Or you've watched news coverage of the latest global virus threats and felt a little less safe online.
Virus writers are basically terrorists. If they can't harm you directly, they'll do everything they can to make you afraid. Perhaps you feel wary of online buying and don't open attachments from anyone anymore. Let's hope there is a special circle of hell for these miscreants, where they have to perform entry-level phone technical support using infected computers.The good news
On the bright side, antivirus programs have advanced to the point that there's little or no chance of infecting a computer properly updated with the latest profiles.
Heuristic scanning, standard in all antivirus applications these days, can catch even unknown viruses based on their characteristics. It's as if a cop walks down the street and sees a guy in a ski mask about to throw a brick through a window. The cop might not know the guy's history but can deduce that he's up to no good.
Each of the four antivirus programs in this review succeeded in blocking everything the GCN Lab threw at them. In earlier reviews, we sometimes came up with a stealth virus that slipped past at least one of the programs, but the protection level is just too good now.
The only reason viruses spread these days is that too many users don't have antivirus software or don't bother to update the virus profiles. Even with heuristics, current profiles are still the best defense.
Just because all the programs worked, however, doesn't mean we can't contrast them. To us, the interface is paramount.
If an antivirus program's constant pop-up interruptions annoy you, or you must take your computer offline for a long time to perform virus scans, is it really any better than the marauders it guards against?
The four antivirus programs in this review are suitable for a traveler's notebook PC, a teleworker's home system, or any desktop client in a regional or field office lacking strong antivirus and firewall protection.
Besides the interface, scanning time is crucial because it equates to downtime. No other work can be done effectively during a scan.
Other valued factors are smooth installation and smooth behavior'protection without intrusiveness. We tested each program on the same 3-GHz Pentium 4 PC with 512M of RAM.
Panda Software Inc. has always tested well in our antivirus reviews, but it had never reached the top spot until we tried Panda Titanium Antivirus 2004.
Titanium altered the antivirus playing field. It had the fastest scanning engine, stayed mostly out of sight and out of mind, and was easily configurable.
It seemed slick right from the installation, which took just over a minute. An auto-update process ensured that virus profiles would stay up to date. Users must register the product and buy the updates on a yearly basis.
A full scan of all files on our test system took six minutes, 35 seconds'a full minute faster than the closest competitor and three minutes faster than the slowest.
The interface was easy to use. It offers a clearly defined selection of files to scan in case a user worries about a specific area or lacks the time for a full scan.
One of the most helpful options is to scan only e-mail, the likeliest channel for infection. That can slash the scan time to less than a minute for most users.
We did find one annoying feature in Titanium. A pop-up window randomly activated to inform us of new threats'not threats to our test system, just general virus news.
Unlike another product in this review, however, Titanium did not accompany this news with distracting sound effects and did not seem to be trying to trick us into buying more software.
Because Panda supplied a button to disable the pop-ups permanently, we did not reduce its grade.
The rather lame screensaver simply showed three viruses bouncing off a protected PC over and over. Come on'from a company called Panda, would a frolicking panda be too much to ask?
Titanium was a solid antivirus program, almost like an Abrams battle tank because it was surprisingly fast for the amount of protection. We gave it an A and a Reviewer's Choice designation.From gold to silver
Symantec's Norton AntiVirus has been the gold standard in protection for years, and Norton AntiVirus 2004 followed this long tradition.
Setup took longer than with the Panda software and had a few notable glitches. You should expect to spend three minutes or so getting the software up and running.
And if you live in Washington, where the GCN Lab is located, you probably resent taxation without representation. Norton goes a step further: registration without representation. You can't select Washington as your area. The District of Columbia does not exist as a choice, and you can't manually fill in that field. Some government registrants therefore must contact the company.
Once installed, the Norton program was unobtrusive and had the same clean interface as previous versions.
Scan time also was good, at seven minutes, 47 seconds, somewhat slower than Panda. Also, Norton reported that it scanned 20,000 fewer files than Panda did on the same system. This did not affect virus-stopping performance, but it did take longer to scan fewer files.
Norton 2004 would be a good choice for most users, although it was outclassed slightly by Panda. We gave it an A- grade and a Reviewer's Choice designation.
The biggest surprise was Global Hauri's ViRobot Expert. Last year, ViRobot got the lowest score in the review [GCN, June 16, 2003, Page 49], mostly because of the tiny number of files scanned and the prolonged download and installation time for the first virus signature update.
That's all in the past. Any government user who wants a solid, inexpensive antivirus program should consider ViRobot, which costs only $29.95 on General Services Administration schedule.
The interface is easy to learn, without the usual distracting bells and whistles. The most difficult part of the installation is finding the serial number, which requires searching the manual. But after one minute, 54 seconds, installation was complete.
With a slight increase in installation time, we could scan the computer for bugs before beginning the process. That's a good feature in agencies where legacy and repurposed systems are common. Use the prescan feature to make sure a foreign hard drive is clean before you transfer any data, or if you suspect the system is already infected before you begin.
When updating the program, we noticed there was little to download'2M or so'and it took only seconds over our T1 line. Even better, ViRobot provided detailed reports after every major update or system scan. For example, it told us the initial update consisted of 37 files. You can use such data to tell whether you're updating too often or too infrequently.
The easy-to-find system scan button let us know how long a scan would take via a meter at the bottom of the window. ViRobot was one of only two programs in the review to give this valuable information.
We found three negatives. First, the ViRobot Resident Scan and the ViRobot Expert names should be reversed. The Scan activates a toolbar icon and the monitoring program, whereas the Expert manages operations such as system scans and updates.
Second, Global Hauri should add an automatic setup function after installation. The other programs have that function, and it is helpful for new users, who might finish the installation and feel protected when in fact ViRobot is not yet operating.
The third minor change we'd like to see in the next version of ViRobot is more detail on the scanning window. It's better than in many antivirus programs we've seen, but it could be improved.
Although ViRobot killed the viruses in the lab's bug petting zoo, it only scanned an average 20,821 files. That's enough to keep a computer secure, but it could be more comprehensive. A hacker who knew which files were excluded could perhaps exploit that information.
The scanning engine was a little slow, covering the 20,821 files in an average eight minutes, 30 seconds. We gave ViRobot a B+ grade and a Bang for the Buck designation. It kills bugs, not wallets.
Network Associates' McAfee VirusScan 2004 8.0 put so many alarms and alerts on the main menu that after 10 minutes, many users would be convinced they are infected with every known virus. This is no program for hypochondriacs.
Network Associates placed ads for free trial versions of its software next to every threat and pop-up warning. That not only clouded the interface, making it difficult to perform essential tasks such as scans, but it also would scare users into thinking they are unprotected despite having just purchased the product.
The main menu has five toolbars to describe the level of security on a scale of one to 10. The problem is that the first two toolbars, labeled My Security Index and My Antivirus Index, are the only ones users can control. The other three remain at a red highly vulnerable level unless a user purchases and installs Network Associates' antihacker, antispam and antiabuse programs.
On the left side of the menu window are tabs that lead to uniform resource locators for buying these products. Such aggressive scare marketing tactics are distasteful.
McAfee further disturbs the user with audio and visual pop-ups that appear out of the right side of the desktop toolbar, reciting tidbits about dangerous worms and viruses.
We could not figure out why they should appear, or why they must trigger a whistle when they arrive, because their information already exists at the upper right side of the VirusScan main menu. What's worse, we couldn't turn off the pop-ups. With all the noise and red text, it looked as if our test system was continually catching a virus.
Panda has pop-ups, too, but without the disturbing sounds and with an obvious icon for turning them off.
On the plus side, installation was simple and led us directly to setup, which ViRobot didn't do. But shortly after setup, more problems began.A bit confusing
To update the VirusScan engine, we had to register and create a profile with a user name and password. We opted to register during the update instead of after the installation. That was confusing because Virus-Scan for some reason rebooted after registration, but before giving us any updates.
We had to update again and go through another reboot to get the first new virus profiles. This dual reboot was misleading and added time to an already long registration process.
Without all these hoops to jump through, the software took about 55 seconds to update. With the registration and reboots, it was more like five minutes.
VirusScan detected and quarantined all the bugs in our zoo and was pretty thorough at scrutinizing 21,311 files in a full scan. It was the slowest, however, averaging 10 minutes, 18 seconds per scan.
McAfee should clean up its interface, drop the scare tactics or at least make them easy to disable, and speed up its scan engine.
We gave McAfee AntiVirus 2004 a C because it did what it was supposed to do'but the other products outclassed it.