Advice you can trust
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

Lab

Antivirus Software

[Computer Buyer]
Introduction
See the products

If you use the Internet or share files in any other way, your PC is at risk of infection by a virus. If this doesn't worry you, it should. Once it's found its way on to your PC, a virus can scrub sensitive files or even erase your entire hard disk. It could publish private information, such as your bank account details or home address, to unknown parties. It will almost certainly infect everyone in your e-mail contact list and could even send them messages. The only way to protect yourself is to get some good anti-virus software. But how do you know which anti-virus programs are up to the job, and which leave holes in your defences? Ask Computer Buyer, that's how. We test six of the latest anti-virus programs to see which you can really afford to trust.

What do viruses do?

Viruses are programs designed to spread themselves to as many computers as possible. Once they're on a PC, they can do pretty much whatever they like without the owner of that computer knowing a thing about it.

Viruses spread using a number of techniques and for a number of reasons (see the box on the right). The first viruses were spread on floppy disks. More recently, they have been attached to documents as Macros or embedded scripts (mini-programs embedded in documents such as Word and Excel files). This kind of virus usually lies low on your PC for a while in the hope that you'll spread it by sending the corrupted file to your friends. Then, after a specified period of time, it gets to work, corrupting your data or performing other nefarious deeds.

Eventually the virus writers hit on the idea of using e-mail to spread their programs. A popular method is to write a virus that e-mails itself to addresses listed in the victim's address book. These messages include files that infect other PCs when run. This is a good way of spreading viruses as, in most cases, people know and trust the person from whose e-mail account the virus is sent and have no qualms about running the infected attachment.

Recently, and more alarmingly, viruses have been programmed to scan the network, as a hacker would, looking for Windows XP and 2000 systems with unpatched security holes. The virus then uses these holes to get into the systems without the owner having to do anything - or having a clue what's going on. No matter how cautious you are about not running unknown or unverified programs, there's no way to avoid getting these viruses. The only protection is good antivirus software.

These so-called 'worms' create a back door to which the virus's author (or people associated with him) can connect, allowing them to take control of your PC. Worms can create huge networks of PCs that the attacker can control remotely. Not only do these worms take seconds to spread, they also continue to work even after they have been detected because many people don't protect their computers when online.

Why would someone bother to do all this? It looks increasingly likely that some of the current worms are used by organised criminals to take over PCs, through which spammers can send huge amounts of spam without being tracked. This is a popular theory among some of the main anti-virus vendors, and there's certainly some evidence to support it. Undercover journalists have succeeded in buying access to spamming networks run using infected systems.

Other motives for writing viruses include the ability to mount distributed denial of service (DDoS) attacks on computers connected to the Internet. If someone has control of thousands of PCs, he can make them send streams of data to a single target at the same time. This overloads the victim's PC, causing it to crash and taking its Web site or other service offline. Such attacks have been attributed to a range of motives, from political protest to schoolboy revenge.

What makes a good virus scanner?

A good virus scanner will have a list of all known viruses. The maker of your software will regularly provide updates to this list, and these updates are usually free for the first year. It's important that this list has details not only of all the current viruses and their characteristics, but also of information on older known viruses. This is because older viruses can easily lurk on an unprotected machine for a long time and have a habit of reappearing unexpectedly.

Most scanners also have a feature called heuristics. This enables them to detect files that don't quite match the virus definitions. Heuristics works in different ways with different programs, and some systems are more effective than others. Basically, though, the virus-scanner looks at an unknown program and checks its code or the things it's doing for virus-like characteristics. A scanner without heuristics, or with its heuristics setting disabled, is much less effective than one with heuristics turned on.

It is increasingly common for anti-virus programs to scan e-mail as it arrives from the ISP. Some even scan outgoing messages. This not only prevents your contacts receiving worms, it could also alert you to an infection on your PC. A few scanners check files that come in over instant messaging software, such as MSN Messenger. This is useful, but not strictly necessary as a good scanner will stop you running an infected file no matter how it arrived on your system.

The most common and useful ways that scanners deal with viruses include deleting the file, renaming it or storing it in a secure location on the hard disk, a feature often referred to as quarantine. If an anti-virus program simply renames an infected file, we'd advise that you delete it manually.

Sometimes a virus can damage your PC so badly that it won't start. This happens because the anti-virus program wasn't sufficiently up to date, or no anti-virus software was installed. Some packages come with, or allow you to create, bootable floppy disks or CDs. You can use these to repair your hard disk, scan for viruses and remove them. Rescue disks are less popular than they were, thanks to the widespread use of XP's NTFS file system. This makes it harder for anti-virus companies to create rescue disks that can scan and remove viruses, because NTFS has a number of security features that prevent the scanner accessing the user's files, infected or not.

We've tested only anti-virus programs in our labs this month, but most vendors sell packages that integrate their anti-virus products with a personal firewall and even free anti-spam software. It's a great idea to have an integrated firewall because these programs can stop threats that anti-virus software can't combat effectively. A firewall prevents unauthorised access to your PC over a network. A good firewall will also stop any program on your PC accessing the Internet without your permission. Even if your system is infected with a worm that wants to broadcast information about you to its author, or spread itself to other PCs from your machine, your firewall will prevent it doing any of these things. The Sasser worm would have been rendered useless if everyone had installed a personal firewall.

Even if a back-door program were to install itself under the nose of the virus scanner, a firewall should prevent a hacker connecting to it and controlling the PC. Ideally an integrated package will also be able to detect and remove spyware, which is a relatively new threat and one that's perfectly capable of rendering your PC unusable. Expect to see spyware detectors appearing in many anti-virus programs over the next year.

Ultimately, though, don't be seduced by large numbers of utilities. If the anti-virus part of the package isn't up to scratch, your PC is still at risk.

How we tested

We used a number of tests to see how the anti-virus software copes with viruses. We installed each program on a fresh Windows XP PC and updated it with the latest definitions. Outlook Express was set up to download e-mails that were infected with a variety of the most widespread viruses, as listed by the main vendors and other computer security organisations.

We also added some of our own files, including harmful Visual Basic scripts and an old Trojan that we'd expect any half-decent anti-virus program to detect. What's more, we employed some tricks to hide these files from the scanners. Using freely available tools, we simply did what an average attacker might do.

We also tried to load all these harmful files, including the viruses and worms, on to the victim PC from a CD and across a network.

If a program failed to detect a nasty file immediately we gave it another chance by running a manual scan - although we tell you when the automatic, real-time scanner failed in this way.

Other factors we tested include the ease with which we could perform a manual scan and schedule and download updates. The price of the software and, just as important, how much it costs to subscribe to updates after the first year of use also made a difference to our ratings.

Conclusion

It's a close race, with F-Secure, Kaspersky Labs and McAfee all vying for first place. Symantec's Norton AntiVirus is a fairly good product, although its performance isn't exceptional and its price is too high, even though the one we quote is from www.amazon.co.uk and is lower than the price offered by Symantec's own Web site.

We hadn't seen eTrust EZ Antivirus before and were pleasantly surprised at its price, although it needs to freshen up its appearance before we'll spend any of our own money on it. Finally, we come to Panda's effort. We cannot recommend this product as it stands, as it's simply not thorough enough and, in our opinion, won't provide sufficient protection.

F-Secure's Anti-Virus 2005 is our overall winner. It's a strong product and hasn't sacrificed ease of use for proficiency. Kaspersky Labs' Anti-Virus Personal 5 comes a close second, losing out due to its slightly higher price.


Back to top
› See more Latest Labs
› See more Latest Reviews
Bookstore Top 5