Advice you can trust
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

Lab

Anti-virus software

[Computer Buyer]
Introduction
See the products

With no anti-virus software installed, your PC will become infected within twenty minutes of logging onto the Net. This was the shocking conclusion of a study carried out by a leading computer security firm last year.

Once your PC is infected, there's almost no limit to the damage a virus can do. It could erase important data, corrupt system files or help a hacker steal your identity. It will almost certainly try to infect all the contacts in your e-mail address book.

The days when you could get by without a good anti-virus program are gone forever. The trouble is, you can't tell a good virus scanner from a bad one just by looking at the bumf on the box. The only way to sort the good from the bad is by testing the programs side by side and comparing their performance. This month we test six of the latest anti-virus products to find the ones that you can trust to keep your PC safe from the worst Internet nasties.

What To Look For

The most important thing you want from a virus scanner is for it to find and remove viruses before they do any damage. There are two ways in which anti-virus programs do this - by referring to a list of known viruses and by examining files for virus-like traits.

An anti-virus program's list of known viruses is called a virus definition file. New viruses appear all the time, so definition files should be updated very often - the more regularly the better. As well as being frequently updated, virus definition files must also be comprehensive. Each new update should contain a full list of all the viruses that have appeared on the scene since the last update.

Checking file characteristics for virus-like attributes is called heuristic scanning. The quality of an anti-virus program's heuristic scanner depends on how well it can spot a virus from things like the calls a file makes to other programs or parts of the operating system, the file's code and encrypted or compressed data within the file.

A good heuristic scanner is abolutely necessary because there will always be a time lag between the first appearance of a new virus and the release of the update that guards against it. What you don't want, however, is an over-eager heuristic scanner that repeatedly flags up harmless files as viruses.

Unfortunately there's no way to easily find out things like the effectiveness of an anti-virus program's heuristic scanner or the comprehensiveness of its virus definition files. You certainly won't see this information in a program's specs or on the manufacturer's Web site. Usually, the only way you'll find out that an anti-virus program isn't up to the job is when it fails to detect a virus and your PC suddenly gets infected. If a virus is well written, it may be a long, long time before you're aware of its presence.

That's why comparative tests like this one are so important. We test every product with the same installation of Windows and the same number of viruses. If one of our test viruses isn't found - we know about it. This allows us to build-up a detailed picture of the effectiveness of all the anti-virus programs on test.

Some anti-virus software can check files you're downloading before they're even copied to your hard disk. They do this by monitoring your Web browser, e-mail program, Internet chat program and other software and stepping in as soon as you start to download anything. Checking every file while it's downloading isn't strictly necessary - a file can't hurt you while it's being downloaded, it has to be run first - but it's still commendably thorough.

At the very least, however, your anti-virus program should be able to scan e-mails and their attachments as they're downloaded from your ISP's mail server. It should also be able to protect you against attacks that exploit vulnerabilities in Web browsers, particularly Microsoft's Internet Explorer, to run browser scripts that install viruses and other malware (malicious software) on your PC.

Once it has found a virus, your anti-virus software should be able to remove it with the minimum fuss. Sometimes, this is hard because a virus has infected files that are used by Windows. A file that is in use cannot be deleted, and this sort of system file is always in use. A good virus scanner must offer some solution to this problem. Some programs do this by providing a bootable rescue disc. This is a CD or floppy which contains its own mini operating system. When you start your PC with the operating system on the rescue disc, Windows is no longer in use. This means that the infected Windows system files can be removed by the recovery software also installed on the rescue disc. Some anti-virus programs still provide rescue discs that cannot read the Windows XP NTFS file system, so they're useless to most XP users. This is unacceptable - Windows XP is over four years old, time enough to develop an XP-compatible rescue disc.

Many anti-virus products now come as complete security packages that include things like personal firewalls, anti-spyware and anti-spam software. Security packages offer good value for money and they also avoid the conflicts that may occur when you combine security products from different companies. But bear in mind that the product with the best performing anti-virus may not have the best anti-spyware or firewall.

As well as being able to find and remove viruses, good anti-virus software should be easy to understand and use. This might sound like a luxury, but if a program is difficult to understand and use, the chances of you using it improperly and leaving your machine unprotected are much greater. The update function, in particular, should be simple and well explained - if you don't have it turned on or properly configured your PC is as good as unprotected. A well-written and comprehensive manual and set of help files should also be provided as these will be handy if your PC has become infected.

How We Tested

When testing, we looked for the things we've already talked about - how easy a program is to use and how effectively it detects and deals with various types of viruses and other malware. To do this, we used a mixture of viruses, Trojans, diallers and other nasties. We looked at how the programs coped with being installed on a pre-infected PC. We also checked their ability to cope with threats delivered by e-mail, and with virus files that had been disguised in some way - for instance by being hidden in a compressed folder. Products lost points for missed viruses and for false alarms. We also looked at how the programs reported an infection and how easily and effectively they disinfect our test PC. To test the programs' ability to deal with rootkits we concealed a virus using a legitimate feature in Windows XP called alternate hidden data streams. Finally, we observed each product's impact on our test PC's performance.

Buying Decisions

All of the products here detected 100% of the viruses we threw at them - by viruses we mean a program that spreads by generating copies of itself and spreading those copies from PC to PC. Where some of the programs did badly, was in detecting other forms of malware - Trojans, diallers, spyware and so on - and this is one of the factors that helped us decide on the final winner.

In the end, we plumped for Kaspersky Anti-Virus Personal 5.0. This product didn't come with many fancy extras like a firewall or spam filter, but it's a top-class virus checker - detecting all of the malware as well as all of the viruses - and it uses minimal resources without compromising the level of protection it provides.

The Threat

When people think of a computer virus, they probably think of an e-mail attachment that looks harmless, but does damage to any PC on which it's run. This type of virus, called a mass-mailing worm, is the most common - but it's not the only way you can get infected. There are lots of other ways that viruses can get onto your PC. Programs that you download from the Net can be infected by viruses; Web pages can exploit security holes in your Internet browser to secretly install viruses; it's even possible to get infected by a virus just by reading an e-mail.

As well as classical viruses, there are other types of malicious software - collectively known as malware - that can damage your PC and compromise your data's security. When you download a program from the Web, or click on a pop-up Window from an unscrupulous Web site, you may also download spyware - software that reports your online activities to its writer - or adware, a program that makes adverts pop-up in your system tray.

One of the biggest recent problems were programs called diallers. Users were tricked into clicking on a browser pop-up that installed these programs. Once installed, the dialler changed modem settings to make the user connect to the Internet via a premium rate number. This cost victims hundreds of pounds. Even more dangerous still are Trojans - programs that look harmless but secretly perform other, usually malicious, functions. Trojans are often used to give hackers access to your PC and all its data.

As if all this weren't enough, virus and malware writers are now using something called a rootkit to more effectively hide their programs inside Windows. A rootkit is a tool that allows the malware to alter part of the operating system. This not only gives the malware greater control over the target computer, it also means that it's much easier for it to hide from anti-virus programs and other security software.

If you don't have a good anti-virus program you won't know you're infected with a virus, or other piece of malware, until it's too late. By that time, all the friends and colleagues in your e-mail address book could have been infected, your personal details stolen and your data altered, corrupted or deleted.


Back to top
› See more Latest Labs
› See more Latest Reviews
Bookstore Top 5