Lab

Anti virus exposed

You have a firewall, you do backups and your anti-virus software is up to date. Are you safe? We'd like to say yes, but our tests paint a scary picture.

Running an anti-virus program on your PC is mandatory these days. While some optional utilities can speed up your system or make it easier to handle, an anti-virus package is necessary to protect your PC from damage caused by viruses, worms and Trojans. Sadly, this adds to the ongoing cost of running a computer.

You need to make sure the program you choose is effective, easy to use and won't break the bank. We've tested products from some of the biggest names in the anti-virus market, alongside some you may not have heard of before. The results are alarming.

You may think the main difference between programs is their price and usability, but you'd be wrong. While they do vary in these categories, we have found there is a dramatic disparity in their abilities to detect viruses. It is possible that the anti-virus program you are using right now isn't actually protecting you properly.

ANTI-VIRUS ADVANCES

Anti-virus software is a combination of a program and a subscription service. In some cases, such as with McAfee's VirusScan, you can subscribe annually and receive upgrades to the software as they become available. This is like renting software, which isn't usually popular with customers. Imagine renting Microsoft Office or Paint Shop Pro. We'd prefer to buy it once and leave it at that. Security software needs to be updated continually, however, so buyers seem happy with renting.

Now security companies are moving towards selling the service rather than the software. Symantec will soon launch its Genesis service, which will provide a complete security package on a monthly subscription basis. Microsoft's OneCare service is a similar idea.

Today's anti-virus programs rely on databases that describe viruses. When you download updates you are downloading what anti-virus companies call 'definitions'. An alternative is for the software to detect virus-like behaviour, a technique known as heuristics. Heuristic analysis is rarely foolproof so anti-virus programs still tend to rely on definitions. If you don't have the latest definitions, your PC is at risk from the latest viruses. This is a vulnerability anti-virus experts have been trying to fix for years. Symantec's Genesis system will tackle this using a hybrid of definition updates and heuristics updates. Rather than sending out updates of definitions, which can be a few megabytes of data at a time, it will distribute a small number of definitions for the most current threats as well as new heuristic updates. When Genesis launches, we'll test whether it catches current threats in a more efficient way.

ROOT OF THE PROBLEM

Rootkits pose a new threat, and many of the anti-virus packages tested here try to discover them. Rootkits hide on the system at a very low level, subverting the entire system. If successful, they are hard to detect. Even Sony used rootkit technology recently to try to protect its copyright on a number of music CDs. Sony was criticised and has since removed the software from its products.

Spyware is also a major threat, and is one that anti-virus companies have decided to address. Many products tested here have some form of spyware protection. But we would still use a combination of dedicated anti-spyware utilities for now. Watch out for our anti-spyware software test in the October issue.