Printer Friendly

How to keep your campus safe from infection: a head-to-head look at how 13 antivirus solutions stack up. Which ones will keep your computers protected?

For many years, I've scanned the testing results from the industry standards in antivirus testing; I've perused the countless pages of information, trying to make sense out of it all. Yet, once I was done, 1 still didn't have an answer to my original question: Which antivirus program should I buy?

Daily, in my duties at Colby-Sawyer College (NH), I run across all sorts of malware. After all, curious young minds want to explore all the Internet has to offer. The problem is, the Internet is not always a good place to be curious. As a result, I've seen all kinds of malware infections--in some cases, as many as 3,000 on a single computer. And I've managed to use my unique situation to acquire 10 viruses/ Trojans and two exploits. These could be considered "zero-day infections," as most were so new that they were not even recognized by antivirus software (but all were confirmed by two or more companies after submission for evaluation). I chose these threats because I've seen them destroy a computer and render it useless on and off the Net. Yet, these infections are not self-propagating, which is what a virus is by definition. Propagation is unnecessary when many of these infections are packaged with popular games or peer-to-peer programs, or, in some cases, buried on a Web page that gets 10,000 hits in a day. Most of these infections were far more complicated and time-consuming to remove and had worse effects than even the dreaded Sasser worm.

Varying Performance Between Products

So why doesn't every antivirus program detect and remove such infections? A technician from the computer security provider Sophos ( explained that although many of the samples I have captured are Trojans and do create a backdoor into a computer (or install some sort of malicious code that eventually disables the computer completely), they are being used to propagate spyware. And until these infections are actually being used for virus-like activity, or for reasons other than bombarding your computer with spyware, the antivirus programs will not detect these infections. (Outrageously, some spyware companies in the UK were even bold enough to sue some antivirus companies on the premise that the spyware companies were receiving bad PR due to the insinuation that they were creating viruses.)

If you ask me, these companies are riding the fine line of the law, skirting legalities by saying that since their program does not propagate, it is not a virus. And while I haven't yet encountered a virus that I couldn't disable and remove in a short time, I have spent several hours on a single computer trying to remove spyware. It's also worth noting that, with a few exceptions, people whose computers have viruses usually don't know their systems are infected--seldom the case with spyware.

The problem is that these malicious programs technically are not spyware either, so they are not detected by any of the spyware programs I have tested. And until these programs are removed, a computer user's system will become overloaded with spyware and will eventually cease to be functional. For instance, I once saw a computer that had more than 300 processes running simultaneously, and took more than 20 minutes just to bring up the Task Manager.

The truth is, we are now in the information security age, and old-fashioned antivirus programs don't cut it. Computer users need comprehensive antivirus solutions combined with effective spyware solutions, providing real-time protection. Two good ones: Computer Associates' PestPatrol (, or Webroot Spy Sweeper (www.webroot. com/products/spysweeper). PestPatrol reports over 1,000 new pests every month, while some of the traditional antivirus products I tested found as few as nine infections. My statistics follow; you tell me where the real threat is.

The Setup

The antivirus software programs were tested on a fully patched Windows XP Professional machine loaded with Service Pack 2 and the latest software versions and definitions from each company. Only consumer products having some presence in the US (or at least I thought they did prior to testing) were tested. I did not read any manuals. Like most of you, I just want to install my antivirus product and know that I am protected so that I can continue with my chosen activity. The following products were tested on the same night. The viruses were then e-mailed that same night to each company (using a distribution list). Exactly a week later, I updated all antivirus definitions and retested; those results follow as well.

Key to Security Feature "Checklist" Chart (Above)

Windows XP Service Pack 2's Security Center compatibility (SP2 SC; column 1) acknowledges that the antivirus product is installed and up-to-date. Heuristics (column 2) is the ability to recognize as-yet unidentified viruses by catching virus-like patterns or behaviors. (I only reported this if settings were accessible, as I would hope all products have some sort of heuristics.) On-demand scan (O-D Scan; column 3) is very useful for checking suspicious files or downloads. This feature is commonly accessed via a right mouse click.

Antivirus Software Vendor Breakdown

Product name:       Sophos Anti-Virus
                    Version 3.86.2

Web site: 

Local office:       Lynnfield, MA

Virus samples:

Download file size: 14.5MB

Support:            800-355-3220(24/7)

Comments: This program has very few options, no manual update, and no way to unload from memory, which may or may not be a bad thing. It does have an option to scan for Mac viruses. However, it did lock up when extracting my zipped viruses, which made testing tough. The program is also fairly resource-intensive.

When I called on a Saturday night, a technician answered the phone and was very helpful. He e-mailed me a nice script to help capture new viruses. It stated that they do not detect any Trojans used for spyware. This product has no online update service. When I downloaded the new definitions dated November, it was only the third week in October.

Product name:       McAfee Virus Scan 9.0

Web site: 

Local office:       Santa Clara, CA

Price:              $39.99

Download file size: N/A (Has online
                    installer; hard to tell the
                    size, but I would guess it
                    is quite large.)

Virus samples: virus

Support: 800-338-8754(24/7)

Comments: This is a great interface for someone who has no computer knowledge; it looks pretty easy to use with very limited options. This program is quite a drain on resources, and it locked up the computer when unzipping my viruses. Its interface encourages you to buy other security products. Very slow scan speed when scanning a single file. It also scans about 35 extra system files making it agonizingly slow. After sending several of the samples, McAfee e-mailed back saying they were new viruses, but its software still did not detect them a week later. When McAfee e-mailed back the results, they included an updated definition called extended.dat. However, they didn't send any instructions regarding what to do with it. After searching with no results for an existing file by the same name, I put it in the folder with the clean.dat and the scan.dat file, but it did not seem to do anything even after a reboot.
Product name:  eTrustAntivirus
               Version 7.1

Web site:

Local office:  Islandia, NY

Virus samples:

Support:       866-422-2774 (24/7)

Price:         $29.95

File size:     17.2 MB uncompressed
               (It came on a CD
               provided to me by CA.)

Comments: This program kept locking up. When I rebooted the computer, the SP2 fire wall prompted me to allow eTrust to connect to the Internet, but it still didn't run properly until I completely disabled the firewall, eTrust has two different scan engines you can choose, although neither one of them found my viruses. The options available were few to moderate. It took a lot of work to get this product to function, only to have it find one new virus. The company's Web page is difficult to navigate, which is why I gave you a direct link to the product (these guys market a ton of solutions). You must disable the SP2 firewall or manually set permissions to update.
Product name:  Kaspersky Anti-Virus
               Personal 5.0

Web site:

Local office:  Russia

Price:         $41.50

Virus samples:

Support:       Russian and English,
               24 hours a day:
               (I never could get
               through to support.)

Comments: No reboot required for install; nice, easy-to-use interface, nice options. This product also comes in a professional version for the advanced user. Great archive scanner prompts user for password on locked files. Didn't update right away, but when I clicked on the update, it told me they were seven days old and updated. By far, the

best Web site with the most information and an online scanner.

NOD32 and Kaspersky were the only programs that caught my viruses as I copied them into my VM ware session, and when I highlighted the file with the mouse without opening them. This is definitely one of the best products out there, and I could not stop laughing as it squeals like a pig when viruses are detected.
Product name:  PC-cillin Internet Security

Web site:

Local office:  Cupertino, CA

Price:         $49.95
               (includes firewall software)

Virus samples: virus doctor@

Support:       800-864-6027
               (available weekdays,
               5am-5pm PST)

File size:     38MB with firewall
               (No evaluation version
               was available; I had to use
               a copy of the product that
               was recently purchased--but
               soon abandoned--by
               a colleague.)

Comments: Nice pre-scan on the install; says it can detect spyware. Unfortunately, the program doesn't seem to detect much of anything, but manages to delete an entire archive without asking, even if just one infected file is found.
Product name:  Panda Titanium
               Antivirus 2004

Web site:

Local office:  Green dale, CA

Price:         $49.95

Virus samples:

Support:       818-543-6901

File size:     20MB

Comments: One of the slowest products tested, and it requires the most memory out of the programs tested. However, the program did perform fairly well, and the company representatives were responsive to my e-mails.
Product name:  F-Prot Antivirus for
               Windows Version 3.15b

Web site:

Local office:  Reykjavik, Iceland

Price:         $29

Virus samples:

Support:       354-540-7400 (Did not
               have the US presence I
               thought it did.)

File size:     3.15MB

Comments: Small and fast install, quick update (came with virus samples only a week old), but offered limited options. At testing, the definitions had not been updated in almost a month.
Product name:  Norton AntiVirus 2005

Web site:

Local office:  Cupertino, CA

Price:         $49.95

Virus samples:

Support:       Free online; fee-based
               phone support

File size:     24MB

Comments: Limited support plan, very high resource usage after install, needs extensive updates and a reboot (a problem for dial-up users.) Has a built-in pre-scan during install. Detects spyware, but not the Trojans used to install them. Did not auto-update; I had to do it manually, and the product required a reboot to be effective.
Product name: F-Secure Anti-Virus 2005

Web site:

Local office: San Jose, CA

Price:        $64

Support:      408-938-6700
              8am-6pm CST

File size:    25.1MB

Comments: Appears to consume a large amount of resources. Needed a reboot to work properly, but product did not indicate that was the case. Auto-updated a week later with no manual interaction required. Very fast scan, works very well.
Product name: BitDefender 8 Standard

Web site:

Local office: Boca Raton, FL

Support:      561-620-8815

Price:        $44.95

File size:    8.6MB

Comments: Nice package, however the software offers few options and was semi-resource intensive.
Product name: NOD32 Version 2

Web site:

Local office: San Diego, CA

Support:      619-437-7037
              (6am-3pm PST; near24/7
               e-mail support)

Price: $39

File size: 7.2MB

Comments: Very low overhead; advertised as the fastest scanner in the world. Web site lacks a little information. Internet module watches IP stack and intercepts viruses before they make it onto your computer. Great support; no automated answering menu; always a live person and never any wait times. Great heuristics; in fact, some of the best reported by independent testers. (Tests report 85 percent, while NOD32 claims they are at 91 percent.) Automatic updates start immediately; no reboot. One of two products that caught viruses importing into my VMware session. After detection, it would no longer allow me to access those files. It is also worth noting that the last few big viruses that disabled other antivirus software products did not disable NOD32. This is an outstanding product, probably the best. These guys are definitely not marketing their product enough, as they are the most decorated antivirus software out there.
Product name: Norman Virus Control
              Version 5

Web site:

Local office: Fairfax, VA

Support:      703-267-6109 or

Price:        $63.74

File size:    12.5MB

Comments: No reboot required after install, but a little sluggish. Technician did return my phone call.
Product name: RAV AntiVirus Desktop

Web site:

Local office: Romania

Price:        $29

Support:      Unknown

File size:    12.1MB

Comments: No reboot, says it protects against all malware--107,060 different pests/Trojans to be exact. Not sure the on-demand scanner really scans anything since it always reports the same number of files each time. This product is temporarily unavailable for download, but I found it on the company's FTP server. According to the company's Web site, Microsoft acquired RAV's intellectual property rights, and the company closed down its direct sales (including its e-store) in September 2003. And although the site still offers updates, they seem to have little to no effect.

Final Results

After analyzing the results of my testing, Nod32 was my first choice, followed by Kaspersky. NOD32 excelled in speed and low resources, while Kaspersky did a better job with archives but detected fewer viruses overall. It is worth noting that NOD32 has live US customer support and close to 24/7 e-mail support, whereas Kaspersky has no US support, just resellers. BitDefender and Panda were next in line, with Panda one of the most resource-intensive. All four of these products deal with downloader Trojans, droppers, and a wide verity of malware, which is extremely helpful in this fast-growing epidemic. THE

Scott Brown is an information security analyst a t Colby-Sawyer College.

Checkout the comparison chart below to help find the best product
for your school or institution.

Name           1. SP2 SC    2. Heuristics    3. O-D Scan

BitDefender       Yes            No              Yes
eTrust            No             Yes             Yes
F-Prot            Yes            No              Yes
F-Secure          No             Yes             Yes
Kaspersky         Yes            Yes             Yes
McAfee            Yes            N0              Yes
NOD32             Yes            Yes             Yes
Norman            Yes            No              Yes
Norton            Yes            Yes             Yes
Panda             Yes            Yes             Yes
PC-cillin         Yes            No              Yes
RAV               No             No              Yes
Sophos            Yes            No              No
COPYRIGHT 2005 1105 Media, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Brown, Scott
Publication:T H E Journal (Technological Horizons In Education)
Article Type:Cover Story
Geographic Code:1USA
Date:Aug 1, 2005
Previous Article:Sparking a revolution in teaching and learning: how one of Ohio's lowest-performing elementary schools raised its third-grade reading test scores by...
Next Article:Doing more with less: despite a 'peanut-sized' budget, Georgia's Worth County Schools finds a tool to manage and improve network application...

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters