Grouptest: Antivirus Software
The internet has been a constant source of more and more devastating attacks. Virus writers have used email, the communication method of the new millennium, to let viruses spread themselves.
And with socially engineered headlines such as 'I love you', which user isn't going to take the bait? The potential damage an infection can cause - email servers falling over, backdoors opened into users' computers - means antivirus products are a must-have for business.
We got the latest products in to test their virus scanning potential. Neither Command nor Norman is here as both companies failed to respond to our request. McAfee arrived too late for inclusion.
Testing was performed with the help of antivirus ASP Messagelabs (www.messagelabs.com), which has its own heuristic scanner. After receiving the sample viruses, we downloaded all the virus definition and engine updates for all the products on review on the same day.
We then sent the sample files for certification to ArmourPlate (www.armourplate.com), a virus scanning service from Corpex. Once we were sure we had just viruses, we used each product to scan the files to test their detection rate.
We turned off heuristic detection for this test. Heuristics would have improved the detection rate, but we would then have been unable to answer the question of how many identifications were false positives.
This is a big problem for heuristic engines and can lead to a situation where so many harmless files are stopped that it becomes a mission to manage a system.
Deploying Antivirus
If you're putting antivirus products on the company network, you need to follow a structured path. Here are some tips to help out:
- Before installing any software, make sure users are educated. Telling users about the dangers of opening unsolicited attachments can save you hours of management. Make sure they're aware of the dangers out there, and incorporate rules into the security policy.
- Install a desktop virus scanner on each computer, but make sure the administrator settings prevent users from modifying the configuration. If you're going to schedule full scans, do so when users are not present; if it takes a long time, many users will terminate the task before it completes.
- Install a product at the gateway of the network. You may find it best to use a different product than the one installed on the client machines because different software will capture different viruses at different times. Heuristics are best used at the gateway, as fewer files are open than on a live machine, and if a false positive occurs it won't stop the local machine running.
- Update as often as the antivirus suppliers release new definitions, or at the minimum update every week. Make sure you upgrade the scan engine too, as this will improve detection rates.
Note - Prices are per user with a 50/100-user licence, except for Trend, which is priced per 25-user licence
Sophos Antivirus
Symantec Antivirus Enterprise Edition v8
Panda Global Virus Insurance
F-Secure Antivirus
Trend ServerProtect & Office Scan
CA eTrust Antivirus
Kaspersky Lab Antivirus
Results
Conclusion
A bumper crop of viruses made last year a good one for antivirus companies. Updates are coming out quicker than before, as the test results prove.
None of the products on review is poor at detection, but the best of the lot is version 8 of Symantec Antivirus Enterprise Edition, which gets our Editor's Choice award.
You have to be careful with Symantec's heuristic option, but that's true for any product. The management is superb and it's easy to distribute on the network. With utilities for Exchange and Notes, it can sit across the whole network. The live security update makes keeping up with the virus writers easy.
Our Recommended award goes to Sophos Antivirus. Detection was slightly below Symantec, but still very impressive. The Windows 9x agent makes sure that full management applies to the whole infrastructure, not just new OSs.