PC
anti-virus 2004
by Simon Edwards
New viruses can strike at any moment, bringing your system down and you with it - so don't let your guard down.
Simon Edwards rounds up the best anti-virus software on the market, designed to pound those PC germs into submission
| How we tested | Reviews | Product Details | Conclusion |
Not a month goes by without the appearance of a new and dangerous computer virus, rampaging across the internet and damaging the files on thousands of PCs. Whether or not you believe that your internet service provider (ISP) or email administrator is responsible for intercepting these annoying programs, you ought to take your own steps to protect your PC from the latest viruses, backdoor Trojans and harmful email worms. Installing an anti-virus program helps to keep the baddies at bay.
In an ideal world, an anti-virus program will detect incoming viruses, whether you download an infected file from a website, receive an infected email or load a floppy disk or CD containing hidden and dangerous programs. Detection tends to work by looking at the contents of a file and comparing what is found with the signature files in a database of known viruses. But good tools should also be able to alert you to files that look like they might be harmful or that behave in a virus-like way, even if they aren't included in the database. If your anti-virus software has such an heuristic feature, make sure it is enabled. As we'll see later, not using heuristics can severely limit your software's ability.
Even with a good heuristic capability, anti-virus software won't always discover new viruses. And the fact that viruses continue to flourish shows that the internet enables them to travel around the world before the anti-virus companies have a chance to issue updates. The bulk of anti-virus software is reactive, which means you shouldn't rely on it completely.
OPTIONAL EXTRAS
Some anti-virus packages will monitor the integrity of the files on the hard disk. If a virus alters a file it won't match that file's entry in the integrity database and the software can alert you, offering to replace the altered file with an earlier copy. If the system is rendered unusable by a virus and you cannot boot into Windows you'll need an anti-virus program that provides a rescue disk. Some allow you to create a set of floppy disks, while others come on a bootable CD that contains a virus scanner. We prefer the latter option.
Another important tool in your PC security arsenal is a firewall. Many anti-virus programs come with a firewall included. These prevent certain information from leaving and entering your PC over an internet or network connection. The advantage is twofold: random hackers will find it hard to access your PC, and even if a more focused attacker manages to persuade you to install a backdoor program on your PC he won't be able to connect to it. If you choose an anti-virus package that doesn't include a firewall, be sure to install one from another source. Kaspersky Lab's Anti-Hacker is a good choice, as is the popular and free ZoneAlarm from www.zonelabs.com.
HOME V PROFESSIONAL
We've tested both entry-level products aimed at home users and professional versions for small business users. As far as virus detection abilities go, there is generally no difference between the home and professional products in the same range. But differences become apparent when comparing ranges from different developers. For example, when seeking out Trojans, F-Prot Antivirus for Windows 3.14b fared very differently in tests than Kaspersky Lab Anti-Virus Personal 4.5.
So is it worth spending the extra on a professional-grade anti-virus program? In most cases it is, because the extra features that come with the professional editions shore up your defences further. Professional packages usually come with email scanning, advanced scheduling and customisation options, and can integrate nicely into office software, providing extra protection against potentially harmful macros.
HOW WE TESTED
Anti-virus programs should be able to detect the current, high-threat files steaming around the internet. Our test files included some of the most virulent and commonly found viruses, as well as well-known backdoor Trojans and harmful Visual Basic scripts that we generated using well-known virus generation tools. None of these files should pose any problem to a decent scanner. We compressed copies of each into Zip files too.
Finally, just to add a bit of a challenge, we also used a few tricks to disguise the backdoor files. These tricks rely on freely available executable packers and a wrapper program that can attach the backdoor to another, more innocent file - in our case, Windows' Minesweeper game. Whoever runs the game can play it, but will also unwittingly hand over control of their PC to the attacker. All the tests were run in Windows XP Professional.
REVIEWS
AVG 6 Anti-Virus Free Edition
AVG 7 Anti-Virus Professional Edition
F-Secure Internet Security 2004
F-Secure Anti-Virus Client Security
FRISK F-Prot Antivirus for Windows 3.14b
FRISK F-Prot Antivirus for Windows 3.14b multi-user
Kaspersky Lab Anti-Virus Personal 4.5
Kaspersky Lab Anti-Virus Personal Pro 4.5
McAfee VirusScan Home Edition 8
McAfee VirusScan Professional 7
Panda Titanium Antivirus 2004
Panda Antivirus Platinum 7
Symantec Norton AntiVirus 2004
Symantec Norton AntiVirus 2004 Professional
Trend Micro Internet Security II
AVG 6 Anti-Virus Free Edition
RATING 2
PRICE Free
SUPPLIER www.grisoft.com
DETAILS www.grisoft.com
AVG 7 Anti-Virus Professional Edition
RATING 2
PRICE £25 inc VAT
SUPPLIER F1 Services 01636 701832
DETAILS www.grisoft.com
PROS: The Professional Edition has many customisable features
CONS: Disappointing Trojan detection abilities
AVG anti-virus software is best known because a free, personal version has been available for years. A private test last year showed that AVG 6 was a solid performer that detected almost every digital nasty we could muster. It didn't require an obvious script blocker to prevent our harmful scripts. It successfully detected that each one was potentially damaging and stopped them from loading. The only thing it missed was a disguised Trojan. There's no shame in this, but it will still be a concern for users. Anti-virus software is not a panacea, as we've said earlier.
This year, it seems the developers have not been keeping the updates in line with the latest Trojans. While AVG 6 and its bigger brother, Anti-Virus 7 Professional, detected current viruses and generated scripts, they completely missed the well-known Trojans, which were created nearly a month before. They did detect the wrapped Trojans, but only because they recognised the wrapper, which is now very old.
The main difference between AVG 6 and 7, aside from price, is that there are more configuration options for version 7. These include customisations such as keyboard short cuts and custom lists of buttons that show on the user interface. The free version appears simple, with a few massive buttons for running scans. You can create one customised scan with the free version, the details of which cannot be saved. The Professional package can create and save custom scans that can be scheduled or run straight away.
Both versions will scan incoming and outgoing email, and captured viruses can be sentenced to the Virus Vault for later examination, or cleaned when a technique to do so is developed in the future.
The two-year update period for the professional edition is competitive. The price for further updates and support was not available at time of press, but even if it turns out to be the full £25 for another two years, this is a reasonable deal. That said, we were disappointed that both programs missed our plain Trojan, and recommend that current AVG users run a personal firewall.
F-Secure Internet Security 2004
RATING 5
PRICE £35 inc VAT
SUPPLIER F-Secure 01223 478800
DETAILS www.f-secure.com
F-Secure Anti-Virus Client Security
RATING 4
PRICE £64 inc VAT
SUPPLIER F-Secure 01223 478800
DETAILS www.f-secure.com
PROS: Excellent at detecting and stopping viruses, scripts and Trojans
CONS: The professional Anti-Virus Client Security software is very expensive
Internet Security 2004 is a combined anti-virus program and personal firewall. It was one of the best performers in our virus tests, detecting every single one of the viruses, scripts and Trojans thrown at it. Only F-Secure's professional Anti-Virus Client Security and Kaspersky Lab's Personal and Personal Pro programs were similarly impressive.
Even if it had not detected the disguised Trojans an incoming connection from an attacker would not work, because of the firewall, called Internet Shield. This comes with a good selection of security levels and can be customised to allow particular applications access to the internet. Adding and changing the settings is relatively simple, and anyone who has experience of the free ZoneAlarm firewall from Zone Labs will feel at home with Internet Shield.
The Anti-Virus Client Security program is virtually identical to Internet Security 2004, except for a couple of slight differences in the interface and the fact that it can be managed remotely by F-Secure's Policy Manager software, which is included in the price. Policy Manager is a straightforward program that allows you to install the client anti-virus software to other Windows PCs on the network. It includes a server that ensures each workstation has the latest updates and is configured properly. It runs on Windows XP and is ideal for networks of more than half a dozen PCs.
If you check the table of details you'll notice that these products lack a script-blocking option. This isn't a serious limitation, though. These programs detected all our bad scripts and prevented them from running. A simple blocker would prevent both those and useful scripts, too.
The email scanning options are very flexible and can scan incoming and outgoing messages. There is a scheduling option, but this is quite limited. You cannot, for example, create a number of custom scans to check your removable storage drives, a network drive and a particular folder on the hard disk, and then schedule a scan to check these areas at certain times.
For an all-round defence system, F-Secure Internet Security is powerful and very reasonably priced. Offices with more than half a dozen PCs will benefit from the central management features available with Anti-Virus Client Security, which can use a standard Windows XP Professional PC as a server. However, after a year the Anti-Virus Client Security package starts to look expensive, with an annual fee of £32 per licence. This price drops once you license five or more copies. If you are looking after 25 PCs or more, the annual fee drops to £17 or less.
F-Prot Antivirus for Windows 3.14b
RATING 1
PRICE $29 (around £17)
SUPPLIER FRISK Software International +354 540 7400
DETAILS www.f-prot.com
F-Prot Antivirus for Windows multi-user
RATING 1
PRICE Minimum $50 (around £30) for 10 licences
SUPPLIER FRISK Software International +354 540 7400
DETAILS www.f-prot.com
PROS: Very inexpensive, with flexible scheduling options
CONS: Failed to detect many of our harmful files
Just as it's hard to criticise AVG 6 because it's free, it seems unfair to pick on F-Prot Antivirus for Windows simply because it costs so little. But we weren't impressed with either of FRISK's products. Essentially the same, save for different licencing options, the Antivirus 3.14b programs were the least effective in this group at detecting Trojans. We were also able to take control of the attacked PC, as the Trojans ran with no problems at all.
The programs even missed the old wrapping program used to bind backdoors to innocent files and so create an attractive package for a victim. They also allowed two of our custom scripts to run and these were the two that we hadn't taken the trouble to disguise.
The software will delete, rename or move files identified as infected. There is no quarantine-style option, which means that you either lose your infected file or allow it to remain on your system - neither is desirable.
There is a smaller niggle with the program icon that sits in the Notification area or System Tray. Clicking on it doesn't launch the main program as you might imagine. Instead it disables the anti-virus engine. Turning off your security systems shouldn't be this easy to do by mistake. A Desktop or Start menu short cut is needed if you want to access the clunky-looking interface.
On a positive note, there are some excellent scheduling and scan customisation facilities, which easily rival anything found in Symantec's or McAfee's products. They are more easily found than AVG Professional Edition's options, too.
An Integrity Checker is installed as a separate program and in most cases should be able to fix altered Master Boot Records. It will also detect when files have been altered, although it lacks the Registry feature found in Kaspersky Labs' Anti-Virus Personal Pro 4.5.
Kaspersky Anti-Virus Personal 4.5
RATING 5
PRICE £28 inc VAT
SUPPLIER Kaspersky Lab 0870 0113461
DETAILS www.kaspersky.com
Kaspersky Anti-Virus Personal Pro 4.5
RATING 5
PRICE £55 inc VAT
SUPPLIER Kaspersky Lab 0870 0113461
DETAILS www.kaspersky.com
PROS: Joint number one at detecting Trojans and harmful scripts
CONS: The advanced user interface takes some getting used to
Kaspersky Lab's anti-virus software looks serious compared to the accessible appearance of Symantec and McAfee's products. The software is arranged using a modular approach, not entirely dissimilar to the way that Windows XP's Administrative Tools are organised. But instead of the standard Windows Management Console, you'll see thick graphical banners representing each component.
The Personal version has anti-virus checking options that monitor the system in real time, check for viruses when a manual or scheduled scan is run and look for harmful scripts. Email databases are also covered.
The two notable additions to the professional version are Office Guard and Inspector. Office Guard can prevent malevolent Microsoft Office macros from damaging your documents and system. It analyses the macros and terminates ones it finds to be risky. The settings can be customised and you can choose to allow no macros at all if you wish.
The Inspector takes a checksum of your files and can detect changes that might be made by viruses or hackers. Using this optional utility can speed up system virus scans because the virus scanner will only check files that have changed since the last Inspector scan. This includes the Registry, which has its own dedicated report displaying details of new, edited and deleted entries. When you run the Inspector scan on future occasions, any changes to your files since the last scan will be recorded and you can view the details, updating the database if you know that the changes are valid.
Using either version can take some getting used to, but once you know to right-click a component and use the drop-down menu to start, stop or create new tasks, the flexibility is impressive. Every component is accessed via the Anti-Virus Control Centre, which can be password-protected and made to send email alerts and quarantine files. In an office where software is managed by a server, quarantined files can be sent to a remote jail, rather than lingering on the workstation.
The software's ability to detect viruses and other nasties is excellent. Personal and Personal Pro versions scored top marks in our tests, matched only by F-Secure's software. In fact, F-Secure Anti-Virus Client Security contains software licensed from Kaspersky Labs. But you pay for the privilege of using such powerful software. The Personal edition is very competitively priced, but at £55 Personal Pro is one of the most expensive packages here. When it's time to renew the licence, it's over £20 more than Symantec or McAfee's professional-level software. Still, if you want the best protection, Kaspersky Lab Personal Pro is the one to buy.
McAfee VirusScan Home Edition 8
RATING 4
PRICE £35 inc VAT
SUPPLIER McAfee 0207 9490107
DETAILS http://uk.mcafee.com
McAfee VirusScan Professional 7
RATING 4
PRICE £40 inc VAT
SUPPLIER McAfee 0207 9490107
DETAILS http://uk.mcafee.com
PROS: Well-rounded and good value for money
CONS: Potential disaster lies in one obscure setting
When we tested these anti-virus programs, we requested the very latest software from each supplier. At that time, McAfee had not released VirusScan Professional 8, which is why we've tested version 7. However, version 8 should be available around the time you read this and we'll be testing it as soon as possible. Home Edition 8 is already available and quite impressive.
This is partially due to the SecurityCenter program, an interface designed to integrate all McAfee's security utilities in one place. If you have more than one McAfee product installed, you can administer them from one place. This also means that to get to the options of VirusScan you have to run the SecurityCenter program first, click on the VirusScan button and choose to Configure VirusScan Options. This is a bit of a fuss, although changing the default settings is not as critical as it is with the more conventionally designed VirusScan Professional 7.
It's just as well that the heuristics setting is enabled by default in the Home Edition, because without it our Trojans slipped through. That's not just the disguised ones, but the plain one as well. This is surprising, and users should ensure that heuristics is enabled. You'll have to tunnel down through multiple menus to find this setting, as was the case with earlier versions of McAfee VirusScan.
Both the Home and Professional versions have script-blocking options and will scan your email as it comes in, removing infected attachments and attaching reports as text files to let you know that something has happened. There is little difference between the two packages, save for £5 and the addition of QuickClean Lite and McAfee Shredder to the Professional installation. QuickClean Lite removes junk files from your disk to reclaim space and Shredder renders deleted files unrecoverable.
There is one other critical difference between the two, which every owner of Professional 7 should be aware of. The well-hidden heuristics setting is turned off by default. Running like this is dangerous because, without it, this version of the software cannot detect Trojans such as the ones we threw at it. The Home Edition also required heuristics to pass our test, but at least that was switched on by default. In both cases, without heuristics only the wrapped Trojans were identified and, as was the case with many of the products on test, only because the signature of the packing utility was recognised.
When configured properly, both are excellent anti-virus programs and the email scanner is particularly easy to use. It's also fractionally cheaper to run than Norton AntiVirus, after the initial one-year subscription period has elapsed.
Panda Titanium Antivirus 2004
RATING 2
PRICE £29 inc VAT
SUPPLIER Panda Software 0870 4445640
DETAILS www.pandasoftware.com
Panda Antivirus Platinum 7
RATING 2
PRICE £50 inc VAT
SUPPLIER Panda Software 0870 4445640
DETAILS www.pandasoftware.com
PROS: Very easy to use
CONS: Less effective, but more expensive than some others on test here
Panda's software is easy to use. The Titanium version is simplicity itself and even the so-called 'advanced' settings consist of options such as 'Enable hacking tool detector' and 'Enable joke detector'. The Platinum version comes with a firewall and the ability to create your own custom scanning profiles and schedule them. It can check email and the settings may be password-protected.
Panda Antivirus Platinum 7's firewall restricts programs from accessing the internet and is preset to allow access to common programs including Internet Explorer, Outlook Express and, weirdly, Windows Movie Maker. You can set standard rules based on ports, protocols and IP addresses too, which is handy for more advanced users.
The email scanner can block attachments by extension and includes .VBS by default. But when dealing with non-emailed scripts, Panda's anti-virus software shows a good example of how not to protect against harmful scripts. It can use a general script blocking technique to block them entirely, including non-harmful scripts, or it can ignore them completely, destructive or not. When we enabled heuristics, which isn't on by default, it flagged our destructive scripts as being 'suspicious'. Enable heuristics if you run this software.
During testing, we found that both of Panda's anti-virus products failed to discover the majority of our Trojans, picking up only those that had been wrapped. The plain and disguised files could be run and remote connections made, although this was only possible with the Platinum version if the firewall was disabled.
It is possible to protect yourself quite well using Panda's software, but to do so you'll need to opt for the more expensive Platinum version to obtain the firewall and therefore overcome the difficulty in detecting Trojans. You should also enable the script blocker, and hope that you never need to use legitimate scripts. But neither the Titanium nor Platinum editions are good value for money.
Symantec Norton AntiVirus 2004
RATING 3
PRICE £37 inc VAT
SUPPLIER www.amazon.co.uk
DETAILS www.symantec.com
Norton AntiVirus 2004 Professional
RATING 3
PRICE £47 inc VAT
SUPPLIER www.simply.co.uk 0870 7272100
DETAILS www.symantec.com
PROS: The licence effectively cuts the Professional price in half if you have two PCs
CONS: One of the least effective products at detecting our test Trojans we've seen
Norton AntiVirus is a very popular program that has received excellent reviews for years. You'll notice that we've given both the standard and the professional versions a three-star rating and no awards. This is simply because, when compared to the competition in our independent tests, these two Symantec products are not as effective as some of the less expensive options.
Norton AntiVirus has a heuristic anti-virus detection system called Bloodhound, which can be disabled or set at one of three protection settings: Lowest, Default and Highest. At the recommended Default setting, it detected only one of our Trojans. It detected it not because it was a backdoor program, but because of the ancient wrapping program we used to attach it to the Windows Minesweeper game.
The other variants of the Trojan, including the plain one, all made it through Norton's defences, and we were able to establish connections and control the attacked PC from the internet. Even when we increased the heuristic level to the Highest setting, our backdoors were able to enter and operate on the system unhindered. The scanner did detect all of our scripts and viruses, which is something of a consolation. You are more likely to receive a standard virus than a Trojan, unless you have particularly unpleasant and computer-literate enemies.
A plug-in scans Microsoft Office documents as you open them. This works with Microsoft Office 2000 or higher and protects against malicious macros. Windows 95, 98 or Me users will also benefit from the Innoculation facility, which reports on the integrity of important files. This doesn't work with Windows XP.
The professional version is licensed for use on two PCs and comes with the UnErase Wizard and Norton Protection utilities. These excellent programs are designed to recover deleted files and will be familiar to those who have used Norton Utilities. They are accessed from within the Advanced Tools menu of the AntiVirus program rather than from the Start menu. However, it's not worth the extra £10 if you already have Norton Utilities.
There's little to complain about with AntiVirus' interface. It's bright, clear and alerts you to disabled services or if you've not run a scan for a while using large red buttons. It's easy to turn on features such as protection for instant messaging programs like AOL Instant Messenger and Windows Messenger. You can password-protect your options, too, to keep meddling fingers from compromising your system. Overall, though, there are better products at or below this price range.
Trend Micro Internet Security II
RATING 2
PRICE £40 inc VAT
SUPPLIER Trend Micro 01628 400500
DETAILS www.trendmicro.co.uk
PROS: Flexible firewall profiles may be of interest
CONS: Poor detection of well-known Trojans and scripts
Trend Micro is well known for its PC-cillin anti-virus software and this is its latest incarnation. The new name is down to the addition of a firewall, which is very simple to manage and provides an option to create your own profiles. This is a rare feature, and if you want to be able to switch between one set of firewall rules and another you'll be happy with the Firewall Profiles settings.
Sadly, it's downhill from here. The anti-virus software picked up on all the standard viruses we used to challenge it, but it missed every one of the harmful scripts. When we ran scripts in a private test against the previous version, the test Windows installation was rendered useless. It seems that little has changed since then, a year and a half ago. It didn't detect any of the Trojans, either. Maybe Trend Micro believes that the firewall makes Trojan detection unnecessary, but that is a dangerous mistake to make. Some Trojans can disable popular personal firewalls.
There are lots of other features, including web email scanning, anti-spam measures and password-protected URL filtering and data privacy tools. But we'd rather have an anti-virus program that did the business than these extras.
