PC
anti-virus 2005
by Simon Edwards
If you use the internet, you will be exposed to computer viruses. Anti-virus software has become essential – but little is said about its effectiveness. Time for a unique attack test by Simon Edwards
Computer viruses are a threat to your computer and the data you store on it. They can corrupt files and programs, steal your bank details and passwords and open your PC up to all manner of abuse by hackers and spammers. The latest viruses don’t even need you to open them, so the old advice of ‘never open unexpected attachments’ is no longer enough.
Once on your system, a virus will most likely try to spread itself to people in your email address book, which probably includes your nearest and dearest. They won’t thank you if your reluctance to invest in protection means that their privacy is invaded or their data is lost.
You need a good anti-virus program to protect your PC, but which one should you choose? There are lots of options but, as we’ll see, not all anti-virus programs are equal.
WHAT WE TESTED AND WHY
We’ve tested 11 anti-virus programs aimed at home users. These are designed to provide the basis of a secure PC, and claim to prevent viruses from infecting your PC.
The packages we’ve tested do not have the extras that so-called ‘internet security’ bundles include, such as a firewall or anti-spam program. The standalone anti-virus programs we’ve reviewed here can be combined with other utilities to build a comprehensive toolkit of security software.
A good anti-virus program will keep your PC free of viruses. It should contain a list that describes all known viruses, worms and Trojans. It uses these descriptions, known as definitions or signatures, to detect incoming viruses, after which it should at least offer the option to delete the virus or move it to a safe place on the hard disk. It needs to be updated regularly to maintain its catalogue of definitions. Any anti-virus program worth its salt will also allow you to scan your system regularly to find infections that have already managed to find a foothold on your computer.
Viruses change fast and spread even more quickly. Sometimes new ones and their variants can become a problem in a matter of hours or days. It is also possible for attackers to take known Trojans and change them subtly to avoid anti-virus programs. Because of this, an anti-virus program should be able to detect virus-like files, as well as known viruses. Virus companies sometimes refer to their behaviour detection technology as heuristics. Some programs are significantly better than others at detecting lesser-known threats.
Email has become a major way for viruses to access victims’ PCs. All good anti-virus programs scan at least incoming email, as well as fi les introduced by removable discs such as floppies and CDs. Ideally your anti-virus program won’t require you to change your email program’s settings and will work silently in the background, deleting infected messages as you download them.
HOW WE TESTED
While a low price and a nice interface are important factors when choosing any software package, anti-virus programs primarily need to be effective. Companies claim that you are safe when you use their products, and our tests are designed to establish how true this is and how much is marketing flannel.
Each program was installed on a fresh Windows XP Professional system, and once it had been updated with the latest definitions and program enhancements we downloaded a number of email messages using Outlook Express. These included examples of today’s most prevalent viruses (including variants of MyDoom, NetSky, LovGate and Bagle), as well as some well-known Trojans and some scripts that can be created by anyone lacking a social conscience and with the ability to download free software.
We’ve also taken some common steps to disguise one of the Trojans. Again, using well known free software, we’ve done only what a knowledgeable attacker would do. A good antivirus program should pick up the hostile files as they are downloaded by the email client. If it misses some, we give the anti-virus program a second chance. We save the attachment to the hard disk and scan it manually. If it remains unmolested we try to run it. If the attachment runs and the virus, Trojan or script is able to go about its business of mailing itself, opening backdoors for hackers to connect to and popping up annoying messages, the anti-virus program has failed in its task.
Our tests are challenging but entirely realistic. If an anti-virus program fails to pick up most of our files then it is lacking what we consider to be basic features. We’ve not written any original viruses; we’ve simply placed our test computers in the same situation as that faced by today’s regular computer user.
 |
| A system infected with the MyDoom virus is trying to send messages using Outlook. In this example, Outlook Express saved the day. Unbelievably, the anti-virus program that was running did not bat an eyelid. |