This is not the latest PC anti-virus article - up-to-date results.

PC Security Round-up:

PC anti-virus

by Simon Edwards

Computer viruses are scary, right? No Hollywood action movie would be complete without a killer virus threatening to destroy society - or an alien mothership. So it's hardly surprising that we shudder when newspapers, and increasingly TV news bulletins, scream about another virus on the loose. It's tearing its way through the Internet; it's destroying systems and data as it goes; and you could be next!

There's really no need to panic, though. Viruses are certainly on the increase - according to McAfee's AVERT labs, more viruses appeared in 2001 than in all the years from 1995 to 2000 put together - but if you understand them you stand a much better chance of avoiding infection. In this article we'll explain exactly what viruses are, how they work and how you can stop them. We'll also look at all the major anti-virus software on the market and our reviews will reveal the best package to keep the bugs at bay.

What are viruses?

Computer viruses aren't magic, they're just software. But unlike your word processor or spreadsheet, they have been programmed to multiply and spread. Their twisted creators may also have designed them to cause harm to your computer by overwriting files or wiping hard disks, and a well-known virus called CIH can even cripple your PC by writing garbage to the motherboard's BIOS. Viruses can upset e-mail and Web systems, costing companies a lot of money in lost time. They can even be used to open a 'backdoor' to your system, through which information can be stolen - a worry for both business and home users.

The main aim of a virus is to spread. Some viruses 'evolve' as they spread to avoid detection, a bit like a real virus mutating to foil modern drug treatments. Others use 'social engineering' techniques to fool people into helping them spread. For example, the LoveLetter virus requires users to read it and run an attachment before it can spread. It convinces people to do so by using the subject line, I Love You. It then sends itself to addresses stored in the victim's address book. Many of these new recipients will know the original victim and will no doubt be interested to read a message from them with such a title.

Some viruses spread by attacking Web servers and changing the web pages held on them. Then when someone visits the infected pages the virus attaches itself to their system and e-mails itself around again. Nimda is one such example.

Proof that viruses can work their way into all sorts of systems can be seen when they emerge on magazine cover CDs, such as the famous incident of the UK games magazine Ultimate PC, the cover CD of which contained a number of files infected with the very nasty CIH virus (Computer Buyer always checks its cover CDs thoroughly before they are released). Recently we found that even IBM has been caught not using protection. Late last year it shipped a number of USB memory 'pens' that were infected with Wyx, a boot sector virus.

Making Sense of Viruses

Clearly viruses work in a number of different ways, but they're easier to understand if you divide them into a few groups, based on how they spread. The table above gives you the full details, but here's an introduction to the main types.

Viruses such as Melissa, Anna Kournikova and Sircam, which spread via e-mail, are the most common. These are known as worms or e-mail worms. Such viruses use the address books of Microsoft Outlook and Outlook Express to provide lists of new victims. Almost always it's an e-mail attachment that does the dirty work. Often the virus tricks people into opening the attachment through a simple naming trick. If Windows is set to hide file extensions, so that a file called 'gladys.jpg' simply appears as 'gladys', a hacker can take advantage and send a file called 'gladys.jpg.vbs'. due to extension-hiding this will appear as 'gladys.jpg' and so the user will assume that it is a harmless .JPG image. It is, infact, a Visual Basic script (that's what vbs stands for) that can do just about anything to the PC, such as formatting the disk, sending files to external Web sites and so on.

Another very common and irritating category of virus is the macro virus. Typically, this is a Microsoft Office macro that has been written with the aim of spreading and possibly causing trouble.

Some viruses can spread between the PCs on the Internet used to host Web sites - called Web servers. CodeRed and Nimda are examples, and the latter can infect Web site visitors too.

You may have heard of 'Trojans' or 'backdoors' - the nightmare programs that can allow hackers to take remote control of your PC, steal information and maybe use your system to attack other sites. Strictly speaking Trojans are not viruses, but may well be used as a payload for a virus. That is, the virus does the spreading and drops off Trojans as it goes.

There are also more than a few hoax viruses out there. Check out the box below for more details on how not to look like a prat.

What makes a good virus scanner?

Ideally anti-virus software should protect the your system from harmful programs, rather than just repair the damage afterwards. This means detecting viruses, Trojans and worms before they can take control and secretly spread. A scanner that can do this is sometimes known as a resident scanner, because it's ever-present - typically running in your system tray in the bottom right corner of the screen.

Good anti-virus software should also be able to scan specific, suspicious files when required - this is known as on-demand scanning.

On-demand and resident scanners typically work by looking at files and comparing their contents against a database that contains identi-kit-style descriptions of viruses. But as we've already noted, new viruses are appearing with increasing frequency all the time, and databases are almost always going to be a little out of date - simply because they are reacting to new releases. So a simple method of updating the scanner's database is essential, as is a way of detecting virus-like behaviour in files that have been infected with brand-new viruses. This ability is known as heuristics, and can range from something as simple as detecting an attempted access to the hard disk's boot sector to actually analysing the code inside a program file.

A good virus scanner will also be able to clean infected files, restoring virus-ridden executable files to working order. Whether or not a file can be truly and thoroughly cleaned is a matter of some debate in anti-virus circles. Some people claim that although remnants of code from a virus can remain in a disinfected file, it is no longer infected because it is no longer infectious. Others argue that any file still sullied by bits of dismembered virus can't be described as clean.

A more practical point of view is that a program cleaned sufficiently to allow it to work is quite satisfactory; but when you've a moment to spare restoring a completely healthy version from a backup would be a good idea.

Sometimes a scanner will detect a virus but be unable to clean it. In such cases it should be able to quarantine the file somewhere where it will cause no harm but still be available should a fix become available later. Failing that, it should at least delete the file from your system.

The ability to schedule full system scans for quiet moments is important because scanning almost always makes a PC unusable for the duration. With disk drives reaching 60Gb and above this out-of-service period can be hours. So a good anti-virus program will be able to schedule whole system scans, as well as custom scans of particular folders or drives. Alternatively it should be able to work as a task in Windows's own Task Scheduler program - and without you having to learn tricky command-line options.

We've already mentioned that a scanner should be able to update itself with new virus definitions easily. However, sometimes just downloading a few new .dat files is not enough and anti-virus writers need to upgrade the actual 'engine' that drives their programs. New engines should be made available automatically, along with the new definition files. And ideally they should all be downloadable from the developer's Web site separately too, as well as from within the anti-virus program. This helps when your home Internet connection is too slow, and you want to use work or a cyber-café to get your updates for installation from a floppy disk, CD or Zip disk. All of the products reviewed here can do this.

How we tested them

Testing anti-virus software for its ability to detect naughty files is not as straightforward as you might think. Each program works differently under various operating systems, and simply running a collection of viruses through every one has some inherent flaws. For example, many collections contain suspicious files that are not strictly infectious viruses - perhaps because they have been corrupted or are not considered by everyone to be viruses at all. Some virus programs will say poorly disinfected files are still infected, even if no active virus is present. Joke programs are also identified as viruses by some, but not by others.

To conduct our detection tests we first visited McAfee's AVERT labs and ran a collection of viruses from 2001 through each of these programs. They all did very well, although some were slower than others. Because speed performance under these unrealistic conditions (we had access to 5,677 viruses) is not very useful to measure we have not pubished detailed results here. Suffice to say that all ten programs picked up the majority of viruses with one exception.

We also created two Trojans using the now rather dated Back Orifice program (and disguised one), then generated a harmful script using an available virus toolkit. Find out how well the anti-viruse programs performed against these in the individual reviews below.

Conclusion

We must emphasise that running any of these programs is better than shunning anti-virus software altogether. There's no excuse when very proficient programs are available free of charge.

Every product on test here has been certified by the ICSA (a dedicated anti-virus labs, www.icsalabs.com), with the exception of F-Prot Antivirus and Ontrack SystemSuite. The former is used as a core part of some commercial packages and has been awarded the coveted '100 per cent wild list detection' from Virus Bulletin (www.virusbtn.com). SystemSuite's program uses an engine from Trend, which develops PC-cillin.

But while all of the products here can detect viruses satisfactorily, they are not all alike (even though the companies that design them often share resources). The deciding factors come down to price, ease of use and the individual deals related to new updates.

McAfee wins first place because it is packed with a huge number of features and costs just £35, making it significantly less expensive than some and only a little dearer than others. Norton comes in at number two by a hair's breadth - it's also a great package. Finally, we really like the Kaspersky Anti-Virus Personal Pro package. It may not be the most friendly package here, but if we had an award for technical excellence, this program would win it.

Fake virus alerts

As a rule of thumb, if you receive any e-mail containing with the phrase, "Please forward this message to as many people as possible," you can be pretty sure it's a hoax. There are a number of ploys the hoaxers frequently use to ensure these pointless messages are passed on, wasting people's time and causing panic. One is exaggerating the power of the hoax virus; another is claiming that big companies such as AOL, IBM and Microsoft have "verified" its existence.

Hoax viruses are essentially harmless, but they do fuel unhelpful rumours about what viruses are capable of. Many hoaxes claim that an e-mail virus can infect you if you so much as read the message. While this just about possible (if the virus writer takes advantage of bugs in your e-mail software) it is very rare. Claiming such technology is prevalent, can lead to widespread paranoia - and to people deleting legitimate e-mail messages unnecessarily.

Fortunately hoaxes aren't as smart as proper viruses, and they have to rely on us to spread them. The more clued up people are about viruses the less likely they are to fall for hoaxes and pass them on.

There has been some academic research on hoax viruses, and if you're interested in the sociological details, a good place to start is Sarah Gorden's article, "Hoaxes and hypes" which also discusses why certain average viruses become the media monsters that they do. You can find this article, and many more, at www.research.ibm.com/antivirus.

Virus types: summary

Reviews

Command AntiVirus

Price: £90 (£105.75)
Download version: £50 (£59)
Updates: Free for a year, renew licence for 70 per cent of original price.
Contact: Command on 020 7931 9301
Web site: www.command.co.uk

Lean, mean and fast, Command AntiVirus will make a useful, if rather basic and expensive, addition to your PC security toolkit.

Prevention (3/6)

Command's offering was not the most effective in the collection detection test. While we accept that many files in virus collections may not be infectious, this program only found half of the total. It still beat eSafe into a cocked hat, though. It also found our standard Trojan but passed on our harmful script and custom Trojan. One puzzling thing about this result is that the software uses the same engine as F-Prot, which found more viruses and reported a greater success at disinfecting infected files. Heuristic detection is on by default, with no obvious way of disabling it. The program can be run from the command-line, for which there are many options, but we suspect few will want to go this route. AntiVirus failed to detect our boot sector editing and does not perform file integrity checks.

Ease of Use (3/6)
The stripped-down look of AntiVirus gives the impression that the program means business and isn't wasting time looking pleasant. Sadly this also means that there is no quarantine feature, no ability to password protect settings and a rather unfriendly update routine. That said, scanning a hard disk, file or entire system is the easiest thing in the world. Even setting up schedules is simply an extra property of a 'task', such as 'Scan all hard disks'.

Overall (3/6)
Disappointingly, Command failed to impress due to its patchy performance, spartan set of features and high price. It doesn't take up much disk space, but then nor does the more fully-featured AVG, which costs £50 less.

Aladdin eSafe Desktop 3

Price: £42 (£49)
Updates: Free for first year, £20 per year thereafter
Contact: Links Computer Support Group on 0151 287 3300
Web site: www.esafedesktop.com

The 'coolest'-looking program on test here also monitors your Internet traffic and has an easy-to-use slider that defines how much protection you want.

Prevention (2/6)

eSafe Desktop is not just an anti-virus program. It also incorporates a firewall to prevent hackers breaking into your computer, and Trojans breaking out. This integration of antivirus and firewall is the future of personal desktop security packages. In fact, this product neatly demonstrates why it makes sense to combine the two as it only prevented our test machine from being hacked thanks to the firewall. We infected it with a Back Orifice 2000 Trojan, which was not picked up by the antivirus component, but the firewall detected an attempt to connect to the Internet. There was no warning that this was a well-known, mature Trojan, which is pretty poor. Neither did it detect changes to the boot sector. In fact, eSafe Desktop was the only program on test here that performed poorly on the virus detection test. Whereas most candidates picked up on at least two thirds of the files, this one only managed to identify one third. We'd have been happy to assume that this was due to it cleverly ignoring suspicious-but-not-infected files, had we not managed to introduce the nasty Trojan.

Ease of Use (5/6)

Despite its failings at detection, this package is easy to use. The flashy interface is not intimidating, file scanning is available one click away via the almost standard drop-down, right-click list and the resident scanner will pick up on (some) infected files when they are displayed by Explorer.

Overall (4/6)

Even though eSafe Desktop has a raft of interesting and impressive-sounding features - such as an anti-vandal sandbox, Internet content filtering, virus baiting and file integrity checking - the package failed to impress us.

F-Prot Antivirus 3.11

Price: £17 (£21)
Updates: Free for the first year, $25 thereafter
Contact: F-Prot at sales@f-prot.com
Web site: www.f-prot.com

The basic appearance of this package belies its power. A significant lack of features holds it back, however.

Prevention (4/6)

F-Prot performed very well during our tests. It found large number of viruses and claimed to have cleaned many of them. It was fast, too, which may not seem like an important factor but if your anti-virus program makes your PC sluggish you'll be less likely to use it - and then you might as well not have bothered installing it in the first place. Sadly it didn't pick up on our script or custom Trojan, but did redeem itself by catching the standard Back Orifice file, just as it ought to. Its file integrity checker will also examine the boot sectors of your hard disks, which could detect boot sector viruses. It didn't detect us manually changing the volume label of the hard disk, but then most of the products on test here failed this test too. It lacks a quarantine feature and deals with files it cannot disinfect by either renaming or deleting them. There is also no way to protect the settings with a password, so if someone naughty or ignorant gains access to your PC and disables the antivirus program, you're up the creek.

Ease of Use (3/6)

Nice and simple, the interface allows you to scan straight away, or set up customised profiles such as, 'Scan the Windows directory every Thursday'. The 30-day trial version won't accept updates using the one-press button, but you can always download the latest virus definitions from the Web site and manually install them if you can be bothered. The need to run more than one program to achieve your goal can be (briefly) confusing. Most antivirus packages are more integrated, making them easier to use.

Overall (4/6)

The powerful underlying scanner deserves a wider collection of features. There's no excuse not to include some form of quarantining these days, and renaming infected files isn't really enough to protect yourself. That said, F-Prot isn't expensive and as such is better value than some more expensive options.

Kaspersky Anti-Virus Personal Pro

Price: £51 (£61)
Download version: £47 (£55)
Updates: Free for a year, 70 per cent of original price each consecutive year.
Contact: Kaspersky Labs on 01223 576001
Web site: www.kaspersky.co.uk

This excellent product takes a well-deserved third place. It works very well, you just need to learn how to use it.

Prevention (6/6)

Kaspersky's antivirus scanner was the only product on test here to detect our disguised Trojan, recognising it correctly and quarantining it. It also saved us from our home-brew script. Performance during the virus collection run was excellent, too, although it didn't monitor the hard disk's boot sector and discover us changing its details. The software features a thorough file integrity scanner, and just about every feature you could wish for, including extensive password protection of different settings. The Office Guard module protects against Microsoft Office macro viruses.

Ease of Use (2/6)

But Kaspersky's downfall is the disjointed, slightly weird way the different modules work together. For example, you have a scanner, monitor, updater, mail checker, script checker, control centre and report viewer. Someone with a deeper interest in viruses would no doubt love all these features to appear as separate programs. They'd probably love the command-line options, too. But those of a less technical nature are likely to be intimidated by all the little icons residing in the system tray. If everything worked in the standard Windows menu style, things might not be quite so bad, but unusual layouts and unintuitive hot-spots for right-clicking create problems. Scheduling scans and creating scan profiles is quite simple once you have acclimatised yourself to the interface, and files can be scanned with a simple right-click. The first screen you see when running the software is a nice, simple menu inviting you to scan all drives or update the definitions. Dig any further, though, and you're in techie heaven/hell.

Overall (4/6)

We'd have loved to recommend this product and given it the winning slot. But while technical readers will certainly find this to be the most satisfying program of the lot reviewed here, beginners will be less impressed. The overly modular design, requires you to fully understand the many different aspects of anti-virus protection.

AVG 6.0

Free (additional options around £30)
Updates: Free forever
Contact: Directions Ltd. on 01732 741123
Web site: www.grisoft.com

A good, solid antivirus program that provides everything you'll need to keep viruses at bay. And it's free.

Prevention (5/6)

AVG performed very well in our collection scanning test, and claimed to have been able to disinfect a large percentage of infected files. Those it couldn't deal with were sent to the Virus Vault, an area of the disk reserved for storing infectious files. Some programs have a quarantine feature, which is the same thing. It detected our evil script, found the basic Trojan but could not recognise our custom backdoor. The software includes a file integrity checker for extra safety, and it alerted us to viruses as they were introduced, before they even hit the hard disk. Heuristics, the program's ability to detect unknown viruses based on a program's behaviour, is built in and enabled by default. In fact there is no obvious way of disabling it, which some people prefer to do in order to increase system performance. However, the resident scanner did not detect us accessing the boot sector. This is not a major problem, but some scanners like to keep tabs on such things to catch out unknown viruses.

Ease of Use (4/6)

While technically very nice, the interface is looking quite old now. Advanced settings are reserved for those prepared to buy a license because, although you wouldn't know it from using this program, AVG is essentially freeware. Files can be scanned via a variety of means, including scheduled scans, right-click scans and customisable, pre-set tasks. You cannot keep crucial settings safe from meddling users by way of password protection, which is a slight weakness.

Overall (5/6)

It's effective, relatively straightforward to use and, best of all, free. Experienced PC users should have no qualms about using this product although newcomers would do best to stick with the shinier winner.

Ontrack SystemSuite

Price: £51 (£60)
Updates: Free forever
Contact: Ontrack on 00800 101 213 14
Web site: www.ontrack.co.uk

A full suite of PC utilities that contains an able, if not exceptional, antivirus scanner.

Prevention (4/6)

This is the most limited antivirus program on test here. It was good at detecting viruses during a manual scan, though, finding the vast majority of infected files in the scanner test. It found our standard Trojan but missed our script and customised backdoor. It was slow, though. Very slow, even during 'normal' scans where no viruses are present. As soon as you run a scan the machine virtually freezes, it becomes so busy. There is no scheduling available and no obvious way to enable heuristics (although we suspect that heuristic analysis is there, as an always-on setting). If you want file integrity checking, a virus storage jail and Internet filtering you'll want to look elsewhere. SystemSuite will move viruses to another location specified by the user, but that's about it. The bundle also includes a firewall, which we do not review thoroughly here. It is very basic, though, and Tiny Personal Firewall and Zone Alarm users would be disappointed if they chose to switch to this one.

Ease of Use (6/6)

No doubt about it, this is the easiest antivirus scanner we've ever seen. You can download updates, quick-scan single files with one click of the mouse or pick a hard disk and go for it. But that's it.

Overall (5/6)

Sixty quid is a lot to spend on an antivirus program for a home or small office PC, but bear in mind that you'll also get hard disk utilities, a data wiping program, a Windows Registry editor, system scheduler, firewall, file undeleter, uninstaller and backup software. There is more, but space is too limited to list it all. If you need a general PC toolkit this might be a decent buy, but don't buy SystemSuite for the antivirus package alone.

Panda Antivirus Titanium

Price: £20 (£24)
Updates: one year free, renew licence for 70 per cent of original price
Contact: Panda Software on 0870 444 5640
Web site: www.pandasoftware.com

Friendly, colourful and reassuring, this package is aimed at people who just want to avoid or get rid of viruses without any fuss.

Prevention (4/6)

Panda performed well in the scanning tests, and managed to find our basic Trojan. Simply copying an infected file to the hard disk caused the software to kick into action and sound the alarm. It didn't detect our custom Trojan or our malicious script, though, and neither did it detect our edit to the hard disk's boot sector. Because this program has been designed to be very simple to use there are not a great many options to play with. Heuristics are always enabled, which may impact on a system's performance, although the price of 1GHz PCs these days makes that problem go away for some people. We didn't notice any lack of oompf in our 500MHz test system.

Ease of Use (5/6)

The lack of options does reflect a rather light package of features. You can scan your system, and the resident scanner will catch viruses as they float onto your hard disk, but that's it. Panda makes a great deal of the update system that works in the background while you use the Internet. This is certainly a useful feature, although we like to get a more upfront confirmation that we are up to date with virus definitions. Our one major complaint is that you need to jump through hoops just to scan a single file. Doing whole hard disks is fine, but the lack of an option on the context menu means clicking through at least three screens before setting off the scan. If it's too much trouble you won't bother, rendering the package less useful.

Overall (5/6)

For the price this is a cheerful little program that will do the job of keeping your PC free of the major nasties. If you worry about programs more technical than Windows Notepad, this is for you.

Trend Micro PC-cillin

Price: £17 (£20)
Updates: Free for a year, then £9.97 per year
Contact: Trend Micro on 01628 400500
Web site: www.trendmicro.co.uk

Effective, fast and well integrated with the Web browser, but its inability to stop a harmful script rendered our test machine unusable.

Prevention (4/6)

PC-cillin worked extremely hard in our tests but exhibited a number of blind spots. It picked up our standard Back Orifice Trojan as you'd expect, but missed our customised one. It also failed to detect or prevent our harmful script, which went on to destroy our Windows installation and thus ruined our morning. The program supports code analysis (heuristics) for detecting unknown viruses, but only for macro viruses. We assume this is why it missed our Visual Basic script. It also failed to detect a change to the boot sector and lacks the ability to check and record the integrity of files, which is a shame as this is a useful fallback for detecting virus activity. Another small point worth mentioning is that the setup program insists on performing a virus scan before allowing the installation process to commence. While it is probably a good idea to give this as an option, it was irritating to be forced to wait before setting the installation on its way.

Ease of Use (6/6)

Appearing as a standard Windows program with a nifty side-bar for navigating between update windows, scanning wizards and a quarantine section, PC-cillin is reasonably straight-forward to use. Because it lacks some of the configuration options available with the others there are less knobs and dials to play with - and set incorrectly. Simplicity is often the best policy with critical programs like virus scanners, and PC-cillin strikes a good balance.

Overall (5/6)

Had this package not fallen at the last hurdle and allowed our machine to die, as well as harbouring a Trojan we would have considered it for first or second place. As it is Trend Micro needs to sharpen up its heuristics and enhance script protection.

Norton AntiVirus 2002 [Recommended]

Price: £30 (£35)
Updates: Free for the first year, renew annually online for £6.98
Contact: Symantec on 020 7616 5600
Web site: www.symantec.com

Fully-featured, easy to use and very effective, Norton is a fine choice for those who want lots of options and a little hand-holding.

Prevention (5/6)

Symantec has done nothing to spoil its reputation as a purveyor of fine PC utilities. Its home antivirus product works well, detecting and repairing thousands of the infected files we flung at it. It detected our script, after it was run, and nuked our Trojan as soon as we downloaded it. However it didn't recognise our customised version of the Back Orifice Trojan, disguised using a technique popular in the darker sides of the Internet. The system did notice when we changed the name of the hard disk volume, throwing up its own light-blue warning screen. This is very useful (if a little alarming to begin with) because should an unknown virus try to infect the boot sector it will get picked up on immediately. Norton also stopped our destructive home-brew script from running, but only at the point we tried to run it. If the script had run successfully we would have needed to reinstall Windows, so it was a relief to see the warning jump onto the screen. The software includes integrity checking, which usually means it takes a close look at key files and memorises how they should be. If an important file like the Windows Registry has been infected the system should recognise that something is up and raise the alarm. However, in this case only the boot records are examined.

Ease of Use (6/6)

This utility is very easy to use due to its simple menus and logical layout. You can scan from a right-click menu, schedule regular scans of particular folders or disks, and manage the quarantine area where infected files can be imprisoned - all without needing to think too hard. You can tell which options have been selected or ignored from a single, clear display, so there is no excuse if you forgot to turn on your resident scanner. Updating is a piece of cake, with Norton's LiveUpdate utility handling the hard work. This can be configured to check quietly or alert you when updated files are available. As with McAfee's offering, virus definitions and engine updates are downloadable automatically when available. Password protection is available, but only for the quarantine area. This stops you or others mistakenly unleashing a virus previously banished to this virtual prison. It does not stop reckless people disabling the Auto-Protect resident scanner.

Overall (6/6)

We are pushed to choose between Norton AntiVirus 2002 and McAfee VirusScan Pro as this month's winner. Before you rush out and buy the McAfee option do a quick price check and choose the least expensive - they'll both do the job admirably. Alternatively, download trial versions of each and see which one you prefer. We prefer McAfee because we feel it's marginally simpler to use and provides the same level of features as the Norton program.

McAfee VirusScan 6.02 [Top 50]

Price: £30 (£35)
Updates: Free for one year, upgrade
Contact: McAfee on 0800 092 7160
Web site: www.mcafee-at-home.com

It works well, it's easy to use and it won't make a hole in your pocket. This is our choice of anti-virus product for all-round value.

Prevention (5/6)

We had to use someone's virus collection to test the products here, and as we choose to use McAfee's, we weren't too surprised to see VirusScan perform very well in this trial. However, we were determined not to give McAfee an easy ride. We didn't want to over-emphasise this test by publishing the exact number of viruses in the collection picked up, disinfected or quarantined by each program. And it certainly wouldn't have been fair to base our tests on the McAfee collection alone. This is why we ran our additional tests with the Trojans and a basic home script. VirusScan was able to detect and quarantine our basic script and Trojan files, but missed our customised version of Back Orifice. This is a bit of a worry because we created it in five minutes using free software readily available from the Internet. We didn't have to go underground to get these files (they are out in the open), but we won't tell you exactly how we did it, for obvious reasons. Given that all but one of the products tested here missed our home-grown Trojan, it's clear that a firewall (which would have blocked the Trojan from working) is an essential partner product to your antivirus software. In all other areas VirusScan was very impressive. It has a quarantine feature, can protect settings with a password and even comes with a special backup program called Safe and Sound that saves copied of files as you use them. You can restore your work from these backups should any important files become terminally infected. It's just as well that this backup software is included because the package lacks a file integrity checker. It's not a terrible omission, but any extra safety nets are handy as long as they don't take up too much processor power. Bear in mind that running Safe and Sound or similar software will slow your PC down, though.

Ease of Use (6/6)

One-click scanning and fairly intuitive tools, such as the quarantine area, help make this program easy to use. The update system was as painless as they come, and it's quite easy to dig down to the advanced settings when you want them. Which brings us neatly on to mention that all of the heuristic settings are buried under a number of menu levels. We initially found them by accident, and you need to follow the same contrived path to set heuristics for e-mail and download scanning. At this point the Windows XP-a-like interface zooms back a few years in time and starts looking like a Windows 95 program. Odd. Internet filtering is simple to set up. It can deflect potentially damaging Java and ActiveX objects that may be present on some Web pages. While the likelihood of finding such pages is low, authors of recent Web-based worms have started exploring such possibilities. Sites can be blocked according to their Web addresses or IP blocks. For example, you can prevent users on your computer accessing sites that fall in the range 192.68.1.1 - 192.68.254.254, if you so wish.

Overall (6/6)

Because VirusScan was allowed to take the virus detection trial on its home pitch, we were particularly critical of its performance against all our other tests and criteria. At the end of the day, though, it comes through brilliantly. It does everything you'll need, works well as a single program, and we know from previous experience that it plugs into McAfee's Personal Firewall 3 seemlessly. A quality firewall/antivirus combination is a very sensible thing to have on any Internet-connected Windows PC. If you'd like to try McAfee's online version of VirusScan, visit www.mcafee.com, where you'll be able to use the service free for 30 days. It uses the same engine as this program but costs about half as much for a year's subscription.

First Published in Computer Buyer, issue 132, May 2002.

The above article is © Dennis Publishing Limited 2002. UK property of Dennis Publishing Ltd. This article may not be reproduced or transmitted in any form in whole or in part without the written consent of the publishers.