The best form of defence -DAWN Science; July 17, 2004

July 17, 2004

Please Visit our Sponsor (Ads open in separate window)

The best form of defence

By Taha Majid

Using a computer without taking protective measures is a huge gamble. As security threats continue to grow at an unprecedented rate, anti virus scanners, firewalls, anti spyware tools and security suites provide indispensable lines of defense. But still there exists a lot of confusion in deciding which tools you need to incorporate in your defensive arsenal to ward off external threats. This article is an attempt to solve one of the biggest areas of perplexity in the computing world today: selecting an anti virus scanner.

Though there are far too many virus scanners available today, only a few are capable of annihilating all of today’s smart, stealthy and destructive viruses that arrive via email or file downloads.

Experts have estimated that new virus strains appear at an astonishing rate of about 200 per month. Furthermore, the probability of an average user falling victim to a computer virus runs about 1 in 30.

When it comes to eradicating germs, there are various possibilities. The most popular virus scanners available today differ radically in features just as they do in names: some have intuitive user interfaces and quick scan times while others have easily configurable update mechanisms as well as seamless virus detection.

Prominent names comprise the likes of Symantec’s Norton AntiVirus, McAfee VirusScan. Trend-Micro PC-cillin, Grisoft AVG Anti virus, Panda Antivirus and Eset’s NOD32 Antivirus. Before deciding on which one to choose, it is essential to consider the following:

Keeping threats at bay

Antivirus programs usually function by “signatures.” Simply put, these are patterns of bytes characteristic to viruses. That’s why it’s imperative for anti virus software to remain updated at all times so that it is capable of busting the latest germs. Virus scanners such as McAfee and Norton work by running each file against an extensive database of over 50000 signatures to detect malicious code.

However, even the best anti virus companies need a few hours to create signatures for their customers to download. Moreover, their products need to be adept at routinely checking for and downloading necessary updates. This is where most antivirus software falls out short, making the entire “automatic” update process so cumbersome that it gets very difficult to even download and incorporate the new signatures in the existing database. For instance, the stand-alone NOD32 antivirus requires you to provide a valid username and password every time you attempt to update it.

In stark comparison, McAfee VirusScan just requires you to register an account online after which it automatically updates itself from time to time, without any user intervention.

As a direct consequence, many firms rely on other techniques, such as heuristic detection, to catch infectors not included in their database. This works by analyzing the program code in a file for characteristic virus behaviour. However, since heuristic analysis is very time-consuming and dicey as compared to signature-based scanning, it isn’t recommended for ultimate protection.

False alarms

A good antivirus application is expected to give the minimum number of false positives; otherwise, critical system files may end up being deleted or quarantined.

According to the tests conducted by AV-Test.org, a project of the Otto von Guericke University Magdeburg, in Germany, and AV-Test GmbH, the antivirus program known as PC-cillin was the best in giving no false positives, whereas NOD32 was the worst, followed closely by Panda and AVG. As expected, Norton and McAfee were very good in this regard, giving only a few false alarms.

If you’re computer is infected, identifying the type of malady and making a diagnosis can be very complicated on the user’s part. That’s why many users prefer programs that by default either provide advice or automatically take an expedient action without involving the user.

Keeping this in mind, Norton AntiVirus, Panda, McAfee and PC-cillin, make the process look too easy and take the preferred action, such as repairing, deleting or quarantining, entirely themselves.

Other programs such as NOD32, are particularly ambiguous, requiring you to repeatedly dig into the program to make the appropriate adjustments every now and then.

Resource hogs

Contrary to popular belief, running an antivirus application in the background does slow down a computer system considerably. That’s why many game vendors recommend shutting down all programs running in the background in order to squeeze every bit of performance from your system.

Different scanners have different impacts on a system. After extensive testing, Norton AntiVirus emerged as the most sluggish of all virus scanners as well as a major resource hog.

But how can you tell? It’s simple, with Norton Auto-Protect enabled, system startup and shutdown times increased considerably as compared to a system without an anti virus. Compare that with PC-cillin or NOD32, and you will see the difference immediately. To tell the truth, NOD32 is by far the only anti virus that has minimal impact on system performance, startup and shutdown times.

Scan times

An important factor in deciding which anti virus to choose is the time it takes to scan an entire hard drive. NOD32 anti virus, undoubtedly, had the fastest scanning speed in this regard, followed by AVG and PC-cillin, while Norton AntiVirus had the worst. McAfee and Panda turned out to be average performers.

Virus detection

Though the main purpose of an antivirus is to thwart “malware” (any malicious programs capable of causing damage) from causing system-wide havoc, only some programs manage to really excel in this area.

Out of all the tests conducted by AV-Test.org, including those on malware, Trojan horses, polymorphic viruses, Backdoor channels as well as Visual Basic Script (VBS) viruses, there were two clear winners, with unsurpassed detection rates: McAfee and Norton. They were followed by PC-cillin, NOD32 and Panda antivirus.

AVG anti virus turned out to be a huge disappointment, mainly due to its severely crippled Trojan horse detection ability.

Final verdict

So which antivirus is best suited for you? Though all programs have their pros and cons, if you’re running an older PC, Eset’s NOD32 antivirus is a fine choice, for it has no known performance issues and works like a charm, without gobbling up too many resources and bringing the system to a grinding halt.

On the other hand, if you’ve been a die-hard Norton fan all your life, you are recommended to look elsewhere since the latest version of Norton, just like its predecessors, has adverse effects on system performance. If you have plenty of system resources in reserve and you don’t mind the your system going sluggish, Norton would be a suitable choice too.

Several firms have started developing complete security suites for a one-stop solution to all your needs. For instance, Trend-Micro’s PC-cillin Internet Security 2004 combines a spyware catcher, an anti-spam scanner, a firewall and an antivirus all bundled into one neat package. Symantec, McAfee as well as Panda have introduced similar packages too.

If you just need a capable anti virus, opt for McAfee VirusScan 8. Out of all its rivals, McAfee not only has the finest virus detection but also the best update mechanism that requires little or no involvement on the user’s part.

Free apps

If you wish to try out some of the products mentioned above, point your browser to any of the links mentioned below and navigate to the downloads section. Most of these downloads are only evaluation copies.

— Trend Micro PC-cillin Internet Security 2004

— McAfee VirusScan

— Norton AntiVirus 2004

— Panda Anti virus

— Grisoft AVG Anti virus

Eset NOD32 Anti virus

The writer is a young scholar of Karachi Grammar School

Please Visit our Sponsor (Ads open in separate window)