|
|
Written by
Dave
5 Star Support Security Specialist
02-12-06
This paper will
compare the current, commonly available anti-virus program offerings on the
market. I am not going to state that I am the utmost authority on the
subject, but will give you my take on them based on using the programs and
comparing them against each other in a real-world environment on my test
machines. I am also not going to try to tell you what you should get or buy.
That is entirely up to you, and is a decision I cannot make for you. I base
my opinions on actual product use over a period of time, and will simply
share my thoughts and opinions with you.
Testing on all programs was done by downloading and installing a fully
functional trial version into a test box equipped with a some already
installed benign test viruses, as well as some penetration testing and hack
tools placed in folders. How well the program worked was evaluated by how
long it took to find these items, as well as how many files and folders were
scanned, how thorough the scan was, and long the scan took. Available
on-line test viruses were also used in order to test reaction and reaction
speed to incoming threats. Further testing was also done by use of email
with various test virus attachments, some imbedded in zip files.
<>Symantec Norton-
This is perhaps the most widely known and used product available. Symantec
has an excellent reputation that is aided by a great marketing approach. It
has been included as a free trial program with new PC’s from almost every
major computer manufacturer for a number of years now. Most people are
reluctant or resistant to change, so if you already have it on your
computer, why switch to something else. The product is packaged a number of
different ways, and is available as a stand alone, as part of Norton System
Works, part of the Norton Internet Security package, and also in multiple
forms of enterprise packages designed for business use. From this one
company, you can get anything from a simple anti-spam product to an
enterprise firewall appliance, and just about anything in between.
Symantec Norton is also to be credited with making free on-line scans
available, as well as free anti-virus definitions in a library, along with
free removal tools complete with removal tool usage instructions. This has
helped many a computer user, I’m sure. I have used these tools from time to
time, and they do the job well.
Symantec has purchased a number of security product companies in recent
years, designed to keep them in the number one slot in this area, with new
efforts in the enterprise and commercial market areas. Recent purchases or
merges include Sygate and Veritas. Sygate will definitely improve their
firewall technology, while Veritas will greatly improve their enterprise
efforts.
The products offered, in my opinion, are fairly user friendly, and easy to
use. From time to time, some of the updates offered through Live Update, the
internal program update service, have not installed completely or properly
for some users. To prevent these sorts of problems, I recommend that if you
use the products, be sure to be logged on as an administrator when you
update the program. Some updates will simply not install properly if you are
logged on as a general or limited user. Unfortunately you are not warned
about this prior to updating.
The changes I see in the last 5 years is that the product’s footprint has
become considerably larger, and it takes a somewhat heavy use of system
resources to keep it running. The Internet Security suite will consume at
least 40 MB of memory from most systems if parental controls are used.
During this same 5-year time span, the reaction time from release of a new
threat to having a definition signature and removal capability available for
update has increased considerably.
Overall, Symantec is definitely on top of the heap when it comes to security
software, and they will probably remain there for quite some time. The
products do what they say they do, and for the most part, the average user
will be satisfied with their offerings. Just remember my recommendation to
be logged on as administrator when using live update.
If you need help and cannot get the information you want from the rather
large web site offered by Symantec, phone assistance is available, but will
cost you $29.95 per incident.
<>McAfee-
Second place in the popularity race goes to McAfee. Similar to Symantec,
they offer a number of different security products and packages. They also
have packaged their product as a free trial with a number of PC
manufacturers so the product will be already installed on a number of new
PC’s. In recent years they have their products installed on most new Dell
computers.
The products are user friendly and easy to both use and update. In practical
every day use, things are very straightforward and simple, and many tasks
can be automated making it almost a set-it and forget-it product for the
average user.
From an enterprise standpoint, the company has many commercially oriented
offerings that will protect everything from server groups to individual
workstations and stand-alone units. Further, there is a division of McAfee
called Foundstone Labs that offers a series of professional grade tools for
the IT security professional that I feel are almost without peer. Many
professionals consider these tools to be absolutely essential to their
arsenal, and I wholeheartedly agree.
For the average user, this is a very sound product that makes things simple
and easy to use. The footprint is compact and very efficient, and has a fast
reaction time to threats it is able to recognize. It is a product that is
easy on system resources, and efficient in all respects.
Similar to Symantec Norton, McAfee maintains a rather large web site to
answer most questions, but if you need help from a real person, it will cost
you $39.00 per incident.
<>Panda Antivirus-
Panda Anti-virus is probably one of the easiest to use products available.
The user has a great comfort level due in part to the ease of navigating
through the product provided by great interface screens. The product also
comes with anti-spyware functionality that is a bonus.
The program is very easy on system resources, and even system scans do not
slow the computer appreciably. Viruses discovered are easily dealt with
requiring minimal interaction from the user. For the average user, these are
all definite plus points to consider.
In my opinion, the only downsides to the program is the anti-virus
protection and virus definitions are not top ranking in that the definition
library is not as large as Norton or McAfee, and reaction time is not as
quick. Also, if you need technical support, it is available by email only.
No phone assistance of any kind is available. Unfortunate.
<>PC-Cillin-
PC-Cillin from Trend Micro offers the Internet Security package that is a
comprehensive bundle consisting of anti-virus, firewall, anti-spam, anti-adware,
and anti-spyware, all in one package. This may be possibly a bit confusing
for some users. The anti-virus part of the product works quite well, the
updates are fast and frequent, and the definitions database is huge as well.
The anti-virus part of the package ranks right up there with some of the
best.
In my opinion, the firewall presets miss a few too many points for my
personal liking, and protection is better for incoming than outgoing
packets. Because it represents a complete solution package, some features
may be complicated for the average or new user, and a bit difficult to set
up the way you want it. Customer support is very good and available by a
toll free 800 number. A definite plus if you get into difficulties.
Although an all-in-one package, my opinion is that the anti-virus portion is
very good, but the rest of the package is not up to par with it. The
firewall was definitely the weak point in my opinion, and the Spyware/Adware
scans missed some things that I feel should have been picked up.
<>EZAntivirus-
The name is exactly what it implies and it lives up to that name. After
downloading, you enter the passkey, and the program installs and does just
about everything else on its own. The interface is very clean indeed, and it
really is a set-and-forget type of product. System scans run fast, and the
program is pretty light on system resources.
This is a good product for people who don’t want to have to pay attention to
details or worry about settings and such. Just install it and leave it
alone.
In my opinion, the one downside is customer support. You have a choice of
being patient with email support, or shell out $49.99 per incident.
<>Bit Defender 9 Standard –
This is a great product if you are looking for a install it and forget it
program. It features low cost, and simple installation and operation.
Updates are done either manually or automatically. You can also set scans to
run at convenient preset times.
The program comes with many features complete with pop-ups to alert you to
what is happening. If you find this annoying, you can always go into the
settings and turn them off. The program is very efficient, scans are fast,
and system resource usage is low. The program interface is simple and easy
to use. These are all definite plus factors.
Customer support is via the web site and email. No phone contact is
available.
<>Kaspersky Antivirus Personal 5.0-
This program was developed for the more advanced user. The install goes
smoothly as long as you read and follow the instructions. The program
features highly advanced detection techniques, and automatic removal of
viruses after files are backed up. The program pre-sets are more than
sufficient for less experienced users, and after installation, very little
attention or program maintenance is required from the user. Updates are
frequent and Kaspersky has the fastest reaction time in the industry to new
threats released into the wild. The virus database is huge, and the program
offers many advanced features and settings for the more advanced user. The
interface is very good and makes these settings and features easy to use.
Because of the program’s size and complexity, the two-stage download and
initial set of updates are quite large, but well worth the time involved to
complete them. If the size and complexity scares you, there is good phone
support available via an 800 number.
<>AVG Antivirus Professional-
AVG Antivirus Pro is from Grisoft. A very good yet very easy to use program
that is both easy to download and easy to install. The interface is simple
and easy to understand. Unlike many products from its’ competition, AVG can,
in many cases, ‘heal’ infected files without deleting them. I have never had
to repair the registry, nor have I had to repair or reinstall a file after
virus removal with this software. I cannot say the same for some of the
other products I have tried. Updates are very frequent to the huge database,
and are performed either manually or automatically. If auto updates are
selected, you can expect them at least daily. Priority updates are flagged
as such by AVG and the program looks for them on a regular basis, not just
on the update schedule you specify at a daily time. Scanning can also be
manual, or on a convenient user selected schedule. Removed items are
quarantined in a vault that can either contain them indefinitely, or allow
them to be deleted by user choice.
Overall, the program is simple to set up and use, and very fast. Reaction
time to incoming threats from both Internet and email sources beats anything
else I have used. All email is scanned, both incoming and outgoing. Once you
set things the way you want, you can forget it for the two-year (that’s
right – two-year) license agreement. Scans are very fast and very easy on
system resources.
Product support is by email. I was at first put off a bit by this, but have
found the response from the technical staff on a 24/7 basis is quite fast.
Any email I sent was answered in great detail, usually within a couple of
hours or less. The other thing that impressed me was that my questions were
actually read in detail, and no ‘canned’ answers were returned for my
questions. Response time to new threats released into the wild is in the
middle of the pack, and actually beats most of the big boys in respect to
how fast definitions and removal tools are written. In short, this is a
great product in all respects, and easy on the pocketbook as well.
<>Summary-
Here is how I would rank the above programs based on the criteria I feel are
most important to the user and to his system. All are ranked on a scale of 1
to 10 with 10 being the best.
|
Product |
Overall Price |
Effective
|
Support |
Ease/Use |
|
AVG Pro 9 |
$38.95 |
9 |
7 |
10 |
|
Bit Defender 8 |
$29.95 |
9 |
6 |
9 |
|
EZAntivirus 7 |
$29.95 |
8 |
4 |
9 |
|
Kaspersky 6
|
$34.99 |
9 |
8 |
5 |
|
Norton 5 |
$39.99 |
8 |
4 |
8 |
|
McAfee 5 |
$34.99 |
8 |
4 |
9 |
|
Panda 4 |
$49.95 |
7 |
2 |
6 |
|
Trend 3 |
$49.95 |
8 |
7 |
4 |
Please keep in
mind that any anti-virus program is only effective if the definitions are
kept up to date. Only you can ensure this happens through either manual
frequent updates, or by the auto-update settings from within the program.
This is probably the single most important factor determining your
protection. The speed with which the vendor reacts to new threats, as well
as the speed and frequency of updates they make available is also taken into
account in my rankings above.
<>Company use –
Before closing, I want to remind the reader that these programs and rankings
are for personal use on stand-alone computers. In a corporate environment
where server-workstation conditions exist, the picture is considerably
different, partly due to the presence of an IT staff making program
complexity a moot point, and because different programs and vendors come
into play.
Without taking a lot of time here by getting into a really complex article,
I would recommend the following for company or commercial use:
-
SOPHOS –
just plain nobody beats SOPHOS in this arena. Their definitions are
first-rate in both quality and speed, and the product is updated hourly
(yes, hourly). Scans are very fast, very deep, and very thorough.
Customer support is awesome as well.
-
Kaspersky -
I pick them because of their unbelievable and unbeatable speed when it
comes to dealing with new threats. Huge database. Customer support is
very good.
-
Trend Micro
PCCillin - Again, with an IT staff, product complexity is a non-issue.
Updates are multiple times daily and scans are very fast and thorough.
-
McAfee –
Good database, fast response and scan times, very small footprint, good
customer support, good variety of both software and hardware is
available.
-
Symantec
Norton – Great database, thorough scans. Program needs a lot of system
resources and customer support can be costly. Variety of both software
and hardware (appliances) is large.
If you are
going to research this on your own, keep one thing in mind when comparing
how fast an AV company responds to new threats. Releasing a new signature,
detection rules, and removal tools is not a simple or easy process. Quality
should also be considered. The larger companies have very strict quality
control procedures in place to ensure that problems are not created for the
user. This kind of quality takes time to produce, so don’t let reaction time
to new threats become your single deciding factor in choosing a program.
Sure, speed is great, but it won’t help you much if the threat removal
process is incomplete or causes other problems afterwards.
It is my sincere hope that the above information helps you weed through all
the choices available for an anti-virus product and assists you in making an
educated choice that will work well for you and help keep your computer(s)
safe and secure.
Please remember that after installing an anti-virus program, you are not
fully protected yet. You also need to have a firewall, and anti-Spyware/Adware
programs to defend you as well. My intent is to cover these subjects in
future papers here on the Security Center. Until then …
Regards,
Dave
[Top]
|
|
