View and vote on the article here: What to look for in an Antivirus
What to look for in an Antivirus| Category | | | Summary | | | Body | What to look for in an Antivirus
by kazungu
<hr />
Choosing an AntiVirus shouldn't be a difficult task, but the marketing strategies of some A/V vendors often highlight the strengths and features of their product and skip over the weaknesses and/or lack of certain functions in order to make their product appear better than those of their competitors. The aim of this article is not to evaluate AntiVirus products, but rather explain what features a buyer should look for and what to avoid when shopping for an AntiVirus.
While most antivirus solutions today include these features, we'll go over them briefly and explain what each one does.
Real-time Scanning (sometimes referred to as On-access scanning):
Every file accessed by the user or operating system directly or indirectly is automatically scanned for threats without user intervention. This is a must have feature and any A/V software that does not include real time protection should not even be considered. Real time scanning should have settings that control the level of sensitivity of the virus scan, level of detection (scan inside compressed files), and predefined or customizable actions of how to respond if a threat is found. The latter saves the user from having to wait for a lengthy hard drive scan to finish before being able to select what action the A/V should take.
On-Demand Scanning:
The user specifies what file(s) and/or folder(s) to scan for threats. While almost all antivirus products offer some form of On-demand scanning, some lack the ability to customize the scan to fit the user's needs. A one-click scan my computer and everything under the sun is nice for grandma to have but it takes forever to complete such a scan especially when there are large amounts of data stored on the hard drive(s). Most users prefer to have control over what exactly is scanned or skipped when launching an On-demand scan. Kaspersky AntiVirus for example, allows the user to separate which modules to scan for viruses: Startup objects, System Memory, Mailboxes, My Documents, Removable drives, Network drives, etc.
Script/Macro Monitoring:
Many threats manifest as malicious scripts, whether they are WMI, VB, etc. Monitoring and scanning of script activity is crucial in ensuring an all-around protection.
Real-time POP3 Email Scanning:
In addition to Real time disk/file scanning, email scanning is another important feature a good antivirus should have. Some antivirus vendors even include web mail scanning capabilities.
Scanning of Alternate Data Streams:
Disappointingly, a lot of A/V vendors have not been paying attention to the grave danger of viruses manipulating Alternate Data Streams on Windows NT/2k/XP/2k3 NTFS volumes and storing malicious code in ADS attached to critical system files. Again, Kaspersky A/V comes through in this area as well with its iStreams technology which scans, detects and disinfects malicious objects inside Alternate Data Streams.
Heuristic Detection:
This is the ability to detect unknown viruses not listed in a virus signature database. Symantec's Bloodhound Heuristic Technology is one example. When a suspicious file is found, and there are no matching virus signatures in the database for that type of suspicious code, the antivirus performs a series of tests against that file to determine if it contains malicious code or not. Bloodhound technology accomplishes this by creating a sandbox environment (complete with CPU resources, RAM, storage, etc) and lets that file roam free in that sandbox and monitors what it does. If the file in questions does damage inside the sandbox environment, it is flagged as infected even if there is no specific signature identifying what type of virus this is.
Frequency of antivirus definitions/signatures updates:
An antivirus that has all the features but only updates its virus signature database once a week is not going to be very effective in times like these where new viruses, Trojans, and worms are surfacing daily. Read the product specs carefully and make sure you know how often the vendor releases antivirus updates. Kaspersky A/V is by far the leader in that arena, releasing new updates EVERY HOUR, 24 hours a day. While some other vendors (Symantec) offer daily updates, they only make them available to corporate customers, or to personal users for a subscription fee, otherwise its only weekly updates every Wednesday for Joe Home User if he doesn't want to pay a premium fee to receive more frequent updates.
Clear and Accurate Reporting:
Look for logging of all virus/antivirus activity; look for details on each event. A log file full of suspicious object found without any details on what the object does is no good. A clear and informative antivirus report helps keep the user informed and provides valuable information in troubleshooting or repair efforts later down the road.
Uninstall Password Protection:
To prevent unauthorized removal of antivirus protection, and thus compromising system security, every antivirus product should contain some mechanism to prevent viruses from disabling the antivirus services and monitors as well as protect against script-initiated uninstall commands. There are very clever viruses that look for every running process to see if it matches the image name (executable name) of an A/V product and disables it. Some even uninstall the product after disabling its services. Protecting the software with a simple uninstall password provides effective protection against such attacks.
In summary, a good antivirus product should be able to comprehensively scan, detect and repair threats with great accuracy and speed, be able to download regular and frequent virus signature updates, give the user a decent level of control over how the antivirus should run, what to scan for, how thoroughly to scan certain objects, ability to exclude certain objects from a scan (such as remote admin tools that can be mistakenly identified as threats), provide clear and detailed reporting of all activity, and protect itself from malicious programs that try to disable or uninstall it from the user's system.
I used to use Symantec's Norton Antivirus for many years, until 2 years ago when they started losing focus on what is important in consumer antivirus features. I have since then switched to Kaspersky Antivirus and I am very pleased with its super fast scanning times and extremely thorough level of detection as well as overall functionality, stability and performance. This is not an endorsement of KAV, it is simply my opinion based on my findings and tests but I do highly recommend Kaspersky over Norton and many other antivirus products. McAfee has been a great failure of an antivirus ever since its infancy and it continues to be, so take a word of advice and leave McAfee alone. As for Panda antivirus
. I'm sorry, I just don't feel protected when I hear "panda" :)
<hr />
Written by kazungu (19 December 2005)
kazungu is a member of Knowledge Bank
Edited by Asdf |
|
This article was imported from the CyberArmy University site. (original author: kazungu)
There are no replies to this post yet.
|