14.7 Antivirus Product Review

Team-Fly

	Malicious Mobile Code: Virus Protection for Windows By Roger A. Grimes Slots : 1
	Table of Contents
	Chapter 14.  Defense

With over 50 antivirus products to choose from, it is hard, and sometimes unfair, to pick a favorite. I look for a reliable product that is easy to install, manage, update, and that fits the environment. With that said there are a handful of names that have been around in the industry for a decade or more and they have matured along with the new threats. Although this is not an inclusive list, the following vendors have proven themselves to be strong contenders in the antivirus market: McAfee, Symantec, Trend Micro, F-Secure, Sophos, Frisk, and Computer Associates. Any product from them is in the upper echelon of their class. Most of these vendors also have the distinction of having a wide range of products, so that the vendor that protects your desktop also protects your email server and protects your PDA.

I have used almost all of these products over the years and each is outstanding. Each also has its strengths and weaknesses. I encourage anyone looking for good antivirus software to consider these vendors. That said, I do not have room to summarize each one, but I will briefly single out one vendor as an example.

14.7.1 Symantec's Norton Antivirus

Symantec's Norton AntiVirus is one of the most popular antivirus software packages. It has dozens of products under its Norton AntiVirus flagship, including protection for Windows, OS/2, DOS, Macintosh, Exchange (Alpha and Intel versions), Lotus Notes (NT and AS/400), Netware, corporate and personal firewalls, gateways, PDAs, intrusion detection, and vulnerability scanners . A common company setup is Norton AntiVirus for Microsoft Exchange, Norton AntiVirus Corporate Edition for desktop PCs, and Norton AntiVirus for Gateways. The Norton Antivirus for Microsoft Exchange scans all incoming and outgoing emails and attachments. If a user is sent an infected email, the email is cleaned, and the recipient and the sender receive customized messages asserting the same. In Figure 14-7, Norton AntiVirus for Exchange is summarizing the statistics for an email server.

Figure 14-7. Norton AntiVirus for Exchange statistics screen

The use of the VAPI interface results in Unknown location on the summary screen. Even though it says the average time it takes to scan an email is 140 milliseconds , emails with attachments will open noticeably slower.

Figure 14-8. Creating a customized message in Norton AntiVirus for Exchange

Figure 14-8 shows a custom message that can be sent to recipients and senders of infected messages. Norton's standard message can be customized to add company messages and numbers to the help desk. Alerts can also be sent to administrators. You should also notice that both examples show Norton's Web interface.

Norton AntiVirus Corporate Edition protects servers and clients . The server portion installs on file servers and protects them, and it also contains a client desktop component. The server can force a desktop install when the user logs on to the network. Installation and updates can be pushed to other servers and desktops from the primary server. Snap-ins for Microsoft's Management Console are used to administrate the Corporate Edition. Quarantine servers can be set up to store files that Norton could not clean. Figure 14-9 shows the main desktop configuration screen.

Figure 14-9. Norton AntiVirus desktop configuration screen

Figure 14-10 shows the real-time desktop protection going off when I attempted to download the EICAR test string. The test string is a good way to verify if the desktop or server scanning protection is working.

Figure 14-10. Example of real-time desktop protection kicking in against EICAR test string

While Norton AntiVirus is an excellent antivirus suite, there are several other venders with solid packages, too. When considering an antivirus scanning package, remember the traits I listed earlier. Determine ahead of time what you are trying to protect, what platforms you need to cover, check out reviews, and try two or three packages before you lock into one particular vendor's solution. It takes time to choose correctly, but even longer if you choose the wrong solution.