• PC World
• » Software
• » Antivirus and Security

How the Programs Performed

Known viruses: We began our tests by downloading the latest virus signature updates on April 20, 2001, and running on-demand scans of a plague-ridden hard drive containing 225 viruses from the March 2001 WildList. Three products--F-Secure Anti-Virus, Norman Virus Control, and Panda Antivirus Platinum--caught every virus on the list. Two others--McAfee VirusScan and Trend Micro PC-cillin 2000--each let a single invader get by. Norton AntiVirus 2001 missed the file MSIE-A.EXE--a dangerous payload of the well-known JS/Unicle.A-mm virus. PC-cillin missed a lesser-known variation of the LoveLetter virus called VBS/NewLove.A-mm, while Sophos missed six viruses.

We examined each scanner's on-access performance by copying the viruses to a new location on the hard drive. While F-Secure had a perfect score in our on-demand testing, it missed five viruses in its on-access scan, including two common viruses--Happy-99 and KakWorm.

Speed: We saw even greater performance variation in the time it took for each scanner to run on our Pentium III-550 test system. Norton was the speed champ: Its average for three scans was just 3 minutes, 47 seconds. Norman trailed at a leisurely 23 minutes, 30 seconds. Speed isn't critical to virus scanning--it's accuracy that matters. The quicker a product is, however, the more likely you are to use it regularly. You could probably set a Norton on-demand scan to run during your coffee break. With Norman, you'd have to get lunch.

Unknown viruses: With new viruses spreading faster than rumors, you may not be lucky enough to download the signature for a new nasty before you catch it.

We tested the programs' effectiveness against unknown viruses by arming them with signature files from April 20, then running them on a hard drive with 63 variations of 33 viruses that were added to the April and May editions of the WildList stored on it. It is important to note that this technique did not test heuristics only: Our April 20 signature files may have already contained signatures for the new viruses or other variants of the viruses that could be used to catch them.

Panda was the only utility to catch every new virus in this test; F-Secure missed just one. McAfee and Norton missed two and three viruses, respectively; Norman missed six; and PC-cillin missed ten.

McAfee VirusScan and Panda AntiVirus Platinum were the only products that found the Homepage virus, which was discovered in May and wouldn't have been included in any of the April 20 signature files.

Look and Feel

On-access: There is very little difference among the programs in the way they behave during on-access scanning. They all launch automatically at system start-up, and they indicate their presence with an icon in the system tray.

Four of the products--McAfee, Norton, Panda, and PC-cillin--also caught viruses that were attached to an e-mail message. For this trick, the utilities create a local proxy--a program that scans an e-mail message before delivering it to the recipient's in-box. If the programs detected a virus, it could be deleted before it could infect the system. F-Secure, Norman, and Sophos don't scan incoming e-mail, but their on-access scans did catch the infected file.

On-demand: In contrast to automatic on-access scanning, on-demand scans require that you take charge of the process. Panda Antivirus Platinum has a utilitarian but very navigable interface that makes it easy to use but still allows a high level of control in setting up scans. You can scan specific files or file types and schedule scans to run automatically.

Most of the products have coherent, navigable user interfaces. Norman's Virus Control is an exception: It's unduly confusing because it breaks the interface into a half-dozen components, making it difficult to find the controls you need. Norton and McAfee have some consistency problems. Their main control panels offer a translucent, Mac-style appearance, but other components retain a dull, boxy look seemingly left over from earlier versions. McAfee VirusScan's components are also poorly integrated. The system tray icon, for instance, has a pop-up menu that appears to let you change program settings, but those settings persist for only one session. So if you close and restart your e-mail client--to take just one example--you'll find that the e-mail scanner is disabled, even though you have instructed the program, via the icon, to keep the e-mail scanner always enabled. To make permanent setting changes, you must launch a separate part of the program from the Start menu.

Stay Current

An antivirus scanner will be most effective when it has the latest virus signature files. We recommend that you update your virus signatures weekly to make sure your antivirus program can deal with all of the latest threats.

With that in mind, we paid special attention to ease of updating. Five programs--F-Secure Anti-Virus, Norman Virus Control, Norton AntiVirus 2001, Panda Antivirus Platinum, and Trend Micro PC-cillin--automate the process: Whenever you establish an Internet connection, each program checks its company's Web site for signature or product updates, then downloads and installs them. This feature is enabled by default for Norton and PC-cillin, but the Norman and Panda utilities require you to turn it on. With F-Secure, you must install a separate automatic update program--something that F-Secure's manual does not cover.

McAfee and Sophos have the least automated updating, requiring you to visit their Web sites or to initiate an update from within the program manually. However, McAfee does provide scheduled update reminders, and all of the programs include a one-year subscription for their virus signature updates.

Don't Panic

Finding a virus, or a suspected virus, on your system can be unsettling. Fortunately, none of these utilities heightens the anxiety by alerting you with sirens, flashing lights, or images from teen slasher movies. But the alerts from PC-cillin and Sophos, though subtle in design, are likely to cause the most undue stress because they sometimes pop up when there is nothing wrong. In our testing, PC-cillin falsely identified three benign bits of code as malicious and Sophos logged four. None of the other programs here gave false positives in our testing.

If your scanner does detect a real virus, you will likely have several options for dealing with it. Like surgeons removing a tumor, antivirus utilities can repair a damaged file by snipping out the viral code and stitching the original file back together. All the programs successfully removed a range of viruses and repaired previously infected files of different types well enough that we could once again read the data in those files.

You may also see options to ignore the alert, delete the infected file, or place it in quarantine--a section of your hard drive where you cannot accidentally run or open the file. Quarantining a file also lets you isolate a new virus and send it to your antivirus vendor for analysis. Norton AntiVirus 2001 and PC-cillin can also automatically send the virus.

These antivirus products differ in how well they explain your options when a virus is detected. McAfee, Norton, and PC-cillin all provide good information as to which virus has been detected and what they intend to do about it, but F-Secure wins our highest praise: Its dialog box alert includes a Virus Info button that links to a description of the suspect code. All the companies post on their Web sites extensive, detailed descriptions of every virus their programs scan for. Sophos takes the strong, silent approach by simply suggesting that you "refer to user manual for further details."

When it comes to printed documentation, though, Sophos takes top prize. The package includes a thoroughly illustrated installation guide; a detailed, spiral-bound user manual; and an informative, very readable book called Computer Viruses Demystified. Like most of the other vendors, Sophos also includes PDF versions of its printed documents on the package's installation CD-ROM. Norton AntiVirus provides the best disc-based documentation, including four instructional videos.

Get In and Out

We didn't run into much trouble installing any of the programs, although Symantec's Norton AntiVirus was the hardest utility to install--it required a disruptive restart midway through the process and another restart to install the updates.

We experienced a slight glitch while installing Panda Antivirus--although the program has a built-in registration utility, Panda no longer supports it. Instead, the company wants you to register via its Web site. Our review copy didn't contain any information about the change, but Panda has since added a note to all packages informing users of the new procedure and providing step-by-step instructions. The Web-based registration, while less convenient, went smoothly. Although you can run the program without registering, registration lets you download virus signature updates.

Norton AntiVirus was difficult to remove from our test systems because its uninstaller leaves traces of the program on the hard drive. That can be a problem: Some antivirus programs will refuse to install if there is even the slightest trace of another one still on your PC.

Uninstalling Norton was a snap, however, compared with uninstalling Norman Virus Control--the version that we tested lacked an uninstaller and failed to appear in the list of applications under Windows' Add/Remove Programs applet. Norman subsequently provided us with an updated version that does uninstall via Add/Remove Programs.

Sean Captain is a PC World associate editor.

• See more like this:
• Computer viruses,
• virus,
• viruses,
• worms,
• bugs,
• parasites,
• antivirus programs,
• anti-virus,
• F-Secure,
• Network Associates,
• McAfee,
• Norman,
• Panda,
• Sophos,
• Symantec,
• Trend Micro