• PC World
• »Software
• »Antivirus and Security

In May 2000, the LoveLetter (aka ILoveYou) computer virus became one of the most successful such viruses in history, infecting millions of PCs around the world through an e-mail message that claimed to be a love letter. The message's attachment was actually an updated version of the cleverly written Melissa virus that automatically sent itself to everyone in a recipient's address book, bringing misery to countless computer users and businesses as e-mail systems became clogged with LoveLetter copies.

At one time viruses crawled from PC to PC via the sneakernet of traded floppy disks, but today they race about the planet over e-mail and corporate networks, with the potential to spread to millions of machines in a matter of hours.

Fortunately, PC infections are preventable. A combination of common sense and an antivirus program can keep your PC healthy (see "What to Do About Viruses" for pointers).

Since our last roundup of antivirus programs, significant developments have occurred in the antivirus world. All the programs we looked at have undergone major revisions and have new features designed to catch the latest viruses. We reviewed seven leading antivirus utilities for use on stand-alone home and small-office PCs, though F-Secure and Sophos are designed mainly for networked enterprises (and are priced accordingly).

To evaluate the efficacy of these applications, we asked virus expert Joe Wells, founder of the volunteer WildList Organization International, to test the ability of each to find viruses, destroy them, and repair the damage they cause. To provide a realistic test of the types of threats these programs will face, we exposed them to all the viruses on the March version of the WildList--a widely recognized roster of malicious programs. The list, updated monthly, identifies about 200 viruses that currently infect PCs. For more on our testing procedures, see "How We Tested."

We also evaluated how easily a nonexpert could install and run the programs, configure them, set up scans, and update the list of virus signatures (the unique parts of viruses an antivirus program uses to identify them). Finally, we examined what happens when a utility detects a virus and the solutions it offers.

Know Your Enemy

An antivirus utility searches for and tries to eradicate three types of malicious code: viruses, worms, and Trojan horses; of these, viruses are the best-known. Once a computer virus infects a file or a program, it can quickly spread from a single system to an entire network of PCs. And some viruses deliver a payload--a secondary program that can be harmless or wreak havoc. Like a hit movie, a successful virus often leads to sequels and knockoffs--variations on the original.

Worms originally spread between machines by exploiting operating-system bugs, but today's worms copy themselves over e-mail. The BubbleBoy virus, for example, uses the scripting tools built into Microsoft Outlook. As soon as someone receives an infected e-mail message, the virus sends itself to everyone in that user's Outlook address book.

Trojan horses come disguised as other programs, but like the Greeks in their mythical wooden horse, these sneak programs can give their creators access to the host system. The well-known hacking tool BackOrifice, for example, is usually sent hidden within another program (such as a game) that the victim runs.

Antivirus utilities commonly catch viruses by scanning the files on your PC and comparing them to a library of virus signatures, each of which identifies a particular virus. Unfortunately, this means someone must first suffer an infection before the virus signature can be developed. For scanning to be effective, users must regularly update the utility's virus signature database, or the program won't have signatures for the newer viruses.

To trap viruses that the antivirus companies have not yet analyzed, antivirus utilities use a method called heuristics; that is, the programs scan not for a particular signature, but for certain types of behavior. This technique can lead to problems, however, when the utility mistakes an innocent file for a virus (a result known as a false positive). Other antivirus programs are common sources of false positives, too: If you install one such program on top of another, the new program may assume that the virus signatures of the original program are viruses.

Users can scan for viruses either on demand, by telling the program to search every file on a disc (or a selected directory) for viruses, or on access, by setting the program to look for malicious code automatically every time a file is opened or an app is installed. On-demand scanning is a good idea when you first install an antivirus utility to ensure that your PC is clean, or when you receive documents on a floppy or a CD-RW disc.

• See more like this:
• Computer viruses,
• virus,
• viruses,
• worms,
• bugs,
• parasites,
• antivirus programs,
• anti-virus,
• F-Secure,
• Network Associates,
• McAfee,
• Norman,
• Panda,
• Sophos,
• Symantec,
• Trend Micro