• PC World
• »Software
• »Antivirus and Security

Eliminate Viruses

By Robert Luhn

Your antivirus program should be thorough, accurate, and fast. If it isn't, you simply won't use it--and neglecting this task is very dangerous. In any given month, between 200 and 300 viruses are circling the globe. That number comes from the WildList, an internationally recognized monthly roster of viruses spreading "in the wild."

An antivirus scanner's main method for catching viruses is to compare suspect code against databases of known virus "signatures." These databases include current and previous WildList entries as well as tens of thousands of "zoo viruses" that mostly exist in labs but use tricks that future viruses may employ. Scanners also use methods such as heuristics in an ongoing effort to recognize virus-like behavior in new threats.

The Antivirus Most-Wanted

Viruses today not only are more potent than their predecessors, but can spread faster. In the 1980s, boot-sector viruses passed via traded floppy disks. By the late 1990s, e-mail transported macro viruses in attached Microsoft Word documents.

Now the danger comes mainly from mass-mailing worms--self-replicating viruses that can hijack e-mail address books and send themselves to multiple recipients. LoveLetter, for example, was a Visual Basic script virus. Now most mass-mailing worms are stand-alone Win32 programs, such as SirCam and Klez, and these programs make up the lion's share of all virus infections. Macro viruses trail a distant second, and script viruses come in a close third. Boot-sector viruses account for only about 1 percent of infections.

Antivirus to the Rescue?

Antivirus vendors have responded fairly well to the threats, judging from our evaluation of seven products: Computer Associates' ETrust EZ Antivirus 5.4, Kaspersky Lab's Anti-Virus Personal Pro 4, Network Associates' McAfee VirusScan 6.02, Norman's Virus Control 5.2, Panda's Antivirus Platinum 6.25, Symantec's Norton AntiVirus 2002, and Trend Micro's PC-cillin 2002. We evaluated programs intended for home or small-office use, but all seven of these companies also offer multiseat licenses or server-based product lines.

The Norton, Kaspersky, and McAfee products zapped viruses best, but Norton earned our Best Buy award thanks to its intuitive interface.

To evaluate the software, we partnered with AV-Test.org, an agency run by the University of Magdeburg, Germany. The lab first tested how programs handled the February 2002 WildList of 207 viruses packed into 414 files. Using each program's default settings and latest signature updates, we measured detection rates for both a full scan of the hard drive and a file-access scan (detection whenever a file is copied or opened). All but one program detected at least 99 percent of the in-the-wild viruses--a result we expected, since all vendors regularly track the WildList.

The scanners' in-the-wild failings surfaced only with boot-sector viruses. Trend Micro's PC-cillin missed all 22 of the boot-sector viruses in our file-access scans. After we alerted Trend Micro, the company issued a patch that allowed PC-cillin to find all boot-sector viruses in both the hard-drive and file-access tests.

For the tougher zoo tests--involving 9138 viruses in 42,426 infected files--AV-Test.org enabled the apps' highest security settings. The files included several thousand Trojan horses and backdoor programs--attachments or downloads that masquerade as useful files but contain destructive elements or may open your system to hackers. (The WildList doesn't track these threats, but they are monitored on a separate--and less-well-known--roster called the TrojanList.) AV-Test.org also tested against polymorphic viruses and worms, which mutate as they propagate, making them harder for antivirus scanners to recognize.

Kaspersky Anti-Virus, McAfee VirusScan, and Norton AntiVirus performed best in zoo tests. But we also found some sleepy sentinels. ETrust EZ Antivirus missed over half of the Trojan horses and backdoor programs, and over a quarter of the script viruses. Norman Virus Control and Panda Antivirus Platinum (a previous Best Buy) each let roughly 20 percent of the polymorphic viruses go undetected.

Dig, Dig, Dig

While the types of viruses a scanner finds are important, so are their locations. For example, your antivirus protector should be able to dig into .zip and other compressed files--even .zip files within .zip files. It should also screen e-mail attachments. And wherever it discovers an infection, the program should remove it without destroying valuable files.

Kaspersky and McAfee did the best job of cracking into compressed files, and Panda was close behind. The other programs' performance ranked from so-so to abysmal. The worst: ETrust caught just 2 out of 24 compressed viruses.

Kaspersky, McAfee, Norton, Panda, and PC-cillin intercept and scan e-mail attachments before they land on your hard drive. But Norton and PC-cillin are limited to working with POP3-compliant e-mail programs, and Kaspersky works only with Microsoft's Outlook, Outlook Express, and Exchange clients. Panda scans POP3, Exchange, and even AOL attachments.

When they did find a virus, most products did a good job of removing it without damaging files, but only Norton turned in a perfect record. ETrust had the spottiest results: It successfully repaired just 18 of the 30 infected test files.

Look and Feel

Lab tests tell only part of the story. The most sophisticated scanner is useless if you can't figure out how to run it.

Because new viruses show up all the time, easy virus-definition updating is a must. All the tested programs except ETrust offer automatic, scheduled updates; but our nod here goes to Norton, which by default checks for updates right after you install it and every 4 hours thereafter.

Norton earns kudos for having the most logical interface, too. From one location, you can view the program status and settings, as well as activate scans. You can also access Symantec's top-notch Web knowledge base to learn about viruses.

Other top scanners, such as Kaspersky, have a steep learning curve; but Norton is easy to master. And after you install the application, it scans your hard drive and turns on every relevant virus-hunting feature. (Many competitors don't.) These excellent features, plus its virus-hunting prowess, make Norton the Best Buy.