Prevent viruses from slipping onto your system

Not many small office/home office (SOHO) environments have an IT department at their disposal. Although you have more direct control over your Windows 2000 Professional systems in a SOHO environment, you also have to maintain those systems, including their security. Fortunately, most traditional viruses choke under Win2K Pro's protected architecture, making your systems immune to older viruses. However, the new breed of viruses (e.g., VBS.LoveLetter, Melissa) are more distributable and polymorphic than their predecessors and can wreak havoc on your Win2K-based systems. To add to this fatalistic scenario, the Internet is the primary distribution vehicle for viruses, so the proliferation of broadband Internet connections that let you stay connected 24 x 7 means that viruses can slip onto your systems more easily than in the past.

The good news is that vendors have refined the latest generation of antivirus software to catch viruses before they do serious damage. The products are easier to use, have better detection rates, and are cheaper than earlier virus scanners. So you have no excuse for failing to install a good virus scanner on your system.

However, the dozens of antivirus products on the market make selecting the right program a daunting task. What criteria should you consider when selecting a desktop virus scanner? Antivirus software vendors provide massive lists of every virus that their software can detect, but these lists are primarily for marketing purposes (when was the last time you ran across the Rasputin virus?). Whether a virus scanner can detect tens of thousands of nearly obsolete viruses that don't affect Win2K Pro isn't important. What matters is how well a virus scanner handles the viruses that your system will face daily. All the products in this review can detect and clean the latest viruses. Being able to download and install regular virus updates without user intervention is a bonus feature. Ultimately, your decision comes down to a product's usability. (Table 1 compares the products' features.)

If you don't want to devote a lot of time to maintaining a virus scanner, look for a program that doesn't require coddling to run efficiently. Some users consider a product's user interface (UI) to be a cosmetic feature, but a good UI lets you configure a program without frustration and hassle. In addition, a rich feature set lets you tailor a virus scanner to your system's design and needs. If you share Microsoft Word documents only internally, why waste CPU cycles on a realtime scanner that examines the documents every time you open them? If you're hardwired to the Internet, look for a product that embeds in your TCP/IP layer.

To test the seven desktop antivirus scanners that I reviewed, I pitted each product against the viruses that currently threaten Win2K Pro systems (i.e., macro and polymorphic viruses). I timed how long each product took to detect and clean 10MB of data contaminated with 17 live macro viruses. In addition, I compared the percentage of viruses that each product detected and cleaned from the infected 10MB, a test bed of 1200 macro viruses, and a boot volume directory that contained 5000 polymorphic viruses. I also tested the products' crucial usability features, such as scheduling flexibility. The test system was my Pentium III 600EB processor system with 256MB of RAM and one 66MHz 20GB 7200rpm IBM Ultra Direct Memory Access (UDMA) hard disk. The system runs Win2K Pro with all the current hotfixes applied. This machine is one of my primary workstations, and I used each virus scanner in a live environment rather than in a simulated and sterile lab environment. For additional testing, I used Pentium and Pentium II processor machines running Win2K Pro.

Results
Selecting the best antivirus product wasn't easy. Every product I tested detected and cleaned the viruses from my system. If your only concern is maintaining a virus-free environment, you can't go wrong with any of the products here.

Taking usability into account, however, my pick is Panda Software's Panda Antivirus Platinum 6.0. It provides a comprehensive feature set and a world of customization options at a reasonable price. When I had this software installed on my system, I knew that the files I downloaded were clean and the documents I worked with weren't infected. In addition, Panda Antivirus updated virus definitions without intervention, and its well-crafted UI simplified reconfiguring the program to adapt to my ever-changing system configuration.

Command AntiVirus 4.59.1
A pioneer in the DOS world, Command Software Systems brings this heritage to Win2K with Command AntiVirus 4.59.1. Installing Command AntiVirus is easy. You use Windows Installer and click Next through the setup program, and the software does the rest. A full installation of Command AntiVirus consumes less than 10MB of disk space.

After the installation is complete, the software presents the option to create a set of rescue disks, which come in handy if you boot from a FAT or FAT32 volume. If a boot-sector virus infects your system, you can use a boot disk to reach a command prompt, then run a minimal version of Command AntiVirus from the rescue disks to repair the boot sector. I boot from an NTFS volume, so I didn't have a chance to test this option.

The software's UI, which Figure 1 shows, uses a task-based format to facilitate scan configuration. The software can run tasks in two modes: User and Administrator. Tasks running at the User level belong to the user who creates them. A user who creates a task has full modification privileges and can reconfigure the task. The software locks down tasks running at the Administrator level, and only users who have an Administrator-level account can modify these tasks.

Creating a task to scan the data volume on my test system was simple. In the Configuration window, I specified that the software run the task in Administrator mode, provided the drive path, and told the program to automatically disinfect files on my system.

Command AntiVirus uses Frisk Software International's F-PROT scanning engine, a mainstay in the antivirus software market since DOS's heyday. On my test system, the software scanned the 10GB of contaminated data in 16 minutes and detected and cleaned 100 percent of the viruses. Against my library of macro viruses, the software detected 98 percent of the viruses.

To protect your system against new and undetected viruses, the product employs a heuristic scanner called HoloCheck. Enabled by default, HoloCheck uses its behavior monitor to detect polymorphic viruses. On my test library, HoloCheck discovered 85 percent of the polymorphic viruses.

In addition to its robust scanning engine, Command AntiVirus includes a couple of notification features to alert you when the software detects a virus. The software provides a pop-up warning dialog box on the infected machine, and the product can send an email message to a designated user if you're using Microsoft Exchange Server. The lack of support for SMTP means that the product can't send an email message over the Internet.

Scheduling virus scans with Command AntiVirus is simple. The program includes an internal scheduling facility that lets you specify the frequency of the scans and whether you want to automate them.

For realtime virus scanning, the software includes the Dynamic Virus Protection utility. When you configure Command AntiVirus, the software asks which drives to protect and what action to take when it detects a virus. The Dynamic Virus Protection utility uses the F-PROT engine to perform realtime scans, so the utility simply uses the file inclusion and exclusion lists that you configured. I tested this utility by downloading an email message that contained an infected attachment. Dynamic Virus Protection quarantined the attachment as soon as Microsoft Outlook Express 4.0 saved it to my hard disk.

You handle virus definition updates in the Command AntiVirus UI. When you initiate the update utility, it connects to Command Software's FTP site and retrieves and automatically applies any updates to the program. Unfortunately, you can't schedule the software to automatically update virus definitions.

The only thing that prevents Command AntiVirus from being a spectacular virus scanner is its lack of email notification features and automatic definition updates. Although the product's price is right, competing products offer the features that Command AntiVirus lacks for only a few dollars more.

Command AntiVirus 4.59.1
Contact: Command Software Systems
561-575-3200 or 800-423-9147
Web: http://www.commandcom.com/
Price: $29.95
Decision Summary
Pros: Excellent scanning engine; easy to configure; efficient realtime scanning utility
Cons: Limited email notification support; lacks automated definition updates

F-Secure Anti-Virus 5.0
F-Secure is well known for its line of security products, but its F-Secure Anti-Virus 5.0 antivirus software is often overlooked in favor of flashier programs. I tested the software to find out why.

Installing Anti-Virus is painless. A wizard-based UI lets you select either Centralized Administration Mode or a simpler Stand Alone Installation. I opted for the latter. The setup program installed almost 15MB of data, which includes the Anti-Virus client and transparent management agent.

Rather than presenting a conventional UI, Anti-Virus supports a more direct method of scanning. When the installation is complete, you find three objects in the software's folder: Scan all local hard disks, Scan diskette, and Scan folder. To configure the program, you use Anti-Virus's configuration control panel, which has three tabs: Real-time Protection, Manual Scanning, and Real-time Statistics. Using the options on these tabs, you can customize the product's core functionality. However, Anti-Virus provides limited configuration options. You can customize only whether you want the software to scan compressed files and how you want the program to handle infected files. In addition, the product lacks an internal scheduling facility.

F-Secure attempts to compensate for this lack of standard features by including three excellent scanning engines— F-PROT, AVP, and F-Secure's Orion— which give the product more flexibility than its competition. However, this functionality makes updating virus definitions complex.

To update my definition files, I needed to either install F-Secure Policy Manager, which the company includes on the Anti-Virus CD-ROM, or download F-Secure BackWeb from the company's Web site. The Policy Manager is overkill for environments that don't include many systems, so I downloaded the 7MB BackWeb.

After I installed BackWeb, the program connected to F-Secure's push server and downloaded about 5MB of data that included a virus definition update, a software update, and a news bulletin about the latest virus discovery, which Figure 2 shows. This update program uses a channel paradigm to organize its content (i.e., you can subscribe to the channels that you want to download and ignore the rest of the information). Because F-Secure distributes virus-definition updates through a channel, you can set BackWeb to look for and download updates at regular intervals. This program was more efficient and informative than the update systems of the other products I reviewed.

As I mentioned, Anti-Virus includes three thorough scanning engines. By licensing three scanning engines, F-Secure ensures that Anti-Virus has an excellent detection rate. Although the engines aren't speedy—scanning 10GB of data took approximately 18 minutes—the product detected every virus hidden on the volume. In addition, Anti-Virus detected 97 percent of the macro viruses and 83 percent of the polymorphic viruses in my virus library.

For realtime protection, the product uses F-Secure Anti-Virus Gatekeeper. I enabled this component and used Outlook to download an email message that contained an infected file. Gatekeeper disinfected the file before the new-mail notification icon appeared in my system tray.

Anti-Virus has excellent scanning engines and provides the brilliant BackWeb component. However, the software lacks features that are now standard antivirus scanner features. The sum of Anti-Virus' components isn't greater than its parts.

F-Secure Anti-Virus 5.0
Contact: F-Secure * 408-938-6700 or 888-432-8233
Web: http://www.f-secure.com/
Price: $125
Decision Summary:
Pros: BackWeb technology provides a revolutionary definition-
updating model; solid scanning engine
Cons: Permits limited customizations; lacks standard features such as internal scheduling; costs more than the competition

InoculateIT 4.53
Computer Associates (CA) has aimed InoculateIT 4.53 at high-end corporate environments. The product's domain-management and groupware security features have made InoculateIT a favorite of IT managers. For desktop machines, CA offers InoculateIT Workgroup Edition, which provides more functional-ity than you probably need for your desktop.

After I discovered how to access the program's setup file, installation was fairly simple. The root directory of the product's CD-ROM includes the setupx86.exe file, which I assumed was the setup executable file for Intel systems. However, when I ran this executable, the program crashed and provided a cryptic error message. I found a README file on the CD-ROM that said I needed to run setup.exe from the \bin\inocit_c.nt directory. When I ran that setup program, the software installed without a problem.

The setup program installed InoculateIT and CA's Unicenter Framework, a cross-platform enterprise-management shell for CA's Unicenter product line. I don't have an enterprise to manage, so I ignored this component. A full installation of InoculateIT, including Unicenter Framework, consumed 16MB of hard disk space. After a reboot, InoculateIT loaded its realtime monitoring utility, and the software was ready to go.

The software's UI includes three interfaces: Local Scanner, Domain Manager, and Service Manager. To define a scanning task, you select the appropriate check boxes in the Local Scanner window, which Figure 3 shows, and click the Scan icon. The UI's designers laid out the features in an intuitive format, so the product has almost no learning curve. In the Domain Manager window, you can view a list of the machines on your network, initiate network scans, and configure the software's scheduling utility. In the Service Manager window, you can configure the scanner and set up the distribution configuration, IP broadcasting, domain configuration, and other features that you don't need on the desktop.

The software's powerful realtime scanner is disabled by default. However, after I enabled this feature, I discovered an unparalleled level of customization. In addition to the inclusion and exclusion lists of files to scan, InoculateIT lets you select which areas of your system to protect (e.g., removable disks, network drives, CD-ROM, DVD-ROM), whether to use heuristic scanning, and whether to monitor incoming, outgoing, or all files.

To test the realtime scanner, I used Outlook to download an email message that contained an infected attachment. After Outlook downloaded the file to my system, the realtime scanner detected the virus, quarantined the file, and cleaned it before I was able to access the data. However, I had to download the latest virus definition updates from CA before the product provided this functionality. When you install InoculateIT out of the box, you get a set of virus definitions from June 10, 1999. CA hasn't issued a product refresh since that time. Thus, you must download the latest updates before you put the product to work.

In addition, the program lacks a set of internal auto-updating features. You can't update InoculateIT's virus definitions from within the program. To retrieve the first set of updates, you must connect to CA's Web site and download the appropriate files or use the AutoDownload Manager service, an external application. I used the AutoDownload Manager, which is disabled by default. After enabling the service, I scheduled an update, which, in turn, downloaded an update file that I had to deploy manually. This process of installing updated virus definitions is deplorably inefficient.

After I updated the software's definition files, I tested InoculateIT's scanning engine. A full scan of my 10GB of data took a little longer than 14 minutes, and the product detected 100 percent of the viruses. Testing the scanner against the macro-virus test bed exhibited a 97 percent detection rate, and the product detected 85 percent of the polymorphic viruses.

InoculateIT features a top-of-the-line scanning engine, but this functionality is all the product has to offer desktop users. The product really shines in enterprise environments; however, in a small network environment or on one desktop, InoculateIT is too much. CA designed all the product's exciting features to work within the Unicenter Framework, which you don't need on a desktop. InoculateIT is a product that only a network administrator could love.

InoculateIT 4.53
Contact: Computer Associates
631-342-5224 or 800-225-5224
Web: http://www.cai.com/
Price: Starts at $35 per client/server bundle
Decision Summary
Pros: Robust scanning engine; customizable realtime scanner
Cons: Better suited to network environments than desktop environments; requires you to jump through hoops to update definition files

Norton AntiVirus 2000
Symantec's Norton AntiVirus has always been one of the front runners in the antivirus software market. By offering customizable features and a powerful scanning engine in one low-cost package, Symantec has gained the lion's share of the antivirus market. Norton AntiVirus 2000 builds upon the strength and flexibility of previous product versions and offers a revamped UI.

As soon as I initiated the software's setup program, I realized that this product is the most resource-hungry virus scanner of the products I reviewed. The software consumes 50MB of disk space. On the bright side, installation is simple. Point the setup program to the directory where you want it to install the software, and you're ready to go.

Norton AntiVirus' new UI, which Figure 4 shows, is aesthetically pleasing as well as easy to use. Clicking System Status shows, in the UI's right pane, your system's state, including the last time the software updated your virus definitions and the date of the last full-system scan. To configure Norton AntiVirus, you select from the Options menu the option that you want to configure and activate its properties dialog box.

In addition, the software's UI makes creating new scanning tasks easy. Using a wizard interface, you specify the drives or folders to scan and assign a unique name to the task. The software transparently handles the rest of the work. For example, I created three tasks: a task that scanned my application drive, a task that scanned my boot drive, and a full-system scan that scanned both drives as well as my system's mapped network drives. To launch the tasks, I clicked Run Scan Now in the Scan for Viruses window.

Norton AntiVirus' scheduler utility, the Norton AntiVirus Scheduling Wizard, was the most flexible scheduling utility I reviewed. In addition to scheduling virus scans and definition updates, you can use the wizard to launch external applications and display reminder messages. To schedule tasks, you select the task you want to run and assign an interval to that task. I had already created the scanning tasks, so in less than 1 minute I assigned daily, every-other-day, and weekly scans of my application drive, OS, and complete system, respectively.

Although the software's scanning engine is thorough, it doesn't win any points for speed. Completing a scan on a 10GB volume took a little longer than 20 minutes. However, the product detected and cleaned every virus and displayed a 98 percent detection rate against my collection of macro viruses.

Symantec's heuristic scanning technology, called Bloodhound, offers three levels of protection. At its lowest level, Bloodhound detected 73 percent of the polymorphic viruses on my boot volume. At the default medium-level setting, Bloodhound detected 81 percent of the viruses. When I set the scan level to high, Bloodhound scored an 88 percent detection rate.

Norton AntiVirus uses LiveUpdate to handle virus definition updates. LiveUpdate makes scheduling and retrieving the latest definition updates simple— you configure LiveUpdate once, and it doesn't require further maintenance. However, a recent batch of definition updates from Symantec featured a bug that caused Norton AntiVirus 2000 to tie up all available resources on Win2K systems. Although this occurrence might be isolated, this type of incident makes you question the company's quality-assurance department.

The product's Auto-Protect application handles realtime virus protection. For flexibility, you can configure Auto-Protect to scan only specified types of files. When Auto-Protect detects a virus, Norton AntiVirus quarantines and disinfects the infected files. To test Auto-Protect, I used Outlook to retrieve an infected file from my mail server. Auto-Protect cleaned the file before I had a chance to open the email message.

If you're a longtime Norton AntiVirus user, you undoubtedly remember the older versions' comprehensive set of notification methods, including the ability to send network broadcasts, pager messages, and email notices. In Norton AntiVirus 2000, Symantec has stripped the product's notification options to the bare minimum. Norton AntiVirus 2000's single audible beep when the software detects a virus is almost embarrassing.

Overall, Norton AntiVirus 2000 offers a mixed bag of functionality. Although this product is a worthy addition to the Norton product line, Symantec has taken a step backward in many areas. The software offers a thorough scanning engine and useful Bloodhound utility, but the scanning engine's slow speed and the lack of notification options overshadow the product's benefits.

Norton AntiVirus 2000
Contact: Symantec * 541-345-3322 or 800-441-7234
Web: http://www.symantec.com/
Price: $39.95 ($36 if you download the program from Symantec's Web site)
Decision Summary
Pros: Thorough scanning engine; simple yet powerful user interface; powerful scheduler; thorough realtime scanning engine
Cons: Limited notification options; slow scanning engine

Panda Antivirus Platinum 6.0
A relative newcomer to the antivirus software market, Panda Software delivers a remarkably full-featured and polished product, Panda Antivirus, that holds its own against the competition. For compatibility, the company ships on one CD-ROM native versions of Panda Antivirus for Win2K, Windows NT, OS/2, Windows 9x, Windows 3.1, and MS-DOS. The CD-ROM also includes a tutorial that provides basic information about Panda Antivirus and virus scanners in general.

To ensure a painless installation process, the company used InstallShield to build the software's setup application. A full installation consumes 24MB of disk space. I selected the full installation option, and in a few moments the software was running.

After installation was complete, Panda Antivirus spoke to me. The program uses triggers that launch sound files when specific events occur. For example, the program plays a .wav file that says "virus detected" when the scanner runs across an infected file. I found this feature annoying, so I disabled it in the program's configuration menu.

The software offers two UI modes that strike a balance between ease of use and program customizability. For newbies, Panda Antivirus provides a basic-mode UI, which uses simple icons and menus that ease the product's learning curve. By restricting your scanning options to one of several predefined templates, the basic mode lets you take a less-involved approach to virus scanning. The more adventurous or experienced user can select the Advanced mode, which Figure 5, page 122, shows. This mode offers more granular control and lets you create your own scanning templates.

I had partitioned my desktop's hard disk into two volumes, so, using the Advanced mode, I created a scan template that included only the volume that stores frequently accessed files. (I didn't anticipate any problems with the volume that houses Win2K.) In the scan template, I also included one mapped network drive that stores backup copies of my work. To add the drives to Panda Antivirus' scan list, I clicked the icon in the drive list that corresponded to the volume in question and moved it to the scan list.

The product's scanning engine is more like a grizzly than a panda. After I clicked the Scan icon to initiate the scan, the program took about 12 minutes to plow through the 10GB of contaminated data. The software detected 100 percent of the various Trojan horse and macro viruses that I had sprinkled on the volume. After it identified these viruses, Panda Antivirus quarantined the infected files on a directory that I specified and quickly disinfected them.

Not content with having the software detect the 17 live macro viruses on my system, I ran the scanner against my isolated test bed of 1200 macro viruses. The software detected 98 percent of the macro viruses.

Panda Antivirus uses a heuristic scanning engine, so the software can detect viruslike behavior. This functionality protects your system from polymorphic viruses. To test the scanning engine, I set up the product to scan a separate directory on my boot volume that contained 5000 polymorphic viruses. Panda Antivirus demonstrated an 84 percent detection rate.

The software also offers an internal scheduling service that lets you create automated scanning tasks. To do so, you simply use the scheduling configuration tool to tell the scheduler how often you want it to run the scans. You can specialize these scanning jobs depending on your system's topology. For example, I created a daily scanning task that scanned my data volume, a weekly scanning task that scanned my OS volume, and an hourly scanning task that scanned my system's mapped network drives. To be thorough, I also configured a weekly full-system scan. The software triggered each scan as scheduled.

In addition to its on-demand scanner, Panda Antivirus includes Sentinel, a realtime scanning engine that proactively inspects your files. You can configure Sentinel to scan files according to the extension types that you specify. For example, if you work primarily with Word documents, you can set Sentinel to scan .doc files when you open them.

You can set up the software to broadcast an alert message to another computer on the network, send an alert message to an email address, and present a warning on the infected workstation when Panda Antivirus detects a virus. I opted to use all three notification options. When it detected a virus on my test system, the program displayed a pop-up warning-of-infection dialog box, sent a broadcast message to another system that I frequently work on, and fired off an email message over the Internet.

To test the notification system, I telneted to a remote Linux-based system, attached the VBS.LoveLetter virus to an email message, and sent the message to my POP server. I had set the test system running Panda Antivirus to poll my mail server for new email messages every 5 minutes, so I waited for the software to download the contaminated message. The program detected the virus as soon as Outlook retrieved the email message. Panda Antivirus immediately triggered all three alerts and prevented access to the file while the software disinfected the attachment.

You can use the software's internal FTP client to upgrade Panda Antivirus' virus-definition files. You can schedule the product to automatically search for definition file and product updates. You can also schedule automated updates as often as every hour and as infrequently as once a year.

Panda Antivirus works alongside Win2K's TCP/IP stack, so the software can monitor all your Internet file transfers, including files that you download from FTP sites and Web sites and files that you receive through instant-messaging applications. Combined with a good firewall and basic security settings, this product ensures that your system stays clean even when you connect to a potentially contaminated environment.

If you want a lot of functionality for a little money, Panda Antivirus is for you. The product's $29.95 cost provides a lifetime license, which means you receive unlimited upgrades for the rest of the software's lifetime.

Panda Antivirus Platinum 6.0
Contact: Panda Software * 818-553-0599
Web: http://www.pandasoftware.com/
Price: $29.95
Decision Summary
Pros: Intuitive user interface; high detection rate; low-level TCP/IP scanning features that protect your network applications; excellent notification options
Cons: Annoying sound files

PC-cillin 2000
PC-cillin 2000 is a desktop antivirus scanner from Trend Micro, a company known for its excellent enterprise-based virus scanners. Trend Micro's reputation for delivering quality products for the corporate environment should predict a stellar desktop virus scanner. However, although PC-cillin provides solid functionality, it doesn't provide any spectacular features.

PC-cillin's installation is simple. After you run the setup program and enter the product's serial number, the setup utility runs a quick system scan and installs the product in less than 10MB of disk space.

At first launch, PC-cillin presents its Scan Wizard, which is the program's default UI. Scan Wizard lets you set up scanning tasks on an as-needed basis. This wizard is simple to use, which is a blessing because PC-cillin's main UI is confusing and unattractive. As Figure 6 shows, the wizard lets you select which types of files you want the software to scan, after which you click Next to set the software to work.

Scan Manager is PC-cillin's scheduling program. Using the same task-based paradigm that Scan Wizard uses, Scan Manager lets you easily create a customized scanning task that the software runs nightly. The scanning task that I created was simple: I set up the software to scan my data volume and mapped network drives and to clean any infected files that it encountered. I set up a second scanning task to scan my OS volume every other night. In addition, I scheduled a full-system scan to run every Sunday morning. Scan Manager ran all the scheduled tasks at the specified times.

Trend Micro offers frequently updated virus definitions. To test this feature, I clicked Update, which tells the software to retrieve the latest definitions from Trend Micro through the Internet. Rather than updating my copy of PC-cillin to detect the latest viruses, the software presented a Connection Failed error message. After a bit of tweaking, I surmised that PC-cillin was trying to access Trend Micro's server through a strange port that my Network Address Translation (NAT) server doesn't forward. The only alternative to installing a traffic sniffer to determine which port PC-cillin uses for outgoing connections was to use Microsoft Internet Explorer (IE) to manually download the virus definitions. If you aren't using NAT or any other IP-masking tool, you can schedule PC-cillin to retrieve definitions automatically. By default, the program checks for new updates daily.

The product's WebTrap feature protects your system from ActiveX and Java viruses. With WebTrap enabled, PC-cillin's realtime scanner monitors the applets that your Web browser loads. Unfortunately, you can't customize WebTrap to include or exclude specific applets that might result in false alarms. On a few occasions, I triggered WebTrap simply by visiting Web sites that had innocuous Java applets.

PC-cillin's Web support includes an integrated content filter—an unusual addition to an antivirus program. The Web filter provides an option to restrict access to sites that contain offensive or objectionable content. To prevent users from accessing specific sites, you include the sites in the Restricted Sites List.

The scanning engine, Scan Wizard, is a solid performer. By using heuristic technology with its rules-based engine, the software can detect current and new viruses. I ran the scanner against 10GB of data that contained a handful of macro and Trojan horse viruses. In about 15 minutes, the scanner detected 100 percent of the viruses. The product was just as ruthless on my test bed of macro viruses and directory of polymorphic viruses, detecting 97 and 98 percent, respectively.

PC-cillin's realtime scanner hums quietly in the background, waiting for you to access an infected file. You can feed the utility a list of file extensions to scan or exclude from scanning. When the software detects a virus, PC-cillin notifies you by presenting a dialog box on the infected machine. This warning message is the only notification option.

If you use Outlook Express or Eudora Pro, you'll be pleased with PC-cillin's email support. The software works with your mail client to scan file attachments as the mail client downloads them to your inbox. If you're using another mail client, such as Outlook 2000, PC-cillin's realtime scanner scans downloaded files only after you save them to the hard disk. To test the software's email support, I used Outlook to download an infected file attachment that contained the VBS.LoveLetter macro worm. PC-cillin immediately detected the virus.

Although this product does what it's supposed to do, extra features and functionality would be nice. This solid but unspectacular package lacks any notification features, and its main UI is confusing and unattractive. Although PC-cillin is Trend Micro's entry-level antivirus program, the lack of features is disappointing. Even considering its good scanning engine and low price, PC-cillin's basic functionality doesn't compete with the extra features and offerings of the other products in this review.

PC-cillin 2000
Contact: Trend Micro * 408-257-1500
Web: http://www.antivirus.com/
Price: $39.95 ($29.95 if you download the program from Trend Micro's Web site)
Decision Summary
Pros: Good scanning engine; inexpensive; direct Outlook Express integration; WebTrap feature protects your system against ActiveX and Java viruses
Cons: Lacks notification features; confusing and unattractive main user interface; update facility uses nonstandard ports, so you might have to reconfigure proxy or NAT servers

VirusScan 4.5
In an antivirus software hall of fame, McAfee would definitely be the first company inducted based on its tenacity and quality products. In VirusScan 4.5, McAfee builds on this legacy by including detection for the latest viruses, a refined definition-update method, and integrated Internet support.

To test the product, I installed Virus-Scan from McAfee's Active Virus Defense suite, a group of products for the corporate environment. A standalone version of VirusScan is available for SOHO users. McAfee sells the same version of VirusScan to both enterprise and SOHO users, which makes a statement about the product's robustness.

To install only VirusScan and not the entire Active Virus Defense suite, I ran setup.exe from the VirusScan distribution directory on the product's CD-ROM. A full installation of VirusScan requires only 12MB of hard disk space. After you run setup, you click Next through the InstallShield program. The software docks two programs in the system tray: VShield and VirusScan Console, which Figure 7 shows. As the product's default UI, VirusScan Console is where all the action occurs. From this interface, you can customize every aspect of the program.

Creating a new scanning task is a simple process. After you supply the program with a list of drives or folders to scan, you can set up an exclusion list by adding file extensions from the VirusScan Properties screen. I used VirusScan Console to create three scanning tasks—one for each group of drives on my system. VirusScan Console uses a simple details view to display information about your scan tasks.

Unfortunately, the console can bog you down with windows: Each set of options opens into its own window. Also, the Alert Manager is inaccessible from the VirusScan Console. This lack of cohesion within the UI makes the software difficult to work with. However, you probably won't need to touch the configuration options after the initial setup process.

VirusScan's scheduling services let you specify when the software runs scanning tasks. In addition to the standard hourly, daily, or weekly intervals, you can schedule tasks to run only once or whenever you log on to Win2K.

When you initiate a scan, the VirusScan Console launches the software's scanning engine. Running against a 10GB volume, the software took a little longer than 11 minutes to perform a scan. VirusScan detected all the viruses that were scattered among the files. Pitted against my repository of macro viruses, the program returned another perfect score. The product supports heuristic scanning for program files, documents, or both. I tested this option against my collection of polymorphic viruses, and the program demonstrated an 88 percent detection rate.

VirusScan includes E-Mail Scan, which extends the product's realtime scanning capabilities to your mail client. When your system receives a file attachment, E-Mail Scan checks to ensure that the file is clean. I used Outlook to download a message infected with the VBS .LoveLetter virus. E-Mail Scan detected the virus and cleaned the file as soon as it arrived in my inbox.

Similar to E-Mail Scan, Download Scan works by scanning files as you download them from the Internet. Before you save a downloaded file to your hard disk, Download Scan quickly checks to ensure that the file is clean, providing an extra layer of protection.

VShield, the product's realtime virus scanner, inspects data to ensure that everything you load is clean. VShield's Internet Filter is a submodule that examines ActiveX controls and Java applets to weed out any malicious code that you might encounter as you surf the Web. However, during the testing process, I didn't encounter any applets or controls that triggered VShield's Inter-net Filter.

A drawback of VirusScan is that, outside the Active Virus Defense suite, the product provides only a pop-up message on the infected workstation as a notification option. I would have appreciated an option to send an email, pager, or network broadcast alert.

McAfee has done much to improve VirusScan's virus definition update system. Previous versions used a confusing script that forced you to go outside the application to retrieve and install new signature files. VirusScan 4.5 includes a seamless update client that connects to a McAfee server for definition updates. This client polls McAfee servers at user-defined intervals. When the software discovers a new definition update, VirusScan appends the new signature to the software's existing database.

VirusScan detects and eradicates viruses and gives you complete control over how the program accomplishes this feat. Although it lacks notification options and provides an unwieldy UI, VirusScan is a solid product that will keep your system clean.

VirusScan 4.5
Contact: McAfee * 408-992-8100
Web: http://www.mcafee.com/
Price: Starts at $30 per node for 5000 nodes as part of McAfee's Active Virus Defense suite
Decision Summary
Pros: Refined scanning engine; high detection rate; good Internet integration features; integrated email virus scanner
Cons: Lacks notification features; unwieldy user interface
Corrections to this Article:
  • The printed magazine version of Table 1 indicated that Panda Antivirus Platinum 6.0 didn't support Active Web Content Monitoring. This is incorrect and has been fixed in the online version. We apologize for any inconvenience this error might have caused.