If speed is of the essence, Norton AntiVirus is a good choice.

A good virus scanner is no longer a luxury; it's a necessity. If you frequently receive files from an online service or via the Internet, you are essentially on a global network, and you are susceptible to attack. Although most DOS and Win16 virus scanners run on Windows NT, they often lack NT-specific features such as NT File System (NTFS) support for long filenames and network support. Virus scanners for Windows NT have been few and far between. Those that are available include Cheyenne Software's InocuLAN, Carmel Software's NT Anti-Virus, ThunderByte's AntiVirus for Networks, and Sweep/Intercheck for Windows NT from Sophos (see, "It's a Dangerous World Out There," in the October 1995, issue of Windows NT Magazine).

In early January of this year, utilities giant Symantec added to the list of available NT virus scanners by releasing a version of its award-winning Norton AntiVirus (NAV) for NT (see screen 1) with an enticing hook--this version is free for the downloading!

Easy Install and Uninstall
Installation is both intuitive and simple, taking a little over three minutes for a full installation. NAV uses the de facto standard installation interface for Windows 95 applications: the wizard. Although the installation path is customizable, the beta that I looked at forced shared files into the \win32app\symantec directory on the NT system partition. Although this isn't a significant problem, I would have preferred to keep all the program files in the same customizable directory.

Fortunately, NAV also includes an excellent Uninstall application, which removes all files from the disk and undoes the Install program's modifications and additions to the Windows NT Registry. You need to be aware that the Install program is a Win16 application; this may cause problems if you have disabled Win16 on Win32 (WOW).

Good Performance
NAV executes quickly. I set it to scan nearly 2GB's worth of executable files spread out across seven volumes: three File Access Table (FAT) partitions, three NTFS partitions, and one High-Performance File System (HPFS) partition. NAV took roughly nine minutes to scan the drives. A full system scan (scanning all the files on the disks) took more than 36 minutes. If speed is of the essence, NAV is a good choice.

The CPU impact is tolerable, requiring from 20% to 30% of CPU time. In all fairness, however, I need to say that I ran the test on IDE disks. If you're using SCSI disks, you will see that figure drop somewhat.

Feature Set
Although this version of NAV is a stripped-down version of the forthcoming full release of Norton AntiVirus, the feature set is adequate. Left out are the Windows 95 version's more advanced features, such as Auto-Protect, which continually monitors your system for virus attacks, and Rescue Disk, which repairs the damage the viruses caused. But the basic function of a virus scanner is to detect and remove viruses; NAV does this very well.

Because I tested a beta version of the program, I decided not to run a vigorous virus-scanning routine, but to sprinkle a number of infected files across multiple partitions. These files were infected by various stealth, polymorphic, and boot-sector viruses. NAV caught them all and repaired the infected files. Symantec posts monthly Virus Definition Updates on-line (http://www.symantec.com/avcenter) to keep NAV up to date.

NAV's greatest strength lies in its flexibility. You can modify most aspects of its execution, from file exclusions, detection notification, and pre-selected volumes to the file-extension scan list. Notification options include the following.

  • NAV automatically repairs infected files (after backing them up) without prompting the user. It can also automatically repair infected boot sectors.
  • Auto-delete: NAV deletes infected files without prompting the user. Use this option with caution--especially on NTFS volumes--because the file is physically wiped off the disk.
  • Notify only: NAV brings up a dialog box when it detects a virus, but it doesn't let you delete or repair the files.
  • Prompt: NAV brings up a dialog box from which you can either delete or attempt to repair the file when a virus is detected. This is the option I use for the majority of my work. It offers the greatest flexibility.

All NAV activity is written to a log file on your hard disk. This may be adequate for standalone workstations, but in a networked environment, you would expect NAV to send a broadcast message over the network. InocuLAN does. Email notification is also missing in the beta release of NAV that I tested.

However, NAV is an invaluable tool for users who frequently download files from an online service, as it supports compressed archive files. Unfortunately, NAV supports only .ZIP archives (see screen 2). And because it decompresses the files internally, you can't add your own archivers. Thus, other archive formats, such as .ARJ, .ARC, and .ZOO, are unsupported.

NAV uses NT's Scheduler service to schedule unattended scans, which is ideal for servers. To set up an unattended scan, you start the Scheduler service and set the day and time on which you want the NAV scan to occur. Unfortunately, however, NAV supports only one scan per week. This can be limiting if your system accepts new files daily.

Drawbacks
The NT version of NAV is almost identical to the Windows 95 version (except for NTFS support), both in feature set and in interface. However, NAV doesn't fully exploit the Win32 API. For example, it doesn't support some common features such as multithreading.

Multithreading would speed up certain operations on symmetrical multiprocessing (SMP) systems, because the application theoretically could scan multiple drives at the same time. In addition, NAV is available only for the Intel platform, with no MIPS, Alpha, or PowerPC releases planned--a problem if you have moved to a RISC platform.

Excellent Value
Symantec has made an auspicious debut with NAV. If you have access to the Internet, an online service, or Symantec's bulletin-board service, it's worth your while to check out this software. Freeware doesn't get much better than this. If you want a more functional product, look at InocuLAN or wait for the full commercial version of Norton AntiVirus for Windows NT, which should hit the stores later this year.

Norton AntiVirus for NT
System Requirements: Windows NT Workstation 3.51, 16MB of RAM, 6MB of free disk space (plus an additional 600KB in your NT partition)
Contact: Symantec * 408-253-9600
Price: Free
Corrections to this Article:
  • "Norton AntiVirus for NT," incorrectly stated that the product was available free of charge. Symantec's free offer expired March 31.