Product Details
Product Rating
Anti-virus (2003)
Anti-virus solutions are a chief defense against all manner of malware. Our annual test puts 12 products through their paces to find the best protection.
It's been a full year since SC Magazine last looked at anti-virus products. So what has happened to our anti-virus defenses during this time to fill us with confidence?
Email has become central to our lives, both at home and in business. It is swift, cheap and convenient, and is used by practically everyone. That is why it is so often the vehicle of choice for virus writers.
If your system falls victim to a malicious attachment it could cost you dearly, both in monetary terms and in productivity. Email-borne viruses, therefore, remain prevalent and over the past year have continued to increase dramatically.
Preying on human weaknesses
Of the various viruses and Trojans that we have seen of late, Klez.H has had the most impact. This mass-mailing worm, which was first seen in December 2001, has managed to wreak havoc due to its ability to use any one of 18 different subject lines, certainly throwing many users off guard. Selecting various and random names from an infected machine's contact book, it not only mails out with different subject lines, but also changes the attachment's name to further deceive recipients into opening it, thus propagating itself further. Using this more sophisticated method may have been a necessary evil for the virus writer. It has proved extremely effective because it has played on human foibles.
Office workers everywhere were suddenly dragged into the 21st century by the realization that opening 'sexy' Kournikova emails was not so bright, or that messages of 'love' could also land the recipient in hot water. Users are now more aware and astute at deleting suspect email, and are certainly not as easy to con as in previous years.
But, Bugbear appeared in October 2002, and made its way through systems with the help of a Microsoft vulnerability found in Outlook, Outlook Express and Internet Explorer that allowed it to propagate without the need for users to even open it. Once the Microsoft vulnerability had been closed the problem was not entirely solved as Bugbear still launched if opened.
The problem with this newer breed of malicious fare is their payload. Bugbear silently copies itself to your hard drive and can spread to all your networked machines. It can also switch off your anti-virus protection, record key strokes in various programs and send out sensitive information - such as passwords and credit card details - to designated email addresses. All very sinister, but that is not the end. The infected machine can also be entered via a backdoor that Bugbear opens up and, to propagate the infection, it sends random emails with different subject lines and an attachment.
Virus writers have ensured that new infections are as 'silent' as possible to maximize the chance of infection and propagation before being eventually detected and reported. This is their window and one we need to close.
As long as users keep their software up to date the risk is certainly minimized. But users must become better equipped to recognize suspicious emails and more adept at deleting them from their systems.
Here's our 2003 anti-virus review, now read on.
Test methodology
Test 1 ensured that all the products had to go through the onslaught of each and every virus on the September 2002 in-the-wild (ITW) list, with detection rates defining their final score.
Test 2 expected each solution to disinfect all of the viruses from test one that were capable of being - disinfected. But in doing so they could not damage the infected - object. After restoration to its former state the data had to be - readable or the application had to run as it had previously.
Test 3 used a total of 1,012 polymorphic infections, which the solution had to be able to detect to satisfy the stringent test criteria.
Test 4 bombarded the anti-virus products with a smaller number of viruses, which had either been dropped from the ITW list recently, or which appeared in its subsidiary category. These were infections that may have been detected in only one specific area across the globe or may have only been picked up by one reporter. The important message is that although they did not pose any great threat at the time of testing, these are the viruses that often become a problem at a later date and subsequently end up on the ITW list, making them pertinent to our test criteria.
Test 5 looked at how the products coped with our macro library; this has been reduced to around 50 percent of the total to allow for the recent drop off in macro viruses, and therefore we discarded the older versions in favor of the new.
Test 6 considered the length of time taken by each solution to scan a set of clean files within a designated directory. This was recorded in seconds. It shows the likely impact on a system that you are scanning and may affect your choice when considering an anti-virus solution for your SME.
