By Joey Latimer
Protecting computers from viruses is just as important as locking doors and turning on your burglar alarm. If your company uses e-mail, shares files, and surfs the Internet, then you are engaging in activities that allow viruses to spread from one computer to the next.
Since dangerous viruses, worms, Trojan horses, and malicious computer code can wreak havoc, it is essential that your company develop an anti-virus strategy. If you have a network, you may want to consider solutions that encompass all the machines on your network as a group, rather than individually.
We reviewed four anti-virus solutions with features such as centralized management, server-based client software deployment, automatic virus pattern updates, outbreak alerts and reporting, and support for unknown viruses. Although the cost of these products, ranging from a few hundred to several thousand dollars each year, may seem high, the increased level of protection and time savings could make an anti-virus solution the right move for your company in the long run.
How We Tested
Testing anti-virus software in the lab is a daunting task since there are more than 20,000 computer viruses and the number is growing every day. We used the services of the ICSA (International Computer Security Association), an organization that tests and certifies anti-virus software. To be certified, the software must detect 100 percent of the viruses in general distribution and 90 percent of over 6,000 test viruses. All of the programs we reviewed were certified by the ICSA, and you can view the results on the Web at www.icsalabs.com.
Knowing that the programs we reviewed had already been certified to detect viruses, we focused on the installation process, user interface, management tools, services, and features provided by each product. For this, we used our test network that included a dual processor Pentium 733 MHz server loaded with Microsoft Windows 2000, along with three PCs, which were installed with Windows 2000 Pro, Windows NT 4.0, and Windows 98 Second Edition operating systems.
With each product, we installed the administration software, upgrading the virus definitions, and setting up the PCs. Once this was accomplished, we sent test viruses through e-mail and planted viruses in the hard drives of each workstation. This triggered virus attack events, and we were able to review how well each program handled these scenarios.
Global Virus Insurance 24h-365d
Panda Software has two teams of anti-virus programmers: one group in San Francisco and the other in Madrid, Spain. They update their database of viruses daily and will collect, detect, and remove unknown viruses from customer installations in less than 24 hours. They also have personal technical support 365 days a year in offices around the world.
Global Virus Insurance is a bundle of tools based around the Panda Administrator, a program that can deliver anti-virus protection to Windows, Netware, and OS/2 clients, as well as Microsoft Exchange clients and servers. Once installed, the Panda Administrator updates itself daily through the Internet and installs and updates the anti-virus software and definitions for all compatible servers and PCs on the network.
It took us fifteen minutes to set up the Panda Administrator on our server and another few minutes to copy all the different anti-virus client versions to a shared folder. Once this was done, the Panda Administrator scoured the network and let us know which PCs needed an installation of anti-virus software and automatically downloaded the appropriate files.
When a new PC logs on to the network, Panda Administrator automatically installs the software or updates the virus definitions as needed. This can be an annoyance to users because they have to wait a few minutes for updates to take place, but it has benefits. As Dale Bastow, IT Director of the 18-person Stichler Group in San Diego, told us, ‘A key feature of Panda was the automatic updates at the server. . . the updates are automatically pushed to the workstations. This is all done seamlessly without any intervention from the users.’
When we infected our workstations with viruses, Panda easily caught and let us repair, delete, rename, or move all the affected files except one, a memory resident virus, which was detected but needed to be removed by booting from emergency floppies to make the repair. This worked fine, except that an error message reported when using the floppies was in Spanish.
Except for this small problem, Global Virus Insurance 24h-365d worked well and made it a breeze to set up and manage virus protection on a network.
InoculateIT 6.0 Advanced Edition features a solid centralized anti-virus management program and remote installation of client software. Although InoculateIT supports many OS environments, including most flavors of Windows, Linux, Macintosh, and Novell, it only allows remote installation for Windows NT or 2000 systems, though it does provide several means to package installations for delivery via the Web, Microsoft SMS, or login scripts.
Setting up InoculateIT on our server took 20 minutes, but was slowed when the computer froze at the end of the installation. We couldn’t clear the problem with Task Manager and had to pull the plug on the computers. Once we restarted, everything worked well (Computer Associates assures us that this was a unique problem). Using the Remote Install Utility, we specified acceptable target computers and distributed the software through shared directories on the remote machines.
We were amazed at the speed of InoculateIT’s multiple scanning engines and liked the options we had to choose from when it found a virus. These include centralized logging of all virus events – including files checked, files found, and responses taken. Another excellent feature is the Virus Quarantine, which not only let us quarantine a nasty file, but automatically isolated users who attempted to move, copy, or save infected files over the network.
As we would expect from a network anti-virus solution, InoculateIT also includes regular updates of virus signatures (definitions) and uses an advanced, rule-based detection system to detect unknown viruses and variants. Since the regular updates are incremental, the impact isn’t very noticeable to users.
When we tried to uninstall InoculateIT from the system, it left the registration on the server with no obvious way to uninstall it. Otherwise, we finished our tests thinking that InoculateIT 6.0 was a fast, versatile, and very capable anti-virus solution, especially for mixed networks.
Norton Anti-virus Corporate Edition Version 7.5
Norton Anti-virus is by far the most popular anti-virus software for Windows users, commanding more than half of the market. In the latest incarnation of Norton Anti-virus Corporate Edition, Symantec makes it easier than ever to manage network security.
We first installed the Management Console, which is designed to provide a framework to control Symantec products, solve problems, and perform routine maintenance from a central location on a network. Next, we installed ‘snap-ins’ – tools for client and server anti-virus software, live updates, alert management, file quarantine, and scan and deliver (for sending unknown viruses to Symantec over a secure connection).
After we completed the quick initial installation, we deployed the anti-virus software on our Windows NT and 2000 PCs, and then used the CD to install it on our Windows 98 machine. The entire process, including the initial virus scans (which ran slower than with the other three products) and live updates, took about an hour.
Norton Anti-virus let us scan any machine on the network in real-time, on-demand, or as a scheduled activity. Using Norton’s new Closed Loop Automation System, we were able to automate the entire process of detecting a new virus, sending it to quarantine, alerting the administrator, stripping sensitive data from the file, sending a copy to Symantec, and applying the cure to the infected file – all without any administrative intervention.
Another impressive feature of Norton Anti-virus is its Alert Management System, which let us configure how and where we received alerts and event reporting and what kinds of reports to print. This kept us informed even though we had automated most of the processes.
We had one problem when we sent an e-mail infected with an unknown virus to ourselves and Norton quarantined our entire e-mail folder instead of just the message and its attachment (as the other products do). There was no cure from Symantec after a week so we ended up deleting the file.
For a product with so many advanced features, Norton Anti-virus Corporate Edition 7.5 was easy to operate and update once it was installed, though perhaps not quite so worthy of its top billing.
Office Scan Corporate Ed. 3.54
Trend Micro has a reputation as one of the most respected virus research centers in the world. Office Scan 3.54 combines the excellent scanning engine behind PC-cillin 2000 with an integrated anti-virus management system.
Unique to all the other products we tested, Office Scan is the only one with a Web-based management program that can be accessed through a browser from any computer on the network. For security reasons, the management console is password-protected and communication between Office Scan and the rest of the computers is encrypted.
As with InoculateIT, users can remotely install Office Scan to network PCs as long as they are running Windows NT or 2000. For other types of workstations (Windows 9x or DOS), you can share the installation files in a folder on the server, download them into the PC, and then do the installation. Once Office Scan was installed on our PCs, we were able to schedule automatic virus definition updates and do company-wide scans from the central server.
Chris Paquette, president of Pinnacle Development Partners Inc. of Sterling, Mass., a 50-person office automation company, recommends and installs Office Scan software as part of his solution. ‘The automated update process is very easy to configure and has not failed us. The ease of use is a must for our small business clients. They want the protection but don’t want the hassle.’
Compared with the other anti-virus solutions we tested, Office Scan seemed to have the least overhead on our server, network, and PCs. And for a Windows NT network, OfficeScan 3.54 is as slick as it gets.
Questions to Ask
What platforms are supported? Some products support many different operating systems through manual install, but only one or two automatically. If you plan to fully manage even a small network from an administration console, make sure that the product supports all the platforms you are using. Otherwise, you might end up paying for an expensive management system that works with only a few computers.
What are the levels of support included with the product? It is best to find an anti-virus program with free support for the longest amount of time possible. This support should include virus evaluation, e-mail and telephone response, and direct access to a virus information database that explains how each virus operates and what to do if a computer becomes infected.
How do I protect myself from the latest viruses? All of the products we reviewed let you schedule automatic updates of the latest virus definitions for a server (or administrative computer) and all managed PCs. The frequency of updates varies from company to company, but most update their definitions at least a few times each week. Ask your sales rep how often new virus definitions are available and, if an unknown virus is discovered, what is the expected response time for a cure.
If your company has a hodgepodge of various computers, or just a single PC running the whole show, then you might find that an off-the-shelf anti-virus package is a better fit than a network solution.
We sampled five desktop anti-virus solutions on a Pentium III test PC set up with Windows 98 Second Edition and a modem. We set up each program to prompt us if an infected file was detected. Then, using another computer, we sent several virus-infected files and e-mail extensions to the test computer.
To our delight, all of the programs we tested worked as advertised, with a few small exceptions, and seemed to set up good defenses in our test computer. Here’s a quick review of our results:
InoculateIT Sported the fastest scanning engine, although we weren’t so happy that we had to go on line to use the help menu.
McAfee VirusScan Slow at scanning, and the McAfee Web site was a little difficult to navigate, but it got the job done.
Norton Anti-virus Easiest to figure out and use, but caused our Outlook program to lock up after installation. This problem seemed to clear up once we restarted our computer.
Panda Anti-virus Platinum Troublesome to register and get going, after which we liked the features and support.
PC-cillin A solid performer, but slower at scanning than most.
Joey Latimer writes frequently about network products for SBC.