Greg Alton
activsoftware.com
What I want in an antivirus component or suite is something that protects my system without destroying my productivity. I also want it to protect my system against unknown threats.
Because antivirus components can be so intrusive, many have opted to roll the dice. That can be a real possibility for an informed user, but most will lose at this game. I've included some common sense measures that would make infrequent use of antivirus software practical in this article along with a review of products offered by the top 3 antivirus software vendors.
My review and recommendations for simple countermeasures are based on my experience with these tools over the past couple of years, knowledge of viruses, worms, email and other vulnerabilities, as well as experimentation through building software, breaking viruses apart to see how they work and just making the same mistakes that my non-technical peers have made. You should compare this to other reviews and read more about viruses and worms. My choice for the best antivirus software vendor also provides the best resources for learning more about viruses and worms, past and present. http://www.antivirus.com
Performance and Compatibility: Norton tools seemed to dramatically effect the performance of my workstation and were incompatible with many applications, including some configurations of Windows (IIS installed)*. McAfee had similar problems in the past, but the latest version has been running without conflict for me and without any noticeable degradation. PCCillan from Trend Micro scores well in this category. I've never noticed any issues with performance or compatibility while PCCillan was running.
Support: None of the top three companies responded to any attempt I made to obtain additional information concerning issues with their product. That may be sad, but common these days with software vendors. You should expect support to be limited to faq and knowledge base articles or user-to-user forums. Some may offer premium support options. I didn't try them.
Response to New Threats: PCCillan scores well above Norton and McAfee here. I have received notifications of new threats and solutions within hours of a new virus launch from Trend Micro. Norton and McAfee are improving here, but patches often arrive too late. I've cleaned many systems with PCCillan where Norton or McAffee were running at the time of infection. Microsoft recently made it policy to deliver new updates and vulnerablility reports on Wednesdays to give System Administrators time to update before the weekend. Attackers were using the weekend as an additional point of vulnerablility, knowing that System Administrators were at home. The result is that attackers now launch on Thursday. It's important to get new pattern files and updates quickly.
Stealth: One of the best security practices is stealth. If you were planning to develop the next big virus, worm or hacking tool, you would want it to have maximum impact. You would probably design it to take advantage of top brand names in software, such as Windows, Norton and McAfee. It's no coincidence that worms are targeted at Windows. Hacking tools are also distributed that are targeted toward popular firewalls. I don't think most people realize how vulnerable they are in community chat rooms and when using file-sharing clients. These days, if you're not on a 56K connection, you're probably being probed daily. Trend Micro may also benefit in this category since it is not a houshold name, although I did run across an exploit targeted specifically at them recently, but it was one in the fraudulent email category with a worm attached. If you're not using the same software as 9 out of 10 other people, you gain an advantage since someone might not get around to exploiting the vulnerabilities that surely exist on your system quite yet.
Useability: I give the nod to PCCillan on this one too. Antivirus software shouldn't restrict you to the point of harming productivity, and it also shouldn't ignore your actions totally to get out of your way. Norton warns and restricts too much. PCCillan warns nicely and is configurable. McAfee doesn't even notice I'm alive.
Simple Countermeasures: Some of the following recommendations should be obvious, but my personal experience is that they are not obvious even among IT professionals..
Update: An independent report commissioned by Trend Micro comparing performance and effectiveness of the Big 3 server products, reflects my performance experience with the consumer products, but I felt that the test did not cover enough vulnerabilities. Of course it's always important to note that even independent reports are often commissioned by parties with vested interests in the results and often the testing proceedure is outlined by the party commisioning the report. This just emphasizes the need to read many opinions before coming to your own conclusions.
I didn't post a link to another independent report commissioned for one of the mentioned products because it was obviously tainted to me, going as far as to exploit a recent and important weakness as a strength.
These are only my personal opinions based on my personal experience with these products. I invite counterpoints and will publish them here if they're good.