Other Features
Your virus scanner should support on-demand scanning and realtime protection. In theory, if you run on-demand scanning when you install the scanner, then run realtime protection thereafter, you should never need on-demand scanning again. However, I like to use on-demand scanning to inspect specific files or to scan separate disks and volumes. Some virus scanners let you scan any accessible disk on the network; others allow only scans of local disks.
Your scanner should let you add and delete file types and folders from the scanning process. For example, a few years ago, most antivirus scanners skipped the Recycle Bin. Vendors thought scanning deleted files was a waste of resources. However, virus writers started hiding their creations in the Recycle Bin, so vendors put that folder back into the collection of items that you can have the product scan and protect.
Because antivirus scanners require frequent updates, you should consider only products that can update their engine and signatures without manual intervention. The virus scanner should check for signature updates every day and download them directly from the antivirus vendor's Web site or from a centralized server on the corporate network. I prefer the latter method, which is more efficient during a large outbreak of a new virus. If every PC on the network attempts to download a new signature while the vendor's Web site is under heavy load, protection will probably be spotty. If the centralized network server can get the signature update, it can feed the update to all connected workstations without interruption.
Administration Concerns
If you deploy antivirus clients to many desktops within a corporate network, check to see whether your antivirus vendor offers a tool for remotely configuring and deploying the clients. To prevent end-user unloading or misconfiguration, the desktop client should be locked down by default. The installation should be smooth, and when it's complete, the scanning engine should automatically check for updated signature files. The program shouldn't cause operational bugs or lockups. Even the best antivirus programs can cause problems on certain platforms, so if you have problems, don't assume you've made an installation mistake or that the workstation was previously corrupted. When the program is working on a desktop, it should do so transparently until it finds a problem.
Your antivirus scanner should always perform a self-check when it starts. More and more viruses are corrupting antivirus installations and deleting necessary files. The program should alert the user (and systems administrator) and take a default action when it finds malware. The program should also compile reports that show the total number of files scanned and cleaned, the types of viruses found, the affected user and machine, and the date of action. Alerts should be user-configurable so that the program can send messages to the screen, an email client, or a pager.
An antivirus solution for a corporate environment should permit centralized management and should let you disable or uninstall the antivirus software from a centralized location. Most applications vendors recommend disabling antivirus software during software installation, and a centralized management feature will pay for itself the first time you need to install a new application on many clients across a network.
Technical Support
The vendor's Web site should offer detailed analysis of the popular malware programs you're likely to encounter. Compare various vendors' analysis of Nimda, Klez, and other big-outbreak viruses. The finer the detail, the better. The site should contain a "virus encyclopedia" and let you search for particular filenames and message text that viruses might contain. The site should have a link dedicated to debunking hoax viruses so that you can readily research hoaxes. You should be able to download free utilities, repair tools, and supplemental reading. The vendor should also show evidence of ongoing research into future concerns, such as wireless threats and PDA viruses.
The vendor's technical-support staff should be accessible by phone, email, or fax and should answer calls within 15 minutes—faster, if you have a premium-support contract. Technical support should be helpful and willing to walk you step-by-step through installation, troubleshooting, and virus emergencies rather than simply point you to a document on the Web. Many vendors let their customers submit suspect files for inspection. If you've repeatedly scanned a file but still aren't sure it's safe, the ability to send it to the vendor for a once-over is comforting. This approach also helps antivirus vendors find new code and variants.
Make Your Choice
No antivirus scanner is perfect for everyone and every environment. You need to audit your environment to understand what you need to protect. Ideally, you want to install a scanner on every desktop and on a perimeter server, such as an email server or Internet gateway. Narrow your product list by including only vendors that offer strong support for your platforms. Then, check a few ratings sites and magazine reviews to determine how your candidates rank with regard to accuracy, speed, and feature sets. You want a scanner that consistently scores high detection rates and offers solid repair tools. Pick two or three candidates from vendors that have more than a few years of experience, then give them a try and choose one that feels natural in your environment. After you buy it, where do you put it? Check out the sidebar "Where to Run Your Scanner" for advice.
End of Article
Prev. page
1
2
3
4
[5]
next page -->
