Desktop Antivirus Software for Win2K Pro

Not many small office/home office (SOHO) environments have an IT department at their disposal. Although you have more direct control over your Windows 2000 Professional systems in a SOHO environment, you also have to maintain those systems, including their security. Fortunately, most traditional viruses choke under Win2K Pro's protected architecture, making your systems immune to older viruses. However, the new breed of viruses (e.g., VBS.LoveLetter, Melissa) are more distributable and polymorphic than their predecessors and can wreak havoc on your Win2K-based systems. To add to this fatalistic scenario, the Internet is the primary distribution vehicle for viruses, so the proliferation of broadband Internet connections that let you stay connected 24 x 7 means that viruses can slip onto your systems more easily than in the past.

The good news is that vendors have refined the latest generation of antivirus software to catch viruses before they do serious damage. The products are easier to use, have better detection rates, and are cheaper than earlier virus scanners. So you have no excuse for failing to install a good virus scanner on your system.

However, the dozens of antivirus products on the market make selecting the right program a daunting task. What criteria should you consider when selecting a desktop virus scanner? Antivirus software vendors provide massive lists of every virus that their software can detect, but these lists are primarily for marketing purposes (when was the last time you ran across the Rasputin virus?). Whether a virus scanner can detect tens of thousands of nearly obsolete viruses that don't affect Win2K Pro isn't important. What matters is how well a virus scanner handles the viruses that your system will face daily. All the products in this review can detect and clean the latest viruses. Being able to download and install regular virus updates without user intervention is a bonus feature. Ultimately, your decision comes down to a product's usability. (Table 1 compares the products' features.)

If you don't want to devote a lot of time to maintaining a virus scanner, look for a program that doesn't require coddling to run efficiently. Some users consider a product's user interface (UI) to be a cosmetic feature, but a good UI lets you configure a program without frustration and hassle. In addition, a rich feature set lets you tailor a virus scanner to your system's design and needs. If you share Microsoft Word documents only internally, why waste CPU cycles on a realtime scanner that examines the documents every time you open them? If you're hardwired to the Internet, look for a product that embeds in your TCP/IP layer.

To test the seven desktop antivirus scanners that I reviewed, I pitted each product against the viruses that currently threaten Win2K Pro systems (i.e., macro and polymorphic viruses). I timed how long each product took to detect and clean 10MB of data contaminated with 17 live macro viruses. In addition, I compared the percentage of viruses that each product detected and cleaned from the infected 10MB, a test bed of 1200 macro viruses, and a boot volume directory that contained 5000 polymorphic viruses. I also tested the products' crucial usability features, such as scheduling flexibility. The test system was my Pentium III 600EB processor system with 256MB of RAM and one 66MHz 20GB 7200rpm IBM Ultra Direct Memory Access (UDMA) hard disk. The system runs Win2K Pro with all the current hotfixes applied. This machine is one of my primary workstations, and I used each virus scanner in a live environment rather than in a simulated and sterile lab environment. For additional testing, I used Pentium and Pentium II processor machines running Win2K Pro.

Results
Selecting the best antivirus product wasn't easy. Every product I tested detected and cleaned the viruses from my system. If your only concern is maintaining a virus-free environment, you can't go wrong with any of the products here.

Taking usability into account, however, my pick is Panda Software's Panda Antivirus Platinum 6.0. It provides a comprehensive feature set and a world of customization options at a reasonable price. When I had this software installed on my system, I knew that the files I downloaded were clean and the documents I worked with weren't infected. In addition, Panda Antivirus updated virus definitions without intervention, and its well-crafted UI simplified reconfiguring the program to adapt to my ever-changing system configuration.

Command AntiVirus 4.59.1
A pioneer in the DOS world, Command Software Systems brings this heritage to Win2K with Command AntiVirus 4.59.1. Installing Command AntiVirus is easy. You use Windows Installer and click Next through the setup program, and the software does the rest. A full installation of Command AntiVirus consumes less than 10MB of disk space.

After the installation is complete, the software presents the option to create a set of rescue disks, which come in handy if you boot from a FAT or FAT32 volume. If a boot-sector virus infects your system, you can use a boot disk to reach a command prompt, then run a minimal version of Command AntiVirus from the rescue disks to repair the boot sector. I boot from an NTFS volume, so I didn't have a chance to test this option.

The software's UI, which Figure 1 shows, uses a task-based format to facilitate scan configuration. The software can run tasks in two modes: User and Administrator. Tasks running at the User level belong to the user who creates them. A user who creates a task has full modification privileges and can reconfigure the task. The software locks down tasks running at the Administrator level, and only users who have an Administrator-level account can modify these tasks.

Creating a task to scan the data volume on my test system was simple. In the Configuration window, I specified that the software run the task in Administrator mode, provided the drive path, and told the program to automatically disinfect files on my system.

Command AntiVirus uses Frisk Software International's F-PROT scanning engine, a mainstay in the antivirus software market since DOS's heyday. On my test system, the software scanned the 10GB of contaminated data in 16 minutes and detected and cleaned 100 percent of the viruses. Against my library of macro viruses, the software detected 98 percent of the viruses.

To protect your system against new and undetected viruses, the product employs a heuristic scanner called HoloCheck. Enabled by default, HoloCheck uses its behavior monitor to detect polymorphic viruses. On my test library, HoloCheck discovered 85 percent of the polymorphic viruses.

In addition to its robust scanning engine, Command AntiVirus includes a couple of notification features to alert you when the software detects a virus. The software provides a pop-up warning dialog box on the infected machine, and the product can send an email message to a designated user if you're using Microsoft Exchange Server. The lack of support for SMTP means that the product can't send an email message over the Internet.

Scheduling virus scans with Command AntiVirus is simple. The program includes an internal scheduling facility that lets you specify the frequency of the scans and whether you want to automate them.

For realtime virus scanning, the software includes the Dynamic Virus Protection utility. When you configure Command AntiVirus, the software asks which drives to protect and what action to take when it detects a virus. The Dynamic Virus Protection utility uses the F-PROT engine to perform realtime scans, so the utility simply uses the file inclusion and exclusion lists that you configured. I tested this utility by downloading an email message that contained an infected attachment. Dynamic Virus Protection quarantined the attachment as soon as Microsoft Outlook Express 4.0 saved it to my hard disk.

You handle virus definition updates in the Command AntiVirus UI. When you initiate the update utility, it connects to Command Software's FTP site and retrieves and automatically applies any updates to the program. Unfortunately, you can't schedule the software to automatically update virus definitions.

The only thing that prevents Command AntiVirus from being a spectacular virus scanner is its lack of email notification features and automatic definition updates. Although the product's price is right, competing products offer the features that Command AntiVirus lacks for only a few dollars more.