Evaluating Anti-Virus Programs

Anti-Virus

All anti-virus programs are not the same and making purchasing decisions based on opinions (not facts) could put you at risk.

So which anti-virus (AV) program is best for you? It really depends on who you talk to, but should it? Ever since the advent of anti-virus, debates have raged as to which program is best and most of the time you get plenty of subjective opinions. We all have our opinions, but believe it or not there is significant science to the evaluation of anti-virus programs.

NOTE: This article is written with desktop and server anti-virus in mind. Enterprise management i.e. McAfee ePO, Symantec Corporate Edition, et al. is outside of the scope of this article.

The Science
The science of evaluating anti-virus programs is based on two main criteria; features and effectiveness.

Features
The anti-virus software market is more competitive than it has ever been. Some vendors offer a plethora of features in their offerings to attract more customers. Most people don’t even know what some of these features are or what they do, but there are some features that are important to look for during an evaluation of anti-virus programs.

OS Support
Does the anti-virus program fully support the operating system that it is intended to be used on? Sounds obvious don’t it? It does, but take Windows Vista for instance. Has the anti-virus program been designed for Windows Vista and has the program been tested and/or certified on this platform?

Automatic Updates
Can updates be downloaded manually and/or automatically?

Most people have better things to do than to make sure that anti-virus programs are updated regularly. This is a “must have” for a good anti-virus program. An added benefit is configurable automatic updates, allowing updates on a specific schedule.

On-Access Scanning
This is another critical feature. The on-access scan engine needs to start as early in the boot process as possible and files must be checked the instant there is any interaction with them.

On-Demand Scan
Is there an option to conduct a “deep scan” of files, folder, or drives when needed? All good anti-virus programs have this feature, but it is important to mention as a requirement anyway. It is also important that the anti-virus program allows for the scanning of removable media and network drives.

Heuristics
‘Heuristics’ describes the method of analyzing the code of a file to ascertain whether it contains code typical of a virus. Anti-virus programs that rely solely on signatures of known viruses are ineffective against many new viruses. In order for an anti-virus program to be trusted in my environment it must have the ability to detect viruses that are not yet known to the signature engine.

Scan scheduling
Much like automatic updates, most users typically forget to scan their computer on a regular basis.

Email scanning
Does the anti-virus program have the ability to scan inbound and outbound email? Does the anti-virus program have some controls built-in to prohibit mass-mailing? Email scanning becomes less important if it is certain that the email gateway has a properly installed and configured anti-virus solution, but it is always nice to have added layers of defense.

Reporting
Reporting is usually more important to technical and security personnel than it is to the typical user. The more reporting options the better. I conduct many information security audits and forensic investigations and enjoy the added benefit of detailed reports.

It is also important to consider what warnings are given to users by the anti-virus program. Are there warnings displayed if there are errors, scans have not been run in X number of days, the program has not been updated in X number of days, etc.

Effectiveness
What makes an anti-virus program “effective”? The criteria most often used are detection and cleaning rates compared with the function of time*.

*All good anti-virus programs will “eventually” detect and clean a virus. The time function gives an indication of how effective the program tested with newer viruses.

Testing the effectiveness of anti-virus programs can be cumbersome and very work intensive. It is a good idea to rely on independent lab reports and certifications conducted by companies and people who specialize in testing anti-virus products. The two that I refer to often are iCSA Labs and the Austrian anti-virus experts AV-comparatives.org

iCSA Labs
In order for an anti-virus program to be “ICSA Certified” it must meet certain and fairly rigorous criteria.

The list of certified anti-virus products can be found here: http://www.icsalabs.com/icsa/product.php?tid=dfgdf$gdhkkjk-kkkk.
The list of certification criteria is here: http://www.icsalabs.com/icsa/topic.php?tid=4a9d$80389867-30af3d4c$5524-512093a1

iCSA Labs does a very good job of testing anti-virus (and other) products. iCSA is a benchmark and lends credibility to the products it tests, but it should not be relied upon as the sole authority for anti-virus effectiveness testing. There are a variety of reasons why you may not see the anti-virus product you use on the list and a product that is certified may not necessarily be better than a product that is not.

AV-comparatives.org (http://www.av-comparatives.org/)
These Austrians know a thing or two about viruses and anti-virus software! If an anti-virus program was not found at iCSA Labs, it might be found here. The tests from AV-comparatives are very comprehensive and the reporting is excellent.

Conclusion
It is important to gather facts when evaluating technical solutions and anti-virus should be no exception. Before spending money on something someone told you was the best, do a little digging yourself. Create a checklist containing the evaluation criteria that are important to you and use it to evaluate the candidate anti-virus programs. If you would like a copy of the checklist I use in my evaluations; send me a note.

Read more!

Top 10 Free security-related programs for every home user

There are certain security-related programs that all home users should have installed on their computers. Installing, configuring, and maintaining programs from each category listed in this article will provide a good base of protection for most.

This list and accompanying suggestions are based with Windows 2000 and XP operating systems in mind. Many of the suggested programs in this article will not work with Vista.

Did I mention free? I like free. Don’t get me wrong I also like to do my part in supporting the economy, but why pay for something if I don’t have to (legally).

1. Anti-Virus Software
Effective, up-to-date anti-virus software is a critical cog in your home information security machine. I would not suggest anyone using a Windows (or Mac and maybe Linux) computer without it, unless you want to lose your information, have your computer participate in a “bot” network, or send not-so-nice emails to everyone in your contacts list.

Free Programs
My favorite is Grisoft’s AVG Anti-Virus Free. AVG has all of the options to ensure “good” virus protection, the performance is above-average, and it has a pretty good detection rate. The only beef I have with AVG is the clunky interface, but it IS free. Other free programs worth checking out include avast! 4 Home Edition and PC Tools AntiVirus Free Edition

2. Anti-Spyware Software
The question I get often is “If I am using anti-virus do I still need anti-spyware, and if so why?” The answer is always yes, and the reason is because of the difference in the way viruses and spyware (and adware) operate. Virus spreads, spyware imbeds. Your anti-virus software will not protect you adequately from spyware.

Free Programs
CRAWLER, LLC’s Spyware Terminator – Spyware and adware have evolved so much that I don’t think any of the free anti-spyware applications on the market should be relied upon solely. Although my favorite free anti-spyware application is Spyware Terminator, I would suggest that you supplement its protection with another (AVG Anti-Spyware Free, Spybot Search and Destroy, Ad-Aware SE Personal, etc.)

3. Personal Firewall
Personal firewalls are an important complement to your home computer information security. They are especially important if you have an “always on” cable or DSL connection at home. You should expect a “good” personal firewall to perform well in monitoring each connection into and out of your computer and tie it to the application (process) making the request.

Free Programs
Far and away, my favorite free personal firewall is Comodo Firewall Pro. Comodo performs well in leaktests, has all of the necessary options, and comes with good support in the form of updates, forums, and email. Other good free personal firewall products include ZoneAlarm Free, PC Tools Firewall Plus, and Jetico Personal Firewall (the best performer in leaktests).

4. Browser
There is always plenty of contention and discussion when talking about which browser is best. Whether you choose Internet Explorer, Mozilla Firefox, Opera, or any other browser, each will have its advantages and disadvantages. I can say one thing from experience; I am not at all pleased with IE7 on Windows XP SP2. The performance is horrendous.

Free Programs
All of the major browsers are free now and there are well over 100 available online. Trying to determine which one is the most secure is a very hotly debated topic. The most secure browser depends on the person using it. My favorite browser for security is Opera 9.20 for Windows. Opera is fast, can be made relatively secure, and has plenty of options. Other popular browsers include Internet Explorer, Mozilla Firefox and Netscape Browser 8.1.3.

5. Anti-Spam
Most home users use web-based email. Many of these web mail solutions employ some anti-spam technology. For home users that use an email client such as Outlook or Outlook Express, an anti-spam program is a very good idea. Convergence between spam, virus, and spyware is predicted in coming months and years (we have seen some already), which makes an anti-spyware solution that much more valuable.

Free Programs
My favorite anti-spam program for Windows is SPAMfighter. SPAMfighter does an admirable job of filtering spam and has features out its ears. Other good anti-spam programs include SpamAware V4.5 and Agnitum Spam Terrier. Spam Terrier looks very promising. I have not fully tested it yet.

6. Password Management (see “Passwords”)
I don’t know about you, but I have way too many passwords to keep track of! I won’t right them down (because you aren’t supposed to, duh). I use different passwords for different logins. In order to maintain control of my passwords securely, a password management program is absolutely necessary.

Free Programs
RoboForm has emerged as a market leader in easy-to-use, secure password management. I use RoboForm daily and I would be lost without it. Another good password management program that I use is PasswordSafe made by renowned crypto-expert Bruce Schneier

7. Anti-Phishing Software
As the number and sophistication of phishing attacks grow, so will the number of victims that fall prey. As the number of victims that fall prey grows, so will the number of phishing attacks. A vicious cycle. There are programs designed to help identify probable phishing attacks and it’s a good idea to check them out. Personally, I have received phishing emails that have gotten through both Internet Explorer’s and Gmail’s built-in protection.

Free Programs
Phishing is a social engineering attack, so the best free tool you can use is in your head (:o .

Using a browser and web-based email that provide built-in phishing protection is a good idea, but if you still want additional protection take a look at the Netcraft Anti-Phishing Toolbar or Phishing Detector v.1.0.

8. Backup Software
I am not going to suggest any free backup software other than what you already have on your computer. Use Microsoft’s backup program that was included with your operating system (assuming Windows 2000 or XP). Click Start, Run, type “ntbackup” (no quotes) and click OK.


9. File Recovery Tool
A case could be made whether or not a good file recovery tool is essential to the security of your computer. Too many times have I been called by someone in a panic because they had deleted their important information. The more time that passes between the time your files were deleted and the time you attempt to recover them, the less chance there is to recover them without a significant amount of expense. Having a tool “at the ready” will help to avoid confusion and diffuse the situation somewhat.

Free Programs
Be careful which file recovery tool you choose. Choosing the wrong one can make your problems worse. Also, install your program and test it out before a crisis. This way you will be that much more prepared. Convar’s PC Inspector File Recovery 4.x is one of my favorite free file recovery programs and their Smart Recovery program works well for flash media (i.e. photos from camera or video recorder).

WARNING: If your files are absolutely critical to you and you do not feel comfortable using a program on your own, call a professional.

10. Encryption Program
Being an information security guy, I do love me some good encryption! Encryption used properly will protect the confidentiality and integrity of your data. Essentially, your files will not be understood to anyone not authorized by you. If you store highly confidential data (i.e. tax documents, electronic bank statements, etc.), I would strongly suggest you encrypt it.

Free Programs
I have been using Axantum Software AB’s AxCrypt File Encryption Software for a long time and I have been very pleased with it. Another good free file encryption program is Cypherix Cryptainer LE. For those of you wanting to encrypt the entire drive for free, you can try CE-Infosys’ FREE CompuSec. If you are going to go for the “full disk” option, be sure to read the manual first (i.e. disable anti-virus during install)!

BONUS - Diagnostics
Sometimes a problem crops up and it gets misdiagnosed. In order to help determine what the root cause of a problem is, I need to gather as much pertinent information as I can about the problem. A good diagnostics tool helps accelerate this process.

Free Programs
There are hundreds of free diagnostic programs out there. Picking one as my favorite will surely draw some fire. Not being faint of heart, my favorite free diagnostic utility is System Information for Windows (SIW 1.67) written by Gabriel Topala. Much of what you will be looking for in a diagnostic program will be dependent upon your circumstances.


So there is my top ten, which is subject to change of course!

Keep in mind that this software is what I would recommend to a home computer user on a budget. The toolset I use in my work is more vast (i.e. audit tools, scanners, sniffers, compilers, etc.).

To the best of my knowledge, all of the software listed here is offered free to home users (i.e. non-commercial). Check with each individual developer to make sure you are using their software in compliance with their license. Read more!