Description

This article is from the Computer viruses FAQ, by David Harley D.Harley@icrf.icnet.uk, George Wenzel gwenzel@telusplanet.net and Bruce Burrell bpb@umich.edu with numerous contributions by others.

8) What's the best anti-virus software (and where do I get it)?

In case it's not absolutely clear from the following, it simply isn't
possible to answer the first part of this question. There are, however,
some suggestions for sources of software and of information on particular
packages, comparative reviews etc. The danger of this approach is that
sites, servers, and packages come and go, and it isn't possible to
keep track of all of them. If URL's in this section have changed,
please inform the maintainers so that they may be updated.

Most of the people who post here have their favourites: if you just
ask which is the best, you'll generally get either a subjective
"I like such and such", recommendation of a particular product by
someone who works for that company, or a request to be more specific
about your needs. Some of us who are heavily involved with virus
control favour using more than one package and keeping track of the
market. Don't trust anything you read in the non-technical press.
Don't accept uncritically reviews in the computing press, either:
even highly-regarded IT specialists often have little understanding
of virus issues, and many journalists are specialists only in
skimming and misinterpreting. Magazines like Virus Bulletin and
Secure Computing are much better informed and do frequent comparative
reviews, and are also informative about their testing criteria,
procedures and virus suites. Recently, a number of articles have been
posted here by people who've run their own tests on various packages.
These are often of interest, but should not be accepted uncritically.
(No-one's opinion should be accepted uncritically!)

Valid testing of antivirus software requires a lot of care and
thought, and not all those who undertake it have the resources,
knowledge or experience to do it properly.

You may get a more informed response if you specify what sort of system
you have - DOS, Windows, Win95, WinNT, Mac? XT, AT, 386 or better?
Is the system networked, and are you asking about protecting the
whole network? (What sort of network?) Are you running NT, OS/2
or Win95, any of which involve special considerations? Be aware
that there is more than one way of judging the effectiveness of a
package - the sheer number of viruses detected; speed; tendency
to false alarms; size (can you run it from a single floppy when
necessary?); types of virus detection & prevention (not at all the
same thing) offered (command-line scanning, TSR scanning, behaviour
blocking, checksumming, access-control, integrity shell etc.);
technical support etc.

One possible (but imperfect) measure of a package's efficiency in terms
of virus detection is ICSA approval. Under the current testing protocol,
a scanner must detect all viruses on the Wild List plus 90% of NCSA's
full test suite. See http://www.icsa.net/services/product_cert/ for
details.

Comprehensive product reviews can sometimes be found at the following
sites, but are not necessarily the latest available.

http://www.virusbtn.com/ _Virus Bulletin_
http://www.westcoast.com/ _Secure Computing_
http://www.uta.fi/laitokset/virus/ University of Tampere
ftp://ftp.informatik.uni-hamburg.de/pub/virus/ Virus Test Center
and http://agn-www.informatik.uni-hamburg.de/vtc/naveng.htm
http://victoria.tc.ca/int-grps/books/techrev/mnvr.html

and a number of reputable vendors include comparative reviews,
papers on testing etc. on their WWW/FTP servers.

Many anti-virus packages are available from the SimTel mirrors:
http://www.simtel.net/simtel.net/msdos/virus.html
ftp://ftp.simtel.net/pub/simtelnet/msdos/virus/

For information on mirror sites, a regularly-updated listing can
be found at

http://www.simtel.net/simtel.net/mirrors.html

Of course, such products can often be obtained direct from the
publisher's WWW site, too. The following information is not intended
to be a totally comprehensive list; it is merely a reference to where
major anti-virus packages can be downloaded.

Please note that the maintainers have not tested or even seen all the
packages listed here, and listing here does not imply recommendation
(though we won't list anything we *know* is rubbish....).

- - ------------
AntiViral Toolkit Pro (commercial with evaluation versions)
Platform(s): DOS, Win3.x, Win95/98, NT, OS/2, NetWare.
URL: http://www.avp.com
http://www.avp.ch
http://www.avp.tm
http://www.avp.ru

- - ------------
AVAST!, AVAST32 (Commercial with evaluation versions)
Platform(s): DOS, Win3.x, Win95/98, NT.
URL: http://www.anet.cz/alwil/

- - ------------
Calluna Hardwall (Hardware-based virus protection)
Platform(s): Win3.x, Win95, NT.
URL: http://www.hardwall.com/

- - ------------
ChekMate (Integrity Checker; commercial w/ evaluation versions)
Platform(s): DOS, Win3.x, Win95/98, OS/2.
URL: http://chekware.simplenet.com/cmindex.htm

- - ------------
ESafe Protect
Platform(s): Win95/98, NT.
URL: http://www.esafe.com/

- - ------------
F-Prot (Free for personal, non-commercial use)
Platform(s): DOS with limited Windows support
URL: http://www.complex.is

- - ------------
F-Prot Professional (Commercial; distributed by both Command Software
and DataFellows)
Platform(s): DOS, Win3.x, Win95/98, WinNT, NetWare
URL: http://www.commandcom.com/
http://www.DataFellows.com/
More details inc. in PRO.DOC, supplied with the shareware version.

- - ------------
InoculateIT (formerly InocuLan) - Commercial with freeware version)
Platform(s): Win95/98, NT, Netware.
URL: http://www.cai.com/products/inoculateit.htm

- - ------------
Integrity Master (Commercial with evaluation versions)
Platform(s): DOS, Win3.x, Win95/98, NT, OS/2.
URL: http://www.stiller.com

- - ------------
Invircible (commercial with evaluation versions)
Platform(s): DOS, Win3.x, Win95/98, NT.
URL: http://www.invircible.com/
Note: The creators of InVircible have marketed it as the be-all and
end-all of anti-virus products. As with any product, the buyer
should beware such outlandish claims.

- - ------------
McAfee VirusScan (also Dr. Solomon's products) - eval versions available
Platform(s): DOS, Windows, Win95, NetWare, Mac, NT, Lotus Notes,
Groupware, Exchange, SunOS, Solaris, FreeBSD, SCO, Linux.
URL: http://www.nai.com

- - ------------
Microsoft (Macro Virus fixes)
URL: http://www.microsoft.com
Note: Microsoft anti-virus (MSAV) is no longer supported. If you're using
it, get something else (anything else). MSAV is not adequate
protection as it does not protect against current viruses.
There is a paper by Yisrael Radai which documents many of the other
problems with MSAV and CPAV.

ftp://ftp.informatik.uni-hamburg.de/pub/virus/texts/viruses/

- - ------------
MIMESweeper (Mail scanning 'firewall')
Platform(s): Domino, SMTP, Exchange, Raptor
URL: http://www.mimesweeper.com

- - ------------
NH&A (Distributors of various anti-virus products; see URL for details)
Platform(s): Various, depends on the product
URL: http://www.nha.com

- - ------------
Norman Virus Control
Platform(s): DOS, Win3.x, Win95, NT, OS/2, NetWare, Lotus Domino, Exchange.
URL: http://www.norman.com/

- - ------------
Norton Anti-virus, Symantec Anti-virus for Mac
Platform(s): DOS, Win3.x, Win95/98, Mac (SAM), NT, NetWare, OS/2,
Lotus Notes, Exchange.
URL: http://www.symantec.com/

- - ------------
Panda Anti-Virus
Platform(s): DOS, Win3.x, Win95/98, NT, OS/2.
URL: http://www.pandasoftware.com

- - ------------
PC-Cillin, InterScan, Scanmail, Serverprotect
Platform(s): Win95/98, NT, Lotus Notes, Exchange, Outlook, cc:mail.
URL: http://www.antivirus.com/

- - ------------
Reflex Magnetics Ltd - DiskNet, Macro Interceptor, and Data Vault
Platform(s): Win95/98, NT.
URL: http://www.reflex-magnetics.co.uk/

- - ------------
ScanMaster for Novell/Vines (Uses McAfee VirusScan engine)
URL: http://www.netpro.com

- - ------------
Sophos Sweep (commercial with evaluation versions)
Platform(s): DOS, Win3.x, Win95/98, NT, Mac, OS/2, Netware, AIX, Linux,
FreeBSD, HP-UX/HP-PA, SCO, Solaris, OpenVMS, Banyan VINES.
URL: http://www.sophos.com/

- - ------------
VirusBUSTER, MacroVirusBUSTER, CyberBUSTER
Platform(s): DOS, Win3.x, Win95/98, NT
URL: http://www.leprechaun.com.au/

- - ------------
VirusNet
Platform(s): DOS, Win3.x, Win95/98, NT
URL: http://www.safetynet.com

- - ------------

In the event of a *real* tragedy, there are a number of firms which
specialise in data recovery. Examples include:

Ontrack Data Recovery, Inc.
URL: http://www.ontrack.com

DataRescue:
URL: http://www.datarescue.com/

 

Continue to:

• prev: 7) How does antivirus software work?
• Index
• next: 9) Where can I get further information? (Computer virus)

Share and Enjoy

Tags

security, computer viruses