Although it is perfectly possible to install and manage anti-virus software on small networks without needing any management software, the task becomes too time consuming and error-prone where large numbers of systems are involved. Larger networks require centralised management software with remote deployment and updating facilities, management reporting and an alerting system triggered when a virus is detected.
But while consumer anti-virus software is widely reviewed, its corporate counterpart is often ignored. In this group test we hope to redress that and have selected six of the market-leading vendors pitting their products against each other to find out which is best for your business.
Testing
We tested the products on a small local network with systems running either Windows XP Professional with Service Pack 2, Windows 2000 Server or Windows Server 2003. Each system was imaged and restored after each installation and tests run so that each subsequent test would start from the same base line
This also avoided problems that could occur if a previous installation had modified system files or Registry entries and had not restored them to their previous state. The software was installed in accordance with the installation instructions supplied with the product.
Once the software was installed and configured we updated the virus signatures. We then ran a simple test using the freely available European Institute for Computer Anti-Virus Research (EICAR) test files to ensure that the systems were working correctly.
These files, available from www.eicar.org, are designed to mimic a virus without actually being one, and signature-based anti-virus scanners should detect and report them as they would a real virus.
Having proved that the system was functioning correctly we allowed it to run for several hours to check that automatic updating was working as expected. Ideally, the software allows frequent updates to minimise the chances of new virus arriving before the signature files have been updated.
We then isolated the network from the Internet and introduced a selection of genuine viruses and remote control software to see how the system reacted. This was not intended as an exhaustive test, and we would have been surprised if any of the software had failed to detect them. Its main purpose was to provide some realistic data to drive the reporting and alerting systems.
We also wanted to see how the software reacted to the legitimate presence of the remote control software. We have seen earlier versions of some anti-virus software react as though they had found keystroke loggers or Trojans and promptly attempt to remove them, causing considerable annoyance in the process. Such potential false positives should be reported so that the system administrators can decide on a course of action.
