Anti-virus Programs I have Used (Part 1)

By Charles Ferris

I have notice a lot more "infections" by a virus or macro lately. It seems that recently, there seems to be some kind of "nasty" at least once a week. Usually, it is either the SirCam or the Majesty. The disturbing part, it takes at least 2 top of the line anti-virus programs running simultaneously to catch some of these.

I had attempted to install Norton AV (Anti Virus), and there was some kind of "installation" problem. Norton AV was my program of choice. I therefore installed McAfee Viruscan, and ran it. It claimed I was clean. I downloaded the updated DAT (data) file, and reran the scan. I was still clean. I decided to scan for TROJAN HORSE programs. Using the program PestPatrol, I found 3 that were hidden. I removed them, and then NAV would install. I re-scanned with McAfee, and still was clean. I then updated NAV and scanned my system with it. NOW McAfee finds 5 virus programs that are hidden in my system. All of these were inside compressed files that had not been opened, so I had not sent them to others. But, what I find very interesting, is NAV is not the program that found the viruses. It was Virus Scan by McAfee. The very same files that it had looked at and thoroughly scanned just earlier. The parameters are still set the same, heuristics set to be used, compressed files looked inside of, all files (not just program files) scanned. And now, with NAV scanning the system, McAfee Virus Scan suddenly finds virus programs that it did not find earlier.

This is not the first time that I have experienced something like this.

I had been called to help my friend Steve a few months ago. He had downloaded some e-mail viruses that morning. I went over, scanned his system and did not find anything. I upgraded his Norton Anti-Virus (NAV), and re-scanned his computer. I now found 130+ computer virus programs scattered all across his computer. I was very supprised there were that many!!! Now, being very cautious, (or maybe slightly paranoid!!) I logged on the Trend Micro web page - www.trendmicro.com.

I ran the HOUSECALL program they offer for scanning your computer over the Internet. TrendMicro – using Pc-cillen – did not find any more virus code. But, NAV did find 9 more !! And yet NAV had been run twice, all files, and using heuristics, and it did not find any more!!! Until the Housecall had been run!!! McAfee offers something similar to TrendMicro's housecall. And I would encourage using both of them.

Over either Roadrunner or DSL, this process will not take long. But over dialup, this will consume considerable time.

A few months ago, PC Magazine did a review of the top dozen or so anti-virus programs. Norton and McAfee were numbers two and three. Panda Anti-virus was number one. Basically this was because NAV and Viruscan missed some of the "wild" virus code thrown at it and Panda caught everything. I have not used Panda in recent years, and definitely not the Platinum edition. But, it is one of the very few that still offers DOS level scanners. PC Magazine ranked NAV slightly higher than McAfee not because it was better or worse at finding "wild" virus code. NAV was ranked higher due to its extreme ease for updating the code and scanning engine. In fact, if any of the Norton products are installed, Live update will update ALL of them, not just the components of NAV.

I have become a proponent of Norton Anti-virus in the recent 2-3 years. I was able to buy it at a very good price, was able to update for a year, and the updating process was so very easy using the live update. In the DOS days, I felt that McAfee was the prime program for anti-virus scanning. Although McAfee does have a very good program, I am not knocking it, I find the updateing process much more difficult. There is not a "live update" program that is part of the McAfee product. The user has to go to the McAfee site, search out the data file and download it. The DAT file or the SUPER-DAT file is self-extracting and will install itself with the McAfee that is running.

I am sure that if I find the McAfee site less than simple, and difficult to use so do many others. I do use the McAfee program. It is a good program. My major objections to is are:

  1. it does not want to "play well with others" i.e. it does not want any other anti-virus program running.
  2. the process of updating and using their web page.

The Norton site (www.symantic.com) also has a number of specialized anti-virus removal tools. Each of these are written to run without the Norton Anti-virus program. And each is set up to remove a specific virus.

I have recently used a couple of other programs for scanning for a computer virus.

One is called EXPERT ANTI-VIRUS. It was available at a price that really encouraged trying it. It installs very easily, and what is amazing is there is FREE LIFETIME update of the database. This program works well. The program can be downloaded also from the site. If Outlook/Outlook Express is the program of choice for reading mail, then EXPERT ANTI-VIRUS will scan the e-mail for virus code and other hostile code. If, on the other hand, Netscape, Eudora (lite or pro) or Pegasus are used to read the mail, then the mail is not scanned and not protected.

An interesting program that was reviewed by PC Magazine is INOCULAE IT, by Computer Associates. This program has been included with GOZILLA. Computer Associates have been offering free updates of the data file for INOCULAE IT for registered users. I do not know if or when this will end. INOCULAE IT is a good program that can be upgraded online. It will let you know when it needs to be upgraded. Once you click OK, it will proceed to upgrade. INOCULAE IT also has an interesting approach to scanning the system. It has what it calls a progressive scan. There is a parameter for setting the number of files scanned during startup. This program then proceeds to scan all your files on the hard drive. This has the positive result that all the files on the computer eventually get scanned without taking a lot of time. If this particular product can still be found, I would strongly encourage its use.

Computer Associates, the company that had sponsered INOCULATE IT, has changed it’s approach. There is still a product available, it is called eTrust Inoculate IT for Windows.

Smart computing has also done some reviews recently on anti-virus programs. Maximum boot magazine has McAfee on it’s disk frequently.

There are trial or demo versions of some of these anti-virus programs. These can be downloaded from Zdnet, Simtel, CNet, Webattack, Nonags, PCWorld, Computer Associates (Innoculan),

 

Sources of programs:

Norton www.symantic.com

McAfee www.mcafee.com

Pc-cillen www.trendmicro.com or www.antivirus.com

Expert Anti-virus www.grisoft.com

Eudora www.eudora.com - e-mail reader - not susceptible to Outlook macro-virus code

Netscape www.netscape.com - web browser

Opera www.opera.com - alternate web browser

 

Zdnet www.zdnet.com/downloads

Simtel www.simtel.com

Cnet www.cnet.com

Webattack www.webattack.com

Nonags www.nonags.com

PC World www.pcworld.com

 

Computer Associates

virus Information Center http://www3.ca.com/virus/

etrust Inoculate IT ftp://ftp.ca.com/pub/inoculan/scaneng/fi_w9x.exe

my-etrust (CA page for home use) http://www1.my-etrust.com/

 

authored by: Charles Ferris

web page: www.lightlink.com/computer