August 2005 — Features
Print this articleClick here to receive your FREE subscription to T.H.E. Journal
How to Keep Your Campus Safe from Infection
A head-to-head look at how 13 antivirus solutions stack up. Which ones will keep your computers protected?
For many years, I’ve scanned the testing results from the industry standards in antivirus testing; I’ve perused the countless pages of information, trying to make sense out of it all. Yet, once I was done, I still didn’t have an answer to my original question: Which antivirus program should I buy?
Daily, in my duties at Colby-Sawyer College (NH), I run across all sorts of malware. After all, curious young minds want to explore all the Internet has to offer. The problem is, the Internet is not always a good place to be curious. As a result, I’ve seen all kinds of malware infections—in some cases, as many as 3,000 on a single computer. And I’ve managed to use my unique situation to acquire 10 viruses/ Trojans and two exploits. These could be considered “zero-day infections,” as most were so new that they were not even recognized by antivirus software (but all were confirmed by two or more companies after submission for evaluation). I chose these threats because I’ve seen them destroy a computer and render it useless on and off the Net. Yet, these infections are not self propagating, which is what a virus is by definition. Propagation is unnecessary when many of these infections are packaged with popular games or peer-to-peer programs, or, in some cases, buried on a Web page that gets 10,000 hits in a day. Most of these infections were far more complicated and time consuming to remove and had worse effects than even the dreaded Sasser worm.
Varying Performance Between Products
So why d'esn't every antivirus program detect and remove such infections? A technician from one of the antivirus programs tested in this article explained to me that, although many of the samples I sent him were Trojans and did create a backdoor into a computer, or installed some sort of malicious code that would eventually completely disable a computer, they are primarily used to propagate spyware rather than virus-like activity. And until these infections are actually being used for virus-like activity, or for reasons other than bombarding your computer with spyware, the company will not detect these infections. The technician went on to tell me that one spyware company in the UK was bold enough to take legal action against this antivirus company, and sue under the pretense that its software d'es not self-propagate; therefore, it d'es not meet the legal requirements of a virus. Detection by an antivirus company would most surely lead to bad press for these and other companies developing similar software.
If you ask me, these companies are riding the fine line of the law, skirting legalities by saying that since their program d'es not propagate, it is not a virus. And while I haven’t yet encountered a virus that I couldn’t disable and remove in a short time, I have spent several hours on a single computer trying to remove spyware. It’s also worth noting that, with a few exceptions, people whose computers have viruses usually don’t know their systems are infected—seldom the case with spyware.
