Once the responsibility of only the most ardent technophiles, antivirus technology now holds a prominent slot on most enterprises' priority lists. But with so many products on the market, which antivirus solution should you invest in?
To get to the bottom of things, we tested antivirus solutions from four leading vendors - Sophos, McAfee/Network Associates, Symantec, and F-Secure. Each solution offered roughly the same core set of features, such as on-access file scanning, communication with a central server for signatures, and automated installation procedures. But the manner in which these features were implemented varied widely from one solution to the next, raising practical questions about how antivirus software should be used in the modern enterprise.
Norton Anti-Virus Corporate 7.6
Symantec's Norton offering ranks among the industry's leading antivirus solutions, combining excellent manageability and flexibility. Norton uses Microsoft Management Console as its interface, with which many administrators are familiar. In our tests, we had the server and a few clients up and running in a mere 45 minutes.
The Symantec solution uses a typical tiered architecture, with clients reporting to a centralised server. For large organisations, these servers can themselves be tiered into various parent-child relationships, providing support for hundreds of thousands of clients.
The centralised server receives signature updates using Symantec's LiveUpdate technology and distributes the updates to all clients as scheduled. And administrators have plenty of control over what the end user can see and do in the Norton Anti-Virus client agent.
On the downside, however, the client program is rather bloated - at 60MB, Symantec's is the heftiest client in our roundup. Not surprisingly, users are likely to notice a significant performance lag when the Norton Anti-Virus engine kicks in, especially when running a full system scan.
McAfee Total Virus Defense Suite
McAfee scored impressive marks with its Total Virus package. The solution ranks as a top choice for organisations looking for a highly scalable, flexible antivirus solution.
Total Virus's best feature is its flexibility. Administrators have complete control over almost every aspect of the entire solution, ranging from what users can and cannot see on the agent to which reports are generated.
McAfee also shines on the client side, with its thin client occupying a mere 2MB of space and still delivering powerful antivirus protection. Moreover, the McAfee client is not as resource-hungry as the Norton client, especially when performing full system scans.
On the downside, the ePolicy Orchestrator centralised management console proved difficult to navigate and use, and is complicated to install.
F-Secure Anti-Virus for Workstations 5
F-Secure provides a highly capable antivirus solution that should appeal to a broad range of organisations. The mid-size client weighs in at approximately 9MB, and the agent does not significantly impair performance. While running a full system scan, we were able to simultaneously launch other applications with only a marginal drag on system response.
Administrators can perform automated installations on Windows hosts through F-Secure's auto-discovery and installation tools, and the F-Secure Policy Manager provides easy-to-use centralised agent management. The package also includes a handy reporting tool which allows administrators to easily track alerts and trends.
The Sophos Anti-Virus package boasts an excellent scanning engine, thanks largely to its InterCheck technology, which helps the Sophos client run full system scans with almost no discernible impact on system performance. In our tests, we were able to run virus scans and simultaneously access applications and perform regular user functions with no delay.
To help automate installation, Sophos provides the SAVAdmin tool, which works with Windows NT and 2000. (Windows 9x users must create login scripts.) Best of all, the system does not need to be restarted to complete the installation.
End users also have complete access to the agent console. Administrators can, however, prevent users from being able to uninstall the agent from their systems. On the downside, the manual signature updates on the central server can prove tedious.
In the end, your buying decision depends more on how your company would prefer to deploy and manage the antivirus solution than on any laundry list of features. Nevertheless, some key differences among these packages can help guide your choice.
If scalability and centralised management are the main concerns, Symantec gets the nod. If the client-side footprint is key, McAfee may be your best choice. Finally, for the strongest security, best performance, technical support, and support for the most desktop platforms, Sophos is the clear winner.