10 things to look for in an antivirus application

by Erik "Eckel Network+, MCP+I, MCSE" | Mar 22, 2007 7:00:00 AM

Tags: Viruses and worms, SECURITY, Erik Eckel Network+, MCP+I, MCSE, antivirus, antivirus application, antivirus program

13 comment(s)

Takeaway: Selecting the right antivirus protection for your organization may be one of the most important decisions you'll be asked to make. Erik Eckel offers 10 key factors to keep in mind as you weigh the various AV options.

This article is also available as a PDF download.

Antivirus programs are no longer a best practice; they're a requirement. If a system has a power supply and runs Windows, it must have a first-rate antivirus application current with the latest signatures. Don't make it easier for attackers to compromise the systems you're supposed to be keeping secure. Insist on these 10 elements in any antivirus application you implement.

#1: Potency

An antivirus program is useless if it fails to identify and isolate viruses, worms, and similar infections. Productivity losses quickly mount when you have to clean machines of malicious software. Removing infections from systems supposedly protected by antivirus applications only adds insult to injury. Avoid such frustration by ensuring that the antivirus platform you deploy effectively prevents infection.

Don't let persuasive ads or persistent channel partners talk you into specific brands. Research your options thoroughly and talk to other IT pros to learn their recommendations. The insight you'll gain is invaluable, especially when comparing notes with colleagues within the same industry—those who are responsible for maintaining the same type of business and enterprise applications.

#2: Low overhead

Some mass-market antivirus programs have been known to bring minimally configured Windows systems to a standstill. An effective antivirus program must constantly work behind the scenes to monitor active applications. That's understood. But protective software apps requiring (or commanding) significant system resources often do more harm than good.

When selecting an antivirus application, review the program's system requirements. Before committing to a solution, test the application on several workstations to determine the true load that the program places on real-world equipment. Don't settle for manufacturers' claims. Verify performance data firsthand.

#3: Centralized administration

No one enjoys having to visit every workstation within the organization. That's just what you'll have to do, though, if you standardize on an antivirus application that doesn't support centralized distribution and administration.

Make sure the antivirus solution you select works well with Windows Intellimirror and other mass client-deployment technologies (or has its own native deployment features). Although some smaller organizations aren't as dependent on time-saving deployment tools, remotely managing and administering antivirus applications is still most efficient, even in businesses with just 20 employees. By eliminating the need to visit those systems to configure scans, review logs, and maintain updates, strong centralized administration features more than pay for themselves.

#4: E-mail protection

It goes without saying that any antivirus solution should guard against infectious code sent or received in e-mail. However, not all applications provide such protection. Even if your organization maintains an e-mail server- or router-based antivirus program, seek client antivirus apps that provide secondary e-mail protection.

Client-side e-mail security offers essential protection for your organization. It also safeguard's its reputation, preventing users from infecting external customers, partners, and suppliers and keeping your organization off one of many troublesome spam lists.

#5: Compatibility

In addition to confirming that an antivirus application operates well with your operating system, check that it doesn't create errors when installed alongside enterprise applications, proprietary programs, and other software packages. Some IT newsgroups—and occasionally, antivirus manufacturers—do a good job of warning about known conflicts. But the best bet is to install the solution (prior to a department- or organization-wide deployment) to test the antivirus software's interaction with other programs.

Pay particularly close attention if you're working with Microsoft Vista. Don't expect Windows XP-based antivirus software to work well with the newest desktop OS. In fact, in most cases, it won't. If your organization has moved to Vista, confirm that the security software is certified for use with the newest Windows platform.

#6: Effective reporting tools

Some antivirus solutions enable you to review reports from all configured clients via a Web interface. Others produce reports indicating threats, scans, and infections but require that an administrator visit each client to obtain that information.

Review your organization's needs and determine which method will work best. Consider reporting features carefully. A program's logs and report information will prove invaluable in alerting you to problems before or as they occur.

#7: Technical support

Antivirus programs fail. It's inevitable. Sooner or later, you'll encounter strange failures, bizarre error messages, or inexplicable system freezes. Having access to the antivirus manufacturer's development staff is essential for successfully identifying a solution.

Before purchasing any software, check out the manufacturer's Web site. Find out whether the manufacturer provides a toll-free number for support, review any troubleshooting forums, and check which live assistance options exist.

#8: Certification

Just as an antivirus solution's potency is critical, so too is certification. Manufacturers can make all the promises and claims they want in marketing materials, but industry certification is hard won. ICSA Labs, Virus Bulletin, West Coast Labs, the National Associate of Specialist Computer Retailers, and others all require antivirus programs to meet stringent requirements to receive certification.

Of course, certification isn't foolproof. But one way to know you're purchasing a trustworthy application is to confirm that the program has earned certification from these leading labs.

#9: Simplified licensing

Once you've identified an antivirus solution that's potent, compatible, and backed by quality technical support (among other elements), it's time to turn your attention to licensing. Some manufacturers complicate licensing to the point that you can install a dedicated license on only a single machine. If that system's hard disk or motherboard fails (or the entire system goes down), under OEM terms your organization is likely required to purchase another license, even if the original term is yet to expire.

Review license requirements with care. It's often best to purchase client licenses by seat. Thus, if a workstation or server fails, migrating an existing license to the replacement system becomes a simple matter. (But expect to pay more for the privilege.)

Remember to factor in growth considerations when purchasing a specific number of seats. It's all too easy to exceed licensing limits signed six months ago. Keep detailed notes on how many systems receive antivirus software and keep the documentation current as workstations and servers are replaced or upgraded.

#10: Reasonable cost

When purchasing fewer than 50 licenses, expect to pay approximately $30 to $45 per seat for an annual antivirus license. As an organization exceeds 100 licenses, costs can drop to as low as $25 per user.

Unless an application includes firewall, anti-spyware, or antispam features, prices should fall within the above ranges. Any organization tempted to add firewall or anti-spyware tools to its antivirus application, especially for 20 or more users, might be better served pursuing a hardware-based solution (such as the ones provided by SonicWALL, Barracuda, and other manufacturers) instead of a software-focused product.

13 comment(s)