Evaluation of Anti-Virus Software-Some Commonly Used Criteria

Here is a list of commonly used evaluation criteria for anti-virus software

  • • Ability to produce new virus signatures quickly
  • • Dispersed/distributed manageability
  • • Unified client features
  • • Client transparency
  • • Support for all Windows OSes and Linux
  • • Web-based management console
  • • Company strength and overall AV strategy
  • • Ability to integrate with other solutions such as Cisco NAC
  • • Proactive notification on potential outbreaks and/or problems
  • • Ability to clean up after viruses and/or spyware have infected a system
  • • Ability to quickly prevent outbreaks while new virus signatures are not yet available

Each of the above criteria has been explained further

Ability to Produce New Virus Signatures Quickly

The period between when a virus is discovered “in the wild” and when a signature or pattern file is available for clients is extremely critical. The longer it takes to get and distribute new pattern files, the more likely it is to have clients getting infected.

Dispersed/Distributed Manageability

The ability to provide Unit Computing Specialists and/or departmental administrators access to manage their own clients was also an important feature. With the diversity in departmental IT policies, it is necessary to be able to give people the ability to set policies for their department differently than  what is defined at the global level. Furthermore, departments need the ability to provide customized reports on systems under their control to their management.

Unified Client Features

The ability for client software to provide antivirus, anti-spyware, SPAM filtering, and firewall support in a single package was very high on the list of requirements. Packaging all of these features together under a single client not only reduces desktop and system tray clutter but typically takes up fewer system resources in terms of CPU and memory.

Client Transparency

Another aspect that to consider is how the client itself performed while a system was under heavy usage. Real-time scanning and monitoring needed to be as unobtrustive as possible. This also meant that any error messages or warnings that popped up as viruses were found needed to be easy to understand and answer. It was very important that the client be as transparent and easy to use as possible to users.

Support for mulitple OSes

If there are a variety of operating systems is use it is important that any solution support the full range of Windows operating systems from Windows XP and2003 all the way back to Windows 98 and Windows 95. In addition, adding support for protecting the growing number of Linux desktops and servers may also be required.

Web-Based Management Console

Enterprise management tools needed to be web-based for ubiquitous access. Not all system administrators run Windows on their desktop, so use of a Windows client-based management system is not desired in our environment. Furthermore, the console needed to be able to provide granular control over systems being managed.

Company Strength / Overall AV Strategy

Another factor in selecting an antivirus solution is how strong the company itself was. Fiscally weak or unsound companies tend to get bought out by larger corporations who may then change the levels of service a product provides even during a contract.The availability of technical support for the anti-virus software is also relevant here. This particularly the case when using free anti-virus software.

Ability to Integrate with Other Solutions

Network security is another area of focus when selecting an antivirus solution. The ability of a solution to integrate with third party solutions such as Cisco’s Network Solution. It is therefore essential that anti-virus solution be able to integrate with the existing network infrastructure.

Proactive Notification of Potential Outbreaks and/or Problems

Limited human resources means that continuous monitoring of the system may not be possible. Therefore, it is critical that any solution be able to watch systems and automatically notify system administrators of possible outbreaks or issues on the network. The ability to email or page an administrator or administrators when there appears to be an anomaly on the network should be considered.

Ability to Clean Up after Viruses and/or Spyware

Obviously another factor that must be considered when evaluating antivirus solutions is how well the product is able to clean a system after an infection. If a solution simply detects a virus but doesn’t clean it up well, it doesn’t really save an administrator any time or effort. The solution should be able to successfully clean a majority of infections without having to rebuild the system.

Ability to Prevent Outbreaks Until New Virus Signatures Are Available

Many vendors have begun to discuss “zero-day” protection, but few actually do much about it. The ability to prevent an outbreak from occurring when there is no virus signature or pattern file available is extremely important. Hundreds of systems could potentially become infected in the time it takes a virus to be detected “in the wild” to the time a new pattern is available. A feature considered key was the ability for software to keep systems protected even though they were unable to detect the virus.