Criterias to select the engine technologyThe antivirus world is littered with preconceptions, misinterpretations and marketing fluff which can make it hard when navigating this product segment. There are tools out there which will help the shopper make sense of all this and below are some bits of information and key links to accelerate the process to the best possible decision for your organization.

Certifications: in many cases, users don't look around to see how good the product actually performs. There are 3 organizations that track and rate antivirus technologies (click on their name to visit them):

• ICSA: they rate antivirus products on a regular basis and test scanners against "in the wild" viruses (Vs the ones that are not in circulation). They test for detection, elimination, gateway, groupware, manages solution and on-line scanning.


• Check-Mark: they have a similar approach to this as the ICSA, but they have 4 testing programs (detection, cleaning, trojan and spyware)


• VirusBulletin: they take a slightly different approach where they will test by platforms and historical results are very easily accessible. Please note that you must create a (free) account to view the results. They have a wealth of information, worth your time.
  
  Note 1: vendors do have to pay to participate in these programs, so it's important to check all 3 because not all vendors choose to work with all 3. These systems charge vendors for their participation (they also have to pay the bills!)
  Note 2: if vendors keep on failing with one system, consider not putting them on your shortlist Note 3: another very interesting site is AV-TEST.ORG, highly recommended
  Note 4: I personally look out for vendors that have a long track record versus "we have it since 2001 and we're using the logo ever since" approach.All 3 services will give you access to historical data, which definitely helps when choosing.


• Quickness of resolution: how fast can your AV vendor have a fix for a problem?
  
  
  
  • How long do you have to wait for a fix: here is an article (Feb 2004) which is very interesting regardless of it's age on how fast AV vendors react. The top dogs are lagging in this test, because they release a lot of beta definitions before the final. Food for thought.
  
  
  • How many times vendors release definitions: another Feb-o4 article on the vendors schedules of releases (non-outbreak) from VirusBulletin, written by the folks at AV-TEST.ORG. Warning - PDF.
  
  
  • AV-Test.org did some interesting data collecting in August 2005 for some malware, and some products responded beautifully and others, well, didn't. Click here for the Excel file (in ZIP format) which contains the data.
  
  

What to look for in this day and age?

• Home users:

• Quick updates, completely transparent


• Quarantine to submit files to your vendors


• Low CPU/memory consumption


• Scanning of email AND instant messaging


• Easy to use interface


• Spyware (malware) elimination (check with Check-Mark since they test for that)
  
  


• Business users - all of the above plus:


• Policy enforcement: make sure your users don't control their desktop AV products, that everything is automated and that alerts are proactively managed by IT staff


• Multiple vendor technologies: make sure your e-mail and desktops don't use the same products, look for multiple-engine products at the SMTP level. SMTP will remain for a long time the maine viral vector so putting your eggs if the same basket is not the best approach.
  


• Central management for all platforms (desktops/OS'es, gateways, groupware)


• PDA/Cell phone: not a major issue (yet) but expect you're going to have to add this to your list sooner than later

Marketing traps to be aware of when shopping for antivirus::

• Kills 70,000+ viruses: The WildList organization lists actual threats and not the ones created in labs (zoo viruses), Also, some virus toolkits are responsible for over 25,000 viruses all killed with one virus definition.


• You only need one vendor: yeah, right. They'll throw at you all those certification logos and success stories. Fact is, scan the Exchange server with another product and be surprized, Antigen by Microsoft is recommended for this test.


• Best of breed: just Google that for fun, they're all "best of breed" according to their marketing depts.


• Kills spyware: not a trap per say, but it depends on how you define spyware which is an industry issue. Antivirus products will go for the malware-style spyware and will leave in most cases the "innofensive" stuff behind, you'll have to test throroughly and counter-check with an antispyware like PestPatrol.

Jean Pascal Hebert, President, Socius Technologies.

He has been involved with security vendors for the past 8 years in sales, marketing, relationship management roles. Having worked at Symantec and Sybari Software, consulted for LastSpam.com and Vircom, he has developed expertise which enables vendors to maximize their potential through strategic relationships.

His new project, www.computer-secure.com, will assist beginners with their home PC security needs I hope this will prove useful, comments are welcome!