Original Link: http://www.anandtech.com/show/76

Norton Anti-Virus

by Anand Lal Shimpi on November 21, 1997 7:36 AM EST


For quite a while now, Norton AntiVirus, by Symantec, has been one of the major contenders in the AntiVirus market. As we integrate our lives more and more with the Web, and as the personal computer becomes of more and more personal use, the need for strong virus protection rises. Symantec has risen to meet this need with this latest version of their excellent line of virus protection utilities.

Three Parts of the Whole

The AntiVirus package comes with three major parts: Auto-Protect, File Scanner and Scheduler. Auto-Protect and File Scanner are the classic real time and full disk virus scanners(respectively), but with some innovative, cutting edge features. The Scheduler is a new addition to the AntiVirus package. It is a memory resident program that schedules events: usually hard drive scans. On installation, the default setting is with Scheduler enabled and with scans scheduled weekly on fridays at 8:00. Scheduler can schedule hourly, daily, weekly, monthly, or even yearly scans of the hard drive. In addition to setting it to scan the hard drive, it can be configured to simply display a message, or to run any program. Scheduler takes up just over 2 MB in memory. Although this is not much, it is a lot for just a little bit more automation. I prefer to do that much more manually. Another newly automated feature in AntiVirus is LiveUpdate. LiveUpdate is a feature that updates the virus definitions for AntiVirus automatically. Virus definitions are the data files which contain signatures of thousands of viruses so that AntiVirus knows what to look for. In the past, in order to keep these data files up to date, the user had to manually download and install them. Now, LiveUpdate can download the files off the internet and install them with just the click of a button. I welcome this automation; it makes life much easier.

Those Pesky Scans

As busy as I am, and as most people are, remembering to make regular scans of the hard drive is tough. The Scheduler helps with that, but the Auto-Protect of NAV helps even more. Auto-Protect is a thorough real time shield against viruses. It can scan every file you access, and then either prompt you, shut down the computer or attempt to repair or delete the infected files. These scans are completely configurable. The types of access on which to scan as well as which types of files to scan can be chosen. When Auto-Protect finds a virus it will bring up a Repair Wizard, which takes you step-by-step through the repair process, and changes dynamically based on the virus being cleaned. An extra step that NAV takes in checking for viruses is that it scans the floppy drive whenever Windows shuts down. Even when my system froze, and I had to do the old CTRL-ALT-DEL, Auto-Protect scanned the floppy drive for viruses before allowing the system to reboot.  In addition to thouroughly scanning files for known viruses, Auto-Protect adds a new level of security by using many new methods to identify viruses for which there aren't definitions in the data files. It does this in several ways. One method is inoculation. NAV Inoculates important files, recording certain key information about them. Auto-Protect can watch these files for any suspicious changes and report them. Auto-Protect also uses the new Striker Sensor technology to protect against unknown and polymorphic viruses by monitoring virus-like activity. It monitors for things such as low-level formats and writing to boot records, upon which it will take action the user configures it for. Auto-Protect only takes up about 2 MB of memory, keeping it pretty much out of the way. It is exactly what good armor should be: strong and sturdy, yet light and unobtrusive.

In addition to Auto-Protect, NAV is also equipped with a flexible, configurable File Scanner. The File Scanner's settings can be optimized for a Low, Medium or High risk system. Like Auto-Protect, the File Scanner can check inoculated files for suspicious changes. It can also optionally scan memory, high memory, boot sectors and within ZIP file archives. Upon finding a virus, File Scanner brings up the Repair Wizard, which takes the user step-by-step through eliminating the virus. The scan time is not exceptionally fast : a scan of 861 MB of files took 1 minute 42 seconds.

A new system for boot sector virus detection called Bloodhound-Boot is in beta stages at Symantec. It is a "generic" system that looks for virus-like signs instead of looking for specific virus signatures. It should be implemented in AntiVirus 4.0, which is also available for beta testing on Symantec's website.

The Impression that I Get

Norton AntiVirus is quite an impressive package. The Auto-Protect, its strongest part, is very thorough and strong. The File Scanner could be faster, but it does get the job done. New features like LiveUpdate and the Scheduler automate tedious tasks for the user. One small drawback is that AntiVirus is only available for Windows platforms. (With the exception of the beta AntiVirus for Firewalls and AntiVirus for Internet Email Gateways), but for Windows platforms, AntiVirus is great. The rock solid protection it provides is worth the buy.

Product Information: System Requirements (Windows 95 version)
Manufacturer:
Symantec
(www.symantec.com)

Price: $70 ($30 upgrade)
Platforms Available:
Windows 3.x, 95,NT Server(Intel / DEC Alpha), NT Workstation
Processor: 386, 486 or Pentium compatible
Platform: Windows 95
Memory: 4 MB (8 MB or more recommended)
HD Space: 12 MB

Click here to find lowest prices on this product.

Log in

Don't have an account? Sign up now