New Anti-Virus Software

By Douglas Mechaber, LACS, MCSE, MCNE, CCDA, BCSD

This review is about two new anti-virus programs: Kaspersky Anti-virus Personal Pro v. 3.5.1 and Panda Software's Antivirus Titanium v. 2.03.02

New viruses, worms, scripts, and Trojans appear daily. No longer do you have the luxury of thinking that you are unlikely to be infected by a new virus, a day or two — or less — old. The Internet has seen to that. These new antiviral packages both check email and scripts for known viruses, as well as monitor "harmful" activity, going one better than the old standbys Norton and McAfee. Kaspersky Labs, based in Moscow, includes a number of unusual features, in addition to the standard scanner expected in this product. These include a Microsoft Office Guard, a Rescue Disk generator, a Script Checker, and an autoupdater that can do so daily! The scan interface is shown below:

Kaspersky Lab Russia was founded by Eugene Kaspersky in 1997, but he has been working on antivirus software since 1989. The company says its main focus is the development and distribution of information security systems intended for both individual users and corporate clients. It does not have a U.S. branch, but does have branches in the U.K., France and China. Panda Software is a Spanish company, with an office in Glendale, California.

Installation for both of these products proceeded seamlessly. Panda AntiVirus (PAV-T) requires you to enter a code to register, and upon entering additional information, such as name, class of user, address, etc., it generates a random username and password. You must use these login credentials to download updates for both the signature files and the software. However, you must wait until you receive a confirming e-mail. After several hours, I still hadn't received any confirmation. I also reregistered as a "problem" for immediate ability to download, but after an hour, lost interest. My original confirmation came the next morning, almost twelve hours later. Given the time difference, some of this is understandable, but most systems like Panda's registration are completely automated, and even replies from overseas return within the hour.

I ran the installation of Kaspersky on a copy of XP Professional, without service pack 1, because I do not like what Microsoft has done to the potential ability to play and record certain MP3 files. Though not approved for XP, Kaspersky ran flawlessly, except that I was unable to run the Control Center — it simply wouldn't execute to generate the expected screen, although I did see a message confirming the Control Center was active upon reboot. Since all other functions, listed separately as menu choices, ran as expected, it appeared I merely lacked the convenience of a single graphical panel from which to select and customize configuration.

I was able to update the virus signature files from the KAV web site, although the cumulative update was quite large, over 3 MB. There are 3 types of updates: daily (up to twice daily, unless an emergency in-the-wild situation calls for an immediate response), weekly, and cumulative. You may also set the update to do so automatically. This ability expires from the time the software was provided to me, unlike Panda, which had an expiration date of one year from the date of registration.

To test the anti-viral programs, I used the EICAR standard anti-viral test programs (www.eicar.org). KAV provided one more: the anti-viral test placed into an HTML file that the script checker was supposed to catch. According to the text document, I should have seen a warning message, but instead I saw the message: This file contains EICAR standard antivirus test file placed into script,@ which was probably the warning message. This message also shows another annoying aspect of KAV: the manual and various text documents are riddled with typical misspellings and solipsism. Panda Software, based in Spain, also has strange grammatical twists: one message said, "Open now Panda Antivirus Titanium."

Recent paranoia makes it difficult to obtain a good set of virus files for testing, never mind the fact that yesterday's viral threat is...oh, so B yesterday. If you go to the eicar.org web site, you may download the standard EICAR test file in a variety of formats. There's the standard eicar.com, a zipped version, and a compiled zipped version, to see if the antiviral program can detect multiple levels of archive. KAV detected all variants, once I set the parameters to scan the removable disk (CD) on which Id placed the files. There's a subtle box on the extreme lower, left hand side of the scan window that must be clicked to change some of the KAV parameters. If you click this Expert mode box, you change from the default Standard choices, and the box goes to the top of the column.

When I ran Panda Titanium on the same files, only the compiled, zipped file was formally detected. However, I was unable to open any EICAR executable file after that; I could only open the archives to see the .com file underneath.

Panda Titanium's interface models that of XP. There are very few choices, even after selecting the specific items you wish to configure. When I selected complete protection, everything slowed to a crawl. Initially, I couldn't figure out why the cursor clicks were unresponsive. Even after rebooting, I had to re-disable complete protection; then everything worked smoothly. Complete protection scans all executed files in real time, but other than disable/enable, is not configurable.

Scanning speed between the two programs here seemed comparable. KAV reports statistics, but PAV-T claims a real world speed of 2,323 KB/s, 62% faster than Symantec NAV, and 32% faster than McAfee . My tests showed KAV returned a blistering 6,209 KB/s, probably not comparable to the test bed used for the PAV-T tests: PAV used a P III 800 MHz with 2000 Pro, and I used an Athlon 1.4 GHz, with XP Pro. PAV-T also has daily updates, but less configuration control. As with KAV, PAV-T can do heuristic scanning and scripts, as well as fix damage caused by worms and Trojans. When I scanned the EICAR files, PAV-T warned me that viruses would be removed, though on at least one option screen, I had selected report only. (The test files were on a CD-ROM, so could not be removed.)

I found Panda Software's Web site maddeningly slow: as with the software installation, a large graphic of the PAV-T package downloads for many choices. The web site pages expire after only a few minutes, which made it difficult to obtain information. No manual came with the product provided to me B only readme files on the CD. The new version includes XP protection, so I will assume that this update would fix the complete protection problem described earlier.

For Kaspersky: E-mail support is available 24x7x365 from support@kaspersky.com and the website: www.kaspersky.com. Telephone numbers are in Europe. Panda Software is headquartered in Spain, but its tech support can be reached at www.pandasoftware.com or (818) 543-6950 or by e-mail: techsupport.usa@pandasoftware.com or info@pandasoftware.es.

For Kaspersky: Windows 95/98/Me/NT/2000 Pro; 486 or higher, 20 MB of hard disk space, and 16 MB of RAM over the OS minimum, CD-ROM, and 800 x 600 resolution minimum for maximum usability.

For Panda AntiVirus Titanium: Windows XP, Windows 2000 Pro, NT 4.0 Workstation, Windows Me, 98 or 95 running on at least a Pentium 90 MHz processor with 32 MB of RAM and 20 MB of free hard disk space.

In this comparison, because of the lack of configuration flexibility that PAV-T exhibits, I give the nod to KAV. If you like the set and forget aspect, are bothered by too many choices, or have been unable to repair viral damage, then you may wish to give PAV-T a try. The new version is supposed to store in cache files previously scanned files and scan only modified files, so as to eliminate duplicate scans of resident files.

Kaspersky Anti-virus Personal Pro v. 3.5.1. Kaspersky Lab Russia: 10 Geroyev Panfilovtsev St., 125363 - Moscow, Russian Federation. Web site: www.kaspersky.com. E-mail: support or info or sales@kaspersky.com. Various European phone numbers. List price: $100.

Panda Software's Antivirus Titanium v. 2.03.02. $39 online from www.pandasoftware.com.. Panda Software, a Spanish company. U.S. office: 230 N. Maryland, Suite 303, P.0.Box 10578, Glendale CA 91209. Phone: (818)543-6950; Fax: (818)543-6910. E-mail: info.usa@pandasoftware.com