« Hello, who's still out there? Permanent 404s | Main | 3000's '15 was littered with crumbs of news »

December 29, 2015

Choosing antivirus via test sites, cloud AV

Editor's note: 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skills for multi-talented MPE experts.

By Steve Hardwick, CISSP

AV Comparatives.orgWith many anti-virus and anti-malware products on the market, it can be difficult to choose which provides the best fit. Several websites can now help make a selection and perform evaluations.

In an allied article I describe the elements needed for any effective virus attack: motive, means and opportunity. A suitable anti-virus program must provide the following capabilities.

  1. Be able to detect a vast array of malware
  2. Be able to update the virus definitions as quickly as possible after the virus signature has been isolated
  3. Provide the capability to quarantine and remove viruses after infection. This must include the ability to prevent any spread of the virus after contamination.
  4. Run with minimal load on the operating system. This includes both foreground (interactively scanning files as they are downloaded) and background (scanning existing files and computer activity)
  5. Have plug-ins for the various methods to download the viruses, via web browsers or email applications

AV-Test.orgThe following websites provide ratings for anti-virus products. Some websites' evaluations are are geared towards a consumer user. Others are more aligned to commercial certification of AV products. I've also included a note on how cloud-base AV is changing antivirus options.

AV – Test

Provides a good set of tests that cover all of the five areas outlined above. Updates their reviews on a monthly basis. Covers Windows, Mac and mobile devices. Includes a special section for home users.

AV Comparatives

Provides a good set of testing that covers all of the five areas outlined above. Provides additional, more detailed testing. Only certain tests are updated monthly. Testing is not broken down by operating system.

Virus Bulletin

Only provides the ability to detect viruses and not provide false positives. Only covers Windows and Linux.

Using cloud AV

One approach that minimizes the impact of running an AV program locally is to run the software in two parts, one locally on the machine and one in the cloud. A new set of cloud-based solutions are being offered. These provide a small scanning application running on the operating system and do the heavy lifting in the cloud. Panda, a provider that scored best in the AV Comparatives evaulations, is one example of cloud AV.

The local application scans files and provides file signatures, then uploads them to the cloud counterpart for analysis. This removes the need to update the local definitions on the computer and increases the ability to react to new threats.

This benefit comes at a price. The capabilities are limited by the lightweight application, the services the operating system provides to that application, and connectivity to the Internet. Many of the rating websites are slow to rate these products, especially those focused on consumers. As they become more popular, this cloud AV will be included in the traditional testing suites.

11:54 AM in Newsmakers, Web Resources | Permalink

Bookmark and Share

Use our search engine to find 20 years
of HP 3000 news and articles

Comments

Comments

The comments to this entry are closed.