Buyer's Guide: Antivirus Software

Antivirus software is one of the most important applications that IT installs on users’ computers. Too many threats exist in a Windows environment to not immediately equip any computer that can connect to the outside world (even if only indirectly) with the tools necessary to automate that computer’s defense from the myriad of attacks to which it will likely be exposed.

The proactive—and for good reason, slightly paranoid—IT professional who is responsible for securing systems from viruses, malware, Trojans, and other sorts of external attack understands that providing the right level of security requires a layered approach and that relying on a single approach to protection also leaves systems with a single point of failure. Regardless of perimeter security and virus scanning, systems administrators should also equip client computers with antivirus software.

How to choose this software is a function of the computer’s role, the level of security required, and the effect the software will have on everyday user operation. These criteria can be applied only after IT has already winnowed down the selection from a large number of antivirus products that range from relatively simple antivirus solutions aimed at the corporate desktop to complete suites of system security software that go far beyond simple endpoint antivirus protection and offer an entire range of additional capabilities.

The days are long past when you could decide on an antivirus solution based on its basic threat detection and protection capabilities. Every major vendor offers some form of protection from every typical style of attack, giving users the ability to perform real-time background scans of files that they interact with. For example, client-side software goes so far these days as to not only scan inbound software for potentially harmful content but also scan outbound messages, in case the system does get infected, to prevent a compromised system from becoming an internal attack vector.

This additional protection is great from an IT perspective, as long as it doesn’t interfere with user productivity. Therefore, evaluating a product’s performance hit or memory overhead is important, especially because few enterprises have all the latest and greatest client hardware. The performance and security issues of a 5-year-old system running Windows XP are far different than those of a properly configured Windows 7 configuration running on current hardware. All the major antivirus vendors support every OS configuration from XP to Windows 7, so that’s unlikely to be a decision point.

Beyond the programs’ basic capabilities, how can you decide which software to use? Cost is always an issue for IT, but this is definitely a case in which being penny-wise can be pound-foolish. With antivirus software, only after you’ve determined that all other critical components are equivalent should you base a decision solely on cost. Your primary considerations should include the following.

How often are virus definitions updated? Many vendors update their virus signature files quite often, taking an aggressive approach to limiting their clients’ exposure. How often do you want your client systems to update when there isn’t an outbreak in the wild as opposed to a maintenance update? Are you able to control the update process? Do clients need direct Internet access to update, or can you run a local updater service? Can IT force clients to update? How much control does IT get over the update process?

How quickly does the vendor respond? Historically, how long has it taken the vendor to update the product after new viruses were found in the wild? How does the vendor alert the user (or IT) to this occurrence and let them know that a patch is necessary, rather than just a simple maintenance update?

Does the program include extra features that you want? Do you want a program that includes web browser security (e.g., one that takes control over browser settings and locks down the configuration)? Vendor offerings range from standalone antivirus to complete endpoint security packages. Your business model will likely put you somewhere between these two extremes for actual need—but does the product have additional features that will improve user security at little or no extra cost?

Does the product fit into your production environment? Does it interact properly with all your standard and custom business applications? Is its behavior consistent and reliable when used on your network? Does the program allow IT to control and manage how it works and make sure that it’s functional and properly updated? If you have an existing Internet security solution in place, for example, does the antivirus solution work properly within the scope of that existing security model?

How much end user interaction is required? The solution you select should have clear-cut and easily understood alerts that are configurable by IT. A product that gives the same warning to the user when it finds a benign tracking cookie and a dangerous virus is likely to confuse users and generate increased calls to IT. The right solution will reduce the need for IT hand-holding of end users faced with potential virus threats.

When all these factors are considered and evaluated—that is, thoroughly tested before potential deployment—it’s time to consider price. Prices range from perpetual per-seat licensing to annually subscribed full-site single-price models. Depending on the size of your enterprise, different vendors might fit your budget more closely. When you make price the final decision point, rather than a primary concern, you’ll know that you have the right tool for the job. For a summary of antivirus software products and features, see the Buyer’s Guide table.