Norton AntiVirus for NT

If speed is of the essence, Norton AntiVirus is a good choice.

A good virus scanner is no longer a luxury; it's a necessity. If youfrequently receive files from an online service or via the Internet, you areessentially on a global network, and you are susceptible to attack. Althoughmost DOS and Win16 virus scanners run on Windows NT, they often lack NT-specificfeatures such as NT File System (NTFS) support for long filenames and networksupport. Virus scanners for Windows NT have been few and far between. Those thatare available include Cheyenne Software's InocuLAN, Carmel Software's NTAnti-Virus, ThunderByte's AntiVirus for Networks, and Sweep/Intercheck forWindows NT from Sophos (see, "It's a Dangerous World Out There," in the October 1995, issue of Windows NT Magazine).

In early January of this year, utilities giant Symantec added to the list ofavailable NT virus scanners by releasing a version of its award-winning NortonAntiVirus (NAV) for NT (see screen 1) with an enticing hook--this version isfree for the downloading!

Easy Install and Uninstall
Installation is both intuitive and simple, taking a little over threeminutes for a full installation. NAV uses the de facto standardinstallation interface for Windows 95 applications: the wizard. Although theinstallation path is customizable, the beta that I looked at forced shared filesinto the win32appsymantec directory on the NT system partition. Althoughthis isn't a significant problem, I would have preferred to keep all the programfiles in the same customizable directory.

Fortunately, NAV also includes an excellent Uninstall application, whichremoves all files from the disk and undoes the Install program's modificationsand additions to the Windows NT Registry. You need to be aware that the Installprogram is a Win16 application; this may cause problems if you have disabledWin16 on Win32 (WOW).

Good Performance
NAV executes quickly. I set it to scan nearly 2GB's worth of executablefiles spread out across seven volumes: three File Access Table (FAT) partitions,three NTFS partitions, and one High-Performance File System (HPFS) partition.NAV took roughly nine minutes to scan the drives. A full system scan (scanningall the files on the disks) took more than 36 minutes. If speed is of theessence, NAV is a good choice.

The CPU impact is tolerable, requiring from 20% to 30% of CPU time. In allfairness, however, I need to say that I ran the test on IDE disks. If you'reusing SCSI disks, you will see that figure drop somewhat.

Feature Set
Although this version of NAV is a stripped-down version of the forthcomingfull release of Norton AntiVirus, the feature set is adequate. Left out are theWindows 95 version's more advanced features, such as Auto-Protect, whichcontinually monitors your system for virus attacks, and Rescue Disk, whichrepairs the damage the viruses caused. But the basic function of a virus scanneris to detect and remove viruses; NAV does this very well.

Because I tested a beta version of the program, I decided not to run avigorous virus-scanning routine, but to sprinkle a number of infected filesacross multiple partitions. These files were infected by various stealth,polymorphic, and boot-sector viruses. NAV caught them all and repaired theinfected files. Symantec posts monthly Virus Definition Updates on-line(http://www.symantec.com/avcenter) to keep NAV up to date.

NAV's greatest strength lies in its flexibility. You can modify mostaspects of its execution, from file exclusions, detection notification, andpre-selected volumes to the file-extension scan list. Notification optionsinclude the following.

All NAV activity is written to a log file on your hard disk. This may beadequate for standalone workstations, but in a networked environment, you wouldexpect NAV to send a broadcast message over the network. InocuLAN does. Emailnotification is also missing in the beta release of NAV that I tested.

However, NAV is an invaluable tool for users who frequently download filesfrom an online service, as it supports compressed archive files. Unfortunately,NAV supports only .ZIP archives (see screen 2). And because it decompresses thefiles internally, you can't add your own archivers. Thus, other archive formats,such as .ARJ, .ARC, and .ZOO, are unsupported.

NAV uses NT's Scheduler service to schedule unattended scans, which isideal for servers. To set up an unattended scan, you start the Scheduler serviceand set the day and time on which you want the NAV scan to occur. Unfortunately,however, NAV supports only one scan per week. This can be limiting if yoursystem accepts new files daily.

Drawbacks
The NT version of NAV is almost identical to the Windows 95 version (exceptfor NTFS support), both in feature set and in interface. However, NAV doesn'tfully exploit the Win32 API. For example, it doesn't support some commonfeatures such as multithreading.

Multithreading would speed up certain operations on symmetricalmultiprocessing (SMP) systems, because the application theoretically could scanmultiple drives at the same time. In addition, NAV is available only for theIntel platform, with no MIPS, Alpha, or PowerPC releases planned--a problem ifyou have moved to a RISC platform.

Excellent Value
Symantec has made an auspicious debut with NAV. If you have access to theInternet, an online service, or Symantec's bulletin-board service, it's worthyour while to check out this software. Freeware doesn't get much better thanthis. If you want a more functional product, look at InocuLAN or wait for thefull commercial version of Norton AntiVirus for Windows NT, which should hit thestores later this year.

Corrections to this Article: