Your opinions?

[Twinkletoes]

I'm interested, what people here think makes a good anti-virus product.
For me (listed in order of importance, 1 being the most important), it
is:

[Home User]
1) - Easy to update
2) - Frequency of updates
3) - Reliabiltiy
4) - Easy to use
5) - Easy to install
6) - Vendor support

[Corporate Users]
1) - Easy to update an entire network
2) - Reliability
3) - Vendor support
4) - Frequency of updates
5) - Ease of initial installation
6) - Ease of use

In practice, the 6 reasons listed in corporate users are far closer than
is shown. I cold probably list their importance as 1, 1.1, 1.2, 1.3
etc...

Just interested,
'Ole Twinkle.

 

[Jibefan]

I also think that a BIG consideration is the impact on system resources.

 

[Torti Schlumpf]

3) - Reliabiltiy

What does this point imply in your opinion? That an AV scanner detects
as much malware as possible?

 

[Twinkletoes]

In a flash of inspiration, Torti Schlumpf declared :

What does this point imply in your opinion? That an AV scanner detects
as much malware as possible?

What I meant by reliability was that it didn't crash. Maybe robust
would have been a better word.

Twinkle

 

[David H. Lipman]

I think your Corporate priorities are off.

You need to consider, centralized; Alerting, Reporting and Logging and finally
configuration management.

A corporate LAN should also consider using a few vendors.
For example; McAfee on workstations, Symantec/Norton on Exchange/Notes email servers and
Trend on border gateways.

Dave

| I'm interested, what people here think makes a good anti-virus product.
| For me (listed in order of importance, 1 being the most important), it
| is:
|
| [Home User]
| 1) - Easy to update
| 2) - Frequency of updates
| 3) - Reliabiltiy
| 4) - Easy to use
| 5) - Easy to install
| 6) - Vendor support
|
| [Corporate Users]
| 1) - Easy to update an entire network
| 2) - Reliability
| 3) - Vendor support
| 4) - Frequency of updates
| 5) - Ease of initial installation
| 6) - Ease of use
|
| In practice, the 6 reasons listed in corporate users are far closer than
| is shown. I cold probably list their importance as 1, 1.1, 1.2, 1.3
| etc...
|
| Just interested,
| 'Ole Twinkle.
|
|

 

[optikl]

I'm interested, what people here think makes a good anti-virus product.
For me (listed in order of importance, 1 being the most important), it
is:

[Home User]
1) - Easy to update
2) - Frequency of updates
3) - Reliabiltiy
4) - Easy to use
5) - Easy to install
6) - Vendor support

[Corporate Users]
1) - Easy to update an entire network
2) - Reliability
3) - Vendor support
4) - Frequency of updates
5) - Ease of initial installation
6) - Ease of use

In practice, the 6 reasons listed in corporate users are far closer than
is shown. I cold probably list their importance as 1, 1.1, 1.2, 1.3
etc...

Just interested,
'Ole Twinkle.

Since probably almost all corporate users are also home users, I suspect the
rankings are more similar than you think.

 

[optikl]

A corporate LAN should also consider using a few vendors.
For example; McAfee on workstations, Symantec/Norton on Exchange/Notes email servers and
Trend on border gateways.

Is the cost of doing that versus using one vendor neutral?

 

[Torti Schlumpf]

What I meant by reliability was that it didn't crash. Maybe robust
would have been a better word.

Well, so you forgot the most important point:

An AV scanner should detect as much malware as possible. Therefor,
quality of the scanengine and the signatures is very important.

 

[Torti Schlumpf]

What I meant by reliability was that it didn't crash. Maybe robust
would have been a better word.

Well, so you forgot the most important point:

An AV scanner should detect as much malware as possible. Therefor,
quality of the scanengine and the signatures is very important.

 

[Jeffrey A. Setaro]

Well, so you forgot the most important point:

An AV scanner should detect as much malware as possible. Therefor,
quality of the scanengine and the signatures is very important.

Yes but if that scanner causes systems to fail it's pretty much useless.

--
Cheers-

Jeff Setaro
(e-mail address removed)
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[Torti Schlumpf]

Yes but if that scanner causes systems to fail it's pretty much useless.

Well, but every software may cause conflicts with anonter one, e.g.
depending on configuration or up-to-dateness, too. So it's very
important to install and use just software you really need.

 

[Torti Schlumpf]

I'm interested, what people here think makes a good anti-virus product.
[Home User]
1) - Easy to update

Less important than:
1.) Quality of scanengine and AV signatures (-> very good detection of
malware)

2) - Frequency of updates

ACK. Daily updates shuold become standard concerning every AV software.

3) - Reliabiltiy

Of course, if an AV program is responsable e.g. for system crashes, you
can't use it. The less deep an AV programm is involved in the orperating
system, the more improbable conflicts will be.

4) - Easy to use

Comparatively unimportant. Reading the manual will help.

5) - Easy to install

Comparatively unimportant, too. Two or three mouse clicks more or less
don't make any important difference.

6) - Vendor support

Should be placed at 3.).

 

[null]

I'm interested, what people here think makes a good anti-virus product.
For me (listed in order of importance, 1 being the most important), it
is:

[Home User]
1) - Easy to update
2) - Frequency of updates
3) - Reliabiltiy
4) - Easy to use
5) - Easy to install
6) - Vendor support

[Corporate Users]
1) - Easy to update an entire network
2) - Reliability
3) - Vendor support
4) - Frequency of updates
5) - Ease of initial installation
6) - Ease of use

In practice, the 6 reasons listed in corporate users are far closer than
is shown. I cold probably list their importance as 1, 1.1, 1.2, 1.3
etc...

As discussed/debated recently on acv, you also have preferences
between av scanners that attempt to detect and handle all kinds of
malware as opposed to those which (at least seem to) focus mainly on
ITW viruses (including worms). Some av products now include detection
for controversial-ware of various kinds .... categories which are
difficult to define .... though they could roughly be thrown into the
broad and nebulous term "Trojan". Some of what is often considered
spyware are included in detection as well.

Since at least some of these "detect everything" scanners may well bog
down a PC when the realtime monitor is active, scan speed (and under
which conditions or settings) has become a _very_ important factor for
many users.

So at least throw scan speed into your list.


Art
http://www.epix.net/~artnpeg

 

[John Coutts]

To sum it up in a single word "SIMPLICITY". Simplicity is:

Small footprint requiring minimal resources.
Minimal "Bells & Whistles" (just the bare essentials)
Non-invasive and easily disabled temporarily.
Easily configurable with minimal options to confuse users.

If the above criteria are met, what else really matters.
******************* REPLY SEPARATER ********************

 

[FromTheRafters]

I'm interested, what people here think makes a good anti-virus product.
For me (listed in order of importance, 1 being the most important), it
is:

[Home User]
1) - Easy to update
2) - Frequency of updates
3) - Reliabiltiy
4) - Easy to use
5) - Easy to install
6) - Vendor support

A bare bones virus detector coupled with strict adherence
to safe computing practices negates most of what people
think is important in an AV. Most of the above list is really
catering to the inherent laziness of users. You need an on
demand scanner that reliably detects those viruses that are
known to it.

(1) How hard is it, really, to manually download a new
definitions set prior to running an on demand scan on files
you have been placing in a directory of downloaded and
not yet scanned files?

(2) The frequency doesn't really matter just as long as the
period is shorter than the time in which you are willing to
let unscanned files wait in the wings. If you absolutely have
to run this particular executable that you just downloaded
today ~ today, you are eventually going to get screwed
anyway by being the first one on your block to get a copy
of the new stuff. To possibly mitigate this day zero effect
you would have to give any newly obtained file a "cooling
off" period greater that the average lag time between the
unleashing of the virus, and the availability of the definition.
So, that lag time, would set your minimum period, and hence
your update frequency (with the period set as a phase delay
for the "cooling off").

(3) Reliable? ~ of course, if it isn't fairly reliable then it's
fairly useless.

(4) Easy usually means "does everything for me so that
I don't have to take a part in the administration of my
own machine". Sure, if you're already resigned to the fact
that you must have "bells and whistles" and a GUI with
pretty colors, and options to automatically unzip files
nested five layers deep and MIME encoded in an e-mail,
then *yes* it would be nice if all of these *must have*
features configureable in an easy to use intuitive interface.

(5) A nice on demand scanner really doesn't need to
install ~ what could be easier than that?

(6) Support is indeed the name of the game.

[Corporate Users]

This is a whole 'nuther ball game. You really can't expect the
end users to have a clue even if you were to inject them with
it.

There should be some IT professionals here to help with
opinions on that score.

 

[Twinkletoes]

Well, so you forgot the most important point:

An AV scanner should detect as much malware as possible. Therefor,
quality of the scanengine and the signatures is very important.

Easy man, I'm not saying anything that I think is right, I just want to
gather opinion and thought I would get the ball rolling.

Twinkle

 

[Torti Schlumpf]

Easy man, I'm not saying anything that I think is right, I just want to
gather opinion and thought I would get the ball rolling.

Well, and I just wanted to point out what is - in my opinion - very
important. Anything else.

By the way: Much more important is to know that new malware will perhaps
not be detected by any AV scanner - so everybody has to be careful
handling executable files, e.g. in eMails.

Bugbear.b (alias Tanatos.b) e.g. was just detected by NOD32 V. 2.0
without new signatures (cause of "Advanced Heutristic" for IMON, NOD's
eMail scanner). Every other AV program needed to have new signatures
while the worm was already spreading.

So strong heuristics might be another important point...

 

[Mal]

Is the cost of doing that versus using one vendor neutral?

Nah it works out a lot more.

Maybe the same in licensing (depending on how things are licensed), but
add in:

1) training
2) having to manage multiple configs
3) maintain seperate sigs and keep up to date/manage various detections.

Still if that policy saves your company from being infected with a new
worm/virus ... how much is that worth?

 

[Robert Moir]

Well, but every software may cause conflicts with anonter one, e.g.
depending on configuration or up-to-dateness, too. So it's very
important to install and use just software you really need.

But users already think they do that. If their antivirus software refuses to
work with half the stuff they want to try then its going to be uninstalled.

Its a sad state of affairs when someone spends a lot of money on a computer
then can't use it the way they want due to poorly written AV software or
overly zealous AV software configuration.

Rob Moir