Friday, December 22, 2006

Testing out a new antivirus

I bit the bullet and decided to try an antivirus other than Norton AV. From the Symantec site, I downloaded a program that they claimed would remove all of Norton's products from my machine. This lightweight program ran for several minutes and I got comforting messages such as "cleaning registry". All seemed good when it was done. No desktop icons. Nothing in Add/Remove. No processes seemed to be running. I did a reboot and Systemworks seemed to be gone.

Next, I installed NOD32. After poking around on the web, I found recommendations for 4 programs. In the free category, Avast and AVG seemed to be favored. In the pay category, Kaspersky 6 and NOD32 seemed to be favored. Looking at various test results around the web, the pay ones outperformed the free ones (though some people seemed to disagree, but couldn't name their test result sites). Kaspersky rated slightly higher on more test sites and had a faster scanning time, BUT - and this was an issue for me - it seemed to have a fair amount of compatibility problems with other programs (something I think the Firefox programmers are running into these days - it's hard to predict the operating environment of a program which makes debugging a challenge). Given that and the fact that NOD32 seemed only of slightly lesser quality (some tests rated it higher than Kaspersky), I decided to give NOD32 a go.

I downloaded the trial program (before removing Norton) and installed it (after removing Norton). The install went easy. The major complaint about NOD32 is that it's interface isn't user friendly. Really, I've been haunting PCs and the web long enough to think that the interface isn't that hard either. In fact, the I used the custom install, answered a bunch of questions, and it went pretty well. I did some reading on a forum regarding the settings (a primer for setting it up, if you will) and it seemed pretty straight forward to me. It does offer a lot of flexibility and it would probably confuse novices. I even set up a scheduled deep scan (once a week, like I did with Norton) using command line triggers for options to run.

One minor disconcerting issue was that Zone Alarm does not recognize the NOD32 antivirus. After reading about it online, I found out that ZA only recognizes Symantec, MacAfee, and TrustEZ products for antivirus. None of the choices I had narrowed down to would have performed differently in ZA than NOD32.

Results: Deep scans took as long as one from Norton AV. This can translate into an hour or more on my hard drive. That's a long time. The good news is that NOD32 seemed to take up less system resources when performing that scan, so I was able to access other programs more easily and run them while the process was occurring. To give you an idea, I could do the same with Norton, but it would take a much longer time to open email or navigate the web.

Updates for NOD32 were easy, but the initial updates took a longish time. I guess this improves once a license is purchased (they provide faster update servers and automatic updates to subscribers).

It was easy to set up NOD32 to work with Internet Download Manager to scan my downloaded files. Individual file scans are easy to implement and take about as long as Norton. NOD32 does scan the memory each time it scans new files in order to see if the downloaded file has begun infiltrating the PC surreptitiously. That's a nice comfort. It also scans for rootkits, like the Sony debacle from last year, which Norton did not do.

Finally, and this was nice to see, during the initial deep scan, NOD32 found several suspicious files - trojans - that were on my PC. The good news is that in 2 cases, the files were already found by other programs (Ad-Aware, Spybot) and quarantined. NOD32 merely found them in the archived, quarantined harmless state. In one instance, however, it found an infected Word document (trojan, again) in my Thunderbird email as well as backups of that email. I was able to delete those using the program and clean the PC. Norton NEVER found those files and it was set to the most paranoid settings, including scanning archive files. So, while it may have taken as long to scan as Norton, NOD32 seemed to outperform Norton AV and used fewer system resources.

Also noted during that first deep scan: Norton's removal program DID NOT remove everything. In fact, it left files and folders in the Program files section of my PC. Sure, they weren't loaded anymore and weren't registered anymore, but they were still taking up disk space.

As you can imagine from the tone of my report, I'm leaning towards switching to NOD32. My main concern about switching were some of the utilities that I'd be losing with Systemworks. As it turns out, though, I've already replaced a few of them. I use Acronis True Image for backups (better than Ghost), Acronis Disk Director for partition analysis and disk management (equivalent and surpasses Partition Magic), and Diskeeper for defragging (surpasses Speedisk). The people who make Diskeeper also make Undelete (equivalent for Norton's protected recycle bin) and I found a free undelete program. At this point, I think I'm finally saying goodbye to Norton. They've become too large, too bloated for my tastes. I can see the advantages for some people to keep their products: easy interface, decent quality. But, the Sony rootkit debacle soured me, the system resource hog soured me, the removal hooks turned me off, and the fact that, like a bad OS it kept getting larger and larger with nominal benefits and not remaining on top in quality...well, I'm ready to move on.

Watch out Zone Alarm - you may be next...and your subscription is up in 47 days.

No comments: