iOS app Android app More

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors
Robert J. Elisberg

Robert J. Elisberg

Posted: March 18, 2010 11:08 AM

The Writers Workbench: The Anti-Virus Flu Season

What's Your Reaction:

Years ago, I had a computer-knowledgeable friend who wrote an online piece skeptical about the existence of computer viruses. (Hey, I said it was years ago...) He wrote that while there were many rumors of these virus things, he wasn't aware of any of them existing in real life. To be fair to him, he wasn't denying their existence, just that he would withhold judgment as to whether they were really the Big Problem everyone was so worried about. I'm happy to report (well, unhappy, actually...) that he now acknowledges that computer viruses do exist. It's hard to imagine anyone today who still has that same, ancient belief, that viruses aren't much of a problem and won't hit them. They are, they will, and they probably have. And almost as surprising is people who have an anti-program, but haven't upgraded it in years, or haven't regularly updated the virus definitions. We all need anti-virus programs, and there are a lot out there to choose from. Here are a couple that don't have as recognizable names as some, yet have long been industry leaders.

KASPERSKY ANTI-VIRUS 2010

Over the past few years, Kaspersky Anti-Virus has built up a solid reputation for the quality of its virus protection, and little by little has gained recognition, though it still doesn't trip off the tongue for most users. In more recent years, it's merged its KAV software into a more encompassing product, Kaspersky Internet Security (KIS) which includes more robust protection of applications, firewalls, and spam, among other things, though still sells KAV as a standalone software, for those who prefer to choose other programs for more robust anti-spyware or system protection.

Its 2010 version of Kaspersky Anti-Virus is very similar to the previous incarnation, with not many major changes. Mostly there are improvements of existing features, a few new tweaks, and continued changes to the user interface. The Kaspersky interface was long one of the hindrances for widespread home use, since the product focused on more advanced users. But for the past versions, the company has been addressing that, and the ease-of-use factor has been drastically improved.

There are a few caveats with the program, however, but we'll get to those later.

First things first though, if you're a bit uncertain about what anti-virus programs do. The heart of any AV software is its database. This is a collection of information that tells the program what viruses to look for. It's what must be updated regularly, since virus threats are changing regularly. Kaspersky, like all good anti-virus programs, will update its database regularly. The more regularly, the better -- though when any program updates too often, some people find that intrusive. But it's generally done in the background, and Kasperky doesn't have much of a drain on your system resources. By default, KAV checks once a day, though you can change this to whatever you want under Settings -- or even turn Auto Update off, and check manually.

2010-03-03-KAVmain.jpg

As for the program itself, the KAV 2010, interface is now fairly sleek, with four prime sections easily identified to click on and get further access to features. A moving graph shows the current status and that scanning is active. And perhaps most notably, the entire interface displays your current safety condition. Green for protected (your database updates are current) , down through yellow caution (if some settings need checking -- and you'll be told which) and red danger. It makes things near-impossible to miss. There are also reasonably clear links to Settings, Quarantined items, Reports and Support, along with how many days are left in your subscription.

A nice and simplified feature is that rather than accessing protection defaults hidden under Settings and scrolling to find what you want, you can now just click on the big Protection button and then directly select any of the options (Files and Private Data, or Online Activity, for example) and find a clear graphic chart of what is being protected. Then, you can click on any individual item to fine-tune what is protected if you want to get your hands dirty. Most people will likely leave these settings alone, but it's good now to at least be able to see clearly what's going on.

KAV 2010 protection watched over anti-malware/spyware files, email, and IM messages. System Security isn't as rich as with the more full-featured KIS, but it still provides important protection -- checking your operating system kernel, blocking keyloggers, worms, and so forth. There's also "phishing" protection, added last year, which disables links to websites that spoof you into thinking they're something they're not. You can go under the hood in settings and determine how aggressive you want the protection to be, but you'll be fine leaving things as they are. By the way, starting with last year's program, KAV also scans compressed files, which is how many viruses are often delivered.

Scan My Computer is now easier in version 2010. It wasn't difficult before, but Kaspersky has clearly highlighted each option (a detailed Full Scan, or a Quick Scan - or a scan where you can select individual items, but just clicking on a file tree), and there's also been added when each last scan was done.

For information geeks, the My Update Center now provides comprehensive statistics of threats and the status of the database. And once again, there's a clear button to manually start downloading a new database, though by default this is set to be done automatically. There's also a nice new feature that will scroll back your database to a previous version, if your current database gets corrupted for any reason.

Finally, the Security+ section gives you access to specific tools for more advanced users who want to tune their system.

2010-03-03-KAVsettings.jpg

As mentioned, you can also access all of these default items under the Settings button. Kasperksy is very flexible for techies who want as much control over their system and protection as possible. But the Recommended settings all appear to be solid choices for most users

One thing you might want to change in all of this is when you want scans to run -- whether Full scan or Quick scan. It would be nice if you could set this under the Scan section, but alas that's not possible. It's a little tricky to do, but "little" is the operative word, since it's fairly easy -- You go to Settings and then select what scan you want to automate (Full and/or Quick, for instance). You'll then see a page with various options, one of which is "Run Mode." It's in this area where you'll find a settings button to select the day and time to run a scan. If this sounds convoluted, it isn't; it's very clear, and you'll even see "Start at:" under "Run Mode," which should remind you what this is.

Also as mentioned, the KAV home page provides a link to Reports that gives volumes of details about scans and your system status and such, to those who obsess over such things. Even if you don't though, it's good to check out, and Kasperksy has made this somewhat more clear for novices, with colorful graphs and charts. If all this means nothing to you, well... it's easy to ignore. But the information is quite helpful.

KAV 2010, like its immediate predecessor, runs with fewer system resources than before, so it shouldn't be much of a drag on your system.

It should be noted that most of these improvements mentions are just that -- improvements of features that previously existed. KAV 2010 doesn't have all that many new features for those thinking of upgrading. One important new feature, however, is Application Vulnerability Detection, checking the company's database for "known good" and "known bad" programs, that keeps malicious apps from running at all. There's also a new Virtual Keyboard, which allows you to bypass using your actual keyboard, for people concerned with keyloggers accessing your system.

The Application Vulnerability Protection does provide strong protection - though it's also related to one of the two aforementioned issues I dealt with. Sort of.

When you run a program that KAV has the slightest question about, a pop-up window appears. All well and good, in fact very good. It's just that in previous versions of KAV, there was a simple button to click that said that the program was a "Trusted Application." For the life of me, I couldn't find such a button anymore. And without that, warning windows kept popping-up every time I launch the program in question.

As it turned out, what I was getting was not the Application Vulnerability filtering, but rather another line of defense, the Proactive Defense module. As close as I can understand it, this is the difference.

All application files on your computer have definitions, and most are signed -- or can be recognized as signed -- which designates them as trusted. KAV's Proactive Defense module, however, doesn't rely on definitions, but uses "heuristics," which are basically formulas that determine if a file's behavior is acting the way it should or it's acting with characteristics that could suggest a virus. (It's what allows an anti-virus program to protect against viruses it hasn't discovered yet.) If the heuristics show that something appears to be running in a way it doesn't expect, then KAV's Proactive Defense module will pop up and ask what you want to do. You can then manually add the program into your Trusted Zone within the Kaspersky Anti-Virus program. It's very easy to do, but will likely be a bit confusing for novices.

2010-03-03-KAVtrusted.jpg

On the other hand, for applications that do have signed definitions, but are running for the first time or (for whatever reason) aren't recognized by KAV... that's when the Trusted Application control window will pop-up and ask you if you want to add it to the Trusted Zone - which is also still protected by heuristics. (It was this pop-up that I had mistakenly been looking for.) And this is a very easy procedure, because you click right on the pop-up window. The point being that you're very well-protected, but managing this specific protection is a touch more convoluted than ideal.

The other issue is more problematic. It might be resolvable for most people, but that's small comfort.

KAV 2010 is a bully. When you install it, it says it can't run with any other anti-spyware program installed on your system. Not any other anti-virus program, mind you, just anti-spyware, which KAV at its heart isn't. Except it says it will run with a program called Malwarebytes (which happily is excellent). And it states if you want to continue installing KAV, it will automatically uninstall for you whatever anti-virus program you have. (How thoughtful...) I was able to create an easy, though annoying workaround -- but that's because I use SuperAntiSpyware, whose tech supports says it will run with any AV program, including Kaspersky. SAS suggested I just reinstall their program after KAV deleted it. I did, and it works perfectly - even though KAV said it wouldn't and deleted it. Of course, I still had to re-enter my preferred settings for SuperAntiSpyware.

But other people might not be so lucky. I have no idea if reinstalling other anti-spyware programs would work, just as SAS did. What I do know is that when I tried running another anti-spyware program that was simply sitting on my hard disk (CounterSpy) - which I don't run in memory, but something I only run manually on occasion - I found that it was disabled. Whether this was related to KAV, I don't know. But I have my suspicions.

The good news is that Malwarebytes is an excellent program, and is free for the manual version. And SuperAntiSpyware is my favorite. So, you're not without good options. But this is No Way to Operate, and it's not an acceptable policy by Kaspersky.

So, what's the end of the story here?

As noted previously, Kasperky has a very high reputation for tracking down viruses. It does an excellent job protecting systems, which ultimately is the core reason for its existence. And the program has improved its interface.

For people who already have Kaspersky 2009 on their computers, however, the improvements don't strike me as rich enough to justify upgrading to KAV 2010. Just buy a new database subscription. (Plus, you won't have that issue blocking your anti-spyware programs.)

For people looking for a new anti-virus program, Kaspersky 2010 is excellent, though that one pop-up warning issue is slightly annoying (although not problematic -- and, to be clear, excellent protection.) HOWEVER -- unless you use SuperAntiSpyware or Malwarebytes (again, both wonderful programs), or decide to start using them -- or unless you know from others that the anti-spyware program you use can be re-installed on your computer after KAV first deletes it - I would not recommend you getting KAV 2010. It's worth getting if you meet though reasonable qualifiers, but not worth it if you don't. Every user should be allowed to run whatever programs they want, without a bully saying no. Kaspersky, at least in this year's version, has become that bully.

Kaspersky Anti-Virus 2010 retails for $60, but at the time of writing is available on Amazon for $28.


ESET NOD32 ANTI-VIRUS 4.0

NOD32 handles installation in a user-friendly way. The company - like most anti-virus companies - is wary of conflicts with other anti-malware programs. However, while it will search for and recognize anything else you have on your system, it will then do an analysis to determine if there will be a conflict. If not, it'll just pass the program by - but if there might be a conflict, it informs you and lets you make the option of what you want to do. After all, it's your computer.

The process works as explained. It found an installation SuperAntiSpyware on my hard drive - however, since that's one of the programs that definitely has no conflicts with NOD32, it was ignored. I had another anti-spyware program on my system, as well - though not yet installed (Avast): even though it was just a pre-installation file sitting on my hard drive, NOD32 found it, and asked what I wanted to do. I ignored the warning and NOD32 continued installing (and running) without a hitch.

(ESET also makes a full security program, Smart Security, which adds firewall and antispam protection. However, I'm a believer in having a hardware firewall, rather than software solution, so we'll stick with the dedicated anti-virus program here.)

2010-03-03-Nodmain.jpg

NOD32 has a fairly bare-bones interface. (Fairly is the polite term.) There's nothing fancy or glitzy about it, but it's clean and easy to follow. It defaults to Standard Mode, though my suggestion is to click the link to Advanced Mode. This latter includes menu items for User Interface, Setup and Tools. These are very important. Even if you're it's best to use this mode. Having these options listed won't be confusing. Even if some people might never access them, many will. (In fact, because they weren't listed, it took me a while to find them. They were such basic options that I couldn't believe they wouldn't be called "Standard." Eventually, I realized I should look under "Advanced," and there they were.) I think it should be the default page.

Perhaps the first area you should check is Setup, which lists the options for the user interface and basic protection. To change anything is a simple click of "Enable/Disable" keys.

The get into the detailed settings of what's being protected and how, there is a small link at bottom of Setup page. It's easy to find, but it's another example of how low-key and barebones NOD32 keeps things. For something as important as Advanced Settings, it would be nice to have it a little more pronounced.

It's not a big deal, mind you, because all the defaults seemed to me to be quite good. I only made one change. Under Email Client Protection, I changed the notification from All to Only When Infected. I have no interest in being notified at the bottom of every one of my emails that nothing was infected. 99.9% of all one's emails should likely be uninfected. This is just an unnecessary annoyance, and easy to turn off.

It's under Tools that you set up a schedule, if you want to automatically scan your system. While this isn't critical to do, if you have NOD32 running all the time, it's still a good thing, in case a virus entered your system in some unexpected way. And that's one reason why you should make Advanced your home screen (as mentioned above), since Tools is one of the options listed under Advanced.

It's extremely easy to schedule a scan, though may not appear so at first glance. When you click on Scheduler, you'll see a list of scans already scheduled, so you might think you're covered. But these are basic scans, like running the program at Start-up. All you do is click "Add" - and then from the drop-down menu that appears, select "On Demand Computer Scan." And set the time you want this to occur. (During the middle of the night is generally good.)

2010-03-03-NodScheduleScan.jpg

When you install NOD32, it automatically embeds itself in tool bar of your mail reader (at least it does in Windows Live Mail). For some people, these might be a comforting thing to have quick access to. But it's pretty unnecessary - it's easy to access from your System Tray. You can an disable it by right-clicking. And if you ever change your mind and want to re-enable it or just want temporary quick access, simply right-click on your toolbar and the option will pop up.

The program automatically checks for updated data files ever 60 minutes. (This is the information that tells it what known threats to look for.) The biggest challenge for any anti-virus program is protecting against down new, unknown viruses. Most programs employ "heuristics," which are algorithms to determine how an unknown virus would act. NOD32 uses something different, what they call ThreatSense, which is "multiple layers of threat detection" against possible new attacks. ESET claims that this brings about fewer false positives.

NOD32 is quite fast, and takes up limited user resources, so it's a small drag on one's system. For laptops there is an improved Battery Mode, which is less draining, as well.

Among the new features from last year's product, it now scans email, compressed files and channels that aren't normal for virus entry. It also now scans removable media, such as flash drives, and will check the Autorun.inf and file when the media is inserted, as well as any files on the media when they're accessed.

The new SysInspector does deep scans of system processes for hidden threats. And SysRescue will a rescue disk in case you have to reboot you computer and repair an infected system. (This latter is accessed under the Tools menu - which, again, is not one of the options under the default Standard mode on the main page. Another reason to use Advanced mode.)

NOD32 has a very strong record among testing organizations for virus protection. Though it scans for spyware, as well, it's always good to have a separate anti-spyware program dedicated to that task. This is true for all anti-virus programs, which is why it's important that your anti-virus program not disable such things.

The program prides itself on having a "compact and intuitive user interface." It is indeed simple and clean. At times, it's a bit too simple and a few flashes would be nice, if only to highlight important features. Otherwise they all blend together and can be overlooked.

But overall NOD32 is a solid, anti-virus program that plays well with others and serves as an important piece of your system protection. It retails for $39, but prices will probably vary online.

"The Writers Workbench" appears monthly on the website for the Writers Guild of America. To see this entire column, with complete product graphics and additional "TWW Notes," please click here

To see this column with complete product graphics and additional "TWW Notes," visit the WGA website.