If speed is of the essence, Norton AntiVirus is a good choice.
A good virus scanner is no longer a luxury; it's a necessity. If you
frequently receive files from an online service or via the Internet, you are
essentially on a global network, and you are susceptible to attack. Although
most DOS and Win16 virus scanners run on Windows NT, they often lack NT-specific
features such as NT File System (NTFS) support for long filenames and network
support. Virus scanners for Windows NT have been few and far between. Those that
are available include Cheyenne Software's InocuLAN, Carmel Software's NT
Anti-Virus, ThunderByte's AntiVirus for Networks, and Sweep/Intercheck for
Windows NT from Sophos (see, "It's a Dangerous World Out There," in the October 1995, issue of Windows NT Magazine).
In early January of this year, utilities giant Symantec added to the list of
available NT virus scanners by releasing a version of its award-winning Norton
AntiVirus (NAV) for NT (see screen 1) with an enticing hook--this version is
free for the downloading!
Easy Install and Uninstall
Installation is both intuitive and simple, taking a little over three
minutes for a full installation. NAV uses the de facto standard
installation interface for Windows 95 applications: the wizard. Although the
installation path is customizable, the beta that I looked at forced shared files
into the \win32app\symantec directory on the NT system partition. Although
this isn't a significant problem, I would have preferred to keep all the program
files in the same customizable directory.
Fortunately, NAV also includes an excellent Uninstall application, which
removes all files from the disk and undoes the Install program's modifications
and additions to the Windows NT Registry. You need to be aware that the Install
program is a Win16 application; this may cause problems if you have disabled
Win16 on Win32 (WOW).
Good Performance
NAV executes quickly. I set it to scan nearly 2GB's worth of executable
files spread out across seven volumes: three File Access Table (FAT) partitions,
three NTFS partitions, and one High-Performance File System (HPFS) partition.
NAV took roughly nine minutes to scan the drives. A full system scan (scanning
all the files on the disks) took more than 36 minutes. If speed is of the
essence, NAV is a good choice.
The CPU impact is tolerable, requiring from 20% to 30% of CPU time. In all
fairness, however, I need to say that I ran the test on IDE disks. If you're
using SCSI disks, you will see that figure drop somewhat.
Feature Set
Although this version of NAV is a stripped-down version of the forthcoming
full release of Norton AntiVirus, the feature set is adequate. Left out are the
Windows 95 version's more advanced features, such as Auto-Protect, which
continually monitors your system for virus attacks, and Rescue Disk, which
repairs the damage the viruses caused. But the basic function of a virus scanner
is to detect and remove viruses; NAV does this very well.
Because I tested a beta version of the program, I decided not to run a
vigorous virus-scanning routine, but to sprinkle a number of infected files
across multiple partitions. These files were infected by various stealth,
polymorphic, and boot-sector viruses. NAV caught them all and repaired the
infected files. Symantec posts monthly Virus Definition Updates on-line
(http://www.symantec.com/avcenter) to keep NAV up to date.
NAV's greatest strength lies in its flexibility. You can modify most
aspects of its execution, from file exclusions, detection notification, and
pre-selected volumes to the file-extension scan list. Notification options
include the following.
- NAV automatically repairs infected files (after backing them up) without
prompting the user. It can also automatically repair infected boot sectors.
- Auto-delete: NAV deletes infected files without prompting
the user. Use this option with caution--especially on NTFS volumes--because the
file is physically wiped off the disk.
- Notify only: NAV brings up a dialog box when it detects a
virus, but it doesn't let you delete or repair the files.
- Prompt: NAV brings up a dialog box from which you can
either delete or attempt to repair the file when a virus is detected. This is
the option I use for the majority of my work. It offers the greatest
flexibility.
All NAV activity is written to a log file on your hard disk. This may be
adequate for standalone workstations, but in a networked environment, you would
expect NAV to send a broadcast message over the network. InocuLAN does. Email
notification is also missing in the beta release of NAV that I tested.
However, NAV is an invaluable tool for users who frequently download files
from an online service, as it supports compressed archive files. Unfortunately,
NAV supports only .ZIP archives (see screen 2). And because it decompresses the
files internally, you can't add your own archivers. Thus, other archive formats,
such as .ARJ, .ARC, and .ZOO, are unsupported.
NAV uses NT's Scheduler service to schedule unattended scans, which is
ideal for servers. To set up an unattended scan, you start the Scheduler service
and set the day and time on which you want the NAV scan to occur. Unfortunately,
however, NAV supports only one scan per week. This can be limiting if your
system accepts new files daily.
Drawbacks
The NT version of NAV is almost identical to the Windows 95 version (except
for NTFS support), both in feature set and in interface. However, NAV doesn't
fully exploit the Win32 API. For example, it doesn't support some common
features such as multithreading.
Multithreading would speed up certain operations on symmetrical
multiprocessing (SMP) systems, because the application theoretically could scan
multiple drives at the same time. In addition, NAV is available only for the
Intel platform, with no MIPS, Alpha, or PowerPC releases planned--a problem if
you have moved to a RISC platform.
Excellent Value
Symantec has made an auspicious debut with NAV. If you have access to the
Internet, an online service, or Symantec's bulletin-board service, it's worth
your while to check out this software. Freeware doesn't get much better than
this. If you want a more functional product, look at InocuLAN or wait for the
full commercial version of Norton AntiVirus for Windows NT, which should hit the
stores later this year.
End of Article
Register
yohanesse negesse November 13, 2003