IntroductionThe continuing war between virus writers and developers of anti-viral software hasn’t left Macintosh users unscathed. Although we’ve been spared the continuous onslaught of viral proliferation that plagues the Windows world, the past year has seen several new Mac-specific software miscreants. One defence is Symantec’s Norton AntiVirus 5.0.3, a major upgrade to the veteran package once known as Symantec AntiVirus for Mac. Another is Network Associates’ Virex 5.9, which is outwardly unchanged from its immediate predecessors and has only internal differences. Both products offer a combination of protection from new viruses and the ability to scan your existing files for lurkers. Similar, yet different
Both Norton AntiVirus (NAV) 5.0 and Virex 5.9 have two major components: an extension that protects your Mac in the background by stopping any viral-infection attempts and an application that lets you configure various functions, install updated virus definitions, and scan the files on your disks. The new versions of both NAV and Virex purportedly have additional protection capabilities, such as scanning for and protecting against future viruses. It’s impossible to test these claims without writing a new virus of our own, but we do know that this feature increases both packages’ RAM requirements. Where the protection extensions of old were happy to take up a few hundred kilobytes at most, the current generation has got greedy: with virtual memory enabled, NAV uses 644K at start-up, and Virex latches on to 867K. If you turn off virtual memory, NAV grabs 832K of RAM at start-up (Virex’s demands are unchanged). Both programs can scan files stored in several popular compression formats, but their overall scanning speeds differ. When they scan a disk for the first time, they build a database of tracking information so that when they next scan the disk, files that haven’t changed aren’t rescanned. NAV took about 7 minutes to scan our test disk; Virex scanned the same disk in just over 6 minutes. NAV was considerably faster when rescanning, taking only 4 seconds; Virex took 20 seconds. Both Virex and NAV have scheduling features that let you set scans for certain times. NAV lets you schedule multiple events, via a clear user interface (see ‘Scheduling your protection’): you can specify which folders or disks to scan, as well as when and how often to scan. Virex’s scheduler interface is anaemic in comparison; it allows you to specify only a single scanning event and forces you to either scan all local volumes or explicitly specify which folders and disks to scan. Virex’s protection features are unobtrusive; the program alerts you only if it detects a virus. NAV, on the other hand, alerts you whenever it observes suspicious activity. This overzealousness results in frequent interruptions, despite NAV’s ability to “learn” about and not report the same infractions repeatedly. Staying current
Staying up-to-date in the viral arms race requires diligent checking for updates. Both Symantec and Network Associates post monthly virus-definition updates that allow the packages to learn about new viruses. To stay current, you have to download the updates from the company’s Web site and install them. NAV’s new LiveUpdate feature is intended to remove the tedium of checking for, downloading, and installing such updates. After communicating with a server at Symantec that stores the latest virus definitions, NAV checks to see whether newer definitions are available and then downloads and installs them. This is an excellent idea in theory, but LiveUpdate is seriously flawed. Although you can use your modem to call Symantec’s server, most people will use their Internet connection, because it’s both cheaper and more convenient. However, once NAV has connected to the server and begins downloading over the Internet, it uses the archaic – and staggeringly inefficient – Xmodem protocol to transfer the update. Also, despite NAV’s ability to decompress files, the updates are transmitted uncompressed, further bloating the download time. In tests with a 33.6Kbps modem, NAV took 22 minutes to download an update – roughly 6Kbps. In contrast, downloading Symantec’s stand-alone updater via FTP took about half the time, even though the updater was twice the size of the “live” update. LiveUpdate may free you from manually performing multiple update steps, but it will cost you in terms of time and online connect fees.