My Anti-Virus Revolving Door

I moved that particular computer over to Kaspersky Antivirus. As I said, Ive had problems, but I may have worked around them. When I set it up initially I turned on the "proactive defense" feature, which causes KAV to monitor programs with far greater scrutiny than by default. Leaving this feature on slowed file saves, especially to the network, to such a degree I might as well have written the files in longhand.

I also have to say that KAV has needed a lot of tweaking of settings before Ive begun to feel comfortable, but Im getting there. Ive noticed no overt conflicts with programs I run and nobody updates signatures faster than Kaspersky.

Of course, this means they cant spend a lot of time testing the updates. In fact, I got a false positive the other day on my (coincidentally Kaspersky-based) gateway security box. I also switch gateway security boxes frequently and the current one, a ZyXEL ZyWALL 5, about which I will write more soon, has a very small definition set of only 800. But one of those definitions is for the eicar test file, the semi-official anti-virus test.

Is Microsoft a security pariah or trendsetter? Click here to read more.

A friend sent me a large document that had the eicar test in the middle of it. The file was blocked, even though the eicar test is only supposed to trigger in specific circumstances: The file cant be larger than 128 bytes. There have been cases where virus authors have used the eicar test before their own code, hoping the user would see "eicar" and think the file was innocuous. The file I got was many hundreds of kilobytes. The friend and I reported it to Kaspersky, who removed the eicar signature, which is just as well: On a box with only 800 definitions, its silly to waste even 68 bytes on a test.

So I may have gotten Kaspersky on the desktop to the point where I dont hate it anymore, but give it time. I also once ran a BitDefender system on which the hardware died so I dont run it anymore. BitDefender itself was relatively inoffensive, although it did raise some displays that I didnt want and couldnt figure out how to turn off.

And then theres McAfee. I had a McAfee-based gateway device for some time and I have to say the anti-virus software on it ran very well. Alas, it was a Servgate box and Servgate is pushing up daisies these days. My luck with it was better than with McAfee desktop anti-virus, which I found to be intrusive and slowed the system noticeably. And they have had their own false-positive problems.

Yup its true, they all stink. Well, mostly. Ive still got high hopes for KAV, mostly because I hear good things about it from people I respect. We have to find something were comfortable with; as Oscar Wilde might have said, the only thing in the world worse than running anti-virus software is not running anti-virus software.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

More from Larry Seltzer

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.