Computer Security – Firewalls, Administration, Comparison of Firewalls and Anti Virus Products Essay
Computer Security – Firewalls, Administration, Comparison of Firewalls and Anti Virus Products
More Essay Examples on Computer Rubric
The content of a computer is vulnerable to risks when it is connected to other computers on a network - Computer Security – Firewalls, Administration, Comparison of Firewalls and Anti Virus Products Essay introduction. The term ‘computer security’ is used to denote issues associated with the networked use of computers and the resources contained in the computers. Especially with the increased use of internet the networking of computers has been increasing which makes the computer security an important phenomenon in the computing environment. Computer security covers wide range of activities like ethics and risk analysis and also encompasses the issues connected with computer crime, the prevention, detection, and remedial actions for virus attacks. It is also concerned with the identity and anonymity in the cyberspace. The objective of this study is to make a detailed analysis of the vulnerability of the computers to the security threats. In the process the project makes a detailed examination of some of the security software currently available in the market and reports on their effectiveness in maintaining the computer security.
Table of Contents
Table of Contents. 3
Computer Virus. 5
Trojan horse. 6
Chapter 1 Introduction. 7
1.1 Computer Security. 7
1.2 Firewall 9
1.3 Antivirus Products. 9
Chapter 2 Aims and Objectives of the Project. 11
2.1 Aims. 11
2.2 Objectives. 12
Chapter 3 Review and Selection of Security Software. 13
3.1 Selection Criteria. 13
3.1.1 User Interface. 13
3.1.2 Ease of Use. 14
3.1.3 Reliability. 14
3.1.4 Other Security Features. 15
3.1.5 Ease of Installation and Setup. 15
3.1.6 Help/Support. 15
3.1.7 Value for Money. 15
3.2 Norton Antivirus. 16
3.2.1 Review of the Features. 17
3.2.2 Pricing. 18
3.2.3 Antivirus Management. 18
3.2.4 User Interface and Support. 18
3.3 Sophos. 19
3.3.1 Features of Sophos. 20
3.3.2 Shortcomings of Sophos. 20
3.4 McAfee. 21
3.4.1 Ease of use. 21
3.4.2 Updates. 23
3.4.3 Additional Features. 23
3.4.4 Help/Support. 23
Chapter 4 The Testing. 25
4.1 Testing of the Chosen Products. 26
4.2 Test Environment. 27
4.3 Test of System-Performance Impact. 27
4.4 Scanning Speed Test. 28
4.5 Boot Speed Test. 28
4.6 Test of Effectiveness. 28
Chapter 5 The Results. 29
5.1 Testing of Norton Antivirus 2008. 29
5.1.1 Running a Full System Scan. 30
5.2 Testing of Sophos Anti Virus Scan. 33
5.2.1 Running a Full System Scan. 34
5.3 Testing of McAfee Virus Scan 2008. 36
5.3.1 Running a Full System Scan. 37
5.4 Comparative Results of the Tests Conducted. 40
5.5 Comparative Features of the Antivirus Products. 41
Chapter 6 Discussion. 43
6.1 Problems Occurred During the Conduct of the Tests. 43
6.2 Results of the Test. 44
Chapter 7 Conclusion and Recommendation. 47
Chapter 8 Future Work.. 50
Appendix 1 Review of McAfee – Virus Scan 2008. 52
Some of the key terms that have often been made use of in this project are defined in the following section for a general understanding.
A computer virus is a small software program which is designed to spread from one computer to another and cause disruptions to the already existing programs in the computers. A virus has the ability to corrupt or delete data contained in any computer. It can also spread through e-mail programs to other computers. In some cases the viruses may erase all the data in a computer.
A firewall is a piece of software or hardware intended to protect the computer from the attacks of hackers, viruses and worms which normally reaches the computer through the internet. If the computer is not protected by firewall there is the likelihood that the hackers may gain access to the personal information from the unprotected computer and use such information for illegitimate purposes.
Spyware is a general term used to describe software that has the capability to perform certain actions in the form of advertising, gathering personal information or even making changes in the configuration of a personal computer without the consent of the person who owns the computer. Spyware often is represented by software containing advertisements or software that collects personal or sensitive information.
Worms is a kind of computer virus that uses Messaging Application Program Interface (MAPI) enabled e-mail programs to propagate itself to other computers generally in windows- based computers. Worms use an e-mail message with the worm as an attachment using a zipped file. The text and content of the email would resemble a genuine correspondence from a known contact. Normal methods of virus protection would act to save the computer from this kind of virus.
The term ‘Trojan horse’ is derived from the classical story of Trojan horse. Trojan horse is a piece of software which appears to be performing a particular action while in fact it would be doing another which may have the effect of affecting the computer as a virus. Trojan horses are not in fact dangerous but are notorious in that they may turn out to be dangerous depending on the action of the end user. Even though Trojan horse does not propagate itself by self replication, the action of the end-user determines the course of Trojan horse software.
Chapter 1 Introduction
In a highly competitive business environment the use of the computers and networks is increasing day by day. With the increased use of the networks and various associated software programs the computer security is becoming a more and more pertinent question. More specifically in the computer field where the hackers and other illegitimate people accessing the valuable business and personal information have increased tremendously, the issue of computer security has become a crucial one. Just as the chances of the number of chances catching computer viruses have increased, the number of anti-virus products available in the market has also increased. However it is important that the effectiveness of these products in protecting the vulnerability of the computers is thoroughly evaluated before deciding on any particular anti-virus product. In this context it is necessary that the term ‘computer security’ is fully explored to understand the intricacies of the phenomenon.
1.1 Computer Security
The term computer security has been getting increased attention and usage due to the increase in the number of internet users and the multiplicity of the computers being connected in the networks. The important technical areas in the computer security are represented by the elements of confidentiality, integrity and authentication or availability. Confidentiality implies the secrecy or privacy connected with the data and information stored in the computers. The impact of breach of confidentiality may be assessed at anything between embarrassment to the owner of the information to a disastrous effect of making illegitimate use of information gathered in unscrupulous ways. Integrity on the other hand is concerned with the protection of information against any unauthorized changes which are undetectable to the authorized users. Usually the incidence of hacking the information from the computers undermines the integrity of the database and other resources contained in the computers. Authentication means identifying the users as to their genuineness. Finally availability implies that the information and other resources are available only to the authorized users (Jane F. Kinkus).
While the technical areas of confidentiality, integrity, and authenticity are of major concern to a computer security manager, the ‘privacy’ is the most important aspect for everyday users of internet with respect to the computer security. It is the normal belief of many of the users that it is not a serious affair to protect their personal information, privacy on the internet is essential if the information does not appear to be sensitive. With the advent of advanced information and communication technological systems presently it is not difficult to link pieces of information gathered from various sources for any illegitimate use. Hence it becomes important that the individuals should be able to maintain stricter control over the nature and volume of information being collected from an individual and the uses to which such information is being put.
Normally the computer security is enhanced by a firewall. A firewall is an information technology security device which is designed to allow, deny or proxy the data connections already set by the organization for its internal use according to the security policy of the organization concerned. Firewalls can be based on a hardware and/or software. The basic task of a firewall is to monitor the traffic between the different computer networks belonging to various zones of trust. The illustration on this point is the internet which is a no trust zone and an internal network which is supposed to be of a high trust zone. The ultimate objective of employing a firewall security is to ensure that the interface between the zones of differing trust levels is controlled by the enforcement of a security policy. While controlling the interface firewall uses a connectivity model based on the least privilege principle and separation of duties.
A firewall is alternatively termed as a Border Protection Device (BPD) in some of the military applications where the function of the firewall is to separate the networks by creating additional perimeter networks. These additional networks are created in a Demilitarized zone (DMZ). In a BPD context the firewalls are known as packet filters. The function of a firewall is similar to that of the firewalls in the construction of a building (Information Security Awareness).
Proper configuration and installation of the firewalls in the computers demands a greater amount of skills from the administrator. The configuration of firewalls requires considerable understanding of network protocols and of computer security. Even small mistakes committed in configuring the firewall may render the firewall ineffective as a security tool.
1.3 Antivirus Products
The anti-virus product is an essential tool for the purpose of maintaining computer security, especially in the present day context where new viruses are found everyday. It is important that the utility, cost and effectiveness of the anti-virus products before installing them in the computer. Apart from price there are several elements of the anti-virus products that need consideration like ease of installation, ease of configuration, support for help files, product updates, user update, experience of the user and ability to detect common viruses. A complete analysis of the anti-virus products available in the market with respect to the above factors would enable the user to decide and go in for the appropriate anti-virus product.
The objective of this study is to compare the utility and abilities of three chosen anti-virus products – Norton Antivirus, Sophos, and McAfee – from the available range of products and to test them for their ability in the above mentioned areas and report thereon. This study would bring out the effectiveness of the individual products in providing computer security.
Chapter 2 Aims and Objectives of the Project
Any research project is undertaken with specific aims and objectives to be accomplished at the research. This chapter details the aims and objectives of this project undertaken specifically to evaluate the effectiveness of the three chosen security software products – Norton Antivirus, Sophos, and McAfee.
This project to evaluate the effectiveness of the chosen antivirus products has among other things the following aims:
1. To identify the different kinds of security threats to the computers by studying the features of the different security software chosen for analysis
2. To examine and report on the vulnerabilities of the network systems from the identification of the different kinds of security threats
3. To test the reliability of the each of the products being taken for study by undertaking the testing of these software for evaluation of different attributes
4. To evaluate the usability and ability of the each of the chosen security software in protecting the computer privacy and security on the basis of the tests conducted and tabulate the comparative findings
5. To examine and understand the security threats that the intended security software are unable to address
6. To make suggestions for improvements for the future development of the security software products
The principal objective of this project is to examine the issue of vulnerabilities of the computer systems. The scope of this project was to download the trial version of the chosen software to examine the effectiveness of the products on a comparable basis. The aim was to install the three security software products and to examine the vulnerability of the system in respect of each of the security product with the same configuration and data environment of the computer. The testing will be conducted using various methods and techniques and different ports of the computer system would be examined for determining the vulnerabilities. It is proposed to use only Windows operating system as the three selected software support the Windows OS. The results of the various tests are to evaluate the products in terms of its cost and ease of installation and configuration. The other features of the products like the product updates and user updates were also analyzed to find out the superiority of the products over others. The important aspect of testing was to evaluate the ability of the security products to detect the common viruses in the computers.
Chapter 3 Review and Selection of Security Software
In the whole process of the project the review and selection of the appropriate antivirus products posed a major issue. This is due to the reason that there is a wide selection of antivirus products available in the market, from which selecting three of them for testing and analysis was really a tough proposition.
3.1 Selection Criteria
In the selection of the security software the following criteria were considered for arriving at the final selection of the three security software that is considered in this project.
3.1.1 User Interface
The usability of a security software product assumes different meanings in different contexts. For some of the people it is the efficiency of the product that will be considered as a priority; for some others the learnability may be the criteria and still some others would consider the flexibility as the principal criteria. However in terms of the computer security the priority must clearly be the criteria that is required for the security to be made use of effectively. The following are some of the priorities that may be considered relevant in the context of security.
“The security software is usable if the people who are expected to use it:
are reliably made aware of the security tasks they need to perform
are able to figure out how to successfully perform those tasks
do not make dangerous errors and
are sufficiently comfortable with the interface to continue using it” (Alma Whitten and J.D. Tygar, 1999).
The three software products selected with the above general priorities in mind. The chosen security software products reasonably satisfied the above user interface requirements.
3.1.2 Ease of Use
The next criterion that went in the selection of the security software products for evaluation is the ease of use. The best security programmers are designed in such a way that every one will be able to use the software. The software should be designed in such way that the knowledge of the person using the computer should not really matter in using the software.
The security software selected should possess the capabilities of making available an efficient firewall which is the first line of defense for any computer security programmers. The firewall should be able to protect the computer by keeping the personal information as secured as possible and by monitoring the ports of the computer and the wireless network.
Another feature for considering the reliability is the antivirus quality in the software. Since virus threats are constantly evolving it is highly necessary that the security software should continuously scan the computer and the files to detect and eliminate the harmful viruses. The product must also be updated regularly to take care of the new viruses that are attacking the computers every now and then.
The security software should also be able to provide an efficient antispyware function. The antispyware function of the security software should defend against adware, keyloggers, Trojans, and other spyware.
3.1.4 Other Security Features
In addition to the routine security functions, the top ranking security software also provides additional security and features including anti-phishing, email and Instant Messaging Scanning and parental controls. Hence it is necessary that these additional features need to be taken in to consideration while selecting the appropriate security software.
3.1.5 Ease of Installation and Setup
One of the most important criteria for the selection of the security software is the ease in installation and setting up of the software in the computer. The security software should be simple to install and setup. The software should not cause application errors or bog down the customer with larger programmers for installation and set up.
Usually there would be lot of doubts and questions that will arise while installing as well as while using the security software. It is the responsibility of the manufacturer of the software to provide help and support throughout the life of the product. This is normally accomplished through FAQs, user manuals or providing tutorials. It is also necessary that the manufacturer should provide support/help through telephone, email, or even online chat (Topten Reviews).
3.1.7 Value for Money
Above all the security service product must be of real value for the price the customer is paying for it. This will be seen from the number of occasions the security software is able to detect viruses, spywares, and malwares and protect the computer from losing the valuable data. There are different methods and techniques to analyze the value of each of the software available in the market. There are also specialized websites that make meaningful analysis and comparison of the features of different software products available which may be visited to find out the superiority of any particular security software.
On the basis of the above criteria the following security software has been selected for a comparison and presentation of an analytical report:
A review of the features of the products selected is presented below:
3.2 Norton Antivirus
The Norton Antivirus product has been given the following performance rating by Pass Mark Software, Antivirus & Internet Security Performance Benchmark Report, 2007 by comparing the performances of 12 competitive antivirus/antispyware security applications.
3.2.1 Review of the Features
Norton Antivirus 2008 being an exclusive malware defense mechanism offers protection against viruses, spyware, and worms. The software has its application on the browser, e-mail, or Instant Messaging. Presently the software can be run only on Windows XP or Vista.
Although the product is priced higher than several of the competitive products in its range, since this version include two additional bonus installations the price more or less becomes comparable to others in the market. This implies that the product can be installed in three personal computers with one package purchased.
3.2.3 Antivirus Management
The present version of Norton antivirus is equipped with a modicum of network AV management. This allows Norton antivirus 2008 installed in one PC to manage the installations in other PCs which become useful in a home network environment. The other feature of the product is that it makes only warning signals and does not allow the user to fix the problems it detects in a remote manner. The product when connected to an unsecure wireless network, it automatically checks the status of the security of the wireless network and alerts the user if the network is unsecure. The product uses Symantec’s new heuristics based SONAR technology which helps the product to detect suspicious behavior. This can be considered much better to deal with unknown virus threats (PC Advisor).
3.2.4 User Interface and Support
Norton antivirus 2008 is made more user friendly especially with the Windows Vista environment. The options available are much reduced so that the novice user is not scared. The configuration also is made much simpler. The support has an additional feature that allows the user to chat to a technician in case if any problem is encountered in using the product.
Sophos is a product that is aimed to support small businesses and corporations. The product is designed as a complete antivirus solution with specific focus on network functionality. The product is manufactured as an easily updated and flexible business solution for managing the complexity of networks. The product covers small local area network to large multi-server, multi-platform WANs (Software Antivirus.com).
The snapshot of Sophos antivirus is shown below:
3.3.1 Features of Sophos
The features of Sophos include a central management support that allows the integration of third party applications with the anti-virus engine. The product also allows the configuration of multiple scheduled jobs with password protection of settings and some other relevant additional features. The product is also the fastest antivirus scanners making use of an intelligent method of check-summing. This minimizes the number of times each file needs to go through the process of scanning. Sophos supports all the common archive formats except WinAce, which is a distinct advantage of the product.
3.3.2 Shortcomings of Sophos
Despite having some of the special features like use in multiple scheduled jobs, the product suffers from the lack of availability of some of the essential features of antivirus programmed. It does not have a quarantine function and no heuristic engine. There is also no support for ActiveX and the product does not have the ability of getting configured on-demand scan.
Another disappointing feature of Sophos is the process of updating. The updating/installation process has to be undertaken once in every month. If this is not done, the updates have to be manually uploaded from the website for which there is the need for a password. Since the updates are programmed to be effected only once a month by the manufacturer the product cannot detect new viruses creeping in the meantime (Software Antivirus.com).
The product also does not support the email for which a separate tool Mail Manager is to be installed. However the Mail Manager tool supports only SMTP, Notes, and Exchange. Another tool Sophos SAVI is to be used for dealing with POP 3. Nonetheless this can be integrated with the mail manager.
Moreover it is not easy to use Sophos. It is also difficult to buy the product, as there is no web shop selling the product. Hence the product can be ordered by fax, mail, or email only. But the software can be downloaded from a reseller of the product.
Sophos antivirus product therefore can not be found to be useful for the home PC user. The product supports an extensive range of network features and central management tasks. The lack of many basic features makes it useful only for advanced network users (Software Antivirus.com)
Despite the shortcomings of Sophos the product is selected for comparing the features with the other two security products, as the tests will show how far this product is effective in comparison with other two software products.
McAfee because of its versatile features has been regarded as the industry leader in the computer security protection software products. Virus Scan is the principal product of McAfee which exclusively acts as a defense against viruses. The product is equipped with a Script Stopper which prevents the viruses propagating from one computer to the other via email. There is another unique feature of Worm Stopper. Still there are some shortcomings of the product in that it does not support Instant Messaging, P2P file sharing protection or registry setup protection.
3.4.1 Ease of use
If the product is used with its default settings the setting up of the product is much easier. The default setting provides a good protection against viruses, Trojans, worms, malicious ActiveX controls, and Java applets. The product has also provisions for Personal Firewall +, Privacy Service and Spam Killer being the other products of McAfee.
McAfee Virus Scan 9.0 has the feature of automatically downloading the updated versions of the definitions from Internet. The updating is being done on a regular basis. This special feature of being up to date makes McAfee has an increased possibility of detecting any viruses that may infect the computer. On an average McAfee comes out with a new definition each day which makes the product superior in the antivirus product range. However one has to register and login to get the updates downloaded which makes the process a little bit longer than what it should be.
3.4.3 Additional Features
One of the additional features of McAfee is that the Virus Scan can be set to scan the computer on a pre-programmed schedule which makes it more flexible. The product can be timed to scan for spyware and adware. But several tasks can not be added to a scheduled scan. This is better in a way that the different files and programmers can be scanned at different periodic intervals.
McAfee also has an Antivirus Emergency Response Team the function of which is to continuously monitor the worldwide virus activity to enable the user to have the facility of utmost protection and safety. “The always-on protection guards against viruses, spyware and other Internet threats that may enter your PC via e-mail, instant message attachments, Internet downloads, and web browsing” (Topten Reviews).
McAfee has several options for extending help and these include documentation, email, and support through telephone. However, at times the support by email may take some additional time. On an overall assessment the product is easy to install and the product can be regarded as an excellent tool in protecting the computer from viruses, spyware and other malwares, though the update process is little time taking.
With a complete analysis of the salient features of all the three products – Norton Antivirus, Sophos, and McAfee, these products have been selected for an evaluation of their effectiveness in providing protection to the computers and ensuring the information security.
Chapter 4 The Testing
Just as in any other field the testing of antivirus products require knowledge, experience, and meticulous methods of testing the AV products. In addition to the normal requirements there are issues special and unique to the testing of antivirus products and services which need a more thorough and specialized knowledge. For instance when an antivirus product misses a virus sample the normal tendency would be to suspect the effectiveness of the product. With a fair knowledge of viruses and antivirus products the tester should first suspect the virus sample than the antivirus product. Normally an antivirus testing should cover the following list of items which are antivirus specific features:
· On-demand Scanning
· On-access Scanning
· Email Scanning
· Appropriate Repair
· System Recovery
· Unknown Virus Detection
· False Positives
· Product Scan Speed
· Update Effectiveness
It is customary to check the following service aspects also with respect to the accuracy, availability, and response time:
· Manual and in-product information
· Website information
· Newsletter information
· Email technical Support
· Phone-based technical support
· Fax-based technical support
4.1 Testing of the Chosen Products
Antivirus programs have been designed to detect and remove the harmful files that tried to enter the memory of the computer. In order to monitor all the incoming files the antivirus programs need to use the resources of the computer system in which it is installed. The extent to which the antivirus program affects the system’s performance to its detriment is different for various products. The testing of the antivirus products chosen consisted of four tests to evaluate the performance of the products. These tests are designed to assess:
· How a full virus scan impacts overall system performance
· How quickly files can be scanned for viruses
· How system boot time is affected by the antivirus program
· How effective the antivirus programs are at locating the viruses and how they deal with the viruses.
For the purpose of completion of the project the three selected security software products have been tested for their effectiveness in protecting the computer security with respect to a home personal computer. The products have been applied in succession to one another for testing the same configuration of the computer system with the same number of programmers, files and folders and the results tabulated for comparison.
4.2 Test Environment
Antivirus software were tested on a desktop system with a 3.4 GHz Pentium 4 550 processor, 1GB of DDR2 SDRAM running at 533 MHz with PCI-Express Graphics card with 256 MB of memory operating under Windows XP Professional system. The computer had all the latest security updated installed. With each of the anti-virus software tested, it was ensured that the most recent updates are installed with latest definitions from the manufacturers. The default settings of the three antivirus programmers were used for testing.
4.3 Test of System-Performance Impact
The active scanning by the antivirus program will have an adverse impact on the overall system performance as the antivirus engine while scanning competes with the other applications of system resources. However the present day scan programmers are designed with such sophistication that they do not greatly impact the speed of the other applications. But performance of a deep or full system scan requires a majority of the system resources available for the antivirus engines. This results in a significant impact on the performance of other applications in the system. Deep scanning implies the scanning by the antivirus software of every file located on all the partitions found in each of the drive of the computer. The set of tests is designed to measure the performance degradation of the overall system speed. Before the antivirus application was installed certain selected applications were run noting the time involved. Then the antivirus product was installed. The same applications were run again when the deep scanning function was being performed by the respective antivirus software. The time now taken for performing the same application when deep scanning was running was noted to assess the impact of deep scanning on the system.
4.4 Scanning Speed Test
Using the antivirus software being tested, 1.75GB folder containing files including DLL, TXT, BMP, Zip and MIDI files were scanned. The size of the files ranged from 1 KB to 9.2 KB. The time taken to scan these files was recorded to assess the effectiveness of the different antivirus products. The quicker it takes the antivirus program to scan all the files and folders as compared to the other antivirus products, the more efficient is the product in scanning the files.
4.5 Boot Speed Test
This test is conducted to ascertain how long the system takes to boot while the antivirus product is installed in the computer. The time taken for the system to boot from a full-powered off position until the operating system starts and the antivirus software gets loaded. The faster the antivirus product takes to complete the booting and loading of the antivirus software in comparison with other products being tested the less impact the product has on the overall system efficiency.
4.6 Test of Effectiveness
Yet another test being conducted is to consider the effectiveness of the antivirus product in identifying the viruses and dealing with them. With each of the product, a complete system scan is run and the results recorded to find out the effectiveness of the system. The results of this test as a combination of the scan speed test would indicate the efficiency of the antivirus products being tested.
Chapter 5 The Results
Under this chapter the results of the tests conducted on the three selected antivirus products – Norton antivirus, Sophos and McAfee are detailed leading to a discussion on the comparison of the efficiency of the three products.
5.1 Testing of Norton Antivirus 2008
With a view to conduct the desired tests on the Norton Antivirus, the free trial version of the product Norton Antivirus2008 was downloaded to the computer. Before downloading the antivirus product in order to test the impact on the system, using a BPS MP3 – WAV Converter
and iTunes 7 the time taken for converting 19WAV file to 192 Kbps MP3 file was recorded as 11minute and 47 seconds. After installing the antivirus product the same file could be converted in14 minutes and 13 seconds. This test was conducted for assessing the impact of the antivirus product on the system
Similarly the booting time of the system before installing the antivirus product was recorded as 2 minutes and 49 seconds.
Although no difficulty was experienced in downloading the files, the total time taken for downloading and installation was about 1 hour and 55 minutes. After installation the following screen appeared.
The system was logged off for rebooting after the installation of the Norton Antivirus product. The time taken for booting the system with the start of the operating system and the loading of the antivirus software took 4 minutes and 9 seconds. This time was recorded for comparison with the efficiency of the other two products.
5.1.1 Running a Full System Scan
From the menu item of ‘Run a Scan’ the command for running a full system scan was given. The full system scan was undertaken to study the effectiveness of the product in identifying the viruses as well as to record the time taken for completing the scan, as these are the other two testes intended to be conducted in all the products being tested. The snap shot of the screen while the scanning program was running is appended below:
After completion of the full scanning the following screen appeared indicating that the antivirus product has detected three viruses out of the 283,454 items scanned.
The details of the viruses detected are shown as in the following snap shot of the screen.
After completion of the full system the screen showing the security history appeared as below. The time taken for a complete scan of the total files and folders took 3 hours 2minutes and 55 seconds. The window appearing shows the number of records scanned and the number of viruses found, and how they have been dealt with. There is more information on the nature of records scanned and the number of each item is also shown.
5.2 Testing of Sophos Anti Virus Scan
The tests on Sophos Anti Virus Scan were conducted as it was done for the Norton Product. In order to conduct the desired tests on the Sophos Anti Virus Scan the free trial version of the product was downloaded to the computer. The time taken for converting 19WAV file to 192 Kbps MP3 file using a BPS MP3 – WAV Converter and iTunes 7 was recorded as 16 minutes and 2 seconds after installing the antivirus product. This test was conducted for assessing the impact of the antivirus product on the system.
Similarly the booting time of the system after installing the antivirus product was recorded as 4 minutes and 55 seconds.
No difficulty was experienced in downloading the antivirus software to the computer. The total time taken for downloading and installation was about 45 minutes. During installation the following screen appeared.
5.2.1 Running a Full System Scan
From the menu item of ‘Scan My Computer’ the command for running a full system scan was given. The full system scan was undertaken to study the effectiveness of the product in identifying the viruses as well as to record the time taken for completing the scan, as these are the other two testes intended to be conducted in all the products being tested. The snap shot of the screen while the scanning program was running is appended below:
After the completion of the scanning of the full system the screen showing the results of the screed appeared as shown below. The total time taken for a completing the scanning of the total files and folders is just 35 minutes only. The window appearing shows the number of items processed, the threats detected, threats dealt with and threats passed to quarantine. The window also showed the errors encountered during the scanning process.
5.3 Testing of McAfee Virus Scan 2008
The tests on McAfee Virus Scan 2008 were conducted in a similar manner. With a view to conduct the desired tests on the McAfee Virus Scan 2008 the free trial version of the product was downloaded to the computer. The time taken for converting 19WAV file to 192 Kbps MP3 file using a BPS MP3 – WAV Converter and iTunes 7 was recorded as 12 minutes and 6 seconds after installing the antivirus product. This test was conducted for assessing the impact of the antivirus product on the system.
Similarly the booting time of the system after installing the antivirus product was recorded as 3 minutes and 5 seconds.
No difficulty was experienced in downloading the antivirus software to the computer. The total time taken for downloading and installation was about 1 hour and 27 minutes. During installation the following screen appeared.
The system was logged off for rebooting after the installation of the McAfee Antivirus product. The time taken for booting the system with the start of the operating system and the loading of the antivirus software took 3 minutes and 5 seconds. This time was recorded for comparison with the efficiency of the other two products.
5.3.1 Running a Full System Scan
From the security center menu box the command ‘Scan’ was selected for running a full system scan was given. The full system scan was undertaken to study the effectiveness of the product in identifying the viruses. The test is also important to record the time taken for completing the scan. The results of these tests were recorded for comparing with the test results of the other two products. The snap shot of the screen while the scanning program was running is shown below:
After completion of a full system scan the screen appeared as below:
The details of the viruses detected were shown as per the screen exhibited below:
After completion of the full system the screen showing the security history appeared as below. The time taken for a complete scan of the total files and folders took 5 hours 16 minutes and 30 seconds. The window appearing shows the start time, the finish time, total number of files scanned the total number of files detected, cookies scanned, and number of files quarantined. As against Norton this product shows the number of files affected by the viruses and the number of files quarantined.
5.4 Comparative Results of the Tests Conducted
The following table presents the comparative results of the four tests conducted with respect to the three antivirus products selected for comparison:
Table: Comparative Test Results
Time Taken before Installation of the Antivirus Product
1 hour and 25 minutes
1 hour and 7minutes
Impact on the System –
Time taken for conversion of 19 WAV files to 192 Kbps MP3 Files using BPS MP3 – WAV converter
11 minute and 47 seconds
14 minutes and 13 seconds
16 minutes and 2 seconds
12 minutes and 6 seconds
Time taken for Booting of the System after installation
2 minutes and 49 seconds
4 minutes and 9 seconds
4 minutes and 55 seconds
3 minutes and 5 seconds
3 hours, 2 minutes and 55 seconds
5 hours 16 minutes and 30 seconds
Number of Viruses Detected
110 files/2 viruses
5.5 Comparative Features of the Antivirus Products
The other features of the three antivirus products are compared and the following table made for a comprehensive understanding of the comparable features:
Table: Comparative Features of the Antivirus Products
Ease of installation
62.5% – Moderate; There are Issues with uninstalling
80% – Installation does not take much time
80% – With the default setting of the product installation is a cakewalk
Ease of configuration
80% – Easy to Configure
90% – easy to configure
80% – Easy to configure
Support for help files
75% – with Chargeable Phone help – Waiting time of 30 minutes. Live Chat is not effective as it needs the installation of Explorer and other products
90% – Support is available round the clock – charged as a part of the license fee
60% – though the product has many help and support possibilities more waiting time makes them inefficient
60% – efficiency; Through the website claims updates three times a day normally there are updates once a day
90% Automatic updating for networked PCS
75% efficient – automatic downloads from the internet enhances the utility of the product
Have to download by logging in to the account created.
Can use Inter check log messages/email
One has to login to get the updates which makes the process longer
Had larger impact on the system making it work slowly, as compared to McAfee. Menu and operating commands are simpler
Very fast scanning – perhaps the fastest; but one can not select files for scanning on demand
Compared to Norton this product is less straining on the computer speed and hence enables the user to work in almost normal speed
Ability to detect common viruses
75% efficient – Less efficient to McAfee; efficient in identifying and isolating the viruses including Trojans, spyware etc.
60% effective – the scanning is not effective in removing the viruses as many tools have to manually installed
85% efficient – this product has one of the best virus scan records with three international awards
Chapter 6 Discussion
In general the conducting of the tests for evaluating the three chosen antivirus software products was a time consuming process. A lot of patience is to be exercised while conducting these tests. The installation of the software products was the first step undertaken in the evaluation of the antivirus products.
6.1 Problems Occurred During the Conduct of the Tests
In order to find the impact on the efficiency of the system the conversion of WAV files into MP3 files using iTunes 7 was undertaken. In fact this was a good decision to have undertaken to use the conversion time for evaluating the efficiency of the computer system after installing the antivirus software. However there were some problems encountered in completing this test properly. The conversion before installing the antivirus products did not pose any issues. Once the Norton Antivirus 2008 was installed initially the computer system became very slow that the conversion took awfully longer time which was beyond comparison. But when the same test was run for the second and third time the system picked up the speed and conversion was normal. The time taken on the fourth and fifth try was consistent which was taken for comparison purposes.
Similarly running the full system scan with the Norton Antivirus also posed a problem. In the first instance after running for three hours the scan process was aborted. Therefore it was not possible in the first instance to record the speed of scan based on the time taken for scanning the complete files and folders contained in the computer. The full scan of the whole system was to be run again to find the exact time taken for completing the full scan.
Apart from the above hindrances there were no other problems that were encountered while running the tests for the three antivirus software products. The tests ran smoothly and the results recorded.
6.2 Results of the Test
On the basis of the results of the tests conducted it appears that the two products McAfee and Norton both fare well so far as the home/personal computer environment is concerned. Sophos being an antivirus system most ideal for network configurations was not a close contender with the other two products. Therefore this product seems to be not so popular among the common users. While there were lot of comparative reviews available about the features of McAfee and Norton on the internet there is no much comparative details available about Sophos. Therefore the discussion in this project also centers round the other two products only eliminating Sophos form the race.
A comparison of the results in general appears to support the installation of McAfee product. No doubt the Virus Scan 2008 has lot of additional and superior features than Norton. Some of the features are exclusively available only with the McAfee Virus Scan 2008 which makes the product superior to that of Norton. While comparing the installation time between the two products Norton has taken 1 hour and 25 minutes whereas for installing McAfee product it had taken only 1 hour and 7minutes. Even on the test of system impact McAfee has registered a marginally better result than Norton product. This implies that sophistication in designing the antivirus products has reached a stage that all the popular products available in the market make it a point that they do not take much of the system resources while making a deep scan of the system files and folders, though it can not be eliminated altogether.
The superiority of the product therefore lies in the speed with which the software can scan all the files and folders and the effectiveness in identifying the viruses as these are some important criteria which the customer would look for while deciding on the antivirus software product. In addition there are other additional features like protection for email, instant messaging, and integration of firewall protection that need to be considered while choosing an antivirus product.
Apart from the impact on the system one other element that should be taken into account for assessing the efficiency of the antivirus product is the time the system takes to get itself booted after the installation of the antivirus product Since the scan engine takes the power to act form the resources of the computer there is bound to be a slowing down of the speed of booting the system. The time taken for booting the system from the time the power is switched on to the computer till the time the operating system is made ready for use along with the activation of the antivirus software is a determinant factor of the efficiency of the Antivirus software. The lesser time the computer takes for booting with a particular product, the greater the efficiency of the antivirus software concerned. In the set of antivirus products tested with the product of McAfee the computer has taken lesser time to get booted than the other two products. This indicates that the antivirus product of McAfee is more efficient than the other two, although this is not the only criterion to determine the efficiency of the antivirus software products.
Scan speed is an important element that one has to consider while evaluating the efficiency of various antivirus software products. This may be considered as the main test for grading the value of the product to the user. Especially when there is an increased usage of the internet there are bound to be lot of viruses getting into the computer system. This necessitates a complete scanning of the system on a daily basis. When the scanning system is running the speed with which the computer system works is bound to slow down. The user can not also wait for the scanning to complete, as the full system scan will take hours during which the user has to carry out his normal work on the computer. Hence it becomes important that the scanning of the system is done faster so that the computer can work under normal speed and power. Therefore the greater the speed with which the software scans the files and folders of the system, the software can be regarded as more efficient.
Finally, the effectiveness in identifying the viruses by scanning is another important factor that determines the efficiency of the antivirus software products. The antivirus product is expected to isolate the viruses for appropriate treatment of quarantining them or destroying them, to move away from the system so that the information and data stored in the computer are not corrupted. The effectiveness is also determined on the basis of the efficiency of the product to detect maximum number of viruses like Worms Trojans etc. The software should also be capable of identifying other malware like spyware, adware, etc. so that the computer can function in a 100 percent safe environment. The software will be able to fulfill this function effectively only when there are updates to the software on the new viruses found and the ways of defining them for easy elimination from the system after identification. The periodicity, with which the updates are made to the software determine the increase in the efficiency of the software product.
Thus by conducting the above tests the project has arrived at the relative efficiency of the all the three antivirus software products that were subjected to comparison.
Chapter 7 Conclusion and Recommendation
On the basis of the results of the tests and comparative features of the three products the project has to make a reasonable conclusion as to the product which appears to be providing more value to the user. Although the basic essential features are present in all the three chosen products, the unsuitability of Sophos for a home or small business environment eliminates the product from the contest for the selection. This leaves the other two products McAfee Virus Scan 2008 and Norton Anti Virus 2008 to go neck to neck for the final selection as efficient over the other.
Based on the comparative features discussed in chapter 5, Norton Antivirus 2008 can be considered as a good product to keep the personal computer safe from viruses. However it is not considered effective against spyware. While the product has been considered good in protecting the computers against viruses, the software has significant problems in making the computer slow while performing the scanning action. Although the manufacturer has taken lot of efforts to improve the product in this aspect still there has not been considerable improvement in this direction. Hence due to this reason and also because of the following additional advantages or merits of McAfee this project concludes McAfee Virus Scan 2008 as the best product among the three products considered by the project on a comparable basis.
Additional features of McAfee among other things include:
McAfee Virus Scan Plus 2008 is being offered at $ 39.95 for one PC license with an additional fee of $ 10 each for additional licenses with $ 59.95 for three user licenses. McAfee Virus Scan runs on Windows 2000, XP, and Vista whereas Norton Antivirus only functions on XP and Vista.
McAfee uses a bootstrap method of downloading the code into the computer and then installing it module by module. The process is comparatively faster. First the security center is downloaded followed by the product purchased. There is no ‘uninstall’ option in McAfee in the Windows All listing programs. For uninstalling one has to use the Windows Control Panel Add/Remove Software Option. But in most of other software products there is uninstall option is available.
The McAfee Protection Center offers left hand navigation for all tools with a right hand window pane for system status. While Norton has individual tabs for different products, McAfee has integrated in the security center. In the security center two tables are found; one for basic features of the product and the other for advanced tools. McAfee has blended all its tools like security, utility, and networking together. This makes the overall product to get a feeling of more integrated. Norton product looks like that several stand alone products have been grouped.
The additional features of McAfee include the system diagnostic tools which enables the shredding the deleted files, defragmentation of the hard drive, provision of network monitoring tools and the product’s own anti-phishing tool. The product is able to scan links within the instant messaging systems which covers the messaging under latest versions of AOL and Yahoo Messenger. Although Norton also offers this facility, it covers only older versions of Yahoo and AOL IM. Another new feature of McAfee ‘State Aware’ allows the user to enjoy uninterrupted movies, slide shows, and games by providing security alerts or scans. Norton does not have this product offering.
There is a complete integration of antivirus, antispyware, firewall, and anti-phishing.
Though slightly weaker in the help/support, McAfee is a branded and popular antivirus software product that can well be recommended for buying as an excellent product in detecting and removing viruses as compared to Norton Antivirus 2008 and the product of Sophos.
Chapter 8 Future Work
Considering the limitations and experience on this project of evaluating the efficiency of the antivirus software products the future work on this field may center round the following topics:
1. The efficiency of the different antivirus products with respect to specific application areas like email, instant messaging, or internet may be undertaken which would throw more light on the efficiency of the products.
2. It is also another good idea to conduct a study exclusively on the number of product updates provided by 10 or more manufacturers and their impact on increasing the efficiency of the antivirus software product. A study in to the nature and scope of these definitions would greatly enhance the knowledge on the utility of the updates.
3. Yet another project may be undertaken to study the most common viruses that are being identified by different antivirus products. This study may also look into the specialty of any antivirus software product to detect unique viruses.
Alma Whitten and J.D. Tygar (1999) ‘Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0’
Information Security Awareness ‘Firewall Software Comparison’
Jane F. Kinkus ‘Science and Technology Resources on the Internet: Computer Security’
PC Advisor ‘Norton Antivirus 2008’
Software Antivirus.com ‘Sophos Antivirus’
Topten Reviews ‘2008 Internet Security Suite Report’
Topten Reviews’ McAfee Virus Scan 2008’
Appendix 1 Review of McAfee – Virus Scan 2008
McAfee Virus Scan Reviewer’s Comments
McAfee is an industry leader in computer protection and Virus Scan is their #1 defense against viruses. This software comes with a Script Stopper, to prevent virus to propagate from one computer to another via email, and Worm Stopper.
Some downsides to the program are it doesn’t provide instant message protection, P2P/file sharing protection or registry startup protection. Check out the Gold product if you’re looking for these features.
McAfee Virus Scan Screenshots. Click to Enlarge
Ease of Use:
If you use the default settings, setup is a breeze. The default settings provide very good protection against viruses, Trojans, worms, malicious ActiveX controls, and Java applets.
The Security Center has several tabs besides the Virus Scan tab. There is one for Personal Firewall+, Privacy Service, and Spam Killer. These are other programs offered by McAfee.
Virus Scan boasts one of the best virus detection records. The software received the VB100% award for 2007, the ICSA award for 2007 and passed both level 1& 2 Checkmarks from West Coast Labs.
McAfee Virus Scan 9.0 automatically downloads updated virus definitions from the Internet on a regular basis. Staying up to date will dramatically decrease any possibility that a virus will infect your computer. On Average, McAfee comes out with new virus definitions on a daily basis.
You will have to register and login to get updates-this makes the process longer than it needs be.
McAfee Virus Scan offers a rich list of features. You can set Virus Scan to scan your computer at a preprogrammed scheduled time. The program also scans for spyware and adware.
You can’t add several tasks to the Scheduled Scan. This would be a nice quality so you could scan all files once a month and only program files weekly or any other tasks you would like to set up.
McAfee has an Antivirus Emergency Response Team that continually monitors the worldwide virus activities to provide you with the utmost safety. The always-on protection guards against viruses, spyware and other Internet threats that may enter your PC via e-mail, instant message attachments, Internet downloads, and web browsing.
Ease of Installation:
We didn’t encounter any problems during the installation process.
McAfee has plenty of help options, including documentation, email, and phone support. We were disappointed with their email response time-it took 5 days to respond and they didn’t answer all our questions, hence the low rating.
McAfee is a name brand product that does an excellent job at detecting and removing viruses. Their update process can be somewhat tedious and their support department needs to answer their emails in a timelier manner.