CA Anti-Virus 2008 - A Rhapsody in Blue

Page content

Introduction

As I prepared to write this review, I attempted to check my email and was unable to log into my mail server. After some investigation, I found that all users had been deleted from my mail server. I tried to figure out what process did it, but was unable to discover the source. I was pretty sure it wasn’t a virus because I had a virus scanner running on the system that I update regularly (which has a real-time monitor to catch everything going into and out of the machine). On that machine, I also have two other security packages running in the background. After spending four hours getting things back to normal, I ran my existing virus scanner to make sure I didn’t have any viruses lurking about. It found nothing. As an extra precaution, I downloaded another virus scanner and ran that just to make sure my existing scanner didn’t miss anything.

The new scanner found 23 viruses (fairly significant ones) on the server. Ironically, the old scanner I was running was a version of CA’s eTrust that my former company allowed us to download for personal use (they worked out a license deal with CA).  The version of eTrust was roughly four years old but I updated the software regularly, and ensured that I had all the latest scanning engines, so I felt confident that it would do the job of protecting my server. While I can’t be sure (at this point) that one of the viruses was to blame for my mishap, the fact that the viruses were on the machine was disturbing.

In reviewing the latest version of eTrust, there are significant changes in the software both visually and behaviorally. Still, for any antivirus software, the old adage, “the proof of the pudding is in the tasting,”  holds true particularly for virus-scanning software. Of course, the adage holds true for anything we rely on to keep us safe. Do you know your airbag will work when needed? How about your seatbelt, or your bicycle helmet? We rely on many of these items daily but may never know how well they really protect. Our goal is to avoid ever having to test them. So while I expect that the updated version of eTrust is better at protecting my computers than the previous version I had installed on my server, the ultimate proof is in the way it actually deals with viruses. This review will get you started and provide a lot of good information about how the software functions and how it affects the performance of your system. For the next level of review, Consumer Reports has put together a good review of the latest antivirus software packages and done thorough lab testing of their ability to detect and stop viruses. I encourage the reader to use that report along with this review in making a purchasing decision. The link to the CR report is below (it requires a subscription):

www.consumerreports.org/cro/electronics-computers/computers/software/cyber-security-9-07/ratings/antivirus/0709_soft_gtr-antivirus.htm

Installation & Setup (3 out of 5)

What’s Hot:
The installer is solid, though it requires a lot of handholding. I had to click through 11 different screens in the install wizard (which includes three license agreements that require you to scroll to the bottom before their Agree buttons become enabled!) before the product installation actually began. The application writes roughly 98 MB to the disk and creates 531 registry keys. The product requires a reboot after installation. Overall, it’s a very solid installer.

[caav_install_options.JPG]

What’s Not:
The product cannot be uninstalled by rerunning the installer; nor is there an uninstaller included in the Start menu items. Also, the installer installs two CA packages and you have to uninstall them in order (the virus package first, and then the gateway) or you’ll get an error. The uninstaller left behind about 10 MB of files and most of its registry keys, though it deleted most of the registry values created by the installer.

Product Features (4 out of 5)

What’s Hot:

CA AntiVirus is solely a virus scanner and doesn’t include a lot of other bells and whistles. But as a virus scanner it comes fully loaded. The software includes a real-time scanner, a full system scanning interface, and an email scanner. It offer plenty of reports so you can see what the scanning engines found and what it did with them. You can set up scheduled tasks through the interface and update the software.

Perhaps the slickest feature is the contact option. This feature will send an email to the address you specify telling you when a virus has been found. This is great for people who travel or who have the software installed on servers that they rarely log into. My home security company offers a feature like this. If I’m travelling and there’s a security problem, my service will attempt to call me. And if they can’t reach me, they’ll send out an email immediately letting me know there was a problem and how they dealt with it. This is a nice value-add to eTrust.
[caav_management_contact.JPG]

The client can be plugged into a central management server (if available) allowing all the updates and reporting to be received from or send to that central location. It can also serve as a redistribution point for updates. The update feature is robust and users can choose to updates only specific components as well as tell eTrust where to download updates. Multiple locations can be included for optimal service.
[caav_management_updates.JPG]

Many of the important features of the real-time scanner can be controlled from the system tray. The scanners can be disabled instantly and the task tray includes a “snooze” option. When you choose to put the scanners to sleep, eTrust produces a small dialog box that allows you to determine how many minutes the scanner will ignore your files.
[caav_realtime_snooze.JPG]

This is one of the best implementations of this feature of all the virus scanners I tested. It works so well because the important choices are right off of the task bar so you don’t have to load the main application, and the scanners respond instantly. There have been times when an application has needed all the processing power of my computer immediately and turning off the scanners quickly without having to load another application is a big plus. The main eTrust application can also be launched from the tray icon.

The runtime scanners detected the virus in the Eicar test file and dealt with it.
[caav_eicarvirus.JPG]

User Interface (5 out of 5)

What’s Hot:

The main eTrust application is actually a web application, which is a distinction between eTrust and its peers. They also distinguished themselves by going with a more mellow color scheme instead of the red and black or bright oranges that other apps are going with. I guess if I’m having virus problems, looking at an interface clothed in baby blue will be more soothing than traffic-cone orange.

The UI uses a button and tab metaphor like most of the other virus scanners I tested. Unlike many of the other packages, eTrust’s interface is clean, clear, and a pleasure to use. It’s fast (surprising, given that it’s a web application) and the designers did a great job on layout. The spacing between the group boxes is large enough so the elements don’t appear cluttered, and even within the boxes themselves, the elements are nicely spaced giving the UI an airy feel.
[caav_mainUI.JPG]

The engineers managed potential page rendering problems (e.g., some elements rendering in the UI before the functionality is in place) by loading the page in the background and then enabling all the elements when the given page is fully loaded. The main drawback with this approach is that each change of the UI means a short wait. But even on my relatively slow machine, the wait never reached the annoying point.
[caav_ui_render.JPG]

The reports are clear and give plenty of information. Clicking on the Print button will open the report in a larger browser window and attempt to launch the browser’s print utility. In my tests, this worked as expected.
[caav_ui_report.JPG]

Whereas the reports used a long document format, the logs used a table and paging approach. Both formats worked for their respective information types.
[caav_ui_logs.JPG]

What’s Not:
A web UI does have its downside. At one point, Windows Security Center told me that eTrust had stopped and that I wasn’t protected. I clicked on the tray icon and found that eTrust was downloading an update and had temporarily shut down to install it. I clicked the main UI to find out more information and the page wasn’t available because the application had stopped.
[caav_noservice.jpg]

Performance (4 out of 5)

What’s Hot:

I ran some non-scientific tests to evaluate whether the scanning software would cause some obvious and immediate problems with basic tasks like browsing the Web and copying files. I wrote a small software program that would precisely time these operations. I ran a first set of tests without the software installed and running, and a second set with eTrust running in the background with all scanners turned on. For the first test, I copied five 21 MB files over my home network from the local machine (on which eTrust would be installed) to a network share. The second test copied 300 8K files over the network. I was testing to see if smaller files, and more of them, would affect the scanners negatively. Finally, my program went to five major websites (with complex layouts) and downloaded their home pages. I ran each test five times on a machine with a 2.2 GHz Celeron, 1 GB of RAM, and Windows XP SP2 with all the latest service packs. Here are the results:

No Scanners
1. Large files: 15683 ms
2. Small files: 5123 ms
3. Websites: 5994 ms

Scanners
1. Large files: 15593 ms
2. Small files: 5187 ms
3. Websites: 5973 ms

In my testing, the scanners had no impact on these basic file and web operations. In fact, of all the virus software I’ve reviewed, eTrust performed the best. The runtime scanners eat up about 63 MB of memory.

Help and Online Services (3 out of 5)

What’s Hot:
The eTrust help system is also a web application but the content is local, which is important if there’s an issue with your Internet connection. The help seemed robust enough and even provided context-related guidance.

What’s Not:
eTrust has almost no integration with online services other than the update service. Unlike other offerings (particularly McAfee), there are no services (at least none available through the application interface) that will show you the latest virus trends or provide you with an ability to report virus problems to an online community. You can go to the CA website to get some of this information. I tend to think these services can be valuable in certain scenarios, but generally believe most users don’t use them. Still, CA can do more in this space to leverage the power of the Internet to prevent and track virus problems.

Images

Virus found

Installation options

Main user interface

Management contact

Management updates

No service

Realtime snooze

UI logs

User interface rendering

Reports

Suggested Features

CA should include more online integration.

Conclusion

CA’s Anti-Virus 2008 is a well-designed product that performs solidly. Its user interface is a pleasure to use and it comes with plenty of options to keep the enthusiast happy. Extras like the robust system-tray icon menu and the ability to have problem notifications emailed to you make Anti-Virus stand out and gives it distinction among it’s peers. For users who don’t need a lot of extras, CA Anti-Virus is a good choice for a solid virus scanner.

McAfee VirusScan Plus, BitDefender AntiVirus, Norton AntiVirus, Microsoft OneCare