Thursday, February 19, 2009

AV Scan is hereby discontinued. Here's why.

The end had long been in its making, but everything decisively fell through when my computer crashed twice in a row last year, and I lost all my data including my virus vault, where I used to keep samples of viruses, trojans, worms and other sorts of malware, dating from the 1990s to the present. Not backing up my computer has never cost me so dearly. Although not entirely impossible, I don't want to go through the trouble of building another virus vault from scratch either, so this is goodbye.

In my defence, I no longer have the means to test how good an antivirus really is. Very few sites reviewing antiviruses actually test them themselves, and megasites like continue to dish out 'antivirus reviews' largely based on scan speeds etc, without even including factors like how good an antivirus is in detecting or eliminating viruses in their rating of the particular product. (Here's's review policy for antivirus software.) I didn't want to be part of the mimicking crowd, and tried my best to be an alternate voice in security software testing, albeit in my laid-back, casual way. I would test an antivirus for weeks at a stretch before I was absolutely sure of my opinion. Only then would I proceed to write my review. Now that I've suffered this setback, I'd rather withdraw from the game than join the crowd of 'antivirus reviewers'.

Is it that hard to crash-test antivirus software, or any software for optimum usability? No. Must we always depend on organizations such as AV-Comparatives to tell us how good or bad an antivirus actually is? We could always do with another voice. My findings, for instance, have often disagreed with AV-Comparatives'. There's certainly room for further examination here.

On a personal note, AV Scan hasn't managed to receive as many links as I would've liked. But that doesn't mean I'm being ungrateful -- thank you to everybody who visited AV Scan, and those who posted comments get extra kudos from me. It's all been a worthwhile experience.

Finally, I've decided not to delete this blog and pull the plug entirely, since like people and software, antiviruses too exhibit similar behavioral traits across versions. Norton for instance (which ironically happens to be the world's most popular antivirus software and is consistently ranked as a 4- or 5-star product) is still plagued by many of its ancient problems. Old reviews can always serve as good references.

Have a good life! And stay safe, both digitally and not!

Wednesday, July 2, 2008

Sophos Anti-Virus 7.3.3 review

Note: please check out the FAQ if you have any issues.

You probably haven't come across Sophos antivirus, because it's enterprise software, which means the company's target consumers are small- to large-scale organizations instead of home users.

I'm generally against 'elitist' software like these, but Sophos seems to have a loyal customer base so I thought it deserved a review. I've been using Sophos for almost six months now; I don't like it, and the only reason I still have it is because my university gives me a free copy.

Admittedly, Sophos detects viruses and malware pretty well. It scans quite fast, and is also not very RAM intensive (a combination which is becoming increasingly rare these days). Moreover, it seems to catch adware pretty well compared to other antiviruses (of course antiviruses aren't necessarily supposed to do this, but we're glad they started).

AV Comparatives claims that Sophos was one of the top performers in their tests. My experience suggests a different story.

From my many weeks of using it, I've come across situations where Sophos detects a virus but can't clean it. Of course such cases are very rare, but isn't that enough to scare people crazy, especially when they're supposedly running an antivirus which is so precious that it's not even sold to individuals? I've seen this happening to a friend of mine working on her doctoral thesis who completely freaked out; we had to delete the file.

Moreover, Sophos doesn't always provide names for the viruses/malware it's caught, and resorts to a generic label. "Mal/packer"? Come on. I'm not too name-savvy either, but since you can get into a confusing spot (such as Sophos telling you it's found this nasty piece of code but can't fix it), providing more info, at least the name, was obligatory. That way the user can look up the threat online, and download the cure/fix from whichever antivirus camp that's offering it, instead of having to delete the file.

Sophos also generates lots of false alerts (why is this getting so common in antiviruses these days?): when I scanned my computer it found 4 'viruses' (including a very innocent text file I had created myself) which I'm very sure they weren't. Last but not the least: the interface isn't the most user-friendly around, and looks pretty bland: reminds me of the days when I was trying out .Net.

Sophos does allow trial downloads, but all in all, certainly not a good antivirus for your (organization's) money.

The good:
- Good detection rate
- Scans fast
- Not too heavy on system resources

The bad:
- Uninviting interface
- Often does not provide adequate information

The ugly:

- Lots of false alerts

Price: CAD $228 (SBE edition for 5 users)
Go to: Sophos website