Virus Protection for Mac OS X, Part I

View Presentation

Introduction

Virus protection is always a concern for system administrators. This is especially true for Mac Managers with now that the Mac OS is not quite as virus proof as it once was.

Robert has been testing the effectiveness of Virex, Norton Anti-Virus, and Intego Virus Barrier X and will present his findings. He will also discuss his analysis of the installation, operation and features of each product.

Software And Hardware Used For Tests

I compared 3 products for usability, features, and reliability. The 3 products are Virex 7, Intego Virus Barrier X, and Norton Anti virus for Mac. The purpose of this project was to identify what will work best for end users in my department. Most of my tests were performed on a 400 Mhz G3,256 megs of ram and a 10 gig drive formatted in HFS+. Here are the results of my testing.

Virex 7

Available through Office of Software Licensing. Some information is available at Mcafee's website.

Installation via the cd from osl was cake. Manually updating virus definitions was straight forward and quick. After that I became really disappointed. Manually scanning the boot volume on 3 different machines caused Virex to crash. Scanning via command line works great but isn’t very practical for end users. I was not very happy / impressed with Virex. Otherwise, to be polite, it didn’t match my needs very well. If you wanted to run nightly scans via cron and commandline virex 7 might be a good solution for a server but the GUI was too buggy for end user use. I really liked Virex for classic os. At the time of creating this document I was unable to get Virex to launch on a freshly installed Mac os with all the patches updated to 10.2.3, so I have no screen shots to show for my testing.

Intego Virus Barrier X

http://www.intego.com

I downloaded a trial ware version that was not 100% fully functional.

Installation has no options and gives you a simple install / uninstall interface, select a destination drive and that is all for installation. reboot when done.

Launch Virus barrier X from applications folder. once launched right click dock icon and select keep in doc. If you set to start on boot Virus Barrier X will auto scan anything that is opened or executed. In auto scan mode os performance is not noticeably affected. The dock Icon is green when running and red when off, I think that is a nice status indicator in case something has caused your protection to be turned off. Alert and scan mode options that can be set on Virus barrier X seem pretty straight forward and intuitive. One odd thing that I didn't care for is, If you open the GUI you need to minimize via “command + m” due to a non standard windowing interface.

I could not update the demo. However the intego netupdate control panel, located in “system preferences”, seems very intuitive. It allows you to schedule automatic updates and lists installed updates. Drop scanning a volume on dock icon went very fast on 500 megs of data. Virus Barrier unexpectedly quit scanning boot volume while running mozilla, word and saving a file. Tried scanning again vi the gui interface doing a complete scan via the scan button and it ran fine…. Took about 20 minutes scanning 3.61 gigs of data. Slowed down performance a noticeably.

Overall I think Intego Virus barrier X seems like a much more user manageable application than Virex. My testing indicated that it is pretty stable and reliable except for the one crash. It would be pretty easy to discount the issue of the crash as I am testing on a reasonably low end machine.

Symantec Antivirus

I purchased Norton System works 2 for Mac as I wanted the other utilities. Installation of the entire package is pretty simple. Just open the folder “install for os X” and launch the installer. There are no options, just install or uninstall. I received repeated dialog boxes warning about “DeleteTrap.kext” and "symfs.kext" file. This was a bit annoying as I think you should only have to answer the dialog box once.

When running live update I got numerous authentication dialog boxes as patches were installed. Also Norton utilities required a reboot for the Norton utilities patch to be run, but the GUI didn't tell you. I just caught on after a few downloads of the same file that a reboot was needed. After the reboot it was updated. The GUI interface is pretty straight forward offering volume scan and file scan views. The user definable settings are also very intuitive allowing you to customize general, auto-protection, compressed archives and a reminder to check your virus definitions.

You can set it to scan at a specified time through norton scheduler. There is a Norton auto protect process running automatically in the background. It would be nice to get a volume scan at boot function as was available in classic os versions, but that does not seem to exist in any of the products. Having a scan run at a specified time runs in the background and displays a dialog box when finished. It seems to not bog down the os as much as Virus Barrier X, but processor and disk intensive applications will see a noticeable performance hit.

Conclusion

I did not test with any exhaustive procedures like sample virus files, so actual quality of the scan engine is an unanswered question. As far as usability and features I like the Norton package best. It has a few more popup dialog boxes than I would like to see, which could be an issue in a lab environment, but it is a good thing to be informed about the status of your virus protection. Additionally the user interface is more polished and usable than the other products tested. I would rank Virus Barrier X a close second although I have not ever heard of Intego before a google search a few months back, so I tend to question a newer products overall integrity against a product with a longer development history like Norton AV. I would put Virex way back last as I could reliably reproduce a crash every time I manually scanned my boot drive and that doesn’t make me feel to confident in it’s reliability.