Well, if you didn’t receive emails with viruii attached, or surf to “dubious” websites, you wouldn’t get infected. For the rest of us, we would be looking at either Microsoft Security Essentials, or something which costs money.

Or you’re a corporate customer, who has “business” needs, you’ll be needing to spend money.
If for no other reason that most anti-virus prohibit the use of their “free” products in a commercial setting.

The following are the questions I ask myself when I’m looking at an anti-virus product.

Personal use.

1. Does it have a history of “false positives”?
   False positives are when the anti-virus product detects “good” files as being a virus.
   For personal use I wouldn’t buy Symantec, McAfee or CA eTrust products.
   Far too many false positives for my taste, which I wrote about here.   Heck, McAfee can’t even be bothered to test their product updates against known good Microsoft Windows PCs.
2. What choices does the product give me if it finds a virus?
   Does it give me the choice to ignore the issue, quarantine the file, or just delete it?
   This is an important point for me, after having had McAfee delete some files I wanted to keep.
3. Is it from a vendor I trust?
   This is a personal choice, but I wouldn’t ever buy McAfee products.  Ever.
4. Will it slow down my PC if I install it?
   You used to pay a performance penalty for running an anti-virus product on your desktop.  But not so much now, with computers having gotten faster over the years.
   It is useful to be able to exclude programs from anti-virus monitoring, if you know the program is trustworthly.

For home use, I’d recommend Microsoft Security Essentials.

(more…)

It was an Ed Bott article which got me to thinking, “just how many anti-virus false positives have I dealt with over the years?”.   Six.   A false positive is when your anti-virus product flags a non-virus file as being virus-infected.

I’ve often thought that enterprise customers should pilot AV updates before inflecting them on their wider user community.  I mean, what’s the point of having an AV product which effectively does more damage than an actual outbreak?

Here is the list of anti-virus updates I’ve seen which have caused some havoc for customers.  It was longer than I thought it would be.

The anti-virus product I use at home?  Microsoft Security Essentials.

We had a problem with one of our SMS servers today, it was not processing DDR records.

All 19,000+ of them.

After some investigation, a co-worker found it was a corrupted DDR record which caused SMS to get stuck. 

After we fixed it, SMS started processing them records at 1 DDR per seconds.
Let’s do the math, 19,000 records at 1 per second, is 60 DDR per minute; and 3600 per hour.  It would take at 5 hours to process all those.
PLUS SMS was adding more DDR records, all the time.

Oh Bother it

Remembering that SMS Primary Sites run SQL Server, I wondered … … did we exclude the SQL Process from our AV program???

In short, no.  Excluding SQLSERVR.EXE made a tiny difference.  Adding SMSEXEC.EXE & CCMEXEC.EXE to the exclusion list made a HUGH difference.

We went from 1 record per second, to 5 records per second being processed.

We’re deploying the change to the rest of the SMS Server fleet, Tuesday.

Computer Associates used to recommend excluding particular processes and directories from eTrust anti-virus scanning.  This, I found, was very important with Microsoft SQL Server, as it would cause a significant performance hit.

You would do this via setting the following registry keys, under HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\Realtime

szExcludeProcessNames

(more…)