Problem solve Get help with specific problems with your technologies, process and projects.

Defending Windows: How to choose an effective antivirus solution

Antivirus software is an important piece of the security puzzle. This tip will help you choose the right solution to protect Windows from new virus, worm and malware threats.

If you try connecting an unpatched and unprotected Windows computer to the Internet, there's a good chance the computer will be attacked, compromised or infected in some way before you can even get a cup of coffee.

Although you should never rely solely on antivirus software to secure Windows, running such solutions is still critical in helping you detect and block new viruses, worms and other malware that could infect Windows systems. You have a variety of applications to choose from thanks to a competitive antivirus market, which will include Microsoft by the end of 2005, according to Chairman Bill Gates' announcement at last week's RSA Conference 2005. So what should you look for in an antivirus product? Keep the following key considerations in mind when doing your research.

Avoid resource hogs
You want antivirus software that is able to run constantly in the background, monitoring incoming and outgoing network traffic and e-mail activity for signs of malicious code. Real-time scanning activities should not use up so much system memory or processing power that it hinders the functionality of your Windows operating systems for its intended purpose. It is particularly important for the antivirus software to use very little overhead when protecting servers that are already performing resource-intensive tasks, such as file sharing or e-mail.

Require quick updates
Most antivirus products have some form of heuristic detection, a less-precise type of detection that recognizes virus-like traits before a virus infection is identified (i.e. flagging files with unusual headers). However, the majority of virus detection and blocking products recognize patterns or signatures from known threats. The problem is the lag time between the threat being discovered and various vendors releasing updates for their products to detect the new threat. You need to make sure the vendor you choose has a consistent track record of getting antivirus updates out to its customers quickly without sacrificing quality.

Require flexible file filtering
Most antivirus software offers some means for blocking or restricting e-mail file attachments. But some products are less customizable and may not offer the flexibility for an organization to add file types that the vendor didn't include or to allow file types the vendor chose to exclude. Having the flexibility to restrict or allow file attachments as your business and security needs dictate is an important consideration.

Require simplified management
When trying to maintain and update antivirus software on hundreds or thousands of client Windows machines, it is imperative that you are able to automate that process; you should be able to administer and control the deployment of updates from a central console. The ability to manage the update process and generate reports to identify any systems which may not have been updated successfully can make managing antivirus in an enterprise much more efficient.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the Guide for Internet/Network Security, providing a broad range of security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.

More Information from

  • Learning Guide: Get up to speed on virus detection and protection in our Malware Learning Guide
  • Defending Windows Tip: Learn how to keep attackers from phishing in your waters
  • Defending Windows Tip: Get help proactively protecting Windows from malware attacks

  • Dig Deeper on Enterprise desktop management

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.