Review: Symantec AntiVirus

By on

This test was a surprise, with performance and default settings letting Symantec down, although the presentation couldn't be better.

This test was a surprise, with performance and default settings letting Symantec down, although the presentation couldn't be better.

Install was clean, with the system creating a user and group for itself, which is a much better approach than running as the administrator and installing an IIS site for remote management. No reboot is needed. A hefty manual comes with the product, along with an Exchange implementation guide, which goes into great depth.

Like an early IDS, Symantec's AV goes overboard firing off alerts, with little thought to the consequence. Each virus is alerted in no less than six places: in the body of the message, with email to the sender and the recipient, and in the Windows application log, to Symantec's remote management service (if it's there) and with a popup message on screen!

Multiply that by 10,000 and the server is in a world of pain. The application log filled up and the messages to the original sender bounced (as they do, worms nearly always spoof source addresses) generating ANOTHER message, this time to the admin.

Version 4 is now available, and Symantec says this version does not send mail to the sender in this way, which would be a big help. We turned the popups off after a hundred or so, enough to prove that this would really hurt. For one virus, it's as thorough an alerting framework as you could dream of. In an outbreak, it's an avalanche.

Symantec's test was also the slowest by orders of magnitude, but also the most thorough. The test took some 100 minutes to queue mail and then an enormous ten hours to process the backlog, but not a single message was unscanned by the time it arrived in the user's mailbox. The mail latency might be a problem, but will benefit performance over a distributed network, so whether this is a boon or a drawback will depend on your environment.

The user and web interfaces are good, and there is a wealth of options to make the product less clumsy and more efficient. So while the default settings let it down in this test, an optimized installation would surely fare much better.

For:

Backed by Symantec's integrated security suite. Highly configurable


Against:

Default reporting poorly conceived. Scan is thorough, but adds high latency


Verdict:

A powerful but lumbering behemoth - you can't beat Symantec's integration and depth of product, but this one needs tuning before deployment.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?