Choosing an antivirus solution: A checklist for businesses

David Kelleher
Communications and Research Analyst at GFI Software
Visit website

Post date: Saturday, 30th June 2012

Of all the security solutions in use today, particularly in the business world, antivirus software is by far the most prevalent, surpassing other tools such as identity and access management (IAM) and other information theft measures (ITM) in most major economies.

In response to the magnitude of the malware challenge, there is a vast array of antivirus software options on the market to help organisations protect users, client computers, back-end servers and the overall network infrastructure from malware attack. Capabilities and prices vary considerably depending on what you are looking to achieve regarding centralised management, updates and enforcement of policy.

There are also significant differences in the performance impact that anti-malware solutions can have on the target PC, a critical consideration when deploying security software into environments where the responsiveness of machines is critical to maintaining productivity and completing time-sensitive transactions.

Security for business

The most important consideration when choosing a solution is to select one that is designed for a business environment. If deploying to multiple machines, then solutions designed specifically for business are essential in order to simplify management and ensure consistency of security policy is enforced across the PC estate.

Other considerations include:

• Central management consoles – Provide a single view of the PC estate and of the status of the antivirus applications and agents currently running within it.
• Local definition file caching and distribution – Each client won’t always have to connect to the outside Internet in order to get the latest definitions (the database of known malware and behavioural traits to look for), with the most recent cached centrally after it is first downloaded.
• Ability to support IT security policy – The antivirus solution deployed within an organisation is a key part of the overall IT security policy, so it is essential that it is able to act within the policy framework. That means that it must have features that fit within the policies in place, be able to enable or disable features in order to fit current policy and be flexible enough to meet future policy changes. Integration with policy enforcement tools and central user directories such as Active Directory is also important.
• Multi-platform support – Does the system you want to deploy allow you to place agents on platforms other than Windows?
• Existing antivirus solution removal – It is essential to remove an incumbent solution (if present) entirely before installing your preferred antivirus product.

There is an understandable temptation among smaller organisations to look at single-PC boxed solutions for IT security, usually from consumer-focused retailers. The temptation to buy and deploy these solutions is predominantly price-based, with consumer solutions seemingly being cheaper on the surface, especially if they come bundled with the initial PC purchase.

However, using a consumer solution, be it a paid-for or free solution, has many limitations in a business environment:

Limited or no technical support – Free consumer solutions often offer no included technical backup or, at best, it’s arm’s length via forums, peer support or Web form reply with no SLA. Paid-for consumer solutions will usually offer a higher level of support, but again with no SLA and with no guarantee of support in a business setting.

Speed of product – Ensuring the solution you deploy does not impact on the overall performance of the PC it is intended to run on is paramount. Solutions can easily consume up to 100% of system resources during a scan, during which the PC is useless for day-to-day work activity.

Regularity of definition updates – The volume and frequency of definition updates can be reduced with consumer solutions, and more frequent updates are often offered as a differentiator between free and paid-for solutions.

Required ancillary products – Consumer solutions often come bundled with an array of add-ons that are unnecessary and frequently unwanted in a business environment, including toolbars, ad panels and pop-ups promoting complementary products.

Consumer solutions can potentially have a place in a business environment, on single PCs in very small businesses or sole trader operations where both the number of computers and IT expertise is limited.

However, where a dedicated IT resource exists, where staff are located over any distance (multiple sites, a large single space, home workers etc.) or where there is a need to enforce policy organisation-wide, the benefits of a dedicated business antivirus solution quickly come to the fore.

Security Performance

Antivirus software by its nature will require an element of PC processing power in order to run, even in the background. Continual scanning of in-memory activity in order to intercept threats coming in from opening attachments and downloads means that antivirus software is always running and always active, even at a very low level.

The processing power requirement will rise significantly when it comes to more extensive scheduled and on-demand scans. However, not all antivirus applications are created equal, and as a result there is significant disparity between products in terms of the amount of processor resources and RAM they consume in order to perform either a full, deep scan or a basic scan.

Fully integrated security suites, that combine a proven antivirus technology with optimised companion products such as a firewall, URL filter and anti-phishing tools will, by their very nature, deliver improved performance and interoperability reliability, as well as provide the IT department with the backup of crossproduct technical support from a single source.

Ultimately, antivirus software is like a bodyguard. It should exist in the background watching over the users and their PCs. A good antivirus solution should only make itself known when it needs to step in front of a malware bullet to protect the PC and its user’s data. It should be transparent to the user otherwise.

Costs and licenses

There can be far more to the cost of an antivirus solution than the initial up-front purchase cost. When choosing the right solution for the organisation, it is essential to consider the following areas:

• Number of machines covered – Does the solution provide you with enough licenses to cover your site, or the multiple sites within your organisation? How much will extra licenses cost and what price breaks are on offer for buying licenses in bulk?
• Transferability of licenses – As PCs come and go due to upgrades as well as changes in staffing numbers, it may be necessary to transfer an active license from one PC to another. Does the license for the antivirus solution allow for this, or is the license permanently tied to a single machine until the end of its useful service? The latter may be the case with some bulk licenses.
• Cost of support contract – After the initial license period, it may be necessary to take on a dedicated support contract in order to access priority telephone or on-site support from either the software manufacturer or a reseller. If this is not part of the license renewal cost, how much will it be and how does it compare to the cost of replacing the solution? For products that have a relatively low initial purchase or renewal price, and particularly for free antivirus solutions, the cost of professional support backup can prove to be significant, wiping out savings gained in the initial purchase.
• Cost of renewals – Antivirus products have a fixed expiration time, so pay close attention to the renewal cost. Does the renewal cost make economic sense? Does it reflect the fact that the product is already in place? Would it be cheaper and a more effective use of IT resources to deploy an entirely new product rather than renew the existing one?

All antivirus solutions are not created equal. As well as delivering variations in quality and scope of protection, the solutions themselves differ greatly in terms of OS compatibility, operational features, management features and impact on system performance.

Failure to consider these important aspects before choosing and deploying a solution can result in lost productivity and considerable additional workload to resolve problems and performance issues caused by the actual antivirus application. Similarly, with many of the business-specific management and policy enforcement features missing from consumer and free antivirus solutions, managing more than a couple of machines running these products quickly becomes an administrative headache and creates a cost burden through the loss of central management and control.

Instead of having the convenience and clarity of a centralised management console to show current status and push updates, management tasks will have to take place desk-side.

In conclusion, it is essential that users and organisations purchase and deploy the right antivirus solution for their environment. While there may be temptation to deploy cheaper or even free solutions in a business environment, it is seldom an ideal option.

This article first appeared in Business Today, Issue 7. To read the entire publication, click the ebook.

Business Today