Enterprise anti-virus software

Although Norman Virus Control supports the current versions of Windows, Linux and Novell NetWare, it also offers useful support for legacy systems, including Windows NT4 and Windows 95, and even OS/2. These operating systems may no longer be "state of the art", but there are still a significant number of them deployed and doing useful work and are in just as much need of protection as their more modern counterparts.

The Corporate version of the product provides a number of administration tools to assist in distributing and managing networked installations of the virus control software. Networked installations nominate a system as a central server used to distribute software and updates. This would normally be a Windows server system, although a reasonably powerful workstation would be adequate.

As far as 32-bit Windows systems are concerned, networked installation using the supplied "Ndesk" software is straightforward provided that all the target systems have Microsoft File and Print services running and are in the same domain. If this is not the case the software will need to be installed using the SelfXWiz distribution wizard, which is also used to install software to Windows systems running Windows 95, 98 and ME. This generates a small executable that must be run from the target machine to pull down and install the required software. This could be an issue for installations with remote offices, however the "Ndesk" software can be used to monitor all the supported versions of Windows once the software is installed. Clients can be configured to check for updates at intervals from a networked server or from the Internet. There were no problems with this during the test period.

Norman Virus Control uses an "exclusion list" facility that allows specific files to be ignored during virus scanning operations. Directories and associated sub directories can be excluded as well, and files can be excluded by file extension if required. A major feature of Norman Virus Control software is its "Sandbox", a virtual environment that provides everything a program needs to run while isolating it from the real operating environment. In this way programs can be checked for suspicious behaviour without exposing the system to attack. Since the virtual environment always starts from a known state, any changes that occur in it are the result of the program's activity. These changes can then be examined to see if there are any undesirable effects before deciding if the program is acceptable.

This technique enables the sandbox to detect network and peer-to-peer worms and new file viruses without relying on new virus signature files. This was effective under test conditions, but although the system detected our virus files it did not detect our remote control software, even with an empty exclusion list.

Norman continue to update its product, however, and the latest release offers support for Instant Messenger clients as part of its Norman Internet Protection module, and provides an optional scanning facility to monitor incoming access to file shares. These additions, coupled with its support for legacy systems, make it an effective anti-virus product, although the restrictions imposed on centralised installations could be an issue for some network administrators.

Verdict

An effective anti-virus system with a wide range of features and a different approach

Requirements: Microsoft Windows 95/98/Me, NT/2000/XP/2003, IBM OS/2, Linux, Novell NetWare