Is your antivirus protection up to date? Are you still relying on the antivirus that came bundled on  your new PCs? If so, are you sure the licenses haven't expired? Does your gateway firewall allow the updates through? Although these questions may seem naive, such problems are remarkably common - particularly among SMEs - and often go undetected for ages, resulting in a false sense of protection. But even if you have covered all these issues, is the antivirus product you are running the best choice? Not all products are created equal, and, as the threat changes over time, even products that were once optimal may not remain so. Luckily there's plenty of guidance out there.

Austrian-based AV Comparatives provide regular exhaustive tests that include performance against current threats such as polymorphic viruses - those that change their outward appearance on the fly in order to bypass signature-based detection. AV-test.org, a specialist consortium based at Otto-von-Guericke-University, Magdeburg, provides its own tests which are well established and widely reputed, and work is in progress there on creating new tests that emphasise the detection of emerging threats using behavioural analysis. For ten years now the Virus Bulletin has conducted tests on multiple platforms at least annually, although  some doubts have been cast recently on the validity of the results as the VB tests concentrate on signature-based detection of samples drawn from the wildlist, which some commentators suggest no longer fully reflects the modern threat space. All of these are useful sources to inform your product decisions, and it's important to recognise that they are all specialist tests conducted by virus experts - entirely different from often more highly publicised product reviews offered by generalist IT magazines, which frequently concentrate on less crucial factors such as speed, presentation and price.

A slightly different approach is taken by Virus Total. It allows users to upload suspect files for analysis and publishes statistics almost in real time. Although Virus Total does not directly offer product comparisons, it does bring home the point that quite a lot can still slip through the defences of all products. You can't do without AV, but it's not a sole - or even a first line - defence. It's merely one component of a wider protection strategy. Even so, it might as well be pulling its weight, so to remain maximally protected I would recommend an annual review using the results of professional tests prior to renewing your desktop licenses. And whichever product you finally choose, it's probably worth running a different product of comparable standard on your gateway, provided you can establish that they use different detection engines, as some vendors share technologies.

[Update] The Shadowserver Foundation is another very useful source of guidance, particularly on the relative effectiveness of products against newly emerged (zero day) threats.

Delicious

Digg

Reddit

Facebook

StumbleUpon