In computer news this week, 03/20/2001

Testing your anti-virus software to see if it really works .....

I used to have a kitchen fire extinguisher I had bought, but after a few years I couldn't remember how long ago I had bought it. The information on the label said that you couldn't just use a little bit to test it - you would then have to get it completely refilled. So I was always worrying that maybe it wouldn't work in case of a real fire.

All anti-virus software creates a similar catch 22. You can pay a considerable amount of money for a program initially, and then spend your valuable time faithfully downloading the updates for it, and paying the annual subscription fee. But if you never come across a virus, how do you know it would work in the event of a real virus attack, other than your blind trust in the vendor?

Now I've been collecting computer viruses since they first appeared in the late-1980's. I actually have a couple boxes of viruses in my office with skulls and crossbones drawn on them. The first pc world virus was the vacsina virus, which appeared here in Spokane around 1989. It came from a communist block country and infected the command.com of dos computers. I remember that some local computer storeowners I interviewed at the time swore that such a thing could not exist. They're all out of business now, and there's almost ten thousand known pc world viruses around today.

So if I wanted to test my antivirus software, I could pull one of these infected disks out of my virus collection and read the disk or even email it to myself. But I decided to ask an antivirus software vendor if they would send me a virus so I could test their program. I recently reviewed Panda Antivirus software and was impressed with it, so I asked them if they could email me a virus so I could test it against their software installed on my computer.

"Absolutely not !", said their director of technical support. "The company forbids us to send viruses over the internet, no matter what". However, he said that I could download a virus test file from a website - which isn't actually a virus, but is recognized as one by all the antivirus companies.

www.eicar.com is the website. From their main menu click on download virus test file, and be sure to read the documentation on it before you do anything. They provide 4 files, a .com file, a text file, a zipped file and a zipped file inside another zip file, to truly test your software. If your antivirus software is really good it should detect and prevent you from downloading any of these 4 files, which was the case with Panda software.

Eicar's disclaimer reads that they cannot be held responsible when these files or your Antiviral software in combination cause any damage to your computer. You download the files at your own risk and Eicar will not provide any help in getting rid of these files from your computer, and you must contact the vendor of your own software for assistance. From my experiments, your software may allow the file to be downloaded but your software may then make it an undeleteable but defused suspected virus file, which you must delete from the dos level.

So if you're wondering about the effectiveness of your antivirus software, this might be something to investigate to give you a little peace of mind.

For Raw Bytes, This is Frank Delaney

POB 222 Spangle, Wa 99031 (509)245-3736 624-7230