Manualshelf

User manual

ManualsBrandsAVIRA ManualsOtherFREE ANTIVIRUS
12345678910
Product Review: Mac Security July 2013 www.av-comparatives.org
-5-
particular folder or drive. We check the OS X Finder context menu to see if the program has added a
scan entry; this is not essential, but nonetheless a very convenient method of running a scan on a
particular drive or folder. In the case of paid programs, we look to see if the subscription
information (or a link to it) is displayed in the main program window; the user should know when it
would be necessary to renew the subscription, in order to keep the Mac protected at all times.
Finally, we check whether the help feature is easily accessible.
Particularly for a family computer, it is important that users with non-administrator accounts should
not be able to deactivate important functions of the antivirus program such as real-time protection.
We therefore log on to our test Mac using a non-administrator account (specified as such in the
settings of the antivirus program, if necessary) and attempt to disable real-time protection, and
then to uninstall the program completely.
A useful function in an antivirus program is the ability to schedule a scan, so that the computer will
be checked regularly for malware without the user having to remember to do it. We look to see if
each program in our test configures a scheduled scan by default, and how to set one up if not. We
also note any options as to what should happen if a scheduled scan is missed.
We try to find out what sort of notification each program provides in the event that a threat is
discovered. To do this, we use AMTSO’s Feature Settings Check pages
(http://www.amtso.org/feature-settings-check.html). This is intended to test the functionality of
the features of antivirus programs using the EICAR test file (manual and drive-by download), a
similar PUA (potentially unwanted application) test file, a test phishing site, and a test of cloud
protection. The latter works by using a test file similar to EICAR, the definition for which is only
ever kept in the cloud, not locally, by all participating vendors. We must stress that using the
Feature Settings Check is NOT a detection test, and a program should not be considered inferior if it
fails to respond to one of these tests. We have used it in this review purely as a means to
demonstrating the alerts produced by a Mac antivirus program when a threat is discovered. We feel
that when a threat is discovered, a good antivirus program should inform the user that this has
happened; if a web page or download is blocked without any explanation, the user will very probably
just be confused as to why this has happened. A warning message should make either clear that the
threat has already been blocked/quarantined, and that no further action is necessary, or have a
clear default option such as Block/Delete/Quarantine, which does not require the user to make a
decision about whether a page or file is safe. Any option to view the page/download the file, to be
used by advanced users, should be significantly less obvious/less accessible than the default “safe
option.
The last area of each program that we look at is the documentation and help features offered by
each vendor. These may include user manuals, a local help feature, online help and knowledge base
articles. We feel that at a minimum, a program should provide some guide to everyday tasks such as
updating and scanning, ideally illustrated with screenshots. A search function, whereby the user can
type in a term such as scan exclusions without having to browse through all available articles, is
also highly desirable.
To conclude our review of each Mac antivirus program, we summarise our overall impressions and
note any areas where we feel the software is very good, as well as suggesting possible
improvements.