Viruses: Network filtering

Product	Web	Email	IM	P2P	Usenet
BitDefender
eTrust EZ Antivirus
fPROT
Kaspersky
McAfee VirusScan
Norman Virus Control
Norton AntiVirus
Panda Antivirus
The Shield

Filtering

Email

Email protection doesn't work with encrypted email, and doesn't work with webmail. Saved attachments will be caught by the real-time scanner anyway.

Web

Web filtering is useful to fight off JavaScript, Java, and Active X attacks. Also, it can include blocking access to whole sites that send out malware.

Instant Messaging

Instant messaging is more and more a vector to send junk to other people. It's the new email. Some of this junk exploits various holes in different IM clients, and filtering helps stop that.

P2P

P2P software is always evolving, and constant evolution means buggy clients. Buggy clients means people can exploit them.

Usenet

Usenet clients are pretty sturdy. That's where spam and network abuse started, and they've had a decade to work themselves out.

This is not fighting the problem people think it is. Real-time virus scanning catches all viruses, no matter how they get in. Just because you don't have 'web filtering' doesn't mean you can download a virus from a web page and run it, the real-time scanner will catch that. If it's a file that gets handed to you, you're safe.

What filtering protects is clients. The problem isn't files you download and execute. They can come in as part of the communication with another computer, like in email headers or a malformed instant message. These exploit problems in Outlook or AIM or whatever is talking to the other computer.

These exploits are often used to download and execute viruses, which as we said, the real-time scanner will catch. This is how almost all worms spread. However, they can do other things like hand you spyware or show an ad or other stuff that virus scanners won't pick up. They can do anything to your computer, and a lot of it can't be caught, it looks like the client wanted to do that. So filtering is a good idea.

Other Protections

Heuristic scanning

Attempts to detect virus-like behavior, like writing to executable files or altering timestamps to hide activity.

Script blocking

Stops scripts and batch files from executing without permission.

Script blocking is not that useful in fighting standard viruses, as viruses almost never use scripts. Don't worry about it.

Heuristic scanning almost never works, because viruses are smart enough to know what it's looking for and operate just under the thresholds. But that's not to say it never works, just that it's not worth basing a purchasing decision on.

Plugins

Various antivirus software installs 'plugins' or 'addons' to net-facing software like email or web browsers, to watch incoming data within various programs. Useful if you have that program, but don't base your purchasing decision on them.