Virus Scanners for NT

Jonathan Chau

September 30, 1996

22 Min Read
ITPro Today logo in a gray background | ITPro Today

Defend yourself against the bad guys

When was the last time you had a cold?Some little germ invaded your body and made you tired, achy, and chilled, butyou were probably still functioning. You probably had a major irritation but nota life-threatening situation. Your doctor most likely gave you antibiotics andscolded you for not getting a flu shot three months ago.

Everybody knows the analogy between human and computer viruses, but youusually hear about computer viruses only in dire terms--Ebola instead of a cold.The bad news is that computer viruses are rampant on the Internet and intranetsand in this network-happy world. The good news is that a surprisingly smallpercentage of users ever suffer a loss from a virus. Most computer viruses arejust plain annoying, much like the common cold. Few evolve into destructivestrains.

To protect your computer from catching a cold or something worse, you needto scan for viruses. Most virus scanners perform two tasks--detecting virusesand inoculating your computer against them.

Virus scanners have gone through many generations of change to keep up withthe new virus strains. Many of the latest viruses aren't even executable files.Malicious pranksters have written Word and Excel macros that attach themselvesto documents. You can infect documents on your system and not realize whatyou've done until it's too late. For example, at a Professional Developer'sConference, Microsoft recently distributed a CD-ROM that was infectedwith the Word Prank macro virus.

With the booming popularity of online software distribution, you now havethe tools to purge sophisticated new viruses soon after they hit. So, many virusscanner vendors now distribute minor upgrades on the Internet. Because newviruses emerge weekly (sometimes daily), virus scanner vendors need to let youdownload an update with the latest virus definitions monthly. For example, whenthe recent Laroux virus (the first Excel macro virus) made headlines, McAfee andSymantec offered detection and cleaning routines on their Web sites.

If you connect to any network, you need to invest in a virus scanner andschedule regular scans. Whether the release of virus scanners for Windows NTsignals its growing popularity or is a sign of the times, NT virus scanners havebeen appearing at an amazing rate during the past year. At press time, as manyvirus scanners are available for NT as for Windows 95, which is incredible giventhe installed base of each OS. Small start-up vendors are diving intothe NT pool, and established companies such as McAfee, Symantec, and S&SSoftware International are porting their virus scanners to NT.

NT alone protects itself from viruses that can infect other operatingsystems: NT's built-in protection can ward off viruses attempting to directlyaccess hardware such as a hard disk. But what happens when NT isn't running?Boot-sector viruses can still affect systems because their damage occurs duringboot-up. Viruses that exist on the system before you install or upgrade to NTcan cause installation problems--the dreaded Blue Screen of Death.Unfortunately, the scanners in this review can't clean your system before youinstall NT, so you will want to scan your system with a DOS or Win95 virusscanner before installing NT for the first time.

No one has detected any NT-specific viruses at press time. Still, you need avirus scanner to catch boot-sector viruses that can affect NT systemsand any viruses that are on your hard drive.

Putting Scanners to the Test
Selecting a virus scanner that best meets your needs can be a challenge. Soto help you evaluate the pros and cons of each package, I've gathered andevaluated six leading scanners for NT. I reviewed Carmel Software Engineering'sCarmel Anti-Virus, S&S Software International's Dr Solomon's Anti-VirusToolkit, Cheyenne Software's InocuLAN, Symantec's Norton AntiVirus Scanner(NAVSCAN), Sophos's SWEEP, and McAfee's VirusScan with NetShield. All thescanners in this roundup offer sufficient virus protection and deserve a spot onyour NT system. But which ones pull ahead of the pack? Table 1 rates eachscanner's features. The sidebar, "Editor's Choice," on page 59,explains how I reached my selections.

I installed each application on a late beta build of NT Server 4.0. Most ofthe virus scanners ran on NT 4.0 and on NT 3.51; however, some choked on NT 4.0,and McAfee's offerings refused to install on anything other than NT 3.51. Inthose cases, I ran the scanners on NT 3.51 Server. The test system was a 133MHzPentium with 32MB of RAM.

The tests focused on ease of use, network support, and virus detection rateagainst a test bed of common viruses. I also looked at less apparent features,such as configuration, scan scheduling, and--most important--product updates.

To test each scanner, I compiled a random list of 207 stealth, polymorphic,and boot-sector viruses in the wild and compressed them in PKZIP archives. Someof these viruses were new when I tested for them.

Carmel Anti-Virus 1.6
For the past year, Carmel Software Engineering's Carmel Anti-Virus forWindows NT has been popular. Carmel provides excellent local virus protectionand decent network protection for NT, but other scanners have leapfrogged Carmelin terms of looks and feature set.

I downloaded the beta version of 1.6 from Carmel's Web site. You can findit at www.carmel.co.il/demo.htm. Installing the software was easy, although theinstallation program doesn't have NAVSCAN's or InocuLAN's flashy splash screens.

Carmel's user interface is intuitive and simple in appearance. Carmel takesa bare-bones approach to file scanning. Rather than trying to entertain you withpaper flying between folders, Carmel simply displays a status box containing thenumber of files scanned, the number of viruses found, and the name of the filethe product is scanning.

Carmel maintains a database of NT system files on your hard drive andperforms cyclical redundancy checks (CRCs) against that database on every scan.Screen 1 shows this verification process.

During the tests, Carmel crashed occasionally. In all fairness, I wasrunning beta code, but seeing the program crash during a routine scan concernedme.

Carmel is clearly for local desktop use. Network options are limited toscanning mapped drives, and notification features are all but nonexistent. Infact, Carmel lacks remote alert support, so you have to read separate log filesfor each Carmel installation. At the very least, a centralized log system wouldmake Carmel more convenient on a network.

Carmel Software Engineering offers virus definition updates on its onlinesites (GO CARMEL on CompuServe and www.carmel.co.il/update.htm on the Internet).Unfortunately, the definitions I found there were almost three months old, whichis ironic because the company states on the same Web page that new virusesemerge weekly. Carmel detected 140 of 207 viruses with the most recent (April)virus definitions.

Although Carmel lacks other scanners' sophisticated features and high virusdetection rate, Carmel has distinct advantages that make it a good choice fordesktop use with a network scanner. For example, Carmel's file checksumverification is a handy feature that can help ensure your system's safety. Ifyou need a standalone or network scanner, however, look elsewhere.

Dr Solomon's Anti-Virus Toolkit 7.60
Dr Solomon's Anti-Virus Toolkit for Windows NT from S&S SoftwareInternational has several advantages, including a flexible event scheduler andconcise manuals. Dr Solomon's ships with both a DOS and an NT version. The DOSclient is a nice touch if you dual-boot between NT and DOS/Windows 3.1x orWin95.

Installing the scanner was as easy as inserting two floppies and pointingthe installation program to a local directory. The installation program lets youset the event scheduler service to start scanning automatically on every boot,or manually.

For some reason, Dr Solomon's scans the system executables after itcopies its program files to the hard drive. Although the Dr Solomon's programdisks are permanently write-protected (the disks don't have a write-protecttab), you can replicate certain viruses in DOS simply by copying files.

Dr Solomon's network support is on a par with the other scanners in thisreview, but less capable than InocuLAN's domain and notification support. DrSolomon's lists mapped drives in a drives dialog, so you can select and scanthem and your local hard drives. Because Dr Solomon's supports command-lineoptions, you can scan network shares that have universal naming convention (UNC)filenames. Notification features are available as a command-line switch thatlets you set up a batch file to automatically broadcast a network message whenthe program detects a virus on the network.

The Dr Solomon's user interface reminds me of the old Central Point PCTools virus scanner for Windows. Commonly used features appear as buttons, soyou can quickly scan or repair files without going through a series of menuselections. For all the features Dr Solomon's supports, it does a good job ofkeeping the user interface clean and uncluttered.

Unfortunately, the Dr Solomon's configuration lacks certain importantfeatures such as file exclusion and inclusion by extension. You can, however,include or exclude predefined file types (such as executable files, data files,and compressed archives): Select Find Virus options, which is tuckedaway in the user interface. The options dialog is easy to miss if you work withthe program's buttons rather than the menus. Although most default settings aregood, I prefer a more flexible and comprehensive configuration that lets me setup the Toolkit to my liking.

Dr Solomon's puts the other virus scanners to shame by successfullydetecting 186 of the 207 viruses on my hard drive, the most of any scanner inthis review. By default, Dr Solomon's disables support for compressed archivefiles, including the popular pkzip format, because virus files must be unzippedto execute. I re-enabled it by selecting a check box in the Find Virusoptions dialog. The viruses I tested for were zipped in individual archives,so Dr Solomon's would have skipped those files in a real situation.

Rather than hooking into the NT Scheduler service, Dr Solomon's installsits own scheduler, which is similar to the Win95 System Agent. This scheduleradds an extra service to NT (and thus, additional overhead) but provides aconsole to schedule jobs and adds features that NT's Scheduler service lacks. DrSolomon's scheduler supports several user-specified events, including everythingfrom launching applications to broadcasting messages over a network. As Screen 2shows, with an easy-to-use console, you can set up events such as a weekly fullnetwork scan.

Dr Solomon's scheduler is the most versatile one in this review. Whereasthe other schedulers let you run a daily or weekly virus scan, Dr Solomon'sgives you more opportunities to run events at regular intervals. For example,the scheduler can scan when the PC is idle at the 10:00 am coffee break, lunch,and the 2:00 pm coffee break.

One of Dr Solomon's most welcome features is missing from other softwarepackages: a set of hard-copy reference manuals. This set includes one programmanual for NT and one for DOS and Windows versions, and a hard-copy virusencyclopedia of common virus definitions. Chapter 1 of the program manualdescribes a virus and its characteristics and is a must-read for anyone on anetwork or online service.

Unfortunately, Dr Solomon's Anti-Virus Toolkit falls short when it comes toprogram updates. Rather than offering electronic updates, S&S Software has asubscription service to deliver quarterly or monthly updates, depending on yoursubscription plan (quarterly updates are free the first year). Clearly, thisapproach isn't acceptable because media updates are far less convenient and costeffective than electronic updates. However, S&S puts field updates on theWeb in case of emergency.

Dr Solomon's Anti-Virus Toolkit is well respected in the virus researchcommunity, and the program detected more viruses than any other antiviruspackage in this review. However, I can't overlook its deficiencies, includingits lack of configuration options and electronic updates. If you're looking fora good, solid virus scanner and are willing to pay for updates after the firstyear, Dr Solomon's is an excellent choice. If you prefer flexibility andinexpensive, easily accessible updates, consider other options.

InocuLAN 1.01 (build 48)
Cheyenne Software'sInocu-LAN for Windows NT was one of the first virus scanners for NT and remainsone of the finest on the market. InocuLAN offers top-notch detection routinesand a powerful network server interface.

Although InocuLAN's manual pales in comparison to Dr Solomon's, thedocumentation is good, but technical. The documentation includes a hard copy ofcommon virus definitions that's not as comprehensive as Dr Solomon's VirusEncyclopedia. Still, it's a welcome addition to the package.

Installing InocuLAN was easy. I inserted the CD-ROM (as part of theARCserve data recovery package) and ran setup.exe. From there, Iselected the program directory and let the installation program copy the filesand create the program groups. I had some initial problems with InocuLAN and NT4.0: The scanner froze when I tried to use it. Installing the latest build ofInocuLAN (from ftp.cheyenne.com/pub/InocuLAN/) rectified that problem.As Screen 3 shows, InocuLAN truncated long filenames into 8.3 filenames in thebuild I tested, but Cheyenne has fixed this in the newest build.

InocuLAN is easy to customize. You can tweak most execution aspects, suchas which drives to scan and how much CPU time a scan can consume. These optionsalso extend to scheduled tasks. For example, during the day, InocuLAN can run abackground network scan that takes as little CPU time as possible and at night,run one that takes as much of the CPU as the scanner can get.

InocuLAN is primarily a server product, so it installs as a service and hasa client/server architecture. InocuLAN for Windows NT Server installs on an NTserver and manages the InocuLAN services. The server component also maintainsscan times on the network, so you can create and schedule scan jobs on other NTmachines. The other component, InocuLAN for Windows NT Manager, is the clientthat performs the scanning. This client gives users enough access rights to scantheir workstation without administrator or server intervention, but the serverstill tightly controls privileges. InocuLAN groups machines into domains,usually with one primary server and other member servers controlling theclients. The program stores and manages all information on the primary server tokeep the other machines' configurations synchronized.

InocuLAN's notification options are without equal. With Alert Manager, youcan set the server to email, page, broadcast a message, send a Simple NetworkManagement Protocol (SNMP) trap, or print a trouble ticket when the scannerdetects a virus. The pager option is handy, but the coded messages are cryptic,so I recommend the pager alert only when it's absolutely necessary. Because ofInocuLAN's domain model, you can have the program notify groups of users whenthe scanner detects a virus.

Cheyenne Software regularly provides virus definition updates for InocuLANat its online sites (GO CHEYENNE on CompuServe and www.cheyenne.com/CheyTech/Download/virussig.html on the Internet). I downloaded the version 3.20definitions and set InocuLAN loose on the test viruses. InocuLAN scanned thezipped archives and detected 153 of 207 viruses. According to Cheyenne Software,the next version of InocuLAN (4.0) will have an automatic definition updatefeature like Symantec's LiveUpdate.

InocuLAN, as its name implies, is an excellent tool for heterogeneousnetworks driven by NT servers. The product's advanced notification features andexcellent client/server architecture make InocuLAN an essential utility for anynetwork. For desktops, however, InocuLAN is probably overkill.

Norton AntiVirus Scanner 1.0
When I reviewedSymantec's Norton AntiVirus Scanner (NAVSCAN) for NT in April, it stood up wellto the competition. That fact surprised me for one reason--NAVSCAN is free (it'salso available as part of the commercial Norton NT Tools package). Forcomparison, I reviewed the initial release of NAVSCAN for NT, althoughSymantec plans to release an update (possibly commercial) by the end of thisyear. It will feature parity with the Win95 version of NAV.

I downloaded the 1.8MB file from Symantec's site at ftp.symantec.com/public/software/win95nt/nav and ran the self-extracting installation executable.Installing NAVSCAN was easy. First, the installer ran a system scan. Then, aseries of wizards helped me point the setup program to a directory to extractthe files from and set up a common program group on the Start menu.

At first glance, NAVSCAN appears to be a simple application that lackssophisticated features of the other scanners in this review. But NAVSCAN'ssimple interface is deceiving. You can do full system and network scans with theclick of a button. As you delve into the program, you find advanced featuresthat let you include and exclude files, customize detection notification, editevent logging, and change alert messages. You can even customize NAVSCAN's virusdetection notification options. By default, NAVSCAN displays a dialog thatprompts you to delete, clean, or ignore an infected file. From the options box,you can set NAVSCAN to automatically delete, clean, or skip infected files.

For scanning network drives, NAV-SCAN includes only the bare essentials. Itviews each mapped drive as a local drive, letting the software scan all drivesconnected to the server equally. Unfortunately, NAVSCAN doesn't support remotenotification, so the server can't notify an administrator if the program detectsa virus. Also, you can't update all versions of NAVSCAN on a network from acentralized location.

Unlike its Win95 counterpart, NAV-SCAN for NT uses the NT Schedulerservice, so you need administrator rights to schedule scans. Unfortunately,NAVSCAN supports only one scan a week. You can set up unattended scans to runmore often, but you have to write a batch file or set up an AT task.

Symantec places monthly virus updates on its online sites (GO SYMNEW onCompuServe, keyword SYMANTEC on America Online, and www.symantec.com/avcenter orftp.symantec.com/public/AntiViruDefs/nav/ on the Internet). Theseupdates are usually comprehensive and add detection and cleaning capabilitiesfor the latest viruses, including Word and Excel Prank macros.

One feature I'd like to see Symantec carry over from the Win95 version isLiveUpdate. It automates Symantec product updates by connecting to Symantec'sBBS or FTP site, downloading the update files, and installing them behind thescenes. With NAVSCAN for NT, you have to update manually.

With the August 1996 definitions, NAVSCAN detected 153 of the 207 testviruses, which is good considering some of the viruses were new as of late July.NAVSCAN had no trouble detecting the zipped viruses. My only complaint aboutNAVSCAN's detection routines is that it doesn't save log files in a plain textformat.

Documentation for NAVSCAN is available electronically as an Adobe AcrobatPortable Data Format (PDF). You can also download the manual from Symantec'sonline sites. As Screen 4 shows, NAVSCAN comprehensively describes viruses,covering virus characteristics and sizes, how widespread the viruses are, andwhat they infect.

NAVSCAN is a good all-around virus scanner. Although it lacks crucialadministrator features for network use, as a desktop virus scanner, NAVSCAN isthe pinnacle of power and simplicity.

SWEEP 2.88
I was surprised to see that Sophos assigned a version number of 2.88 to itslatest revision of SWEEP. This new version contains enough features to safelycall it SWEEP 3.0. The most significant addition is a GUI. Previous versionswere console-mode applications.

Unlike SWEEP 2.75 (for a review, see Tim Daniels, "Virus Scanners,"October 1995), SWEEP 2.88 includes an installation program with a mock wizardinterface. You can install a local scanner or a server scanner. I opted for theserver installation, and with a few clicks of the mouse, I had the program readyto run.

For a first-generation user interface, SWEEP's GUI is incredibly functionaland aesthetically pleasing. A toolbar (complete with a novelty radar statusindicator) lets you access commonly used functions. Below the toolbar,three tabbed dialogs let you schedule scans and select which drives to include.

SWEEP's configuration options are brief but cover the essentials. You caneasily modify the standard configuration options with SWEEP's tabbed dialog, butSophos also threw in several unique options such as the ability to check onlyparts of files that might contain viruses and the ability to set how much CPUtime to give the scanner. SWEEP can even scan for Macintosh viruses, acapability that comes in handy on heterogeneous networks.

Like InocuLAN, SWEEP has a client/server architecture for its networksupport. The NT Server component, InterCheck, installs on a central server(SWEEP also ships with InterCheck for Win95), and SWEEP clients install on allother machines. Sophos also ships DOS and Windows clients, so non-NT machinescan communicate with the InterCheck server. SWEEP takes digital fingerprints ofevery file on each client machine and stores these fingerprints on local andremote databases. This process is fairly lengthy (my clients have 2GB to 4GBdisks, and the process took almost 45 minutes per gigabyte), but you have to gothrough this fingerprinting only once. SWEEP excludes inoculated files duringsystem checks unless it detects a discrepancy between the file and its database.When you add new files to the system, SWEEP runs the same fingerprinting routineand then inoculates the files.

SWEEP's notification options aren't as strong as those of its primarycompetitors, InocuLAN and NetShield. As Screen 5 shows, you can set SWEEP tobroadcast messages over the network, but the program doesn't support beeper oremail notification. SWEEP does, however, write to the Event Log and store logsin flat ASCII format in a shared directory on the server. So you can use a texteditor to analyze data in the logs.

SWEEP's scheduler is less comprehensive than that of Dr Solomon's. To setup a job, you simply click SWEEP's Add button on the Schedule tab and configurethe scheduler with a set of tabbed dialogs. The scheduler can set up a job torun on multiple days or run multiple jobs to check different files at varioustimes on different days.

SWEEP detected 149 of the 207 test viruses. S&S Software and Sophos arethe only vendors whose scanners require hard updates. Rather than sending outdefinition updates, Sophos sends new software installation disks. Because youcan update all clients from a centralized server, incorporating these updatesisn't a problem--except for the inconvenience of having to install the programevery month. SWEEP definitions are pure ASCII text strings that Sophos calls itsVirus Description Language. Because SWEEP uses these text strings for itsdefinitions, you can receive urgent updates via email or fax and essentiallycreate your own definitions.

Sophos rebounded from a mediocre 2.75 release to a strong 2.88 release, andSWEEP (on ftp.sophos.com/pub/ evaluation/sweepnt) is worthconsideration. Unfortunately, better and more cost-effective server andworkstation scanners prevent SWEEP from pulling ahead of the pack. Sophos haspacked a lot into what appears to be a maintenance upgrade, so keep your eyesopen for the promising 3.0 release of SWEEP.

VirusScan 2.5 with NetShield 2.5
McAfee's VirusScan has a long, proud heritage in the DOS world. Although thecompany has offered top-notch versions of VirusScan for DOS and Windows 3.x foryears, the NT version is disappointing.

The VirusScan NT manual suggests you install NetShield on NT Server and useVirusScan on NT Workstation. I found out this recommendation isn't just asuggestion--it's a requirement. VirusScan NT is strictly for NT Workstation, andNetShield is for NT Server, which the setup application enforces. Although othervirus scanners installed and ran well under NT 4.0, VirusScan NT did a strictversion check to make sure I'd installed the scanner on NT 3.5x. BecauseNetShield includes VirusScan (which McAfee calls the console component), I basedmy review on NetShield running on NT Server 3.51.

NetShield installs as a service, with the program acting as a console fromwhich you scan and clean infected files. Although the console doesn't provideone-click scanning, you can easily work with the tabbed dialogs, context menus,and toolbars. To scan connected hard drives (local or network), you launchVirusScan NT from the console.

You also configure scheduling from the console. NetShield uses the NTScheduler service, and the Scan Wizard makes scheduling a scan task easy: Yousimply follow the prompts and fill in the scan times. To configure the scantasks optimally, you have to access five properties sheets, as opposed to onedialog in NAVSCAN. But NetShield's vast dialog options allow greater scanningflexibility than NAVSCAN. You need administrator privileges to do full systemscans.

NetShield's notification options come close to matching InocuLAN's. You canconfigure NetShield to send broadcast messages, pager alerts, SNMP, emailnotification via a Simple Mail Transfer Protocol (SMTP) server, or a print-outwhen the scanner detects a virus. NetShield logs information in the Event Logbut doesn't record specifics. For example, VirusScan doesn't log the number ofviruses it finds on a hard drive but inserts an Infected Files Foundmessage in the Event Log. NetShield with the latest updates detected 147 of the207 test viruses--the second lowest detection rate of the scanners in thisreview.

The NetShield and VirusScan NT manuals are excellent. This documentationisn't as comprehensive as that of Dr Solomon's, but step-by-step instructionstell how to install, configure, and run the products. Although McAfee doesn'tprovide printed virus definitions, the company publishes a list of viruses onits Web site.

McAfee updates virus definitions monthly for NetShield and VirusScan NT onits site at ftp.mcafee.com/pub/ antivirus. NetShield and VirusScan NT offer anAutoUpdate feature, as you see in Screen 6. It runs a script to automaticallyupdate the scanners.

NetShield and VirusScan NT are decent products, but they seem less refinedthan the other products in this offering, partially because of their poorintegration with NT's services. For example, VirusScan needs to provide moredetailed information (such as the number of viruses detected) in the Event Logand have more flexible scheduling options. McAfee's version checking can be aproblem because you have to update the software every time you upgrade NT.

McAfee offers 30-day trial versions of VirusScan for Windows NT andNetShield for Windows NT on its Web site, so you can give them a spin. Bothprograms are excellent scanners with good network support, and I have no doubtthat McAfee will continue to polish the code until it shines. But for now, youcan find better solutions that do more with less hassle.

TABLE 1: Comparison of Features

Carmel

VirusScan/

Anti-Virus 1.6

Dr Solomon's 7.60

InocuLAN 1.01

NAVSCAN 1.0

SWEEP 2.88

NetShield 2.5

Electronic Updates

Poor

n/a

Excellent

Excellent

n/a

Excellent

Installation

Good

Excellent

Good

Excellent

Good

Excellent

Configuration (Ease of Use)

Good

Good

Good

Excellent

Good

Good

Configuration (Flexibility)

Poor

Poor

Excellent

Excellent

Good

Excellent

Notification

Poor

Good

Excellent

Good

Good

Excellent

Scheduling

Good

Excellent

Excellent

Good

Good

Good

Cleaning

Good

Good

Excellent

Excellent

Good

Good

Network Support

Poor

Good

Excellent

Good

Good

Good

Detection Rate*

140

186

153

153

149

147

EDITOR'S CHOICE
I was pleasantly surprised at the versatility and quality of thescanners in this review. Although some scanners run only on NT 3.51, I'mconfident that the vendors will update their products for NT 4.0.

Most of these virus scanners are first-generation NT versions, so I'm notsurprised that each program has unique strengths and weaknesses. The mostimportant factor in this review is virus detection, and Dr Solomon's Anti-VirusToolkit, InocuLAN, and NAVSCAN clearly lead the others. Although Dr Solomon'sdetected the most viruses, its lack of electronic updates and poor networksupport kept it out of the running for editor's choice. I have to give theeditor's choice to InocuLAN for its superior enterprise support and NAVSCAN forits ease of use, regular updates, and­best of all­its price. WithCheyenne and Symantec both offering electronic updates, I'm confident thesepackages will catch up to Dr Solomon's excellent detection rate whilemaintaining the same solid features that both packages are known for.

Carmel Anti-Virus for Windows NT 1.6:

Carmel Software Engineering (Israel) * 972-48-416976Web: www.carmel.co.ilEmail: [email protected]Price: $129 (each for fewer than 10 users)

Dr Solomon's Anti-Virus Toolkit for Windows NT 7.60

S&S Software International * 800-701-9648Web: www.drsolomon.comEmail: [email protected]Price: $79 to $89 (estimated)

InocuLAN for Windows NT Server 1.01

Cheyenne Software * 516-465-4000 or 800-243-9462Web: www.cheyenne.comEmail: [email protected]Price: $995

Norton AntiVirus Scanner for Windows NT (NAVSCAN) 1.0

Symantec * 408-253-9600 or 800-441-7234Web: www.symantec.comPrice: Free (also available with Norton NT Tools)

SWEEP for Windows NT 2.88

Sophos (Alternative Computer Technology) * 513-755-1957Web: www.altcomp.com.virus.htmlEmail: [email protected]Price: $293

VirusScan 2.5 for Windows NT WorkstationNetShield 2.5 for Windows NT Server

McAfee * 408-988-3832Web: www.mcafee.comPrice: $65

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like