AntiVir PE from H+BEDV is free for personal, non-commercial use. It's available in English and German language.
Test configuration:
- AntiVir PE 6.26.00.00, July 2nd, 2004, English language
- Windows 2000 SP4 (German)
Structure of the program
AntiVir PE consists of:
- On-demand scanner for Windows
- On-access scanner for Windows
- Scheduler
- Internet update program
The program uses less than 15 MB of disk space and has no superfluous graphical gimmicks.
How it works
AntiVir adds a scan menu item to the Windows Explorer context menu of directories and files.
If this feature is disabled during the installation, you will be able to scan only entire
drives but not single directories or files using the Windows on-demand scanner.
The main program lets you select which drives to scan. It displays a list of drives and next to them a cross which, when clicked, should expand and display a list of subitems (in this case individual folders on a particular drive), but strangely it does not react to mouse clicks.
The main program functions are easily accessible via icons.
Virus detection
AntiVir PE displays several different alert messages, but their meaning is not always clear.
Examples are
- Contains code of the Windows virus W32/Magistr.B
- Contains signature of the Windows virus W95/Spaces.1445.B
- The Trojan horse TR/Worm.RC5.WinInit
- Contains a signature of the (dangerous) backdoor program BDS/Drat-130 Backdoor server
- Contains signature of the joke program Joke/Drain
- Contains signature of the Windows script virus WSCR/Unsafe.D2 (of a HTML file)
- WARNING! Invalid start address! (of a .com file)
- Macro: AUTOOPEN (37 Bytes) contains code of the Word macro virus WM/Minimal.AI
Contains code of the Word macro virus WM/Minimal.AI
The variety of alert messages looks like the result of a commendable effort to display information
on the malicious program at hand as precisely as possible - this is something that other AV
vendors should emulate. The sole exception is the detection message of the EICAR test file:
Contains code of the Eicar-Test-Signatur virus. This could definitely be improved
so as to assure the user of the benignity of this particular program.
Unfortunately some of these error messages are not easily comprehensible and may confuse
the user. What, for example, is the difference between "code" and a "signature"? What is a "start address" and why should the user care about
it? (Note: "start address" may be H+BEDV parlance for the more common term "entry point" which is where the execution of a program begins.)
AntiVir is capable of detecting exotic malicious programs (named "unwanted programs") such as dialers and even games, which can be useful in environments
where games are undesirable.
Unfortunately AntiVir cannot be set to ignore infected files (only infected destroyed files),
which can be annoying in certain circumstances, i.e. when scanning a virus collection, but this
will admittedly not happen very often on an average user's system.
Judging by test results from AV-Test,
AntiVir offers decent protection even though it cannot compete with programs such as KAV or
McAfee. AntiVir is said to produce a rather high number of false alerts but there
are competing products that perform worse in that regard.
The offline virus encyclopedia contains information mostly on old DOS viruses,
so it's not particularly useful.
Updating
The virus definition file, the scan engine and the program itself can be updated easily
using the updater. Unfortunately the definition file is rather large (approx. 1.7 MB at
the moment) and the entire file must be downloaded each time.
New versions of the program have been released very often in the
last few weeks. The size of the archive to be downloaded is 4 MB
each time. Needless to say, if you don't have a fast connection,
this is very annoying.
Hint:
You can often try to update only the antivir.vdf file, which can be downloaded
separately. You should do this only if its version corresponds to the main
program version (if, for example, you are downloading antivir.vdf version
6.26.xx.xx it will probably not work with the main program version 6.25.xx.xx.)
The size of the file is roughly 1.7 MB so it's much smaller than the entire
package. As a precautionary measure you should create a back-up of the old
version of the file before replacing it with the new one.
Support
You can send suspicious files to virus@free-av.com. You will usually receive
a personal answer after a few days. In most cases you will be told that detection
for the virus, if it is one, will be added soon. This promise often turns out to be
true, but not always.
Sometimes it can take a bit longer for a malicious program to be added to the
database.
H+BEDV offers no support for this program, but you can ask questions
in the online support forum which is accessible from their homepage.
Command line version
You can download a DOS command line version separately. DOS versions are usually useful
when you are dealing with a memory resident Windows virus. Unfortunately this does not apply
to AntiVir because the DOS version is very severely limited in that it will not scan
subdirectories (and thus not entire drives either). It will only scan single
directories. F-Prot for DOS is a much better alternative.
Pros:
- Ease of use
- Uses few system resources
- Free of charge for personal, non-commercial use
Cons:
- On-demand scanner is inflexible
- Detection rates are okay, but not impressive
- Updating requires the entire program to be downloaded every time
- The DOS command line version is too limited to be useful
