Ottawa PC Users' Group, Inc.
 Product Review 


VIPRE
by Chris Taylor

Every computer that connects to the Internet – indeed, any network – needs to be protected. The oldest and most basic protection is antivirus. According to Wikipedia, antivirus programs date back 21 years, to 1987. Over those years, the changing landscape of malware (a generic term for all malicious code) has forced the constant evolution of antivirus programs to handle many different attack techniques.

As a result, antivirus programs have turned into bloated hulks that can steal incredible amounts of memory and processing power – resources that you bought to do useful work. Nobody goes down to the local computer store and says, “I would like to buy a computer so I can scan for viruses.”

I have gotten used to buying computers with more power than I need just so I have reserve power for the essential tasks of protecting the computer. And that certainly is a solution. But then I ran into a friend Lynda who did not want to spend money upgrading her computer. It is a tired old Pentium III running at 850 MHz with 512 MB RAM running Windows XP. And it is slooooow. I found that the antivirus on it was bogging things down a lot.

I heard of some antivirus vendors who were designing antivirus programs that would not steal huge quantities of memory and processing cycles. One such vendor was Sunbelt Software. They created a brand new antimalware program called VIPRE that they claimed used less memory and had a lower CPU utilization than nine other commercial programs they compared themselves to, including the major heavyweights in the antivirus world, McAfee, Symantec and Trend. I decided to give it a try.

I contacted Sunbelt Software and they sent me two review copies of VIPRE. Why two copies? I wanted to see how it performed on a fairly capable computer as well as an underpowered one. Most of this review is based on my experiences with my laptop computer, an HP Pavilion DV9000, with 2GB RAM, twin 120 GB hard drives, and a Pentium Core 2 Duo running at 1.66 GHz. I am running 64-bit Windows Vista Ultimate.

I removed my current antivirus and rebooted. I put in the CD for VIPRE and the installation proceeded pretty normally and at the end a re-boot was requested. Then the first oddity with VIPRE happened. Nothing popped up when I logged into Windows. There were 2 icons in the system tray. One had a tooltip indicating Active Protection is disabled and Email Protection is disabled. I would expect any new installation of an antivirus program would come up with protection enabled. The other icon, which displayed an exclamation mark, had a tooltip that said Your risk definitions are out of date.

Because I was keeping an eye on things, I noticed that the installation of VIPRE had turned off Windows own antispyware program Defender. This is actually a good thing, as VIPRE includes an antispyware component but I do object to not being told that this is going to happen and why.

I right-clicked the VIPRE icon in the system tray and there was an option to update, so I chose it. A newer version of the entire program came down the wire, uninstalled the old version and installed the new.

After a required reboot, VIPRE’s protection was still turned off. I again chose the option to update and this time it said it was downloading risk definitions. The program reported, Current Version: 0. After several minutes the risk definitions were downloaded and it reported, Current Version: 2229 (2008-09-11 6:05:13 PM). So was all well? Not just yet.

I manually started the main program for VIPRE and was greeted by the notice that I had to complete a wizard prior to using VIPRE. Forgive me if I feel that a program as essential as antivirus should automatically load and take you through any required steps without expecting you to manually start the program. Many people would have just assumed the program was doing its job and not bothered doing anything. Maybe if I had waited long enough, something would have popped up and told me what to do. The CEO at Sunbelt has asked that the next major release runs the wizard automatically on first reboot.

The wizard was clear and easy to follow. One small thing I found odd – at one point you can specify that you want a full scan of your computer done every night. Aside from the fact (in my opinion) that this is overkill to the nth degree, the only option at this point is to run the scan at 1:00 am. You can change it after the wizard has completed, but given all the options the wizard provides, surely it would be a simple matter to allow the person to choose how often they want the full scan done and at what time of day. Sunbelt agrees that I have a valid point and they are looking at changing this.

At the end of the wizard, you are then in a 15-day trial mode unless you enter your registration key. I purposely transposed two digits (I know, I am such a rotten person to actively try to foul things up). VIPRE did not complain and simply left me in trial mode. Again, this is something that some people might not notice and certainly deserves a big warning that you entered an invalid license key.

It offered a demonstration of VIPRE which takes you to the Sunbelt Software web site for a pretty decent overview of the program. Definitely worth watching.

Although VIPRE has the ability to do separate scanning of email, I have not tested this feature. I use two separate email programs – Outlook (with an Exchange Server back end) and Thunderbird (with multiple mail servers with multiple configurations for special ports). From what I can tell from the manual, I will not be able to get it to work given my plethora of accounts and settings.

A quick scan of my computer first scanned in-memory processes, followed by what VIPRE considers “commonly affected areas of your computer.” For me, that came to 23 in-memory processes, 5,000 files, almost 30,000 registry items and over 2,300 cookies. It recommended removal of 161 tracking cookies. It took just over nine minutes to complete the scan.

I ran a deep scan, which scans your entire computer. For my system, that meant 25 in-memory processes, a quarter million files, the same 30,000 registry entries, and 2,500 cookies. Scanning that took two and a half hours. I am not sure why it found an extra couple of hundred cookies to scan.

All in all, I found both times to be entirely acceptable. But I only have experience with three antivirus programs – McAfee VirusScan, Avast!, and VIPRE.

I had some severe performance problems whenever I tried using my email program Thunderbird. Just reading a new message would cause the main process of VIPRE to use 90% or better CPU utilization for up to a minute before finally allowing the message to be displayed. I tried various things and wrote a very detailed email to tech support at Sunbelt Software. There were a couple of email exchanges back and forth with suggestions of things to try and requests for log files. Then I was told, “…this issue is being resolved in the next version of VIPRE, we don’t have a release date for it yet, but it will most likely be sometime in October.” Being September 22nd, I promptly uninstalled VIPRE, installed Avast! and waited for the new version.

I enquired back with Sunbelt Software at the start of November and was assured the problem had been fixed, so I re-installed VIPRE and tested. Thankfully, the performance issues with Thunderbird were indeed fixed.

From a performance point of view, I found no issues with VIPRE on my computer. With the Thunderbird compatibility issues behind me, I never notice that VIPRE’s active scanning is running. And that is the way things should be. I have been a McAfee VirusScan user for many years and it didn’t bog down my computer … most of the time. But every now and then, for no apparent reason, VirusScan would steal about 95% of CPU utilization and go off and do something for maybe up to a minute. It didn’t happen often, but it was maddening when it did. So far, I have not had anything like that happen with VIPRE.

But remember when I spoke of Lynda’s computer? She was using McAfee VirusScan and unfortunately, it had a huge negative impact on her slow, memory-starved computer. Lynda was used to things taking a very long time on her computer. I removed VirusScan and replaced it with VIPRE. I told her it would “probably” give her better performance. Well, she noticed a dramatic improvement in the performance of her computer right away.

I declined to give actual performance numbers in terms of memory used and CPU utilization while scanning, etc. The reason is pretty simple…and complex. Windows is very good at adjusting how it does things depending on the resources at hand. Bits of programs can be tossed from memory when memory is scarce because Windows knows it can always re-load from disk. Prioritization of what program gets to use the CPU is not a simple thing to define either. And even timing how long it takes to load a program from disk to see the effect of scanning the process while the file loads is not necessarily a fair test. Different virus scanning programs can take different amounts of time for different files because of the way they are architected. One program might be better at one file and worse on another. I just really can’t come up with objective tests that will give meaningful numbers.

But I don’t think that leaves me totally out of luck in talking about performance. From a very unscientific point of view, I have come to the conclusion that, if you have a pretty decently powered machine that is currently not showing any signs of being bogged down, I bet just about any antivirus program will probably perform not too badly. Certainly, in my experience, McAfee VirusScan, Avast! and VIPRE all give acceptable performance on my laptop computer. Perhaps the nod would go to VIPRE and Avast! slightly over VirusScan.

But, if you have an underpowered computer that is struggling to keep up, the difference can be nothing short of astounding. VIPRE definitely does use significantly less memory than VirusScan on an under-powered computer and this makes a huge difference. It does seem to also use less CPU cycles and, if you have a slow computer, this can also make a big difference.

Just as an aside, I noticed Avast! also has low memory and CPU utilization.

What really matters with an antivirus program is how good it is at picking up malware. Although I don’t have 20,000 different viruses I can test with, over the last few months there has been an abundance of brand new viruses being spammed to millions of addresses over the course of a few hours. This has presented an opportunity. I decided to see just how quickly various antivirus companies come out with signatures for new malware. I could test quite easily with VIPRE and VirusScan. A couple of other antivirus companies – Sophos and Kasperski – allow you to submit samples online and I used those facilities to see if they already knew about new strains I came across.

I found that no one company was first out the gate all the time with signature files to detect new malware. Nor was any company last all the time. All were pretty good, with updated signatures files to detect new malware generally within 2 days. Occasionally, it took three or four days. If I had to pick a winner, I would give the nod to McAfee.

Outside of performance and ability to detect malware, I also looked at VIPRE from a usability and “fit and finish” standpoint.

The help file talks of the option to Exclude removable drives from scanning and says “It's best to keep this selected all times, except when you are intentionally scanning those external drives.” Of the three types of scanning available; Quick, Deep System, and Custom, only Deep System even has a check box where I can select it. The default is not selected. The help file goes on to say “By default, Quick and Custom scans will automatically exclude these drives.” For Quick scans, I can see the sense of this. But shouldn’t Custom scans allow you to be as thorough as you like?

On my system, I was unable to select the option to enable rootkit detection. The option was greyed out and I could not select it. On Lynda’s computer, it could be selected. Is this because I am running 64-bit Windows? I don’t know. Neither the help file, nor the manual provided any clue.

While the on-demand scanner scans all files, the on-access scanner – what VIPRE calls Active Protection – is set to scan 48 file types, based on file extension. You can add your own file extensions to the list to be scanned, but I could not find an option to scan all files. Even more problematic, I could not see any way to have VIPRE scan the contents of archives, such as ZIP files. This does not create any real danger to my computer because if I try to access anything within a ZIP file, I first have to extract the files to disk and then the Active Protection scanner will presumably catch anything bad. But it would allow me to receive a virus-laden ZIP file and accidentally pass it on to someone else who might not be so well-protected. Sunbelt told me this was done to “greatly improve performance without causing any risk to the user.” I grudgingly have to agree with them. I think their approach is a good one – for most people. I am just paranoid when it comes to malware. It is worth noting that the on-demand scanner scans everything – all file types including files in archives.

When the on-demand scanner finds malware, it provides the name of the malware and the risk level. There is a button you can press to get more details, as shown here.

From there, if you want even more information, the Learn More button takes you to a web site. This is very helpful when you need to decide what action to take, especially if you think you might have run this program before there was a virus definition file that detected it.

Unfortunately, the Active Protection scanner – which is likely to be the scanner that finds most malware – gives much less information about the threat. For example, when copying a file that had a virus, I was told the process that was trying to copy the file, the file it was trying to copy, the fact that it was “known bad”, and the threat ID of 421791. I could find no way to look up information on the threat ID. I would much prefer to see the level of detail the on-demand scanner provides.

For some reason I was never able to figure out, when the Active Protection scanner logs that it found some malware, it always creates multiple log entries. Not dangerous, certainly, but strange, as seen here.

In conclusion, I have mixed reactions to Sunbelt Software’s VIPRE. I think overall, it will do a quite good job of protecting your computer from malware. And really, that’s the main thing. If you have an older computer which has a slower processor or minimal RAM, VIPRE will operate much more efficiently than some of the other big names in antivirus. But I have quite a few little issues with the flexibility in configuring the program, default settings, information the program provides, etc.

Sunbelt Software certainly seems receptive to suggestions. I expect the program will steadily improve in the “fit and finish” areas that I found to be problematic.

If you are the type of person who just installs the program and expects that the vendor is going to configure it right for your needs, you will likely be happy with VIPRE. If you are the type of person who is always looking to tweak things and make sure the program is doing what you want it to do, you might want to look elsewhere for now.


Bottom Line:

VIPRE Antivirus & Antispyware
$29.95 (annual subscription)
$49.95 (site license for all computers in your home, annual subscription)
www.sunbeltsoftware.com/home-home-office/vipre/


Click here to view the full OPCUG website with frames.

Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON  K2G 1S6

The opinions expressed in these reviews do not necessarily
represent the views of the OPCUG or its members.

Send comments or suggestions to the .