You may not have heard of Total Defense, but the company has good anti-virus heritage: Until a year ago, it was the Internet Security Business Unit of CA Technologies, one of the world's biggest vendors of security software. In June 2011, the business unit was sold to venture capital firm Updata Partners, which then established Total Defense.

CA's anti-virus customers, partners, and product development have been transitioned to Total Defense, which maintains an engineering office in India with 400 researchers who develop the main anti-virus engine, study new threats, and develop new anti-virus signatures. Saran Gopalakrishnan, vice president of product marketing for Total Defense, says the company's security products are now aimed at the SMB space. "In fact, we target customers with anything from 25 seats up to 150,000, but we've found the sweet spot is 500 to 1000 users," Gopalakrishnan clarified.

The company sells a range of business security products, and the pure anti-virus offering -- for the Windows platform only -- is called Total Defense Anti-Virus r12.

Pros: Good Management Capabilities

Total Defense's management console is very capable: it runs on Windows Server or Windows 7, and provides you with a web interface for administrators to deploy and manage endpoints running Anti-Virus r12.


Perhaps the most sophisticated feature is the ability to integrate with your corporate Active Directory so that you can impose security policies based on a user's roles in your organization. Pre-defined policies provide administrators with a quick policy deployment option. You can use policies to control all endpoint settings in a granular manner -- and set them to be applied only when outside the corporate network, if necessary.

To make deployment easier in larger organizations, the console has an auto-discovery module that can find unprotected endpoints using network scans, active directory scans, and IP range scans. If you find a new client on the network, the console can in most cases uninstall any existing anti-virus software and then install Anti-Virus r12.

You can also use the console to create blacklists of applications that endpoints should not allowed to execute -- either because the software is known to be malicious, or simply because you do not want those applications running on your network. You can also create whitelists of known applications that are excluded from scans because you know they are not malicious, in order to speed up scanning times.

The management server also controls policy synchronization across all endpoints, and acts as an update server both for the endpoint software and for virus signatures. In larger organization with multiple office locations, you can also use a proxy management server installed at each office to update local endpoints while minimizing WAN traffic.

Cons: Basic Anti-Malware Protection

Anti-Virus r12's protection capabilities are quite basic compared to many alternatives. To a very great extent, the software depends on traditional signature-based protection, although it does also includes some more general heuristics capabilities to detect variants of known malware. Gopalakrishnan also said that the software uses behavioral protection techniques to spot applications that are carrying out suspicious activities such as modifying certain registry entries.

Such capabilities should be considered a baseline for endpoint protection these days, but when it comes to extra levels of protection, Anti-Virus r12 appears to come up short. Although the consumer version of Total Defense's anti-virus product uses a cloud-based reputation network to flag files that other customers have found to contain malware, Gopalakrishnan says that this functionality is not currently included in the business version. Given that Total Defense has a fairly small customer base, it is not clear how effective a reputation system would actually be if and when it is implemented. But companies with large customer bases such as Kaspersky, Symantec, and Avast have developed reputation-based systems that are highly effective at protecting against new threats using information gleaned from customer endpoints connected to their respective threat detection networks.

Gopalakrishnan also confirmed that the product does not include a "live" cloud-based blacklist to protect users from new web sites that have been found to serve malware, and it also lacks sandboxing capabilities to run unknown or suspicious applications in an isolated virtual environment where they are unable to interact or infect the rest of the system.

In sum, Total Defense benefits from highly capable management server functionality, but suffers from anti-malware capabilities that lag behind the competition. Some customers are happy with it, however. "It's easy to deploy, and it runs quietly in the background. I'm very comfortable with it," said Chris Scarbrough, IT manager at California-based certified accountants Kieckhafer, Schiffer. But there are indications that the capabilities of the product are too limited. Speaking off the record, a spokesman for one anti-virus testing lab described the product as offering "low detection rates and many false positives," while a second echoed this, adding that the frequency of virus signature updates is relatively low, which is "not ideal."

Total Defense Anti-Virus r12 is sold exclusively thought Total Defense's partner network, priced at about $20 per endpoint for 1000 endpoints for three years. It runs on most desktop versions of Windows from Windows 2000 onwards as well as Windows Small Business Server 2008, Microsoft Virtual Server 2005 and higher, VMware ESXi 4, and VMware Workstation 6.5 and higher.

Paul Rubens is an award-winning technology journalist who has been covering IT security for over 20 years. He has written for leading international publications including The Economist, The Times, The Financial Times, The Guardian, the BBC, and Computing.