What antivirus software should I use on a Surface unit?

Like any other computer on your network, you must protect Microsoft Surface units from malicious software. The Windows Defender application (which is included in Windows Vista and on all Microsoft Surface units) is a good first defense against malicious software. But you should also protect each Microsoft Surface unit by using antivirus software. For a list of antivirus vendors, see the "List of antivirus software vendors" article in the Microsoft Knowledge Base.

Choosing an Antivirus Software for Microsoft Surface

When you choose antivirus software for your Microsoft Surface unit, consider the following issues:

  • Look for antivirus software that is designed for non-interactive server environments. The antivirus software should not expose any user interface when the Microsoft Surface unit is running in user mode. That is, the antivirus software must continue to run when the current user mode account (for example, TableUser) is logged on. In user mode, the Microsoft Surface software tries to suppress all user interface items that are not part of a Microsoft Surface application (for example, a dialog box prompt to clean a virus or download an update). In addition, if several such prompts appear in user mode within a certain period of time, the Microsoft Surface software displays the out-of-order screen and disables the unit. Many antivirus packages are built for (or have options for) non-interactive server environments so that all antivirus work occurs in the background and without user interface elements. This type of antivirus software is ideal for Microsoft Surface units.

  • Your antivirus software should provide a fully automatic mode. You will want to perform signature updates, virus removal, and so on without user intervention.

  • You should be able to schedule the antivirus software to run during non-peak use times. Because Microsoft Surface units are designed to be in public venues, schedule the antivirus updates and scanning for a time when users are affected the least.

  • Thoroughly test the antivirus software on a Microsoft Surface unit that is running in user mode before you deploy the software to the rest of your Microsoft Surface units. Some antivirus packages might have problems with some of the customization and startup tasks that the Microsoft Surface software performs when it enters user mode. Some antivirus packages might also have problems with the restricted user rights of the TableUser account. You should also make sure that the antivirus software works correctly when you switch between administrator mode and user mode.

Internal Testing of Antivirus Software

The Microsoft Surface team has tested one antivirus software package: Computer Associates eTrust Antivirus, version 7.1.192. This software is a Microsoft corporate standard for Windows Vista–based computers.

This software has been tested while the Microsoft Surface unit was running in user mode. Based on the tests, this antivirus software is acceptable for running on Microsoft Surface units in a venue.

  • Background virus signature updates. Configure eTrust to automatically download signature updates.

    • During this process, there was no perceptible impact on the operation of Microsoft Surface software. That is, no UI was presented and there was no perceptible decrease in performance.

  • Real-time file scanning. Configure eTrust AV to perform real-time file scanning.

    • During this process, there was no perceptible impact on the operation of Microsoft Surface software. That is, no UI was presented and there was no perceptible decrease in performance.

  • Full virus scan. Configure eTrust AV to perform a full virus scan on the Microsoft Surface unit while it is in user mode. This configuration is not a default configuration.

    • During this process, there was perceptible impact on the operation of Microsoft Surface software. The frame rate of Microsoft XNA–based applications (such as the Water attract application)) dropped to unacceptable level, and the Microsoft Surface unit felt unresponsive.

    • Recommendation: Do not schedule full virus scans when users are using a Microsoft Surface unit.

  • Introducing a virus into the Microsoft Surface unit. While the Microsoft Surface unit is in user mode, introduce an antivirus test file from EICAR.

    On several occasions, the Microsoft Surface unit's behavior was affected significantly:

    1. The frame rate of XNA-based applications dropped to an unacceptable level (5 frames per second [FPS]) and did not recover. The Microsoft Surface unit stayed in this state until it was restarted.

    2. After the restart, Surface Shell randomly failed or stopped responding and the Microsoft Surface unit entered the out-of-order state.

  • Recommendation: Monitor the results of antivirus scans. If a unit is infected with a virus, put it into quarantine and force the Microsoft Surface unit into out-of-order state.

Did you find this information useful? Please send us your suggestions and comments.

© 2009 Microsoft Corporation. All rights reserved.

Community Additions