[AI] INTERNET-SECURITY SUITES

Sanjay ilovecold at gmail.com
Wed Sep 1 03:02:47 EDT 2010


While all security suites offer roughly the same functionality, their ability to

protect your PC varies tremendously.

Robert Vamosi looks at which internet-security suites you can trust 

Online attackers have created more malware in the past year than in the previous

20 years combined. So it stands to reason that you can no longer rely solely on

traditional definition-based antivirus software and firewalls.

Behavioural analysis, which detects malware based on how it acts, and improved

detection methods have both made their way into the latest internet-security

suites. Behavioural analysis has proved successful in catching new threats that

security vendors have yet to make definitions.

Many suites feature cloud-based components, which compare questionable programs

and files against online databases.

Almost all the security suites we test here also include some form of rootkit

repellent. Rootkits are a type of stealth malware used to hide infections and

have gradually become more commonplace. Together, these changes mean security

suites are able to detect and block malware faster than ever.

Nonetheless, we found significant differences in how well security suites

protect your PC. Norton took the top ranking, owing to its strong overall

malware detection. Kaspersky came a close second. AVG bagged third place for

its malware detection and speedy system performance, while there was little

difference between Avast, BitDefender, McAfee, Panda and PC Tools, all of which

turned in very good performances.

As always, we called on the services of security lab AV-Test ( av-test.org) to

perform real-world benchmarks of how each internet-security suite deals with the

latest web threats. AV-Test looked at traditional signature-based detection,

and also at how well the suites cleaned infections, removed rootkits and

detected malware based on behavioural analysis.

We also took into account the impact a security program has on the operation of

a PC. If it slows your system to a crawl, you may be tempted to dump it for

something less effective or turn it off altogether - a dangerous move. A

battery of tests were used to measure drag: changes in boot times, application

launch times and the time to create or open a batch of documents, among other

tests, both with and without the security suites running.

All the suites had antivirus, antispyware and antispam components, plus a

firewall. Some, such as PC Tools, offered little beyond these core functions.

The rest offered extra capabilities, such as parental controls, online backup

and browser protection.

Here's our rundown of the top 10. 

Avast 5.0 Internet Security 

ukp49 (3 users; 1-year licence) 

avast.com 

Avast 5.0 Internet Security offers all the basic PC-protection features and does

a reasonable job at traditional malware detection. It's also fast. But it fell

short at detecting new threats and lacks some extra features.

The interface has a clean, sophisticated look and is easy to use, yet it also

makes you work a bit: you must tell it how to proceed every time it finds an

infection and you can't proceed with the scan until you attend to the alert

message.

Avast detected all infected files and Registry entries and disabled 93 percent

of the infections. But it removed all traces of malware in only a third of

cases. It found and disabled all rootkit samples, but completely removed only

60 percent. This was the worst rootkit removal score of all the suites here.

Avast's firewall works in a similar way to the Windows firewall, asking you to

designate each network as Home, Work or Public. The Public setting blocks the

most traffic, while the Home setting allows more traffic to come in. Work, a

middle ground, is the default.

The antispam function labels suspected junk with '***SPAM***' in the subject

line. It integrates with Microsoft Outlook and some email clients, and can scan

web-based email clients such as Gmail.

In behavioural detection, Avast detected, disabled and removed only about 27

percent of samples. In signature-based detection, Avast demonstrated a

respectable 96.5 percent detection rate. Avast was the top performer overall in

our system speed tests and near the top in scanning speed.

VERDICT: Avast Internet Security offers good basic protection, being both speedy

and easy to use. For all its classiness, however, we were disappointed by its

shortcomings when it came to detecting new threats.

AVG Internet Security 9.0 

ukp47 inc VAT (3 users; 1-year licence) 

avg.com 

AVG usually sells its solid Internet Security suite for ukp37 per user per year

but, at press time, it was offering protection for three PCs for ukp47.

We rate AVG Internet Security 9.0 highly, as it provides strong malware

detection and disinfection. However, it could be easier to use: its icon-based

feature labelling isn't as clear as it could be and we found it hard to locate

the tools we needed.

Performing impressively in our tests, AVG detected 93 percent of malware

infections and disabled 87 percent of these samples. It could fully remove only

27 percent of them, though. All inactive and active rootkits were identified

and 87 percent of them removed - a figure that was about average for the group.

It earned a perfect score for detecting and disabling infections in behavioural

analysis tests. It also managed to remove 93 percent of malware we threw at the

suite.

Another notable inclusion in the AVG suite is LinkScanner, a tool that looks for

and scrubs malicious content from websites before it hits your browser. This is

slightly different from McAfee's Site Advisor, which identifies and blocks

malicious sites. Linkscanner lets you view the questionable sites, but it still

blocks the malware.

Using traditional signatures, AVG detected 95 percent of malware - not a bad

score, but the top performer detected 99.9 percent.

AVG took a couple of seconds longer than average to boot up. Its impact on

overall system performance was slight, but scan speeds were a bit slow. It took

6 mins 5 secs to scan a 4.5GB file when we opened it.

VERDICT: A strong behavioural analysis tool and the ability to root out and

neutralise most malware make AVG one of the best suites on offer. Single-user

licences are relatively expensive, but if you need to protect several PCs, you

can bag a great deal.

BitDefender Internet Security 

ukp29 inc VAT (3 users; 1-year licence) 

bitdefender.co.uk 

BitDefender provides solid protection at an appealing price, and it has a fresh

new interface that allows you to choose how much or how little information you

see.

The basic display has three large icons and simple text; an intermediate design

shows more detail; while a third lets advanced users fine-tune many of the

settings. Colour status indicators make it easy to see at a glance whether your

PC is protected.

BitDefender was effective at detecting and disabling active infections. It

found all infected files and Registry entries and disabled 93 percent, but it

completely removed only 40 percent. It detected 97 percent of active and

inactive rootkits, disabled 93 percent of active ones and fully removed 87

percent.

It wasn't uniformly impressive, though. BitDefender wasn't great at detecting

and blocking malware based on behavioural analysis, detecting 80 percent of test

samples, blocking 40 percent and removing only six percent. It did better at

signature-based detection, finding 96 percent.

The suite did well in our performance-impact tests, but it isn't one of the most

efficient. Our test PC booted up quickly, with BitDefender improving on the

average startup time by roughly 3.5 secs, for a total of 43.46 secs. Scan

speeds were around average; it took just over 4 mins to scan 4.5GB of data in

our on-access test. BitDefender's technical support is emailbased and we found

its searchable online knowledge base limited in scope. We also found the

program's firewall rather too keen.

VERDICT: The new, user-definable interface is a welcome change to BitDefender,

while the suite has a very attractive price tag. Given the preponderance of

threats and their ability to mutate, however, we were concerned by this

program's behaviour-based score.

Kaspersky Internet Security 2010 

ukp69 inc VAT (3 users; 1-year licence) 

kaspersky.co.uk 

Kaspersky earned high scores for its strong malware detection, efficient

performance and well-designed interface.

Kaspersky's screens are informative without being overwhelming. The main window

includes a left pane for navigation and a right pane showing your options.

Features are organised by general topics, such as My Protection, My Security

Zone, Scan My Computer and My Update Center.

The program proved adept at detecting active malware infections. It detected

all malware samples and disabled 87 percent, but removed all files for only 47

percent of infections. This was about average for the group. Kaspersky, along

with McAfee, found and removed all active rootkits.

It was above average in detecting and disinfecting malware in behavioural

scanning, finding 87 percent of samples, disabling 73 percent and removing 60

percent.

Signature-based detection was another strong area for Kaspersky, with a

detection rate of 97.4 percent. Even so, this impressive result was bettered

elsewhere.

Kaspersky's impact on everyday PC performance is minimal. It beat the average

startup time by 3.5 secs and the suite took 4 mins 48 secs to scan 4.5GB in our

on-access test. However, its new Safe Run mode hampers the host PC's

performance.

VERDICT: Kaspersky earns a Recommended award with a strong feature list. But it

costs appreciably more than the other suites here.

McAfee Internet Security 2010 

ukp43 inc VAT (3 users; 1-year licence) 

mcafee.com 

McAfee Internet Security does a good job of detecting malware, and its

combination of a fresh interface and useful features will appeal to many users.

However, its tendency to slow down the PC it's there to protect is a concern.

The suite's redesigned interface is intuitive but unusual. Sections are called

drawers; click on a section and the drawer opens to reveal the settings and

status of each component. The top portion remains fixed, offering a static

overview of the entire product.

McAfee proved effective at cleaning up active infections; it detected all test

infections, disabled 87 percent and completely removed 47 percent. It also did

well in behavioural detection, detecting 87 percent, blocking 73 percent and

removing 60 percent of samples.

McAfee tied with Kaspersky as the leader in rootkit detection, earning a perfect

score for both detection and removal.

As for old-style signature-based detection of malware, McAfee's performance was

the best of all the suites we reviewed, with a 99.9 percent detection rate.

This suite made for somewhat longer boot times on our test machine. And McAfee

had the slowest on-access scan speed: it took more than 9 mins to scan 4.5GB of

data.

VERDICT: One of the best-known security brands, McAfee does a decent job of

protecting a PC from harm, but its services come at the expense of system

performance.

Norton Internet Security 

ukp49 inc VAT (3 users; 1-year licence) 

symantec.com/en/uk 

Norton has a comprehensive set of features, top-notch malware detection and fair

speed. It was one of the top performers in detecting and cleaning up active

malware infections and earned itself our Best Buy award. Norton found all the

dangerous software, disabled 93 percent of it and removed all traces of two

thirds of it. It detected 93 percent of inactive rootkits and detected and

removed all active rootkits. In fact, our main criticism is of its interface,

which is nicely laid out but hard to read, with orange text on a black

background.

The left panel displays a CPU performance gauge, the middle column has sections

labelled Computer, Network and Web, while configuration options are on the

right.

Norton impressed us with its ability to detect, disable and remove every

instance of malware we threw at it using its behavioural scanner - a stunning

result.

When it came to malware detection based on old-style signature-based tests, it

found 98.4 percent of samples - a figure beaten only by McAfee and Panda.

Norton took 3.9 secs longer than the average startup time, but we experienced

minimal drag in day-to-day operations. Scan speeds were decent, however, with

Norton taking 4 mins 14 secs to scan 4.5GB of data in our on-access test.

We didn't take to Norton's use of proprietary names for security technologies

such as Quorum, Sonar and Insight. These tags poorly explain their use. Quorum

is Symantec's cloud-based detection engine and assigns a reputation to programs

based on several factors; Sonar is Symantec's behavioural-detection technology;

and Insight provides up-to-the-minute data on malware collected from other

users.

VERDICT: The protection afforded by Norton Internet Security is second to none.

Some elements of its design could be clearer - we'd like Symantec to offer

straightforward explanations of its features. Overall, however, Norton is the

best product here and easily earns its Best Buy spurs.

Panda Internet Security 2010 

ukp49 inc VAT (3 users; 1-year licence) 

pandasoftware.com 

Panda Internet Security offers all the basic features, and then some. It

includes 2GB of online backup space and the ability to protect USB devices.

However, its interface is more complicated than it needs to be, using multiple

combinations of both tabs and grouped items. Configuration settings are easy to

navigate, however.

More importantly, Panda's detection of unknown malware falls a little short: its

behavioural detection of new threats was unimpressive. It found 73 percent of

our samples, blocked 53 percent and removed 33 percent.

Conversely, when asked to detect malware using traditional signature files,

Panda gave the second-best showing, with a 99.8 percent detection rate. This

result was just a hair behind the leader, McAfee.

Panda found all active infections on our test PC and rendered 93 percent of

infections inert. It completely removed all files and Registry changes for 33

percent of infections - a lower figure than we'd like. Panda also detected 93

percent of active rootkits and 80 percent of inactive ones.

It was able to completely remove only 87 percent of this stealthy malware,

whereas the top performers in this regard, McAfee and Kaspersky, were able to

detect and remove all rootkits.

The antispam feature adds a toolbar and a spam folder to Outlook and Outlook

Express. Its backup feature can grab documents based on their file type or from

selected folders or drives, and you can back up to Panda's online service. The

parental controls require an account for each individual; by logging in, you

activate the security set for that individual.

Panda slowed down boot times more than any other suite here; our test PC took

54.68 secs to boot up with Panda's suite installed. It had minimal drag on

ordinary operations, but scan speeds were significantly slower than average;

Panda took 5 mins 30 secs to complete our on-access scan test.

VERDICT: Panda's interface needs some work and its detection of new malware

doesn't keep pace with the top performers. However, its parental controls and

USB drive scanners are welcome additions to what is a middle-ranking internet

security suite.

PC Tools Internet Security 

ukp49 inc VAT (3 users; 1-year licence) 

ukp29 inc VAT instore at PC World 

pctools.co.uk 

PC Tools Internet Security is a barebones suite with strong malware detection,

but it lacks the parental controls and online backup features of comparable

suites.

The interface is geared up for the average consumer and the dashboard is

straightforward to navigate. More advanced users may find the simple interface

constraining, however.

PC Tools, now owned by Symantec, detected and disabled all active infections and

also removed 60 percent of active malware - a better rate than that of most of

the suites here. PC Tools also produced fairly strong scores for rootkit

detection; it detected all inactive and active rootkit samples, and removed 87

percent of samples. Although a strong showing, other suites equalled it and

Norton, Kaspersky and McAfee beat it.

We were impressed by the respectable 93 percent score PC Tools racked up when it

came to detecting, blocking and removing unknown malware. In signature-based

malware detection, it caught more than 96.3 percent of samples. We were pleased

to see that having PC Tools installed didn't weigh down our test machine. Our

PC took 43.1 secs to boot, several seconds faster than the average. We found

applications a mite slow to launch and software took a bit longer to install

than it would otherwise, but in day-to-day use we noticed little impact on how

the computer performed with PC Tools protecting it.

Curiously, the suite's on-access scanner was the fastest, scanning 4.5GB of data

in under 3 mins. However, its on-demand scanner was by far the slowest.

VERDICT: PC Tools pairs some strong malware detection and disabling abilities

with a good price and an easy-to-use interface. This makes it ideal for users

who are happy to stick to the basics. Its on-demand scanning is slower than it

ought to be, however, and it doesn't offer many customisation options.

Trend Micro Internet Security Pro 

ukp49 inc VAT (3 users; 1-year licence) 

uk.trendmicro.com 

Trend Micro offers a competitive and complete package for internet security, but

its malware detection lags somewhat. Its interface is easy to read and use and,

while the configuration options can get quite advanced, first-time users will

find the defaults sufficient.

Trend Micro found all the active malware infections on our test PC and disabled

87 percent. It completely removed 47 percent.

The suite was strong at detecting rootkits, but it was a little behind the pack

at removing them. It detected all inactive rootkits and 93 percent of active

rootkits, and it removed 73 percent of the samples, versus the average of 87

percent.

Trend Micro also put in an average performance for detection and disinfection

through behavioural scanning, detecting 93 percent of samples, blocking only 60

percent and removing 40 percent.

Trend Micro was the worst of the group at signature-based malware detection,

catching 89.4 percent of samples. On average, the internet-security suites in

this group test were able to detect between 96 and 97 percent of samples.

The suite's impact on system performance was mixed. Our test PC started up in

42.4 secs - about 4.5 secs faster than the average boot time. We saw little

drag in the PC's daily operations. On-access scans were much slower than

average, however; Trend Micro Internet Security Pro scanned 4.5GB of data in 7

mins 26 secs.

Trend Micro includes a full range of technical support options with how-to

videos, a searchable knowledge base, and PDF manuals for download. Free email,

chat and telephone support is available during business hours. The Pro version

also includes Wi-Fi hotspot authentication and the ability to warn you if a web

link you're about to click on is suspicious.

VERDICT: Trend Micro Internet Security Pro has plenty of features and is easy to

use. However, it falls short of the top contenders at malware detection. It's

a decent security suite but is bettered by the rest of the pack.

Webroot Internet Security Essentials 

ukp39 inc VAT (3 users; 1-year licence) 

webroot.co.uk 

This suite is in essence Webroot's SpySweeper antivirus/antispyware software

with a firewall, an antispam utility, backup software and web browsing

protection thrown in. But it lacks the parental controls that are common in

other internet-security suites and falls well short when detecting and

disinfecting new malware threats. Its interface is generally serviceable, but

can be cryptic and unintuitive.

Webroot detected and disabled all active malware infections on our test machine

and it removed all traces of 60 percent of the samples, an above-average result

compared to the rest of the suites. Webroot detected 93 percent of inactive

rootkits and all active ones, but removed only 87 percent of rootkit samples.

Although it detected all the samples in our behavioural-analysis tests, Webroot

blocked only 27 percent of samples and completely removed only 13 percent. In

traditional signature detection, it found 96.2 percent of samples.

Webroot generally had a low impact on our test system's performance, but bootup

time (48.4 secs) was a little on the slow side. However, on two performance

tests (repeatedly copying a file and creating a file), Webroot took longer to

complete the task than almost any other suite in this round-up.

Scan speeds were on the slow side, too: it took 5 mins 34 secs to scan 4.5GB of

data in our on-access scan test.

Webroot offers free technical support by phone, but only on weekdays from 7am to

6pm. The company also offers PDF versions of the suite's manual online, as well

as a video tutorial for the installation process.

VERDICT: Webroot Internet Security Essentials provides built-in backups and is

competent at detecting and disabling active malware. It's not so adept at

spotting new threats, however, and its slow on-demand scans are a drawback.

THE PERFORMANCE HIT 

We included a battery of tests to evaluate how internet-security suites affect

your PC's speed. Our testing, conducted by German security lab AV-Test,

measured 11 key aspects of a suite's impact on PC performance: boot time,

application launch time, file copy operations, application-installation time and

more. We also looked at how quickly a suite will scan your PC for viruses and

other malware.

Avast 5.0 Internet Security had the least impact on system performance, with

faster-than-average scores in all tests and very good scan speeds.

While top-ranking Norton Internet Security didn't do as well as Avast, it put up

very good scores overall, although performance dragged a little more than

average in a couple of tests. Norton also had faster-than-average scanning

speeds.

Another big name, McAfee Internet Security, was one of the weaker performers

here. It had a heavier-than-average impact on PC performance in most tests and

its on-access scan speed (which simulates how well a suite can scan for malware

when files are opened or saved to disk) was the slowest of all the suites we

tested.


Technical telepathy: 09969636745
Saints are not always saints; sinners are not always sinners.
  



More information about the AccessIndia mailing list