The State Of Security - “Suite” Isn’t A Dirty Word Anymore

Security software is something that most users liken to eating vegetables: We know they’re good for us, but they can leave a bad taste in our mouths. A few years ago, security software developers started adding extra layers of security to what they simply used to call their antivirus programs, generally adding so much bloat, complexity, and system slowness that users start swearing off particular vendors and their products. Believe it or not, we’re happy to report that the times have changed. The vegetables are tasting better. Two developments account for these improvements. The first was massive user revolt: Users directed their rage at security software vendors, and the vendors have listened, spending serious manpower on performance optimizations to keep computers spry. The second basically boils down to the availability of fast, cheap hardware. A $500 computer bought today is five or 10 times faster than a $1,400 computer bought three or four years ago, and a $1,500 computer bought today might as well be a 5-year-old supercomputer. In other words, the modern computers most CPU readers have are finally capable of good performance, even while running security software.


How We Tested
We had several conversations on online gaming forums to get a sense of what power users’ concerns are with security software, and the results were intriguing. General slowness due to background tasks is always a concern, but scheduled background scans and update downloads occurring during gaming, movie viewing, or other periods when performance is important is a big problem, too, so we focused on these areas first. There was a general assumption among the forum community that security effectiveness and ease of use were similar among competitors, so we checked them all out against viruses, spyware, legitimate servers, and illegitimate worms. Most users wanted simplicity, but some still wanted options and detailed controls, so we determined which software had what and how easy it was to use. We checked that bundled utilities performed as advertised.

Web-usage statistics, along with Valve’s Steam gaming engine statistics, show Windows XP still being used between two to four times as much as Vista. And because Windows 7 will soon be pushing Vista out of the marketplace, we tested with WinXP SP3. Valve shows more than 50% of users have CPUs ranging between 2.3GHz and 3.3GHz, and 70% have 2GB or more of RAM; instead of using a low-powered test system (which artificially highlights speed differences in the products), we chose a representative 3GHz Core 2 Duo-based computer with 4GB of RAM and two SATA hard drives to show the real-world effects of installing security software. If you’ve skipped ahead to the charts, you’ve seen that the test system was never overwhelmed by any security suite, though there were definitely measurable differences in speed with many tests. For the record, we also used slower systems and virtual machines for some threat testing and network compatibility. (Note: All prices listed are for a 3-PC license.)


About Malware Detection Rates
Although we’re including the results of our malware-detection and healing tests (performed against real malware collected with our own honeypot and mail servers), it’s time to mention something about statistics and sample size. Outfits such as AV Comparatives (www.av-comparatives.org) have teams of technicians spending months running most of our tested products against a malware “zoo” consisting of 1.3 million malware samples. Having decidedly less resources, we selected 25 malware items and one infected thumb drive to test against. There’s no telling if our sample is a representative subsample of AV Comparatives’, or indeed, of the types of malware spreading about in the real world at any given time, so directly comparing our detection rates with AV Comparatives’, or anyone else’s (and there are others you can and should Google for), isn’t terribly meaningful.


AVG Technologies AVG Internet Security 8.5
$64.99
AVG Technologies
www.avg.com
● ● ●
AVG’s free antivirus program is among the most popular security products on the Internet, so you’ve probably seen it around. As such, AVG Internet Security feels very familiar, essentially adding a two-way firewall, spam filter, drive-by download and phishing shield, and antirootkit abilities to the traditional antivirus/antispyware engine. This is a model most of the security vendors have taken with their suites, but AVG’s interface feels more cluttered than most. AVGIS also feels familiar because it essentially follows the security model of yesterday—deluge the user with security questions all the time, but don’t always be clear about the best course of action. For example, when it detects malware in a download, a pop-up proclaims “Threat Detected” and identifies the infected file and the threat it contains, usually followed by a Close button. Nowhere does the dialog box actually say “threat deleted” or “don’t worry, your computer is safe.” On top of this, the dialog stays up indefinitely, requiring you to pause your work to click it. For some threats, you’re given the option of Heal, Move To Vault, or Ignore with a Remove Threat As Power User checkbox; it seems sensible until you realize that many other products would automatically move the threat to the vault and not bother you with the details. The firewall pops up similar dialogs about network access to most wellknown programs and Internet games, even going as far as to jump to the Desktop so you can click Allow, although launched games resume where they are paused. Many other firewalls “automagically” know about thousands of “known-good” programs and just let them work. Other noteworthy aspects include better- than-average spam filtering, the best 3DMark06 score (though they’re all within .2% of each other), a default setting to scan within compressed files, and the identification of a well-known email password- recovery program as a “potentially dangerous hacking tool.”


Avira Premium Security Suite
$78
Avira GmbH
www.avira.com
● ● ● ●
Avira distributes what is generally the second-most-popular free antimalware program, and like AVG, Avira Premium Security Suite feels a lot like its free cousin, but with more features added. Also like AVG, APSS tends to annoy its user with a lot more pop-ups than necessary, and they contain options likely to confuse. Upon detecting our infected USB flash drive, for example, it popped up a warning identifying the offending file and the infection but made the user select one of the following options: Move to Quarantine, Delete, Overwrite And Delete, Rename, Deny Access (default), and Ignore. If you’re a virus researcher, such options are nice to have, but in almost every other situation it should automatically move the malware into quarantine. Pop-ups are the standard operating mode for the firewall, which even managed to freeze Counter-Strike: Source in its tracks until we ALT-TABbed to the Desktop to view the firewall permission dialog box, clicked the Allow button, and ALT-TABbed back. And then we had to do it again for another component in CS: Source that wanted to get online. It also popped up warnings about the occasional ICMP packet being detected from the Internet—something no other security suite did. On the positive side, APSS tied Eset for the fastest PCMark05 score, and its Web scanner proxy actually sped up large downloads from our test server on the LAN. Its AV Comparatives detection rates were the best. Its interface offered the right combination of ease and access to technical details. We’d be more willing to overlook Avira’s (and AVG’s) issues if these products were free or inexpensive, but the competition has it beat here too, with some being half the price.


BitDefender Internet Security 2009
$39.95
BitDefender
www.bitdefender.com
● ● ● ●
BitDefender Internet Security 2009 feels like the most flexible suite from the moment you fire up its installer, because it peppers you with question after question about your home network, parental and identity control, and so forth. Most other utilities make you dive into the interface to configure these options, or they just turn them all on by default and assume you’ll figure out how to disable them if you need to. Most of the utilities aced at least one of our performance or security tests, but not BitDefender, although this is forgivable given its low price. Its pop-ups are very straightforward and make it clear that it’s on the job and taking care of problems as it finds them. The firewall doesn’t seem to know much about good and bad applications, as it asked us about almost every Internet-accessing program we had, except for obvious programs such as Web browsers, emailers, and WinZip. One unique option is a removable disc scanner, which asks to run a scan whenever a new disc or flash drive is inserted—very handy in this era of infected thumbdrives. Most of the utilities have a game mode, which tells the software not to display any pop-ups that would interfere with fullscreen games, movies, etc. Some of the better utilities enter game mode automatically, but BitDefender requires you to enter game mode manually. Background updates sometimes require a reboot, which interrupted us more than once. BitDefender’s main interface has two modes, Simple and Advanced, and it’s a good way to minimize confusion for most users. Simple mode basically lets you enable or disable various areas of protection in a broad stroke, while the Advanced mode opens up all the options and fine details. We love all the tools available in Advanced mode, but Basic is a little too busy, considering the options you can’t select there.


Eset Smart Security 4
$89.99
Eset
www.eset.com
● ● ● ● ●
Eset’s security programs are known for being light on resources, and Eset Smart
Security doesn’t disappoint. It added the least amount of time to a reboot (just three extra seconds!) and tied for the best PCMark05 score. We were pleasantly surprised by its high level of “smarts.” (But then again, “smart” is in its name, so we shouldn’t have been.) Better than almost any other suite, ESS knew what to say and when to say it. When it detects a downloaded virus, for example, it pops up a small red alert dialog box, which identifies the infection, the infected file, and simply says “Connection Terminated—Quarantined.” Its game mode fires up automatically when it detects programs running fullscreen. The firewall immediately recognized almost every Internet program, remote-control applet, and online game in our arsenal and let them communicate with the Internet without prompting us, yet it was smart enough to just block our firewall-leaktest program. Although our leaktest program wasn’t really malicious (which is important when considering Norton’s actions), we think ESS made the smart call on this. The ESS interface has two modes, Standard and Advanced. Standard has the bare minimum of commands, but they are the right ones a beginner really needs. Advanced adds a few more options front and center but makes the Setup menu available with direct access to configuration options. Some options that are typical in other products are either slightly hard to locate or simply absent, forcing the user to rely on ESS to make the smart choice automatically. The only glitch we encountered was with our download speed test. Between two LAN machines, speeds slowed to a crawl (slower than DSL rates), yet we saw no slowdown on downloads from the Internet. Eset Smart Security’s smarts and speed make it the most expensive choice here, but if you don’t want to be bothered by your security suite, the cost is worth it.


Kaspersky Internet Security 2009
$79.99
Kaspersky Lab
www.kaspersky.com
● ● ● ●
Kaspersky’s security products are generally thought of as the preferred tool for experts, and we can see why. It combines excellent detection rates with very clear on-screen messages, but makes no attempt to simplify the process of keeping your system secure. All the settings and configuration options are sort of hanging off the interface every which way (there’s no basic mode), and current protection statistics and live graphs and charts line every screen in its tabbed interface. If you like being asked about almost every program your security suite encounters, you’ll love KIS. For example, it identified our gaming keypad’s driver as “a potentially hazardous program,” asking if we wanted KIS to run it, delete it, or assign it to a restricted group. Run and Delete are obvious, but the Restricted group is something different. KIS can selectively prohibit apps from having access to the network, the file system, or the Registry, sort of like “sandboxing” them. None of the tested products identified clean-but-not-legal keygen applets as malware (years ago they used to), but KIS was the only one to offer to run them in a restricted mode, preventing them from doing anything untoward. Even the excellent spam filter is expert-oriented: It divides messages into “definitely spam” and “probably spam,” minimizing the messages you need to double-check once the system is trained. KIS is not without drawbacks. It generated the slowest CS: Source and 3DMark06 benchmarks, and, in fact, we had to disable it before 3DMark-06 and PCMark05 would even start. (We manually re-enabled it after starting the benchmark programs.) Its firewall was slow to react to a port scan, stealthing many ports only after a scan commenced.


McAfee Internet Security 2009
$44.99
McAfee
www.mcafee.com
● ● ● ●
McAfee Internet Security is the surprise low-price leader among the major vendors, with a per-computer price of only $15. And although it did relatively poorly with our relatively small malware zoo, it has the second-highest detection rate in AV Comparatives’ more statistically significant test. It receives definition updates almost constantly and will even update itself to next year’s version automatically if your subscription is active when McAfee performs the switchover, making it an even better deal. MIS automatically enters game mode when fullscreen applications are running, suppressing the pop-ups that would kick you to the Desktop, but it doesn’t stop it from performing scheduled tasks or getting updates, which can slow things down occasionally. Many of the suites now duplicate McAfee’s Site Advisor, a pioneering service that shows you how malware-free a Web site is from the results of a search engine search, though we found it a tad more sensitive than the competition. It is easily disabled if you’re not with the “better safe than sorry” crowd and doesn’t take up a lot of browser space. MIS does a good job of clearly explaining what it’s doing. It quickly dispatches viruses with a clear “McAfee has automatically blocked and removed a Virus,” and the firewall messages are similarly clear, although we encountered them more than we would have expected with popular network applications. With virtually no training, the spam filter was right 99% of the time, obviously benefitting from McAfee’s server-side training based on all its users’ input. Our biggest problem with MIS was a general level of sluggishness. It took a good 4 seconds from Tray icon doubleclick to being able to work with the GUI, whereas a lot of other suites are instantaneous. Navigating to certain sub-screens takes a moment, too, discouraging experimentation.


Norton Internet Security 2009
$59.99
Symantec
www.symantec.com
● ● ● ● ●
In the recent past, Symantec was justly targeted by angry users for bloated versions of NIS that slowed computers down, sometimes dramatically. NIS 2009 is a whole new ballgame. The main NIS interface has two CPU bars—one showing overall CPU usage and another showing how much CPU time NIS is consuming, obviously attempting to prove that your slow computer isn’t Symantec’s fault. Other speedboosting tricks include never performing a background scan or downloading an update unless the CPU is idle, actively freeing RAM when the program is idle (its idle RAM footprint is an almost unbelievable 4.5MB), and taking inventory of known-good executables on your hard drive (and recording their checksums) and then skipping them during system scans to make scans faster. The main GUI appears instantly upon double- clicking its Tray icon, and subscreens open instantly, too. NIS has just one mode (no basic and advanced modes here). Instead, the relatively simple GUI has multiple Settings links that delve deeper into more options. It takes up too much on-screen space but works well. You may not need to get to detailed configuration settings often because NIS is just about as smart as Eset, almost always making the right choices about what to block (and telling you so unambiguously), what to quarantine, and what to leave alone. It let our leaktest program open ports unopposed, but this, debatably, isn’t a dangerous program per se, and NIS’ heuristics accurately detected this. Although NIS 2009 is a spry application, it’s worth noting that benchmarks were generally average, and the antispam filter needed a lot of training before it approached the effectiveness of the competition’s untrained filters. Still, NIS is an excellent combination of price, speed, and features and worth a second look if you’ve been burned by Symantec before.


Panda Internet Security 2009
$79.95
Panda Security
www.pandasecurity.com
● ● ● ●
Panda Internet Security is a very attractive, easy-to-use security program that just needs slightly better pricing, a little more smarts when dealing with nasties (or, in our case, a false positive), and a bit of a diet. We have only slight qualms with PIS’ detection model. When we tried downloading test malware, Panda’s concise message of “This file was infected with this virus and was deleted” appears directly in the content area of the Web browser window and clearly says what it does, which is great. Infected compressed files, on the other hand, generated no message and actually downloaded and saved, but the ZIP files themselves were empty. PIS silently took care of the problem. Viruses in ZIP files detected with heuristics were renamed with a .VIR extension, which is important to note since our legitimate passworddetecting program was renamed in its ZIP file. When we extracted it and renamed it back to an EXE file, it worked fine. A manual scan of it resulted in its being quarantined, meaning the background scanner plays by different rules than the on-demand scanner. PIS isn’t especially well suited to gamers. There’s no game mode (it started downloading an update during a CS: Source benchmark; we threw out that test result), and it consumes a whopping 158MB of RAM when idle. The firewall didn’t recognize some popular Internet applications and games that other security suites simply allowed without a pop-up. That said, it makes a good security suite for the general populace. The clear interface invites exploration, and it comes with the most well-written Help file. The spam filter’s only mistake was marking a few newsletters that had imbedded ads as spam before training, and PIS’ rescue CD (like Norton’s) makes recovering a thoroughly infested Windows installation possible.


Trend Micro Internet Security Pro
$69.95
Trend Micro
us.trendmicro.com
● ● ● ●
We haven’t looked at a Trend Micro security product for a while and are pleasantly surprised at the innovative features tucked into the current version of TMISP. However, a general slowness in opening the interface, along with a fairly dramatic increase in most filerelated benchmarks, has us hoping the engineers at Trend can give TMISP a NIS2009-like speed boost in the future. Additionally, its lack of inclusion in the AV Comparatives’ (and other large-sample) tests has us wondering about its overall efficacy against malware, though it aced our limited tests. TMISP clearly announces when it blocks malware and confirms your system is safe, so there are no decisions you need to make to stay malware-free. It also wisely decides which applications to automatically grant network access to and which to block, though manually overriding the built-in smarts is simple. All the products in this roundup come with some sort of Web filter or phishing filter, but TMISP’s Web site safety filter actively blocked our malware test server on our test machine after only about eight virus detections. Our other test machines were blocked from their first visit to our malware test server only a few days later. You can’t get infected from a site you can’t connect to, right? An additional button on the browser toolbar evaluates the security of your wireless connection, handy in coffee shops and other hotspots. Although it lacks either an automatic or manual game mode, some interesting features include a keystroke encrypter to foil keyloggers, a remote file vault to back up important files, and an Internet filter that monitors and optionally prevents the transmission of information such as credit card numbers, telephone numbers, and so forth.


Recommendations
Each of the suites has its strengths and weaknesses, but we’re pleased to report that none of the suites we tested will slow down a reasonably modern computer. For those seeking a lightweight suite that doesn’t deluge you with questions and pop-ups, we recommend Eset Smart Security and Norton Internet Security, depending on whether you want the utmost speed in benchmarks or merely very good speed with more security features, respectively. Control freaks and techies who like lots of options should consider Kaspersky Internet Security.

Source of Information : CPU Magazine 07 2009