Based on the feedback from the last two articles, here’s the review of some more security products. Remember, the test consists simply of accessing a known malicious website and observing how the security program deals with the attempts to infect the computer. Other tests such as conflicts with other programs, system performance taxing, ease of use, and so forth, were not performed. The whole focus of the test was, can it defend the average user against the main cause of malware infections, visiting a malicious website? Here’s the results:
Avira Premium Security Suite:
Wow. I had so much hope on this one. First round: Malicious website accessed, Trojan-ransom downloaded, executed, computer infected, restarted by itself, when it came back on it was unresponsive to keyboard or mouse input, files were being encrypted in the background. In short, fail.
Bit Defender Total Security 2012:
In my last article Bit Defender 2011 was evaluated. The 2012 version just came out so I figured I’d give it another try and see how it did. The good news: It did better. The bad: Not by much. First, when installing it, it required I uninstalled an antimalware product I had installed (but it was just the free version of it, with no real-time protection features, firewall, or anything like that. Just a good on-demand scanner that I used to clean-up after some of these products failed). Anyways, reluctantly I uninstalled it, at least for the test. At the first try with a malicious website, Bit Defender real-time protection missed the downloaded malicious program. An on-demand scan resulted in an adjudication of benign…
Bad start, I thought. But kept on testing it just to see if it would redeem itself. Surprisingly, all other attempts to infect the computer were blocked by a Bit Defender web filter feature.
It also has a nice sandbox feature that allows the user to run the web browser (Internet Explorer, Firefox, etc.) in an isolated environment so infections stemming from accessing a malicious or infected website can be better contained. The bad about it: the sandbox feature uses A LOT of space and processor power, so probably not good for any computer that is not powerful.
Oh and one more nice feature: One of the available scan modes is “Rescue mode”. In this mode, the computer will reboot and go into Bit Defender’s own little booting zone, separate from the Windows environment, and run and “offline” check (offline in that the computer has not loaded the Windows operating system). You might say, OK and so what is so great about that? Glad you asked. Booting outside the Windows environment allows for those infections designed to hide themselves and block any attempts to eradicate them, to be exposed and defenseless. So for the really really nasty infections, this is very useful. In fact, one malicious file that was missed by Bit Defender AND my favorite on-demand scanner was detected by using this “offline” scan mode. Very nice.
Avast Internet Security 2011:
I had tested this earlier, in fact it was the first one I tested once I put my test computer together. The first time around it failed the test by letting some malicious download execute and failing to detect it as malware. However, the initial procedure I was following to test drive these security suites changed afterwards, so I decided to test it a second time, using the same procedure I used with every other security suite.
This time around AIS 2011 performed well, in fact it almost passed the test. An on-demand scan after a malicious file had been downloaded and executed was missed. But otherwise the real-time protection, web filter and “Safe Zone” (where the web browser is brought up in a sandbox environment) features worked very well. The suite has some nice features such as voiced announcements for certain actions, a “scan at boot time” option that allows it to get to the deeper malware infections, and so on.
Microsoft Security Essentials:
This free antivirus program put out by Microsoft has impressed me from the moment it was released over 2 years ago. Although by no means a complete security suite, it performs surprisingly well as far as detection of recent malware in real time is concerned. MSE performed as well as the best security suites in this series of articles.
They key ingredient in my favorite security model, AppGuard is not a security suite, not even an antivirus, at least not in the traditional way users think of one. AppGuard performs four simple tasks: 1) Prevents applications (programs) from launching (opening) outside of the application’s “legal” zone, thus thwarting most of the infected programs attempt to take over a computer, 2) Prevents programs already running in your computer from changing other programs running in it, thus thwarting one of the favorite infection vectors of malicious processes that might be already running, 3) Prevents programs from starting from a USB flash drive or any such USB storage device, thus thwarting the second most common infection vector (some malicious programs propagate by copying themselves to any existing USB storage device and then copying themselves to the next computer the USB device is plugged into), and 4) Prevents unauthorized programs from accessing your files and documents, thus thwarting hackers’ attempts to get a hold of your data. So in short, it does a lot of thwarting.
Just to show what AppGuard can do, I installed in it my test machine, without any other security program installed, and with the default, out-of-the-box Windows firewall provided in Windows 7 enabled. I then proceeded to infect my computer. I of course had to disable AppGuard’s protection first to be able to open the infected sample file I had chosen. So that would not have even happened had AppGuard been, well, en guarde. With that accomplished, I opened the infected file, a trojan named Zeus, which being the case would make AppGuard’s name Cronus 🙂 . Anyways, the program immediately got busy downloading a second file, creating a third, and that third file was the main executor of the whole operation. I was laughing at how something called Zeus looked so powerless as it kept going in circles trying to inject code to other processes, create other files, establish internet connection with a remote website, etc.
Now, AppGuard is not meant to run alone as a full defense, it’s just an additional layer on top of the traditional antivirus that helps prevent infections when the traditional antivirus misses the mark. For detection, eradication steps, an antivirus is needed. For closing the door to most attack vectors, AppGuard is ideal.
Although the reigning champs in these tests are still Kaspersky Internet Security 2012 and VIPRE Premium, some close competition came from other security companies. But remember, none of the security suites by themselves will provide complete protection unless the 4 elements of protection are implemented in your computer.