Daily Archives: July 25, 2011

Test Drive – Major Brands’ Security Suites

As mentioned in my most recent article, I recently put together a computer with the exclusive purpose of being a test machine, a guinea pig to evaluate software and so forth. Well, I’m glad to report that I’ve been busy testing away. In fact I tested all the major brands’ top security suites, the test consisting of installing it in my test machine, visiting known malicious websites that have malware in it and will try to infect the computer that visits them, and observing detection and handling effectiveness of the security program in such environment. Here’s a summary of my test results, in no particular order:

Panda Global Protection 2012:

What a disappointment. It was doing so well in the beginning when visiting malicious websites… and then it let one through. And then tried to contain the infection… and failed.

Simple operations like decompressing some files became 5 times slower than with other protection suites.

Norton Internet Security 2011:

It was doing so well… on downloading any files it automatically scans them and labels them as safe or a risk and handles accordingly. But while doing my standard test, at about the 5th round, it let a malicious one right through… some ransomware, no less. It was game over. So 1 out of 10 or so is not too bad. I wouldn’t say crap, but can’t give a thumbs up either. Best to stay away probably.

AVG Internet Security 2011:

What a disappointment. Or not really. I didn’t have a good impression of AVG despite its popularity, based on the amount of computers I’ve had to disinfect that were being “protected” by it. Like Norton, it used to be good years ago but not anymore. At the first TWO attempts to visit malicious websites, it succumbed. Crap, like I thought. Stay away from it, or walk away if you have it.

BitDefender Total Security 2011:

Fail. At the first attempt to download a malicious file and run it, it allowed it. Then the firewall, which I had set to explicitly alert of any outbound connection attempts (such as the ones that infected programs will attempt to establish in order to “phone home”) alerted me that the program in question was trying to access the internet, but the scan engine had adjudicated that it was not malicious and therefore legit! This is what happens when you depend on a signature-based scan engine. Anyways, fail.

ESET Smart Security 4:

Another failure. Detected some, missed others, had to be bailed out with a good on-demand scanner that found what ESET had missed. Firewall also feels a little quirky if put in interactive mode.

Zone Alarm Internet Security Suite:

Well, we seem to be having a bad day in cyber-security world, aren’t we? I had a lot of hope in Zone Alarm, but nooooo. To its credit, it started pretty well. The first attempt to infect the computer was not caught when downloading a malicious file, or even trying to open it (although it did prevent a malicious change to the system by alerting and giving the option to allow or deny it) but an on-demand scan of the downloaded malicious file was met with a labeling of malicious. However a couple of samples later, it simply failed to detect or stop  a trojan infection aptly named “Zeus”. An on-demand scan yielded no results. Some people swear by Zone Alarm. I can’t say I recommend it.

VIPRE Antivirus Premium:

A small  letdown. Not because VIPRE didn’t perform well compared to others – in fact it was the best among the ones tested in this article – but because I had the highest hopes for it. It is in fact my current choice of antivirus for my own computer. But alas… when testing it, on the very first malicious link, let’s be honest, it did detect that the website itself was malicious, thanks to its web filter module. But when I disabled it to see what the scan engine and real-time protection modules could do, they both failed. A malicious file was downloaded to my computer, and neither downloading it nor opening it was met with any protest from the real-time protection module. Then did an on-demand scan of the file and again, nothing malicious found. But truth be told, that malicious file would not have been accessed if the web filter was on. So I continued testing. Second round, same exact thing. Oh well, at least without crippling any active modules, VIPRE did come out on top.  More than what can be said of the rest test programs in this article.

Trend Micro Titanium 2011:

It was a joke 4 years ago when I first used it, and it still is. First attempt at a malicious website, Trend Micro got caught flat-footed. Didn’t do anything. The Windows 7 firewall blocked an outgoing connection attempt and Trend Micro’s suite didn’t even know what was going on. Fail.

McAfee Total Protection 2011:

McAfee’s detection rate and general effectiveness has been such a joke in recent years, I wasn’t even going to test the 2011 Total Protection suite. But then I thought, let’s be impartial and have no preconceived ideas, may be they finally got it right… I was wrong. Or right, depending how you look at it. Let’s just say when I first installed it and attempted to visit the first few malicious links, McAfee actually detected, neutralized and destroyed them. But by the 4th and 5th, it was same ol’ McAfee, oblivious to the infections affecting the computer. So scratch that one as well.

 

Conclusion:

in these recent tests, only Kaspersky Internet Security 2012 and VIPRE Antivirus Premium survived unscathed. Kudos to the respective software makers.

Something better than just all the Security Suites tested is what it would take to be reasonably safe in today’s computer world.  As I said in my pivotal article of 2 years ago, most of these security suites would have withstood the test attack if used in conjunction with AppGuard by Blue Ridge Networks in the 4-prong model described in the article. The fact that the model is still valid 2 years later, in such a dynamic subject like computer security, speaks for itself.