As mentioned in my most recent article, I recently put together a computer with the exclusive purpose of being a test machine, a guinea pig to evaluate software and so forth. Well, I’m glad to report that I’ve been busy testing away. In fact I tested all the major brands’ top security suites, the test consisting of installing it in my test machine, visiting known malicious websites that have malware in it and will try to infect the computer that visits them, and observing detection and handling effectiveness of the security program in such environment. Here’s a summary of my test results, in no particular order:
Panda Global Protection 2012:
What a disappointment. It was doing so well in the beginning when visiting malicious websites… and then it let one through. And then tried to contain the infection… and failed.
Simple operations like decompressing some files became 5 times slower than with other protection suites.
Norton Internet Security 2011:
It was doing so well… on downloading any files it automatically scans them and labels them as safe or a risk and handles accordingly. But while doing my standard test, at about the 5th round, it let a malicious one right through… some ransomware, no less. It was game over. So 1 out of 10 or so is not too bad. I wouldn’t say crap, but can’t give a thumbs up either. Best to stay away probably.
AVG Internet Security 2011:
What a disappointment. Or not really. I didn’t have a good impression of AVG despite its popularity, based on the amount of computers I’ve had to disinfect that were being “protected” by it. Like Norton, it used to be good years ago but not anymore. At the first TWO attempts to visit malicious websites, it succumbed. Crap, like I thought. Stay away from it, or walk away if you have it.
BitDefender Total Security 2011:
Fail. At the first attempt to download a malicious file and run it, it allowed it. Then the firewall, which I had set to explicitly alert of any outbound connection attempts (such as the ones that infected programs will attempt to establish in order to “phone home”) alerted me that the program in question was trying to access the internet, but the scan engine had adjudicated that it was not malicious and therefore legit! This is what happens when you depend on a signature-based scan engine. Anyways, fail.
ESET Smart Security 4:
Another failure. Detected some, missed others, had to be bailed out with a good on-demand scanner that found what ESET had missed. Firewall also feels a little quirky if put in interactive mode.
Zone Alarm Internet Security Suite:
Well, we seem to be having a bad day in cyber-security world, aren’t we? I had a lot of hope in Zone Alarm, but nooooo. To its credit, it started pretty well. The first attempt to infect the computer was not caught when downloading a malicious file, or even trying to open it (although it did prevent a malicious change to the system by alerting and giving the option to allow or deny it) but an on-demand scan of the downloaded malicious file was met with a labeling of malicious. However a couple of samples later, it simply failed to detect or stop a trojan infection aptly named “Zeus”. An on-demand scan yielded no results. Some people swear by Zone Alarm. I can’t say I recommend it.
VIPRE Antivirus Premium:
A small letdown. Not because VIPRE didn’t perform well compared to others – in fact it was the best among the ones tested in this article – but because I had the highest hopes for it. It is in fact my current choice of antivirus for my own computer. But alas… when testing it, on the very first malicious link, let’s be honest, it did detect that the website itself was malicious, thanks to its web filter module. But when I disabled it to see what the scan engine and real-time protection modules could do, they both failed. A malicious file was downloaded to my computer, and neither downloading it nor opening it was met with any protest from the real-time protection module. Then did an on-demand scan of the file and again, nothing malicious found. But truth be told, that malicious file would not have been accessed if the web filter was on. So I continued testing. Second round, same exact thing. Oh well, at least without crippling any active modules, VIPRE did come out on top. More than what can be said of the rest test programs in this article.
Trend Micro Titanium 2011:
It was a joke 4 years ago when I first used it, and it still is. First attempt at a malicious website, Trend Micro got caught flat-footed. Didn’t do anything. The Windows 7 firewall blocked an outgoing connection attempt and Trend Micro’s suite didn’t even know what was going on. Fail.
McAfee Total Protection 2011:
McAfee’s detection rate and general effectiveness has been such a joke in recent years, I wasn’t even going to test the 2011 Total Protection suite. But then I thought, let’s be impartial and have no preconceived ideas, may be they finally got it right… I was wrong. Or right, depending how you look at it. Let’s just say when I first installed it and attempted to visit the first few malicious links, McAfee actually detected, neutralized and destroyed them. But by the 4th and 5th, it was same ol’ McAfee, oblivious to the infections affecting the computer. So scratch that one as well.
Conclusion:
in these recent tests, only Kaspersky Internet Security 2012 and VIPRE Antivirus Premium survived unscathed. Kudos to the respective software makers.
Something better than just all the Security Suites tested is what it would take to be reasonably safe in today’s computer world. As I said in my pivotal article of 2 years ago, most of these security suites would have withstood the test attack if used in conjunction with AppGuard by Blue Ridge Networks in the 4-prong model described in the article. The fact that the model is still valid 2 years later, in such a dynamic subject like computer security, speaks for itself.
Your four-prong model is a good idea, but I feel it bears mentioning that it’s the fourth one that’s the most important: If you’re smart enough with your browsing habits, you can probably get away with discarding one of the other layers. I’ve been using the internet for years with various different security suites and, to my knowledge, haven’t gotten any malware on my system that wasn’t detected.
The problem with AppGuard is its main selling point: it takes too much information away from the user. Removing information that a user might not understand is good for novice users, but the dearth of information can make what’s there hard to understand even for relatively advanced users. On the “High” security level (which is what it defaults to) AppGuard basically blocks everything that it doesn’t already trust. Which makes sense, I’ll grant you, but it also blocks things like Folding@Home by default, and the absolutely arcane system settings make it very hard to let applications you know are safe run on “High”. You can go down to Medium, and this seems to alleviate most problems, but I have no idea what I’m losing by doing so.
Also, would you mind testing Avast? At the moment, its free version (which only includes an antivirus, not other components like a firewall) is the highest rated antivirus program on download.cnet.com’s user rating system.
Bah, ignore my last paragraph, I missed the “more security suites” part on the sidebar. :/
While I agree that the browsing habits are key, and you might not have gotten infected, I’ve seen malware that behave like true “ice darts”. It gets in, does it damage, and then deletes itself. I’ve also seen non-malicious websites get poisoned by hackers and infecting a number of computers before being detected.
Regarding AppGuard, the application is not perfect and there certainly is room for improvement. I am actually one of the beta testers of the newest version, which should be released very soon, with users-feedback-based modifications. Future releases are also planned with other improvements. I have had the chance to exchange ideas with the Product manager at Blueridge Networks, and the roadmap for the application is towards getting to be easier to use while keeping its powerful features. But the important point is that, while not perfect, it is definitely preferable than having to deal with a zero-day MBR rootkit from a drive-by infection. And when considering that AppGuard can prevent that while keeping a minimum footprint on a system , its value becomes obvious.