Part 1 - Is there Truth in Numbers?
Security expert Bruce Scheiner talks about the ‘security theatre’, where vendors make their customers feel secure ‘by offering protection against threats that were not that great in the first place.’ He adds that ‘buyers can’t tell the difference between good and bad [products]’ and that many security vendors ‘play on emotion and fear’.
That about sums up the state of affairs. The old mafia families Norton, McAfee and Trend Micro have sold millions of clunky products to fearful consumers. In recent years, cheeky newcomers have muscled in on the old mafia’s turf, promising better protection and milder manners.
Symantec responded by claiming that a new version of Norton, the elephant in the PC security room, could dance like a ballerina, while McAfee and Trend Micro put on more weight and lumbered on. Zone Labs’ newer security suite flattered the old guard by matching their bulk. Then Microsoft decided to get into the security race and promptly collapsed on the first lap, winning the wooden spoon in the VB 100 tests.
Microsoft changed the rules, though, adding PC maintenance and file backup to its list of features. Symantec and McAfee, faced with the biggest threat they’d ever detected, readied new products to take on Windows Live-One Care. Microsoft tightened the screws some more, claiming that Vista was so secure it needed no extra guards.
With their turf under threat from two sides, the old mafia families decided to make their offers harder to refuse. They threw in three security guards for the price of one and added other attractions like parental control and phishing protection.
No Surety in Security
Security was always too arcane for ordinary folks to get their heads around. Finding decent anti-malware programs is a lot like finding a good dentist: in both cases, you don’t know how painful they can be until you’re in the hot seat. And there’s no easy way to establish the long term worth of the short term pain.
Independent test labs offer some insights for the diligent, but some of them simply certify products for a fee paid by vendors keen to put reassuring stickers on their boxes. Even the real tests are hardly representative of the real world, since the vendors all have a copy of the script, like actors rehearsing for a play.
PC magazines and tech websites run regular security reviews but few have any real capacity for testing AV-products. PC Magazine and Australian PC User do. PCWorld gets AV-Test.org to run tests for them. A few technology veterans do their own tests, among them Neil Rubenking, the eminence grise of security at PC Magazine, Robert Vamosi at CNET, Gizmo at Techsupportalert.com and Scot Finney at Scot’s Newsletter.
Sadly, there’s a whiff of suspicion that advertisers influence the results of certain publications, so I tend to rely on Gizmo and Scot more than the rest (since they’re independent spirits). A few websites that review security products even have affiliate links with AV-vendors and get kick-backs out of every click on links to their products.
Most test labs only reveal their results for payment, but those of Virus Bulletin are often published by vendors who do well. AV-Test.org’s results are just as hard to come by, and Check-Vir only publishes overall ratings on its website. That leaves AV-Comparatives as the one independent lab that provides the full details on its website, http://www.av-comparatives.org
After some diligent digging, I’ve managed to come up with these product rankings:
| AV-Comp | PCWorld | Check-Vir | (AV-Test.org) | |
Antivir (paid) | Advanced + | 2 | ||
AVG (paid) | Advanced + | recommended | Standard | 6 |
Bitdefender | Advanced + | Top score | 1 | |
F-Secure | Advanced + | 4 | ||
Kaspersky | Advanced + | Top score | 3 | |
NOD32 | Advanced + | Top score | Advanced | |
Norton | Advanced + | Top score | Standard | 7 |
McAfee | Advanced | Advanced | ||
Trend Micro | Standard | recommended | Standard | |
CA (e-Trust) | Below Standard | Standard | 5 | |
Avast (paid) | Advanced | recommended | ||
Panda | Not tested | recommended | Standard | |
Bullguard | Not tested | Advanced | ||
Microsoft | Standard | 8 |
Notes
1. AV-Comparatives uses a 3-tier rating system.
-
a) Most products are tested in ‘comparatives’ but Trend Micro and CA were tested on their own. TM scraped into a Standard rating but CA didn’t make the grade.
-
b) Panda and Bullguard are not included in tests.
-
c) Newcomers like Comodo and Clam-Win, tested in a separate group, posted results that were even less impressive.
2. PCWorld uses AV-Test.org but presumably also evaluates other aspects of security suites There’s just one point separating the top 4 here, then a big gap to the rest, that’s why I split them into ‘top score’ and ‘recommended’. http://www.pcworld.com/article/id,130869/article.html
3. Check-Vir uses a simple 2-tier rating system and doesn’t publish details.
4. AV-Test.org lists products in order of performance, lower being better here.
5. I’ve excuded Trustport, Fortinet and Webwasher (all top-rated by several labs) from this review since they are aimed more at the business market.
6. Gdata’s AVK (AntiVirusKit) also rates highly but was difficult to find English language reviews on (more below).
Looking for Consistent Results
The AV-Test.org results stand in stark contrast to the PCWorld rankings posted a few months earlier this year (2007). It was hard to believe that Microsoft came in ahead of NOD32, McAfee, Trend Micro and Sophos, even for Andreas Marx who heads up AV-Test.org. The best he could do was to suggest ‘that the high amount of malware researchers Microsoft has hired from other AV companies (including many people from Symantec, McAfee, Trend Micro, F-Secure and CA) has paid off.’
‘We are not convinced!’ as German foreign Minister Joshka Fischer said to Donald Rumsfeld when he was rounding up allies for the invasion of Iraq. After all, Microsoft’s offering has bombed out in other tests, like those run by Virus Bulletin.
AV-Comparatives publishes all the gory details of its extensive tests but asks that other sites link only to their main page, http://www.av-comparatives.org/ , that’s the reason I’ve not provided direct links to specific pages in this article. Clicking on ‘comparatives’ (on the left) takes visitors to a listing of all available test reports.
It’s encouraging to find that the top 4 in the PCWorld test all score an Advanced+ rating with AV-comparatives, and few would argue with a top list that includes Bitdefender, Kaspersky, NOD32 and Norton.
AV-Test.org has AntiVir and F-Secure in the top 4, along with Bitdefender and Kaspersky. Gizmo rates Antivir among the top products (NOD32 and Kaspersky being the other two), and Scot Finney chose F-Secure as his AV of 2006 until it proved too intolerant of other security products. Scot’s choice for 2007 is NOD32, which tends to cause no conflicts with other programs.
A Different Ballgame
In ‘on demand’ tests, AV-Comparatives feeds thousands of bad bugs to various malware engines. AV-C also runs proactive/ retrospective tests, which are more revealing. This test uses versions of products that have not been updated for 3 months to see how good their heuristics are at catching malware that has surfaced since the last updates. Highest is best here.
| Antivir | 71% | Standard | (penalized for high rate of false positives) |
| NOD32 | 68% | Advanced + | |
| Bitdefender | 48% | Standard | (penalized for high rate of false positives) |
| Kaspersky | 35% | Standard | |
| F-Secure | 31% | Advanced | |
| AVAST | 26% | Advanced | |
| Norton | 24% | Advanced | |
| McAfee | 24% | Advanced | |
| Microsoft | 18% | Standard | |
| AVG | 8% | No rating | (poor detection and high false positives) |
Top Guns
We now have a fair degree of consensus on the top 4 and, taking other scores into account, we should probably add Norton and F-Secure to make up the top 6:
-
AntiVir
-
Bitdefender
-
F-Secure
-
Kaspersky
-
NOD32
-
Norton
The inclusion of Norton will raise hairs on the necks of many users, while the exclusion of McAfee will raise some eyebrows. To see if the old families have really changed their ways, as some reviewers claim, I take a look at them in the last section (3).
Trend Micro has won a place among the big three, but its poor record in independent tests makes it hard to take seriously for anything but its marketing muscle.
Zone Alarm Internet Security is a recent addition in its current form (with Kaspersky’s AV and MailFrontier Spam Filter) and doesn’t (yet) tend to feature in independent tests. That hasn’t stopped it winning some big fans, among them Brian Livingstone of Windows Secrets and Robert Vamosi at CNET who gives it 8/10. 175 CNET readers give it 4.9/10. This kind of discrepancy between editorial ratings and real-world experience is common.
A few months back, I found ZAISS 7 a big drag – a 3 minute boot time on XP is Theatre of the Absurd. I checked on ZAISS 7.1 Vista reviews and it seems that making ZAISS work on Vista required brutal surgery by its makers.
According to Davey Winder at PC Pro, ‘the casualties include IM security, privacy controls, ID lock, spy site blocking, ad blocking, cache cleaning, mobile code control, MailSafe protection and parental controls.’ Despite the extensive liposuction, Winder complained that ‘the performance of our Vista test PC ... went through the floor. Most obvious was the increase in boot time for Vista itself, up from a couple of minutes to ten minutes. Compared with Norton 360, the resource usage was also poor and apps took longer to start up.’
That made it easy to cross ZAISS off my list. I also tried hard to get some intelligence on GData’s (AVK) Internet Security 2008, to help me decide if it was worth checking out. The German PC mag Computer Bild rated it tops but its summary gave a clue to the suite’s dark side: ‘Höchste Sicherheit mit hohem Ressourcenhunger,’ translating to ‘high security with a vast appetite for resources.’
The complaints from users on German forums confirm that this is the battleship Bismarck of security suites. The download is a staggering 310MB, bigger than some Linux distros I’ve tested. What do you get with it? 6 kilos of Bratwurst and a Litre of Bier?
New tricks
Gdata’s suite is one of several who try to improve their detection rates by employing twin scanning engines (Kaspersky and Bitdefender in this case). F-Secure and Trustport also use more than one engine. This trend has a predictable impact on performance, but most security products are designed more with an eye on VB100 awards than on real world threats – that’s where the theatre comes in.
Gizmo and others have shown that combining different layers of security tends to produce better results overall, and this even holds true when the individual layers are free products like AVG and Threatfire, a HIPS product. Their combined footprint is much smaller than that of the twin-engine machines.
Part 2 - How they Look, Feel and Work
That’s all I can evaluate. I don’t have malware samples to spike my test PC with and, after running ESET’s Smart Security beta on it for a while, it’s cleaner than a nun’s starched bonnet. I know that because not one of the security suites I installed found a single piece of suspect code. That says a lot for ESET, since I visited some dodgy sites and clicked on some of those flashing signs that tell you that you’re the 1,000,000th visitor and a big prize awaits you.
The test machine I’m using here is a Presario V3000 with twin AMD Turion cpus and 1GB of RAM. It runs Vista Business surprisingly well after exhaustive tweaking. With ESET Smart Security on board, Vista gets to the login screen in 40 seconds, and the desktop settles down less than a minute after that – 1 minute 30 seconds from boot.
ESET Smart Security
The suite adds a firewall and spam filter to a new version of NOD32. I recently tested a beta version (http://www.techsupportalert.com/review-eset-smart-security-suite.php ) and felt that ESS had set a benchmark for design, simplicity and slick operation. John Hawes at Virus Bulletin said this in the conclusion of his review:
"As vendors release their latest 2008 product ranges, the addition of new supplementary modules seems to be all the rage, most suites now sprawling with diverse functionality, often at the expense of user-friendliness and occasionally posing dangers of their own.
“ESET has resisted the temptation to sprinkle in too many extras, focusing instead on the core requirements of a security system. Covering all the essential bases with a smoothly integrated set of protective barriers, the combination of top-of-the-range detection, response time, heuristics and throughput with excellent presentation and design will make Smart Security pretty hard to beat."
We look at some of the kitchen sink brigade in section 3 - Norton 360, McAfee Total Protection 2008 and Avanquest System Suite 8. In this section, we check out products on our top list that focus on core security.
AVIRA Premium Security Suite
My fling with Avira was frustrating because it refused to show me its attractions at first. The download of the trial version was less than 20mb and the install took minutes, but it wouldn’t update. It wouldn’t do much else either.
The reason? ‘... feature not supported in the demo version.’ I couldn’t enable the firewall and other features for the same reason.
I did the install again, thinking I must’ve missed something. I was encouraged to enter a licence key but Avira hadn’t sent me one, and the helpful suggestion to look in the download file for a licence folder turned into a wild goose chase.
Back at the Avira website, I found an invitation for a test licence, which led to a list of products that didn’t include the one I had downloaded. I was about to call the whole thing off when I tripped over the option of a test licence key that was valid for a generous 90 days. Once you enter your name and email address, the key is sent to you with a link explaining that you need to save it in a folder from which the installer can retrieve it.
There’s also an option of activating the licence key after installation but the instructions were confusing. Obviously Avira is trying to get around the problem many users have copying a licence key into a box (you wouldn’t believe how many do), but the attempt is flawed.
The install took just over five minutes and the reboot was fairly quick. The user interface isn’t the best I’ve seen lately but it’s straightforward enough, with the buttons on the top row providing easy access to all the settings. There’s a choice between standard and expert mode, a feature I found and liked in ESS.
The suite includes the WebGuard real-time monitor, adware blocking, protection from phishing, spyware protection, spam filtering and parental control. The firewall pops its head up a lot until it builds its white list of commonly used apps. Mailguard doesn’t integrate with Opera Mail, the client I’m using on Vista, but none of the others do either. POP3 mail seems to get checked, however.
Task Manager reveals just two Avira programs weighing a featherweight 16mb. There’s no performance drag and that makes this suite easy to like. I ran a full scan to see how fast it was - a boot sector scan is an option that will please serious types. Apart from Vista, I have just 1.5 gb of data on this PC, but it took 45 minutes, about the same time it took ESS.
That was no surprise as AV-comparatives lists AntiVir at the top of the scanning speed race, just ahead of ESET’s NOD32. It’s always reassuring to confirm academic findings in real life.
The scan panel on the right shows Avira’s attempt to add a bit of fun to the boring business of malware detection.
The good news is that you can keep working while AntiVir is scanning your files. Things slow down a little but not so much that working becomes a drag.
There isn’t much I can add or pick on. Some updates were fast and others took minutes, getting in the way with notification panels. Apart from that, Avira’s is a no-nonsense suite with all the essentials and none of the garnish that adorns some competitors. It just works and doesn’t mind sharing the house with Windows Defender or Threatfire from PC-Tools. It’s very similar to ESS in many ways, except for the slower updates and an interface that could do with a fresh coat of paint. There’s also a free version of AntiVir, Personal Edition Classic, http://www.free-av.com/
Kapersky Internet Security V7
Guys in the know put Kaspersky and ESET NOD32 on the top shelf, and some claim that the Russian is the tougher of the two. At 25mb, the download isn’t that much bigger than ESS or Avira, and it’s a similar 5 minute install. After the reboot, however, Vista was slow to get going, my few icons and Google’s sidebar taking minutes to stumble onto the desktop like sleepy kids to the breakfast table.
I discovered that KIS was scanning files without asking me first, like the KGB (I have a system meter in my sidebar that tells me these things). The estimated time for the scan was 45 minutes but KIS was finished in about 20 minutes. Kaspersky’s scanner is not admired for its speed, so I assume that this was a ‘quick scan’. Editors note: Kaspersky is much quicker on subsequent scans at it does not rescan unchanged files - Gizmo.
Reboot, check the time: we get to the login panel in 50 seconds, and the desktop is ready 2 minutes after reboot. That’s a bit slower than ESS and Avira, but not intolerable.
The GUI is fresh, inviting and well-laid out. No problems finding your way around here. That makes Kaspersky suitable for average users yet leaves a battery of settings for power users who want ultimate control. Help is context-sensitive, and there’s a 320-page PDF manual for those who really want to know everything.
The firewall in KIS is another slow learner. You can turn ‘Training’ off, but then it reverts to ‘low security’. They seem to be the only choices here, which is dumb. Add-ons like parental control and web guard feel like add-ons. According to PC User, the spam filter KIS provides ‘achieved the worst results for any suite we tested’.
At first, I noticed little impact on performance. Footprint is modest at a bit over 30mb.
As I worked with KIS for a time, I notice that the laptop slowed down at various times for no apparent reason. KIS appeared to be scanning or doing something behind my back, I’m not sure what because KIS wouldn’t tell.
Like the AV suites of a by-gone era, KIS still lets you create a rescue disk along with an option to restore the operating system back to a time just before an infection. That process involves using Bart’s PE Builder, which is hardly a tool for the uninitiated.
For me, the blessings here were a little mixed – strong qualities let down by a stubborn firewall and inconsistent performance. More work is needed to bring the add-ons up to the same level as the basics and provide better integration. Scanning speed isn’t said to be KIS’ forte either, despite the good time it posted here. A skinnable interface is little compensation since there’s nothing wrong with the standard one. Does anyone except an AVAST! user really waste time re-skinning their AV?
User reviews of KIS on the internet cover a gulf with ‘fantastic’ on one side and ‘abysmal’ on the other, some folks issuing dire warnings that KIS gets its claws too deeply into the OS and damages vital organs. I found no issues removing KIS from my machine, and no problems have surfaced since.
F-Secure Internet Security 2008
This twin engine job is a bit of a wring-in but it doesn’t fit in with the ‘kitchen sink’ brigade covered in Part 3 of this survey. F-Secure was Scot Finney’s choice last year, and the picky Neil Rubenking gives it a better score than ESET Smart Security.
The download is a hefty 86mb yet the install is straightforward enough and all over in about 7 minutes. After the reboot, F-Secure takes its time to settle into Vista – 2 to 3 minutes the first time – and it won’t update until I prod it a couple of times. When that’s done, it wants to restart and I wonder if this suite is modelled on Norton.
I’m surprised when it starts faster this time, and appears to use a modest amount of RAM. Vista soaks up about 500mb and ESS adds another 30. F-Secure looks about the same on the meter in my sidebar yet Task Manager shows 15 processes that chew up more than 100mb of RAM. Where does this suite hide its flab?
I can’t figure it out but, when I work online F-Secure gums up the pipeline right away. F-Secure promises its customers 'online well-being' but well-being seems to come at a price here. Programs get the third degree too before they’re allowed to get going, courtesy of DeepGuard.
This is F-Secure’s name for pro-active, behaviour-based protection. According to F-Secure, DeepGuard monitors program activity on the host PC, detecting and prohibiting suspicious program behaviour from code that may have slipped through during real-time monitoring.
That statement puzzles me since proactive protection surely implies real-time monitoring. Suites like ESS do this (with ThreatSense) and let you choose what you want monitored – unwanted or suspicious programs – with a simple box tick. ThreatSense includes a tiny sandbox where compressed or disguised bits of code are unpacked and forced to execute in real-time and reveal their true intentions.
F-Secure’s firewall white-lists the apps you’re using and doesn’t keep asking the same dumb questions. The GUI makes it pretty easy to find your way around. Parental Control seems to be a strong point here, offering more settings than a gala dinner. Apart from that, the interface is pretty straightforward.
F-Secure’s strengths seem to be its spyware protection and firewall. The suite feels solid, is easy enough to use and caused no conflicts with other programs on my laptop, but the performance impact was noticeable online and the scan speed pretty slow. It took an hour to scan the laptop, perhaps a sign that those multiple engines are working in sequence.
There were no problems uninstalling it, but I didn’t shed a tear in the process. F-Secure doesn’t do any more than the other contenders in this group, which makes you wonder why it is so much bigger. My guess is that it’s a product of the school that says two fences are better than one at keeping out the dingos. I’d rather have one that does the job properly.
Bitdefender Internet Security 2008
This guy hails from Softwin in Romania. BitDefender is a 40mb download and installs in 5 minutes, then takes another 5 minutes to update the signatures. It tells me that it needs to turn the Windows firewall and Windows Defender off to avoid conflicts.
A reboot throws up a few panels that make you wish for more than one set of eyes.
Bitdefender’s firewall didn’t seem cooperative at first but eventually sorted itself out. Once it had, it got in the way a lot while it was learning my online habits. It never stopped learning during the few days I ran it, and there was no sign of the 1,000 safe programs it claims to have inbuilt rules for.
Start-up is a bit slow, taking over 2 minutes to a working desktop. A nag panel pops up every time you start Windows, reminding you that this is a trial version. That gets annoying after a while. Avira, ESS and Kaspersky are easier to get on with in this regard.
Coming to grips with Bitdefender proved pretty straightforward. The interface has had a major overhaul and now copies Norton’s simple new look, which makes it easy for simple users to find their way around.
For users who want to fine-tune the suite, there are lots of settings to play with behind the scenes. A slider lets you pick the security level you want under the various headings, and you need to set it on aggressive to get the full metal jacket. Then Bitdefender scans all Web traffic, which tends to make the firewall bob up and down like a yoyo and slow your system down a bit.
In the default mode, there’s little impact on performance, and Task Manager shows just 4 services taking up a miniscule 10mb of RAM. There’s a ‘game mode’ option that stops pop-ups, alerts and updates getting in the way. That’s one way to stop the interference if you’re prepared to live with reduced security.
The scanner took 5 minutes to get through 1.5gb of documents (I didn’t feel like going through another full scan of the C drive). There are big variations in scan speed among these products, as shown in the throughput figures posted on AV-comparatives:
AntiVir 7.5 mb/sec
ESET NOD32 7.3
KIS 3.5
Bitdefender 2.0
F-Secure 1.5
Bitdefender is another suite that includes all the essential security features and does a good job from all accounts. To me it lacked character, a distinct flavour of any kind. Bitdefender’s was an unengaging performance somehow, mostly colourless, annoying at times like someone who tries too hard to impress.
Summary
Have these suites muddled my mind, I hear you ask. You expect character from an AV suite? Yes, I do. This is theatre, remember? There’s ESS, the iron fist in the velvet glove; Kaspersky, the serious Russian with the 320 page manual and Bart’s PE builder; F-Secure, the over-engineered white-blue Scandinavian ice castle; Avira, the tidy, efficient German who tries hard to be funny; Norton, the mafia standover merchant. They’re all actors, and they all know their roles. Bitdefender didn’t seem sure, but that’s no slur on his efficiency.
In the last couple of years, the security firms have made big strides on two fronts: They’ve paid serious attention to their user interfaces, and not before time. No longer are simple users confronted by panels of secret code buttons that open doors to swamps infested by alien creatures. It’s still theatre, but the sets and costumes are much easier on the eyes.
There’s almost a degree of unity creeping into the layouts of their GUIs, suggesting that conventions have at last been established. Some of the newcomers even offer toggle switches for simple and advanced users, a concept that should be embraced by all software vendors. In this arena, it means that the best PC security suites on the market are at last intelligible by ordinary mortals.
The second area of improvement is installation: these suites were easy and quick to install, making the hour-long mud-wrestle with the Nortons of old a distant nightmare. As a result, the old guys have had little choice but to improve their manners, as we’ll see in Part 3. Real competition can produce real miracles.
Choices
Price is a factor I haven’t considered due to the huge variations in list and street price, promotional offers, country specific deals and the time of year. Support is another factor I’ve ignored because, years ago, Symantec’s cynical approach to support forced me to become self-reliant. It’s best to find a product that doesn’t cause problems in the first place, and that’s what we’re trying to do here.
F-Secure follows a flawed paradigm but implements it well, largely hiding the underlying complexity form users. On a PC that is only just adequate for running Vista with all the bells and whistles turned on, the performance impact of F-Secure was noticeable. On a more beefy machine, it may not be.
The intermittent performance issues I had with Kaspersky may be down to the Vista version, or to my particular set-up. I saw no hint of similar issues on web forums or user reviews – they tended to be much more black and white. I had no dramas of the black kind and I liked the suite on the whole, even if the many ropes and levers behind the scenes will appeal to power users more than simple ones like me.
Bitdefender has all the right ingredients but, like a beef casserole, they need time to combine or more herbs to boost the flavour. The niggles I had with the Avira licence code and the sometimes tedious updates are minor. Apart from these niggles, Avira was easy to live with and didn’t slow my laptop down.
AVIRA Premium Security is my pick of this bunch, together with ESET Smart Security. ESS is dead easy to install in minutes, slipping over your PC like a velvet glove over a smooth hand. ESS has no impact on PC performance and operates in almost total silence, and updates are so fast that you’ll miss them if you sneeze.
The clumsy NOD32 interface of old has given way to a smart new one, and the whole suite feels integrated. Parental control and a few other frills are missing, and the new firewall and spam filter are yet to prove themselves. No doubt the usual reviewers will put their blowtorches on the armour of ESS in the near future.
Part 3 - All-in-one security and housekeeping suites
Norton 360
Three years ago, I swore I’d never let another piece of Symantec code near one of my PCs. Norton security was the jackboot kind that stomps all over the house and issues orders all day long. Updates were painful, PC performance was a distant memory, and working online was like queuing for meat at a Moscow butcher’s twenty years ago.
The reviews for Norton’s 2007 products said Symantec had re-written their antivirus software from the ground up. Norton, once the Hummer of AVs, now claimed to be the Toyota Prius - a ballerina-like footprint of 15mb was among the staggering claims. I was curious to see this for myself despite the old scars on my delicate psyche.
Installation
The download was a mere 56mb, two thirds of the last Norton IS I installed. 360 took 15 minutes to install including the prerequisite file scan, a ‘quick’ scan obviously.
360 asked for a reboot, as usual, and then insisted on doing another Live Update. The message that ‘the latest updates will take effect after you restart your PC’ confirmed my suspicions that Norton hadn’t changed it’s bad manners, and every reboot brought up the nag panel reminding me that I was on borrowed time and urging me to buy the product to ensure continued protection.
FUD.
When When the update was done, 360 wanted to run another virus scan. There’s a skip option this time, which I seized on. That defiant act earned me a red cross mark right away.
If I hadn’t skipped it, and if I had 50gb of data on this machine, this install would be taking hours.
Barely 20 minutes have passed but now I discover that Norton has cheated: some of the extras promised in 360 – features like ad-blocking and anti-spam and parental control - require downloading an ‘add-on’ pack. Not a big deal with ADSL2 but I would’ve preferred to see all the cards on the table up front.
Once the add-on pack is installed, we’re at the 30 minute mark and Norton demands yet another reboot - it hasn’t taken long for Norton to reveal his school bully nature. What is the reason for this throwback to the nineties? Do disk drive makers pay Symantec to do this? Nothing wears your hard drives out faster than constant power-downs.
On the positive side, I admit that this installation was a less arduous experience than I’ve had with Norton products of the past, and that uninstalling Norton 360 afterwards was no longer an exercise that resembled pulling teeth with string tied to door handles.
Norton 360 also sports a friendly new face, a big improvement on the ugly jail window that used to grace the front of this house. The brash colours clash with Vista’s delicate shades but you can’t say it’s not clear and simple.
When I opened Internet Explorer, I found a fat green slug attached to the browser window.
I’m not fond of clutter on browsers, so the best I can say for this thing is that it matches the green of McAfee’s more modest Site Advisor. 360 doesn’t do this to other browsers, thank heavens. From all reports, the built-in protection Firefox and Opera offer is superior to Norton’s anyway.
Performance
This is where I found some genuine surprises. Booting up takes only 30 seconds longer than with ESS on board, and performance is a little more tardy but acceptable. The footprint is hard to believe for a full-function suite, ranging somewhere between 15 to 20mb for the 3 services running. I’m beginning to believe that elephants can dance.
Symantec has also put a silencer on the security components of this suite, so you’re no longer besieged by warning messages about absolutely everything that comes in and out across the wire. 360 also seems more tolerant than its older siblings, not objecting to sharing house room with Windows Defender.
The Extras
Here’s where the show begins to fall apart. The tuning tools are the basic disk cleaning tools provided by Windows, and the same goes for the disk defragger. The back-up tools are Norton’s own but fall short of those in Vista: there’s no disk imaging/roll-back feature a la Norton Ghost.
You’re also warned to close all running programs before starting the ‘automatic’ backup run. How many users would remember to do that? The full back-up is slow and clumsy but will burn a DVD. Norton also offers 2gb of free online storage.
These extras look and feel more like afterthoughts and clash with Norton’s claim that ‘the underlying technologies are seamlessly integrated for maximum performance and efficiency.’
The Issues
Norton 360 feels like a suite thrown together in response to the threat posed by Windows Live One-Care. Competent users will be frustrated by the lack of settings the simple interface offers until they delve way behind the scenes, where they’ll find themselves in a snake pit.
This product is promoted as a comprehensive solution that ‘combines Symantec's proven, industry-leading technologies for antivirus, antispyware, firewall, intrusion protection, anti-phishing, backup and tune-up, eliminating the need to purchase and manage multiple products.’
We have another clash here: Norton sells a product called AntiBot, which ‘actively monitors your PC 24x7, provides real-time protection against [bot] attacks and stop bots from hijacking of your PC. It also claims to detect ‘unusual behavior on your PC’, eliminate threats and find ‘malicious software at the deepest levels of your system.’
Is Symantec saying that 360 offers no protection from bots or malicious applications? What other conclusion is possible? And the same applies to NIS, which 360 is built on. Meanwhile, ESET, Kaspersky et al include this level of protection in their suites, no extras needed.
Another thing that’s missing in Norton 360 is a set of tools for wireless home networks or wireless signal encryption as offered by McAfee Total Protection.
Summary
Norton 360 is many degrees short of the full circle. Performance and user interface are much improved, and the whole thing is much easier to live with than Norton products used to be. It’s hard to believe that old bugbears remain, like the need to reboot after updates. That’s guaranteed to sour any user’s experience.
I suspect 360 is exactly what Symantec wanted to have: an answer to Windows Live One-Care, and fast. I have no doubt 360 is competitive with Microsoft’s effort, but that’s like saying your new car is as attractive as a Ford Edsel.
Many users report serious system and compatibility problems with 360, I didn’t have any. As usual with Norton, the product scores 8/10 in the usual places (CNET, for example) while users give it 4/10.
McAfee Total Protection 2008
18 months ago, McAfee Internet Security 2007 managed to make my new Dell laptop perform with all the agility of an aircraft carrier. Reviews of Total Protection 2007 also spoke of a heavy load, so I braced myself. Indeed, my troubles began before I even downloaded the suite: on my first attempt, I was told I wasn’t eligible for a trial.
Finding the right page on McAfee’s website and choosing the right product for trial requires a sharp eye and a clear mind. You must agree to the terms right up front and what comes down the pipe turns out to be a set-up manager who immediately starts installation proceedings and stops as he (correctly) detects that Avira is still running. He says: remove and reboot, I’ll pick up where we left off.
Mac did exactly that and I was impressed. When he was done, he demanded to run a scan – a quick scan that took a few minutes – and then he was ready to go. Without a reboot? Yes. The install took about 20 minutes, most of it spent on the Easter egg hunt around Mac’s website.
Mac’s outfits seems to have come from an undertaker’s wardrobe with their charcoal and deep-purple hues.
No attempt is made to match, let alone integrate with, Vista’s airy theme.
The interface is clean and functional, though, and does a good job disguising thousands of ropes and wires behind the stage, too many to cover in this short romp through the dressing rooms of new malware suites. All the usual actors are here, from antivirus to parental control. There are SystemGuards that ‘employ real-time heuristics prevent unauthorized changes to the system’ and ‘X-ray for Windows’, which detects and removes rootkits. McAfee’s site advisor is also part of the suite.
Then there are toys like Virus Map, which link to interactive visual displays of malware outbreaks occurring in real-time around the world.
Visual Tracer offers another map, this time with a trace to the origin of attacks on your PC (the last hop traceable through McAfee's servers, anyway).
With no markings on the map, it’s not exactly revealing.
For the seriously paranoid, there’s a Traffic Monitor that analyses network traffic in real time and charts the programs using the most bandwidth.
Mac’s Virtual Technician may be more useful in times of trouble. He checks your PC and connects you with Mac support via live chat if he can't fix your problems.
Performance
Mac gives you the choice of disabling any pieces of the suite you don’t need or want, from the firewall to parental control. But even with everything turned on, Mac TP dances like Fred Astaire. Hard to believe, especially after reading reviews of the 2007 version.
Neil Rubenking explains: ‘If they sold security software by the pound, McAfee Total Protection 2008 would be an incredible bargain, because it has tons of features, many of which are functional and useful. And unlike last year's initial release of MTP, McAfee has found a way to keep the suite from sinking your PC under all that weight.’
McAfee claims that the current version has been optimized and uses fewer processes and resources. I counted just 4 processes, and they totalled 20mb of RAM. Start-up was 40 seconds to the login prompt, the same as ESS the record holder, and it was just 15 seconds slower to get the desktop settled down and the updates done.
In normal operation, no performance drag was noticeable. That was more than a surprise – I wouldn’t have thought it possible with a Mac this big.
The Extras
Mac’s cleaner does more than clean up general refuse like temporary files: it can eliminate invalid shortcuts, clean up CHDSK file remnants, clear recently used file lists from various programs and remove old System Restore points. MTP even includes a file shredder and a registry cleaner that removes orphaned entries.
The back-up program informs me that I needed Microsoft’s .Net Framework 1.1 installed for it to work. That’s a downer since I’ve spent enough hours of my life trying and failing to install various versions of .net. The current version of .net Framework is 3.0 and it’s already installed, so I passed on the backup test.
Mac offers many choices from backing up individual files to a full backup. Quick backup copies only the changes from last time, like a differential backup. It’s also possible to recover previous versions of a file, though the process doesn’t look straightforward.
Mac’s EasyNetwork provides a graphical representation of all the computers on the network (at least those PCs with Mac running on them). McAfee Wireless Protection looks useful for home networks but you need to check Mac’s wireless router/AP compatibility list to make sure your router is supported. If it is, most of the security configuration changes can be made through McAfee.
Summary
I must confess that McAfee Total Protection impressed, despite its Goth-metal garb. The Security Center’s interface is simple and provides one-click access to MTP’s many functions. There’s a choice of menus for simple and advanced users who have access to a host of configuration options. Despite MTP’s severe feature overload, performance on Vista was among the best I saw in this survey.
Unlike Norton 360, MTP had an integrated feel and the extras were serious pieces instead of impromptus dashed off to finish a gala performance. Once installed, MTP gave me no problems but once more user reviews range from brilliant to abysmal with the latter striking the dominant chord - the average user score on CNET is 3/10.
More important in this context is McAfee’s core security, which is not among the best available. It’s middle-of-the pack, solid rather than stellar. If you can live with that, and the idea of having everything you need in one suite has strong appeal, MTP 2008 offers much more than Norton 360.
VCOM/Avanquest System Suite 8 Professional
I looked for a third option in the do-everything category. Microsoft Live One-Care came to mind for a moment, but it was a fleeting moment. Maybe MS should’ve stuck to making its operating systems and applications more secure. Both Bitdefender and Avira offer far superior do-everything products, but I’d already tested their security suites.
VCOM has been around for many years making system tools, so System Suite 8 is a nuts & bolts suite with security add-ons rather than a security suite with added nuts & bolts. Sadly, the security pieces haven’t been selected from the Lexus parts bin: they are Trend Micro and NetDefense, a firewall I’ve never heard of.
System Suite 8 promises that ‘one-click protection automatically identifies and configures your PC security settings when logged on at home, work, or public networks for optimal protection.’
VCOM claims that its ‘Web Defense technology integrates with major search engines to identify and block malicious web sites before you click, protecting you from hacked pages, phishing and fraud scams. Also, Web-connected programs are safe and Internet data entering your PC is monitored for exploits and other security breaches.’
All I can find to support that claim is Linkscanner, which fights for space in Firefox with McAfee’s Site Advisor. It was interesting to see how often they disagree.
The download is 70mb, not bad for a toolbox that resembles those big steel-plated ones you see on the backs of the large pick-up trucks tradesmen use. The installation begins with a request to turn off Windows Defender and firewall. I’m surprised it doesn’t offer to do that for me but later on it redeems itself by offering to check that all my MS software is up-to-date.
SS8 takes about 20 minutes to install and the gaps in this suite are visible right away as a Trend Micro check box pops up.
Boot-up time is a surprising 45 seconds to the login prompt, despite SS8 using up 70mb of RAM. Performance seems unimpaired.
The good impression doesn’t last long as SS8 makes heavy weather of updates, telling me right up front that I was on the wrong page.
SS8 eventually changes its mind and lets me download updates, but only after throwing a few more panels in my path. If the costume of McAfee’s Total Protection is seriously dull, that of SS8 takes theatre to the other extreme.
There’s a ‘One-click Protect’ button that runs an anti-virus scan/anti-spyware scan, enables automatic e-mail and sets up the Firewall.
I took a shortcut and opted for the Quick Scans instead – one for spyware, one for viruses which includes a boot scan.
The first takes a suspect 20 seconds, and the virus scan is all done in a few minutes. I’m not sure what to make of that.
The Extras
The best goodies of this suite are found lower down in the toolbox, with Recovery Commander the centrepiece. It lets you create a bootable rescue disk for those occasions when your Windows shatter. Recovery Commander can save and restore Windows XP and Vista checkpoints and lets you get to them from a bootable rescue disk, even when Windows won’t boot.
I’ve been in that situation more than once and would’ve given my eye teeth for a lifeline like that. You know the feeling: you’ve been meticulous in setting restore points before doing the house cleaning or installing new software but, when Windows won’t boot, the safe place where they’re kept is locked up like a bank vault and you don’t have a password or key.
The System Health check includes Cleanup (temporary files), Disk Space, JetDefrag, a Registry Cleaner, a file shredder and a SMART DiskChec. A ‘One-click Optimize’ button will do the lot for you, if you prefer. The Diskchec looked useful but told me that the Fujitsu drive in my laptop didn’t support ‘self-test’. Hard to believe.
The Issues
There are enough tools here to refurbish an entire office building but my rummaging through the toolbox is interrupted when I notice that the SS8 icons in the taskbar have disappeared. When I turn the suite back on from the main menu, I find most of the security features disabled, including the firewall. Buttons I click on don’t respond and things get sticky.
A reboot fixes things but the unscripted act is soon repeated. After a few more attempts, I tire of going through the arduous process of placing all the players back on the stage and bringing them back to life. The experience doesn’t imbue me with confidence in a product that has the express purpose of making things work better.
Summary
From the first open curtain, I wasn’t really comfortable with this show: it had some really nifty ideas spoilt by slip-ups in the execution. SS8 has great potential but is in desperate need of a new wardrobe designer and a new choreographer, and the individual actors need to sharpen their skills and learn how to work as a team.
As it is, System Suite 8 will be appreciated only by advanced users for the depth of its tool kit. The security section isn’t up to snuff and throws the whole production out of tune. The feeling that lingers is that this suite tries too hard to deliver too much.
Part 4 - Final Thoughts
Surprises
You would expect long-established security suites to have a solid grip on handling malware by now, so the poor results posted by Trend Micro and CA in AV-Comparative tests surprised me. A search using the product names and ‘av-comparatives’ will turn up single product tests that provide details.
AVG free is one of the most popular products out there, so the poor performance of the commercial version was another surprise, most of all in the pro-active tests run by AV-Comparatives. AVG users would do well to add a second product that offers strong heuristic detection, a HIPS program like Threatfire for example.
Norton and McAfee gave me the biggest surprise with their fresh productions. Gone are the days of lumbering mafia heavies beating up your PC. My first thought was: if it’s that easy to do, why didn’t they do it long ago instead of dishing out stale products year after year like some state-owned factory behind the old iron curtain. I guess the catalyst was serious competition from vendors offering smarter choices.
Compromise versus Purity
If Norton’s transformation is remarkable, some of the old bugbears still dog the new production. McAfee’s is more remarkable for leaving no reminders of its former behaviour – even the adware of old is gone.
That MTP’s security pieces aren’t in the top rank won’t make much difference in real-world use, I suspect. Since the performance hit is so slight, users can easily add a HIPS program to enhance their protection without adding significant overhead.
Of course, products that try to do everything for everybody are compromised by default. Greater rewards await those who’re prepared to put in a little more work and select the best components. Even the products in Part 2 vary in their success at forging a few components into a well-working whole. Most of their spam filters range from average to ordinary. If spam is a big issue, specialist applications like Cloudmark might be a better choice.
Theatre
The hype of the vendors would have us believe that we’re under constant threat from meteor showers of malware. The results of the test labs clearly show that none of the products provide 100% protection. A recent F-secure press release puts it in perspective (not intentionally, I suspect):
‘Despite the importance of behaviour-based protection, a core capability of any antivirus solution is the ability to detect malware that is known and can be identified with traditional signature based virus scanning. A test done by AV-Test.org included over 600,000 malware samples. F-Secure achieved a very high detection rate, and was able to detect 978 samples more than Symantec, 42,226 samples that Trend Micro did not detect, and 64,653 samples more than McAfee. F-Secure also detected 105,391 samples that Microsoft’s solution missed.’
Suddenly, that few per cent difference takes on distinct shape. What F-Secure didn’t mention was that its product still missed a bunch of malware. That’s where the theatre comes in: all these vendors claim to keep us safe, yet none can keep out all of the malware – even that which ‘is known and can be identified with traditional signature-based virus scanning.’
The promised security is an illusion created to make us feel better for a time. The question is: if these suites don’t offer full protection, how come all the PCs connected to the internet aren’t infected or part of a botnet by now? So, are we really exposed to this staggering number of vile creatures? Of course not. There are knowledgeable people who don’t use any ‘anti’ software at all and claim their PCs don’t get infected.
I’m inclined to believe them, and here’s why: I’ve run half a dozen different AVs on my PCs over the years, among them poor performers like Trend Micro and AVG. I’ve never had a single infection, but I do observe a few common sense rules for email and surfing the web - http://www.technoledge.com.au/pdfs/driver_training1.pdf
The threats we face are changing rapidly, from random hits to highly targeted shots, from viruses to phishing and other scams. It pays to follow the rules of common sense, regardless of the protection you have in place. And the more common sense you use, the less you rely on your security software to do the heavy lifting.
0 comments:
Post a Comment