Security tool all in one

The worm can spread through spam and spyware that can seed Trojans, a series of new threats that will no longer be clearly differentiated. In response, security software incorporates many different tools to keep your PC safe.

You can build defensive systems with independent antivirus, antispyware and firewall programs or equip an integrated all-in-one application. The strategy uses specialized security applications that allow users to get the best in each category but the operation can be complex and expensive. Integrated products provide convenience and cheap price; Its individual components can be configured with the same interface and designed to be able to interact with each other smoothly. This means that you entrust your computer and data completely to a company, but rather than disrupt the system with running multiple antivirus software and firewalls of many different companies.

The battle between names

To find valuable products, the test team (NTN) selected 10 products - including new products and well-known products - to "rate" performance and convenience.

The experiment looks at four factors: performance (malware detection and speed), features, design (ease of use) and price. The products are priced from 40-80USD with 1 year of free updates and fees in the following years from 25-60USD. In terms of performance, keep in mind that security software is only good with the latest updates (possibly identifying new viruses or improving virus scanning methods). In terms of features, generally the products are quite similar.

To evaluate the design part, NTN is based on simple installation criteria and easy-to-access features. In addition, NTN also assessed the level of detail of warnings and training program capacity. The most important thing is that NTN pays attention to performance, determines its ability to detect and isolate hazards as well as clean up malicious programs. NTN teamed up with AV-Test.org to let more than 174,000 worms, viruses, backdoors, bots and spyware attack each product. In addition, AV-Test.org also analyzes the smart mechanism (the ability to detect unknown malware). NTN uses WorldBench 5 to measure system performance when setting the highest protection mode.

However, NTN does not adequately evaluate behavior-based detection. This technology (Microsoft, Panda, and Zone Alarm both offers) is capable of detecting new threats by "capturing" the actions of applications (for example, a program that wants to change the registry). This feature may complement the identification mechanism, but testing it fully is not appropriate for this review framework.

The best protection application

Of all the product packages tested, some were pretty good and none were excellent. Symantec's product package is best rated for its stable performance across all tests. It achieves an absolute firewall score and is second in testing for viruses, backdoors, bot and Trojan. In addition, it provides protection for IM (instant-messaging) applications, Internet access management tools for parents and data security features. However, the program interface needs a more reasonable layout and the phone support cost "consumes" up to $ 30 each time.

The most anti-malware feature in this test is the McAfee product package, which not only provides additional features such as protection of IM applications, anti-identity (phishing) for IE. However, the program is disappointing in the installation process and costs up to 3USD per minute of support.

The Zone Labs package, which incorporates eTrust's old virus scanner (CA), ranks seventh in performance, despite being a very powerful firewall. Zone Labs plans to upgrade in June. Anyway, with many features and ease of use, this package is ranked at the 6th place in the end.

The surprising thing about NTN is that BitDefender's performance, slow speed, normal adware scanning, plus a less impressive firewall, ranked 9th.

Aluria rookie has the cheapest price but the basic components are at the bottom. This software can scan the entire hard drive but does not allow users to select files and folders to scan. In addition, this application does not detect malware when compressed as executable like ASPack, UPX. Finally, Aluria's default firewall setting is too loose and "consumes" a lot of system resources.

Viruses, spyware and adware

McAfee and F-Secure scored well when they found out what the virus is, what is spyware, the scores of both products are in the "top 3". Panda products have the best smart mechanism, McAfee and Aluria are the two best in adware detection.

Most products have detected 100% of "crimes" in the WildList (list of viruses, worms and bots) in January 2006. Aluria was surprised that no boot-virus was detected, Microsoft products didn't detect 14 deep components, Trend Micro missed 2 deep components. In the experiment with the WildList, boot-virus components were negligible, which explains why Aluria scored 100% in the rating table.

The results deal with 168,523 backdoor, bot and trojan of AV-Test very different. CA only detected 37% backdoor, 72% bot, 39% trojan. Zone Labs found 30% backdoor, 49% bot, and 31% trojan. F-Secure is the strongest, "grabbing" more than 98% of threats.

In adware detection testing, McAfee has the best score, "capturing" 96% of 713 running components. Aluria occupies position 2 with 89%. Once again Zone Labs has low performance, only 46% of adware detected.

To evaluate "intelligence," AV-Test.org tested the ability of "products" to products with components in the WildList without relying on identity data. Panda surpassed 91%, F-Secure finished second with "catching" 76%, Microsoft finished with 41% and Zone Labs ranked second from bottom up with 48%. Note, the behavioral detection function of these products may help to improve those poor grades. For example, AV-Test.org found Panda TruPrevent can block up to 90% of network worms and email, and Zone Labs' OS Firewall blocks up to 70% of worms.

NTN also evaluated the ability to detect malware (malware) packages in compressed files like .zip, rar, .cab and executable compression formats like ASPack and UPX. Most candidates can detect a compression level, multiple times or self-extracting format, but show different capabilities in executable compression format. F-Secure, McAfee and BitDefender performed best, Aluria and Zone Labs ranked last. Aluria said that the next version will add the ability to "compress" executable files and be updated free for existing users later this year. Zone Labs said that they are working with CA to improve "packaged" malware detection and that OSFirewall will detect and isolate malware immediately when the packaging file is opened.

Under ideal conditions, security software must detect and prevent all threats from the first sign. But the reality is so hard. NTN tests the ability to scan infected files, Registry and Host files (IP address declaration files) in the WildList. McAfee wipes out malware and restores system changes, except for a variant of Mytob that targets security software itself. Microsoft products also do quite well, cleaning all types of worms except changes in the Registry caused by Netsky.BA and Mytob.AR. F-Secure demonstrates the ability to search rather than kill, only cleaning 5/10 deep.

Conflict firewalls

The boundary between anti-virus and anti-spyware software is fading, but firewall software is still "independent", controlling access to the network and warning suspicious behavior.

The firewall of 10 tested product packages allows setting up a general security level, a safe and unsafe application list, and allowed ports and protocols.

A good firewall can distinguish between good and bad signals, notify users of serious incidents and provide enough details about the detected behavior, which helps users decide whether or not to leave an application. certain applications work. If the firewall is poor, it often gives vague messages and you can block the application you need or worse, turn off the firewall.

Test firewalls based on the default setting mode to block external attacks and destructive software available on the PC. Products from CA, Microsoft, Symantec and Zone Labs completely extinguished internal attacks, in particular: malware cannot disable the firewall, delete or take legal rights (some malware will disguise as IE and try to collect the rights you grant to IE) and the backdoor cannot access the Internet.

With the default settings, the Aluria firewall failed with all attacks from within, but in the highest setting, both pass-through and backdoor tests were passed. Aluria said that the default mode to open ports 80 and 443, is to reduce firewall warnings to users. According to the Aluria product manager, the company wants customers to configure their products the way they want.

We also tested firewalls to see if they could detect malware that wanted to steal PC data. Zone Labs won 100 points, exceeding 17 tests on leakage prevention; Microsoft ranked No. 2, surpassing 7 tests. Other products scored very low and Panda did not pass any tests. Note AV-Test.org runs standardized vulnerability check utilities for security product vendors. Zone Labs developed products to bypass vulnerability testing utilities, while Panda said the program was not optimized to run test applications, but only using TruPrevent technology to detect behavior. dangerous code.

In tests to assess the ability to react to external attacks, products from CA, F-Secure, McAfee, Panda, Symantec and Zone Labs reached 100%. These products completely disable common port scanning modes. They block attempts to access the PC through the open port to be used for file sharing based on SMB (Server Message Blocks) protocol, informing users that it is intentional or safe access. bad in home computer network. They also did not disclose information about the PC OS. Once again, Aluria's firewall failed 2/4 tests at the default setting, but it reached 100% at the highest setting. Trend Micro's firewall and BitDefender did not block the SMB sharing protocol and even Microsoft's firewall leaked OS information.

More, more

All products are spam-resistant, in addition to a number of different additions. The McAfee and Panda packages have the most additional utilities, whereas the Microsoft giant's software has the least (although OneCare has a disk backup and checking utility).

Except for Aluria and Microsoft, all other products want to score with parents, which allows users to block unhealthy websites, such as sex, gambling, and drugs. Trend Micro provides an equivalent URL filtering utility, although it does not call this feature "parental control" (a utility for parents to control the access of young children). Whereas the CA does not provide it directly in your product, it includes a CD containing BlueCoat's K9 Web Protection. Zone Labs uses Smart Filtering Dynamic Real Time technology to categorize websites that are not on the list. BitDefender, McAfee and F-Secure make it more surprising for parents to determine Internet access hours.

CA, McAfee, Symantec, Panda, and Trend Micro both provide privacy control to prevent sensitive information such as credit card information left on the computer, but they are too "cautious". at a high setting. For example, setting the highest level of security in Symantec products will always trigger an alarm when a website requests cookies on the test system, even those with good reputation like New York Times and pcworld. .com, by default, these cookies are not considered high-risk.

Other interesting features: McAfee, Panda, Symantec and Zone Labs check IM applications to detect attachments (Microsoft only scans on MSN Messenger). Panda, Trend Micro and Zone Labs warned users to have illegal Wi-Fi connections (McAfee also offers a Wi-Fi protection product for $ 80).

Some additional features are quite convenient, but others only confuse the interface. Typically, Symantec's centralized controller has a secondary window to monitor the components of the suite. Add a system tray icon that regularly shows active status. It also markets other related products, such as Data Recovery, which shows the "unavailable" status until you purchase and install the SystemWorks utility for $ 50.

Installation and utility

A product is considered easy to use when simple installation, good organizational configuration options, fast running and clear notification. Microsoft and Trend Micro meet these standards very well but in different ways. Microsoft products are easy to configure because they don't have much to configure! This can make users feel limited. Meanwhile Trend Micro allocates very well the options in the beautiful interface and reasonable structure.

All tested products are smoothly installed and automatically configured. However, with McAfee product, fully install this software, users have to restart the computer 5 times and create an account (username / password). A dialog box asking users to receive virus information and promotional information from McAfee or McAfee's partners. In addition, I could not download the update from Firefox at first, but I had to use IE and allow a temporary pop-up to be opened.

The worst integrated CA product, put 4 icons in the system tray, plus the main interface that is not linked to the Blue Coat controls.

Symantec seems to be the most "talkative", often warning about status and cookies. If you don't like it, you can use F-Secure's product because it has a lot of detailed settings but little information.

Panda's fastest scanning speed, takes about 6 minutes 39 seconds with 14.7GB files and folders on the test system. Trend Micro finished second, 7 minutes 37 seconds. F-Secure is the slowest, it takes 28 minutes 46 seconds. F-Secure explained that this speed is due to real-time protection and has up to 5 scanning mechanisms for 2 viruses, 1 for spyware, rootkits and 1 smart scan.

In system resource usage check, all products are installed by default and measured on WorldBench 5. Microsoft products load the lightest, increasing the execution time of 9 test applications to about 4% ( "alarm" level is 15%). Aluria consumes the most resources, doubling the execution time of ACDSee PowerPack and Windows Media Encoder. BitDefender followed MS Office 2002 by 22% and Mozilla by 69%.

Alert users when there are suspicious signs, Microsoft's firewall gives detailed information from the name to the path of the application that wants to access the Internet. BitDefender grants virus information more clearly in the firewall. McAfee offers a vague concept, PUP (potentially unwanted program), to classify adware or spyware. For detailed information about announcements for each product, read it at find.pcworld.com/53488.

In general, even the highly rated products from Symantec and McAfee do not perform well at all tasks. For some "fastidious" and experienced people, they may still want to combine and choose the best components from security packages. But for the majority of users, the convenience of security software package does not match.

Hai Pham
PC World USA 7/2006