Security tool all in one

The worm can spread through spam and spyware that can seed Trojans, a series of new threats that will no longer be clearly differentiated. In response, security software incorporates many different tools to keep your PC safe.

The worm can spread through spam and spyware that can seed Trojans, a series of new threats that will no longer be clearly differentiated. In response, security software incorporates many different tools to keep your PC safe.

You can build defensive systems with independent antivirus, antispyware and firewall programs or equip an integrated all-in-one application. The strategy uses specialized security applications that allow users to get the best in each category but the operation can be complex and expensive. Integrated products provide convenience and cheap price; Its individual components can be configured with the same interface and designed to be able to interact with each other smoothly. This means that you entrust your computer and data completely to a company, but rather than disrupt the system with running multiple antivirus software and firewalls of many different companies.

The battle between names

To find valuable products, the test team (NTN) selected 10 products - including new products and well-known products - to "rate" performance and convenience.

Picture 1 of Security tool all in one
Symantec works well, many features, easy to use.

The experiment looks at four factors: performance (malware detection and speed), features, design (ease of use) and price. The products are priced from 40-80USD with 1 year of free updates and fees in the following years from 25-60USD. In terms of performance, keep in mind that security software is only good with the latest updates (possibly identifying new viruses or improving virus scanning methods). In terms of features, generally the products are quite similar.

To evaluate the design part, NTN is based on simple installation criteria and easy-to-access features. In addition, NTN also assessed the level of detail of warnings and training program capacity. The most important thing is that NTN pays attention to performance, determines its ability to detect and isolate hazards as well as clean up malicious programs. NTN teamed up with AV-Test.org to let more than 174,000 worms, viruses, backdoors, bots and spyware attack each product. In addition, AV-Test.org also analyzes the smart mechanism (the ability to detect unknown malware). NTN uses WorldBench 5 to measure system performance when setting the highest protection mode.

However, NTN does not adequately evaluate behavior-based detection. This technology (Microsoft, Panda, and Zone Alarm both offers) is capable of detecting new threats by "capturing" the actions of applications (for example, a program that wants to change the registry). This feature may complement the identification mechanism, but testing it fully is not appropriate for this review framework.

The best protection application

Picture 2 of Security tool all in one
Aluria's product scans packaged files but does not process executable compressors.

Of all the product packages tested, some were pretty good and none were excellent. Symantec's product package is best rated for its stable performance across all tests. It achieves an absolute firewall score and is second in testing for viruses, backdoors, bot and Trojan. In addition, it provides protection for IM (instant-messaging) applications, Internet access management tools for parents and data security features. However, the program interface needs a more reasonable layout and the phone support cost "consumes" up to $ 30 each time.

The most anti-malware feature in this test is the McAfee product package, which not only provides additional features such as protection of IM applications, anti-identity (phishing) for IE. However, the program is disappointing in the installation process and costs up to 3USD per minute of support.

The Zone Labs package, which incorporates eTrust's old virus scanner (CA), ranks seventh in performance, despite being a very powerful firewall. Zone Labs plans to upgrade in June. Anyway, with many features and ease of use, this package is ranked at the 6th place in the end.

The surprising thing about NTN is that BitDefender's performance, slow speed, normal adware scanning, plus a less impressive firewall, ranked 9th.

Aluria rookie has the cheapest price but the basic components are at the bottom. This software can scan the entire hard drive but does not allow users to select files and folders to scan. In addition, this application does not detect malware when compressed as executable like ASPack, UPX. Finally, Aluria's default firewall setting is too loose and "consumes" a lot of system resources.

NOTE TERMS
Adware : software that currently advertises and collects user browsing information.
Backdoor : is a kind of trojan but the main task is to open some ports on the computer to spread, access and control remote computers.
Bot : a type of program that waits for instructions from a certain place to perform a certain behavior simultaneously. Bot is a tool to perform DoS / DDoS attacks.
Malware : destructive software.
Rootkit : a kind of trojan that hides itself, works at the lower level of the system, so it can prevent some services.
Spam : spam.
Spyware : software used to monitor all computer activity and send it to a certain address.
Phishing : tricking Internet users by creating fake web pages so that users mistakenly assume the official website, which is used to get bank accounts, credit cards, passwords .
Trojan : software only plays a role when receiving an event.
Worm : worm, spread via email or software vulnerability.

Viruses, spyware and adware

McAfee and F-Secure scored well when they found out what the virus is, what is spyware, the scores of both products are in the "top 3". Panda products have the best smart mechanism, McAfee and Aluria are the two best in adware detection.

Most products have detected 100% of "crimes" in the WildList (list of viruses, worms and bots) in January 2006. Aluria was surprised that no boot-virus was detected, Microsoft products didn't detect 14 deep components, Trend Micro missed 2 deep components. In the experiment with the WildList, boot-virus components were negligible, which explains why Aluria scored 100% in the rating table.

Picture 3 of Security tool all in one
Panda adds behavioral malware recognition, increasing "intelligence".

The results deal with 168,523 backdoor, bot and trojan of AV-Test very different. CA only detected 37% backdoor, 72% bot, 39% trojan. Zone Labs found 30% backdoor, 49% bot, and 31% trojan. F-Secure is the strongest, "grabbing" more than 98% of threats.

In adware detection testing, McAfee has the best score, "capturing" 96% of 713 running components. Aluria occupies position 2 with 89%. Once again Zone Labs has low performance, only 46% of adware detected.

To evaluate "intelligence," AV-Test.org tested the ability of "products" to products with components in the WildList without relying on identity data. Panda surpassed 91%, F-Secure finished second with "catching" 76%, Microsoft finished with 41% and Zone Labs ranked second from bottom up with 48%. Note, the behavioral detection function of these products may help to improve those poor grades. For example, AV-Test.org found Panda TruPrevent can block up to 90% of network worms and email, and Zone Labs' OS Firewall blocks up to 70% of worms.

NTN also evaluated the ability to detect malware (malware) packages in compressed files like .zip, rar, .cab and executable compression formats like ASPack and UPX. Most candidates can detect a compression level, multiple times or self-extracting format, but show different capabilities in executable compression format. F-Secure, McAfee and BitDefender performed best, Aluria and Zone Labs ranked last. Aluria said that the next version will add the ability to "compress" executable files and be updated free for existing users later this year. Zone Labs said that they are working with CA to improve "packaged" malware detection and that OSFirewall will detect and isolate malware immediately when the packaging file is opened.

Under ideal conditions, security software must detect and prevent all threats from the first sign. But the reality is so hard. NTN tests the ability to scan infected files, Registry and Host files (IP address declaration files) in the WildList. McAfee wipes out malware and restores system changes, except for a variant of Mytob that targets security software itself. Microsoft products also do quite well, cleaning all types of worms except changes in the Registry caused by Netsky.BA and Mytob.AR. F-Secure demonstrates the ability to search rather than kill, only cleaning 5/10 deep.

Conflict firewalls

Picture 4 of Security tool all in one
CA eTrust integrates Zone Labs firewall

The boundary between anti-virus and anti-spyware software is fading, but firewall software is still "independent", controlling access to the network and warning suspicious behavior.

The firewall of 10 tested product packages allows setting up a general security level, a safe and unsafe application list, and allowed ports and protocols.

A good firewall can distinguish between good and bad signals, notify users of serious incidents and provide enough details about the detected behavior, which helps users decide whether or not to leave an application. certain applications work. If the firewall is poor, it often gives vague messages and you can block the application you need or worse, turn off the firewall.

Test firewalls based on the default setting mode to block external attacks and destructive software available on the PC. Products from CA, Microsoft, Symantec and Zone Labs completely extinguished internal attacks, in particular: malware cannot disable the firewall, delete or take legal rights (some malware will disguise as IE and try to collect the rights you grant to IE) and the backdoor cannot access the Internet.

With the default settings, the Aluria firewall failed with all attacks from within, but in the highest setting, both pass-through and backdoor tests were passed. Aluria said that the default mode to open ports 80 and 443, is to reduce firewall warnings to users. According to the Aluria product manager, the company wants customers to configure their products the way they want.

Picture 5 of Security tool all in one
Trend Micro's Web Site Filter has the ability to block bad web

We also tested firewalls to see if they could detect malware that wanted to steal PC data. Zone Labs won 100 points, exceeding 17 tests on leakage prevention; Microsoft ranked No. 2, surpassing 7 tests. Other products scored very low and Panda did not pass any tests. Note AV-Test.org runs standardized vulnerability check utilities for security product vendors. Zone Labs developed products to bypass vulnerability testing utilities, while Panda said the program was not optimized to run test applications, but only using TruPrevent technology to detect behavior. dangerous code.

In tests to assess the ability to react to external attacks, products from CA, F-Secure, McAfee, Panda, Symantec and Zone Labs reached 100%. These products completely disable common port scanning modes. They block attempts to access the PC through the open port to be used for file sharing based on SMB (Server Message Blocks) protocol, informing users that it is intentional or safe access. bad in home computer network. They also did not disclose information about the PC OS. Once again, Aluria's firewall failed 2/4 tests at the default setting, but it reached 100% at the highest setting. Trend Micro's firewall and BitDefender did not block the SMB sharing protocol and even Microsoft's firewall leaked OS information.

More, more

Picture 6 of Security tool all in one

Zone Labs' controls for IM programs are quite strong

All products are spam-resistant, in addition to a number of different additions. The McAfee and Panda packages have the most additional utilities, whereas the Microsoft giant's software has the least (although OneCare has a disk backup and checking utility).

Except for Aluria and Microsoft, all other products want to score with parents, which allows users to block unhealthy websites, such as sex, gambling, and drugs. Trend Micro provides an equivalent URL filtering utility, although it does not call this feature "parental control" (a utility for parents to control the access of young children). Whereas the CA does not provide it directly in your product, it includes a CD containing BlueCoat's K9 Web Protection. Zone Labs uses Smart Filtering Dynamic Real Time technology to categorize websites that are not on the list. BitDefender, McAfee and F-Secure make it more surprising for parents to determine Internet access hours.

CA, McAfee, Symantec, Panda, and Trend Micro both provide privacy control to prevent sensitive information such as credit card information left on the computer, but they are too "cautious". at a high setting. For example, setting the highest level of security in Symantec products will always trigger an alarm when a website requests cookies on the test system, even those with good reputation like New York Times and pcworld. .com, by default, these cookies are not considered high-risk.

Other interesting features: McAfee, Panda, Symantec and Zone Labs check IM applications to detect attachments (Microsoft only scans on MSN Messenger). Panda, Trend Micro and Zone Labs warned users to have illegal Wi-Fi connections (McAfee also offers a Wi-Fi protection product for $ 80).

Some additional features are quite convenient, but others only confuse the interface. Typically, Symantec's centralized controller has a secondary window to monitor the components of the suite. Add a system tray icon that regularly shows active status. It also markets other related products, such as Data Recovery, which shows the "unavailable" status until you purchase and install the SystemWorks utility for $ 50.

PLEASE ISP TO EQUIP SECURITY SOFTWARE

No one is happy to spend money to buy security software, but people understand that the cost is necessary for a secure PC. What many people don't know is that they can use the software for free. Due to the increasing risk of the Internet, large Internet service providers (ISPs) such as AOL and Earthlink provide protection packages for customers.

AOL standard software package

The application called Safety and Security Center includes AOL's anti-spam tool, Internet access control, pop up blocker and anti-phishing tool combined with McAfee's firewall, anti-virus and spyware tools.

AOL's software package has a capacity of 28MB, including many other applications, but for users it works as a unified application, throughout. One of the ways AOL supports customers is to isolate Internet threats from the server, before reaching end users.

EARTHLINK antispyware

EARTHLINK also made an effort to create a security application all in one and so they bought Aluria - antispyware software company - last year. Currently, EARTHLINK provides free Protection Control Center software for its customers and charges 5 USD / month to other users. The software has a capacity of 16MB, including applications created by two companies and the Authentium partner antivirus and firewall application.

Why do ISPs bear all the difficulties and costs for security?Simply because they want to make customers happy.

Installation and utility

Picture 7 of Security tool all in one
McAfee does not distinguish between adware and spyware, but collectively referred to as PUP

A product is considered easy to use when simple installation, good organizational configuration options, fast running and clear notification. Microsoft and Trend Micro meet these standards very well but in different ways. Microsoft products are easy to configure because they don't have much to configure! This can make users feel limited. Meanwhile Trend Micro allocates very well the options in the beautiful interface and reasonable structure.

All tested products are smoothly installed and automatically configured. However, with McAfee product, fully install this software, users have to restart the computer 5 times and create an account (username / password). A dialog box asking users to receive virus information and promotional information from McAfee or McAfee's partners. In addition, I could not download the update from Firefox at first, but I had to use IE and allow a temporary pop-up to be opened.

The worst integrated CA product, put 4 icons in the system tray, plus the main interface that is not linked to the Blue Coat controls.

Symantec seems to be the most "talkative", often warning about status and cookies. If you don't like it, you can use F-Secure's product because it has a lot of detailed settings but little information.

Picture 8 of Security tool all in one

 

Picture 9 of Security tool all in one

Picture 10 of Security tool all in one

 

Microsoft Firewall warning about LimeWire operation looks more impressive than cu3a BitDefender.

 

Panda's fastest scanning speed, takes about 6 minutes 39 seconds with 14.7GB files and folders on the test system. Trend Micro finished second, 7 minutes 37 seconds. F-Secure is the slowest, it takes 28 minutes 46 seconds. F-Secure explained that this speed is due to real-time protection and has up to 5 scanning mechanisms for 2 viruses, 1 for spyware, rootkits and 1 smart scan.

In system resource usage check, all products are installed by default and measured on WorldBench 5. Microsoft products load the lightest, increasing the execution time of 9 test applications to about 4% ( "alarm" level is 15%). Aluria consumes the most resources, doubling the execution time of ACDSee PowerPack and Windows Media Encoder. BitDefender followed MS Office 2002 by 22% and Mozilla by 69%.

Alert users when there are suspicious signs, Microsoft's firewall gives detailed information from the name to the path of the application that wants to access the Internet. BitDefender grants virus information more clearly in the firewall. McAfee offers a vague concept, PUP (potentially unwanted program), to classify adware or spyware. For detailed information about announcements for each product, read it at find.pcworld.com/53488.

In general, even the highly rated products from Symantec and McAfee do not perform well at all tasks. For some "fastidious" and experienced people, they may still want to combine and choose the best components from security packages. But for the majority of users, the convenience of security software package does not match.

10 TIPS FOR OPERATING THE SECURITY SOFTWARE

Installing and running a fully functional security software package is not easy, especially including replacing one of its products with another company's products. Below are the installation and maintenance instructions gathered from many security vendors.

1. Remove old anti-virus software from PC : You should only run 1 anti-virus layer on 1 computer. Completely remove the old one, restart the computer before installing another one. In addition, Microsoft firewall should be turned off when using another company's firewall, however, some products will suggest that you turn off the default firewall at installation time.

2. Check the health status of your hard disk : It is best to run Windows Chkdsk utility several times before proceeding to remove or repair problems with your hard disk. Press start> run, type chkdsk, click OK.

3. Update the latest Windows patches : run the Windows update application to make sure your system is fully updated before installing security software, even these security software users must update regularly.

4. Prepare information : in the situation where you call support from the vendor, it should be written on the date of installation, product number (serial number) and support phone number.

5. Run an additional antispyware software : If you want, you can run a separate antispyware utility along with the security suite, but be careful when scheduling the system to scan and make sure that only one program detects Search as well as update at a time.

6. Networking : usually computers connect to the network using VPN and have their own settings. If after installing the security software, the computer crashes when restarting, disconnect the network. After a successful reboot, connect to the network again and let the application set up your firewall configuration (most products have a wizard).

7. Handling printing and file sharing : firewalls often have a pre-set configuration to use file and print sharing services in the network. Otherwise, you must manually create the firewall to instruct TCP traffic to exit port 1023 and enter port 139.

8. Record unusual cases : if a product has a special problem - such as an error message or a warning about malicious intent - accurately record the entire message, even capture whole screen.

9. Sending suspicious files : If you see suspicious files or e-mails, don't open it and find out for yourself. Please send them to the company that provides the product, but must ensure that the process is correct.

10. Keep up to date : this is not an exaggeration of the problem.Security software is more effective when it is updated and additional updates are usually not provided when the user registration period is no longer valid.When a year is used, don't forget to register or replace other security software.

Hai Pham
PC World USA 7/2006

Update 26 May 2019
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile