While all security suites offer roughly the same functionality, their ability to
protect your PC varies tremendously. Robert Vamosi looks at which internet-security suites you can trust Online attackers have created more malware in the past year than in the previous 20 years combined. So it stands to reason that you can no longer rely solely on traditional definition-based antivirus software and firewalls. Behavioural analysis, which detects malware based on how it acts, and improved detection methods have both made their way into the latest internet-security suites. Behavioural analysis has proved successful in catching new threats that security vendors have yet to make definitions. Many suites feature cloud-based components, which compare questionable programs and files against online databases. Almost all the security suites we test here also include some form of rootkit repellent. Rootkits are a type of stealth malware used to hide infections and have gradually become more commonplace. Together, these changes mean security suites are able to detect and block malware faster than ever. Nonetheless, we found significant differences in how well security suites protect your PC. Norton took the top ranking, owing to its strong overall malware detection. Kaspersky came a close second. AVG bagged third place for its malware detection and speedy system performance, while there was little difference between Avast, BitDefender, McAfee, Panda and PC Tools, all of which turned in very good performances. As always, we called on the services of security lab AV-Test ( av-test.org) to perform real-world benchmarks of how each internet-security suite deals with the latest web threats. AV-Test looked at traditional signature-based detection, and also at how well the suites cleaned infections, removed rootkits and detected malware based on behavioural analysis. We also took into account the impact a security program has on the operation of a PC. If it slows your system to a crawl, you may be tempted to dump it for something less effective or turn it off altogether - a dangerous move. A battery of tests were used to measure drag: changes in boot times, application launch times and the time to create or open a batch of documents, among other tests, both with and without the security suites running. All the suites had antivirus, antispyware and antispam components, plus a firewall. Some, such as PC Tools, offered little beyond these core functions. The rest offered extra capabilities, such as parental controls, online backup and browser protection. Here's our rundown of the top 10. Avast 5.0 Internet Security ukp49 (3 users; 1-year licence) avast.com Avast 5.0 Internet Security offers all the basic PC-protection features and does a reasonable job at traditional malware detection. It's also fast. But it fell short at detecting new threats and lacks some extra features. The interface has a clean, sophisticated look and is easy to use, yet it also makes you work a bit: you must tell it how to proceed every time it finds an infection and you can't proceed with the scan until you attend to the alert message. Avast detected all infected files and Registry entries and disabled 93 percent of the infections. But it removed all traces of malware in only a third of cases. It found and disabled all rootkit samples, but completely removed only 60 percent. This was the worst rootkit removal score of all the suites here. Avast's firewall works in a similar way to the Windows firewall, asking you to designate each network as Home, Work or Public. The Public setting blocks the most traffic, while the Home setting allows more traffic to come in. Work, a middle ground, is the default. The antispam function labels suspected junk with '***SPAM***' in the subject line. It integrates with Microsoft Outlook and some email clients, and can scan web-based email clients such as Gmail. In behavioural detection, Avast detected, disabled and removed only about 27 percent of samples. In signature-based detection, Avast demonstrated a respectable 96.5 percent detection rate. Avast was the top performer overall in our system speed tests and near the top in scanning speed. VERDICT: Avast Internet Security offers good basic protection, being both speedy and easy to use. For all its classiness, however, we were disappointed by its shortcomings when it came to detecting new threats. AVG Internet Security 9.0 ukp47 inc VAT (3 users; 1-year licence) avg.com AVG usually sells its solid Internet Security suite for ukp37 per user per year but, at press time, it was offering protection for three PCs for ukp47. We rate AVG Internet Security 9.0 highly, as it provides strong malware detection and disinfection. However, it could be easier to use: its icon-based feature labelling isn't as clear as it could be and we found it hard to locate the tools we needed. Performing impressively in our tests, AVG detected 93 percent of malware infections and disabled 87 percent of these samples. It could fully remove only 27 percent of them, though. All inactive and active rootkits were identified and 87 percent of them removed - a figure that was about average for the group. It earned a perfect score for detecting and disabling infections in behavioural analysis tests. It also managed to remove 93 percent of malware we threw at the suite. Another notable inclusion in the AVG suite is LinkScanner, a tool that looks for and scrubs malicious content from websites before it hits your browser. This is slightly different from McAfee's Site Advisor, which identifies and blocks malicious sites. Linkscanner lets you view the questionable sites, but it still blocks the malware. Using traditional signatures, AVG detected 95 percent of malware - not a bad score, but the top performer detected 99.9 percent. AVG took a couple of seconds longer than average to boot up. Its impact on overall system performance was slight, but scan speeds were a bit slow. It took 6 mins 5 secs to scan a 4.5GB file when we opened it. VERDICT: A strong behavioural analysis tool and the ability to root out and neutralise most malware make AVG one of the best suites on offer. Single-user licences are relatively expensive, but if you need to protect several PCs, you can bag a great deal. BitDefender Internet Security ukp29 inc VAT (3 users; 1-year licence) bitdefender.co.uk BitDefender provides solid protection at an appealing price, and it has a fresh new interface that allows you to choose how much or how little information you see. The basic display has three large icons and simple text; an intermediate design shows more detail; while a third lets advanced users fine-tune many of the settings. Colour status indicators make it easy to see at a glance whether your PC is protected. BitDefender was effective at detecting and disabling active infections. It found all infected files and Registry entries and disabled 93 percent, but it completely removed only 40 percent. It detected 97 percent of active and inactive rootkits, disabled 93 percent of active ones and fully removed 87 percent. It wasn't uniformly impressive, though. BitDefender wasn't great at detecting and blocking malware based on behavioural analysis, detecting 80 percent of test samples, blocking 40 percent and removing only six percent. It did better at signature-based detection, finding 96 percent. The suite did well in our performance-impact tests, but it isn't one of the most efficient. Our test PC booted up quickly, with BitDefender improving on the average startup time by roughly 3.5 secs, for a total of 43.46 secs. Scan speeds were around average; it took just over 4 mins to scan 4.5GB of data in our on-access test. BitDefender's technical support is emailbased and we found its searchable online knowledge base limited in scope. We also found the program's firewall rather too keen. VERDICT: The new, user-definable interface is a welcome change to BitDefender, while the suite has a very attractive price tag. Given the preponderance of threats and their ability to mutate, however, we were concerned by this program's behaviour-based score. Kaspersky Internet Security 2010 ukp69 inc VAT (3 users; 1-year licence) kaspersky.co.uk Kaspersky earned high scores for its strong malware detection, efficient performance and well-designed interface. Kaspersky's screens are informative without being overwhelming. The main window includes a left pane for navigation and a right pane showing your options. Features are organised by general topics, such as My Protection, My Security Zone, Scan My Computer and My Update Center. The program proved adept at detecting active malware infections. It detected all malware samples and disabled 87 percent, but removed all files for only 47 percent of infections. This was about average for the group. Kaspersky, along with McAfee, found and removed all active rootkits. It was above average in detecting and disinfecting malware in behavioural scanning, finding 87 percent of samples, disabling 73 percent and removing 60 percent. Signature-based detection was another strong area for Kaspersky, with a detection rate of 97.4 percent. Even so, this impressive result was bettered elsewhere. Kaspersky's impact on everyday PC performance is minimal. It beat the average startup time by 3.5 secs and the suite took 4 mins 48 secs to scan 4.5GB in our on-access test. However, its new Safe Run mode hampers the host PC's performance. VERDICT: Kaspersky earns a Recommended award with a strong feature list. But it costs appreciably more than the other suites here. McAfee Internet Security 2010 ukp43 inc VAT (3 users; 1-year licence) mcafee.com McAfee Internet Security does a good job of detecting malware, and its combination of a fresh interface and useful features will appeal to many users. However, its tendency to slow down the PC it's there to protect is a concern. The suite's redesigned interface is intuitive but unusual. Sections are called drawers; click on a section and the drawer opens to reveal the settings and status of each component. The top portion remains fixed, offering a static overview of the entire product. McAfee proved effective at cleaning up active infections; it detected all test infections, disabled 87 percent and completely removed 47 percent. It also did well in behavioural detection, detecting 87 percent, blocking 73 percent and removing 60 percent of samples. McAfee tied with Kaspersky as the leader in rootkit detection, earning a perfect score for both detection and removal. As for old-style signature-based detection of malware, McAfee's performance was the best of all the suites we reviewed, with a 99.9 percent detection rate. This suite made for somewhat longer boot times on our test machine. And McAfee had the slowest on-access scan speed: it took more than 9 mins to scan 4.5GB of data. VERDICT: One of the best-known security brands, McAfee does a decent job of protecting a PC from harm, but its services come at the expense of system performance. Norton Internet Security ukp49 inc VAT (3 users; 1-year licence) symantec.com/en/uk Norton has a comprehensive set of features, top-notch malware detection and fair speed. It was one of the top performers in detecting and cleaning up active malware infections and earned itself our Best Buy award. Norton found all the dangerous software, disabled 93 percent of it and removed all traces of two thirds of it. It detected 93 percent of inactive rootkits and detected and removed all active rootkits. In fact, our main criticism is of its interface, which is nicely laid out but hard to read, with orange text on a black background. The left panel displays a CPU performance gauge, the middle column has sections labelled Computer, Network and Web, while configuration options are on the right. Norton impressed us with its ability to detect, disable and remove every instance of malware we threw at it using its behavioural scanner - a stunning result. When it came to malware detection based on old-style signature-based tests, it found 98.4 percent of samples - a figure beaten only by McAfee and Panda. Norton took 3.9 secs longer than the average startup time, but we experienced minimal drag in day-to-day operations. Scan speeds were decent, however, with Norton taking 4 mins 14 secs to scan 4.5GB of data in our on-access test. We didn't take to Norton's use of proprietary names for security technologies such as Quorum, Sonar and Insight. These tags poorly explain their use. Quorum is Symantec's cloud-based detection engine and assigns a reputation to programs based on several factors; Sonar is Symantec's behavioural-detection technology; and Insight provides up-to-the-minute data on malware collected from other users. VERDICT: The protection afforded by Norton Internet Security is second to none. Some elements of its design could be clearer - we'd like Symantec to offer straightforward explanations of its features. Overall, however, Norton is the best product here and easily earns its Best Buy spurs. Panda Internet Security 2010 ukp49 inc VAT (3 users; 1-year licence) pandasoftware.com Panda Internet Security offers all the basic features, and then some. It includes 2GB of online backup space and the ability to protect USB devices. However, its interface is more complicated than it needs to be, using multiple combinations of both tabs and grouped items. Configuration settings are easy to navigate, however. More importantly, Panda's detection of unknown malware falls a little short: its behavioural detection of new threats was unimpressive. It found 73 percent of our samples, blocked 53 percent and removed 33 percent. Conversely, when asked to detect malware using traditional signature files, Panda gave the second-best showing, with a 99.8 percent detection rate. This result was just a hair behind the leader, McAfee. Panda found all active infections on our test PC and rendered 93 percent of infections inert. It completely removed all files and Registry changes for 33 percent of infections - a lower figure than we'd like. Panda also detected 93 percent of active rootkits and 80 percent of inactive ones. It was able to completely remove only 87 percent of this stealthy malware, whereas the top performers in this regard, McAfee and Kaspersky, were able to detect and remove all rootkits. The antispam feature adds a toolbar and a spam folder to Outlook and Outlook Express. Its backup feature can grab documents based on their file type or from selected folders or drives, and you can back up to Panda's online service. The parental controls require an account for each individual; by logging in, you activate the security set for that individual. Panda slowed down boot times more than any other suite here; our test PC took 54.68 secs to boot up with Panda's suite installed. It had minimal drag on ordinary operations, but scan speeds were significantly slower than average; Panda took 5 mins 30 secs to complete our on-access scan test. VERDICT: Panda's interface needs some work and its detection of new malware doesn't keep pace with the top performers. However, its parental controls and USB drive scanners are welcome additions to what is a middle-ranking internet security suite. PC Tools Internet Security ukp49 inc VAT (3 users; 1-year licence) ukp29 inc VAT instore at PC World pctools.co.uk PC Tools Internet Security is a barebones suite with strong malware detection, but it lacks the parental controls and online backup features of comparable suites. The interface is geared up for the average consumer and the dashboard is straightforward to navigate. More advanced users may find the simple interface constraining, however. PC Tools, now owned by Symantec, detected and disabled all active infections and also removed 60 percent of active malware - a better rate than that of most of the suites here. PC Tools also produced fairly strong scores for rootkit detection; it detected all inactive and active rootkit samples, and removed 87 percent of samples. Although a strong showing, other suites equalled it and Norton, Kaspersky and McAfee beat it. We were impressed by the respectable 93 percent score PC Tools racked up when it came to detecting, blocking and removing unknown malware. In signature-based malware detection, it caught more than 96.3 percent of samples. We were pleased to see that having PC Tools installed didn't weigh down our test machine. Our PC took 43.1 secs to boot, several seconds faster than the average. We found applications a mite slow to launch and software took a bit longer to install than it would otherwise, but in day-to-day use we noticed little impact on how the computer performed with PC Tools protecting it. Curiously, the suite's on-access scanner was the fastest, scanning 4.5GB of data in under 3 mins. However, its on-demand scanner was by far the slowest. VERDICT: PC Tools pairs some strong malware detection and disabling abilities with a good price and an easy-to-use interface. This makes it ideal for users who are happy to stick to the basics. Its on-demand scanning is slower than it ought to be, however, and it doesn't offer many customisation options. Trend Micro Internet Security Pro ukp49 inc VAT (3 users; 1-year licence) uk.trendmicro.com Trend Micro offers a competitive and complete package for internet security, but its malware detection lags somewhat. Its interface is easy to read and use and, while the configuration options can get quite advanced, first-time users will find the defaults sufficient. Trend Micro found all the active malware infections on our test PC and disabled 87 percent. It completely removed 47 percent. The suite was strong at detecting rootkits, but it was a little behind the pack at removing them. It detected all inactive rootkits and 93 percent of active rootkits, and it removed 73 percent of the samples, versus the average of 87 percent. Trend Micro also put in an average performance for detection and disinfection through behavioural scanning, detecting 93 percent of samples, blocking only 60 percent and removing 40 percent. Trend Micro was the worst of the group at signature-based malware detection, catching 89.4 percent of samples. On average, the internet-security suites in this group test were able to detect between 96 and 97 percent of samples. The suite's impact on system performance was mixed. Our test PC started up in 42.4 secs - about 4.5 secs faster than the average boot time. We saw little drag in the PC's daily operations. On-access scans were much slower than average, however; Trend Micro Internet Security Pro scanned 4.5GB of data in 7 mins 26 secs. Trend Micro includes a full range of technical support options with how-to videos, a searchable knowledge base, and PDF manuals for download. Free email, chat and telephone support is available during business hours. The Pro version also includes Wi-Fi hotspot authentication and the ability to warn you if a web link you're about to click on is suspicious. VERDICT: Trend Micro Internet Security Pro has plenty of features and is easy to use. However, it falls short of the top contenders at malware detection. It's a decent security suite but is bettered by the rest of the pack. Webroot Internet Security Essentials ukp39 inc VAT (3 users; 1-year licence) webroot.co.uk This suite is in essence Webroot's SpySweeper antivirus/antispyware software with a firewall, an antispam utility, backup software and web browsing protection thrown in. But it lacks the parental controls that are common in other internet-security suites and falls well short when detecting and disinfecting new malware threats. Its interface is generally serviceable, but can be cryptic and unintuitive. Webroot detected and disabled all active malware infections on our test machine and it removed all traces of 60 percent of the samples, an above-average result compared to the rest of the suites. Webroot detected 93 percent of inactive rootkits and all active ones, but removed only 87 percent of rootkit samples. Although it detected all the samples in our behavioural-analysis tests, Webroot blocked only 27 percent of samples and completely removed only 13 percent. In traditional signature detection, it found 96.2 percent of samples. Webroot generally had a low impact on our test system's performance, but bootup time (48.4 secs) was a little on the slow side. However, on two performance tests (repeatedly copying a file and creating a file), Webroot took longer to complete the task than almost any other suite in this round-up. Scan speeds were on the slow side, too: it took 5 mins 34 secs to scan 4.5GB of data in our on-access scan test. Webroot offers free technical support by phone, but only on weekdays from 7am to 6pm. The company also offers PDF versions of the suite's manual online, as well as a video tutorial for the installation process. VERDICT: Webroot Internet Security Essentials provides built-in backups and is competent at detecting and disabling active malware. It's not so adept at spotting new threats, however, and its slow on-demand scans are a drawback. THE PERFORMANCE HIT We included a battery of tests to evaluate how internet-security suites affect your PC's speed. Our testing, conducted by German security lab AV-Test, measured 11 key aspects of a suite's impact on PC performance: boot time, application launch time, file copy operations, application-installation time and more. We also looked at how quickly a suite will scan your PC for viruses and other malware. Avast 5.0 Internet Security had the least impact on system performance, with faster-than-average scores in all tests and very good scan speeds. While top-ranking Norton Internet Security didn't do as well as Avast, it put up very good scores overall, although performance dragged a little more than average in a couple of tests. Norton also had faster-than-average scanning speeds. Another big name, McAfee Internet Security, was one of the weaker performers here. It had a heavier-than-average impact on PC performance in most tests and its on-access scan speed (which simulates how well a suite can scan for malware when files are opened or saved to disk) was the slowest of all the suites we tested. Technical telepathy: 09969636745 Saints are not always saints; sinners are not always sinners. Voice your thoughts in the blog to discuss the Rights of persons with disability bill at: http://www.accessindia.org.in/harish/blog.htm To unsubscribe send a message to [email protected] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
