New model security suites typically arrive in the autumn, along with new model cars. In truth, most of this year's updates made their appearance before autumn officially began, but several more have popped up since that time. The most promising of those new entries is McAfee Total Protection 2011, with very good spam protection and virus blocking that doesn't drag down system performance. It'll still be a while before we can compare new versions of ZoneAlarm Extreme Security or Norton 360 with this bunch, but read on to see which are the best security suites for 2011 (so far).
Firewalls Ancient and Modern
The personal firewall component is an essential suite element. Without a firewall you've got nothing but an antivirus with benefits. I expect a firewall to protect against outside attack, prevent network abuse by local processes, detect and prevent malicious exploits, and stand up to direct attack by malware.
Windows Firewall, especially in Windows Vista and Windows 7, does a great job stealthing ports and protecting against outside attack. In fact, Trend Micro Titanium Maximum Security 2011 avoids duplication of effort and simply relies on Windows Firewall for network protection. A firewall that can't match what's built into Windows is a flop. Sadly, that describes the firewall component of TrustPort Total Protection 2011. The company explained that it's not possible to stealth all ports. Apparently the competition didn't get that news; all the other products succeeded in this impossible task.
I always try to disable a firewall using simple techniques that could be coded into a malicious program. I try to kill important processes using Task Manager, I look for an "OFF" switch in the Registry, and I attempt to disable essential services. Most of the products resist these attacks, but PC Tools Internet Security 2011, Panda Internet Security 2011, and Ad-Aware Total Security 1.0 succumbed to the attack on their services, as did TrustPort and AVG Internet Security 2011.
The earliest personal firewalls baffled users with a blizzard of incomprehensible popups asking whether a certain program should be granted a certain type of network access. Nearly all of these suites avoid some popups by automatically granting access for known good programs, but some of them actually cut down on security to further limit popups. They may simply allow all outbound network connections, give a free pass to any digitally signed application, or use a "training mode" that assumes all programs already present on the PC are to be trusted.
Others go the opposite direction, blasting out warnings about all kinds of behavioral events. Webroot Internet Security Complete 2011 and PC Tools generated a ton of popups for both malicious and valid programs.
The most intelligent modern firewalls take full responsibility for security decisions rather than foisting them off to the whim of an uninformed user. Norton Internet Security 2011 uses statistical and behavioral analysis to prevent misbehavior by unknown programs. Kaspersky Internet Security 2011 assigns varying levels of trust to keep unknown programs from doing any permanent damage.
Kaspersky and Norton also handle malicious web based exploits better than the rest. Even when the underlying system is fully patched and hence not actually vulnerable they actively block and identify exploit-type attacks. None of the others come close to these two in firewall protection.
Virus Cleanup Variations
Some users blithely bumble along without protection until they get hit by a visible malware attack. They dash out in a frenzy to buy and install a security solution, expecting a quick end to the problem. After that the emphasis changes to preventing further infestations, but a product that flubs the initial cleanup will get returned pronto.
Remember, the malware settled into the system first, and sometimes it actively fights installation of security software. When malware resisted Norton's installation the built-in support notified me, then fixed itself; nice! BullGuard Internet Security Suite 10 also offers built-in support, but getting past malware resistance required hours of live-chat and remote-control support with agents who eventually resorted to third party tools for cleanup. Installation help from McAfee came in the form of a two-hour phone call, ending in eventual success.
A similar problem with Ad-Aware yielded to the company's boot-time rescue CD. However, rescue CDs and extra-powered cleanup tools weren't enough to get F-Secure Internet Security 2011 and PC Tools installed on all my test systems. Those two required substantial interaction with tech support, more than a consumer would have endured.
Kaspersky, F-Secure and Norton generally score high with the independent testing labs. So do AVG, PC Tools and Panda. Trend Micro's performance in my own malware removal tests was unexpectedly awful, saved only by its inclusion of Trend Micro's Housecall cleanup tool. F-Secure users have a choice of automatic cleanup (which ignores lower-risk threats) or a convoluted multi-phase manual process.
In my own malware removal tests Norton took the overall top score, with PC Tools close behind. Webroot did a nice job removing keyloggers, rootkits, and scareware but didn't score quite as high overall.
Guarding Against Attack
Removing a virus that is actively fighting back can tough. Keeping that same threat from installing in the first place should be much easier. Even so, results varied quite a bit in my tests. Trend Micro promised a strong focus on blocking zero-day threats but flopped against my older collection. Outpost Security Suite Pro 7.0 turned in the next lowest score for malware blocking. One rootkit managed to install and stay installed despite F-Secure's active attempts to keep it out.
Preventing malicious downloads is one early line of defense. Several of the suites include a browser tool that blocks access to known bad sites and adds rating icons to flag dangerous links in search results. AVG's LinkScanner and McAfee's SiteAdvisor offer a page with full details of any site's rating, as do Norton and PC Tools. F-Secure, BullGuard, Trend Micro and Webroot mark up links without offering details.
Of these suites Webroot did the best overall job blocking malware, followed closely by McAfee; PC Tools outscored every other contender in rootkit blocking.
No comments:
Post a Comment