Review: Five Security Suites You May Not Know About

It seems everywhere we turn when it comes to information technology the topic sooner or later always turns to computer security. As mentioned below in this Review published on November 7, 2007 by InformationWeek, Norton and McAfee still dominate this field. The Review as posted consists of a major part of a piece writen by Serdar Yegulap. It does not however include many useful graphics included with the original piece. To see the entire article, including graphics, you will need to click on the URL listed below:

“While big-name security suites such as Norton and McAfee dominate the market, there are others out there that may be just as good — or better. We look at five alternative security suites.”

By Serdar Yegulalp, InformationWeek
Nov. 7, 2007

Security Suites

• Introduction
Name a security suite, and most of what comes to mind are big names: Symantec, PC-cillin, McAfee. Maybe Kaspersky or Grisoft AVG. But there’s a whole slew of other system-protection suites out there that are either quite new or not as well known, and which deserve a closer look.

We’ve assembled a survey of five system-protection / antivirus productions that aren’t as widely known (Dr.Web, TrustPort), or that come from companies known mainly for other products (Microsoft, ESET, Check Point Software). We looked at the total scope of each program — what it covered, what it didn’t, and how it implemented its particular features. Not every security product is going to intercept the same range of threats or handle really outlandish behaviors (like null byte obfuscation), and so the sheer range of features, even within roughly the same price points, was eye-opening.

Each of the products listed here also has been tested by the AV-comparatives testing firm, which performs regular assays of many popular and lesser-known antivirus products and reports back on the results. The most recent set of tests was conducted back in August 2007 and so may not reflect on the detection quality of the most recent versions of each application, but will give a good idea of how tight their overall detection is.

If you’re curious about whether or not the feature mix or performance impact from a given program will suit you, every program listed here has a fully functional trial or evaluation version. Grab a copy, make a quick data backup (you are doing that regularly, right?), set a System Restore point, and see for yourself.

Dr.Web Antivirus for Windows

The charmingly-named Dr.Web sports only two protections — antivirus and anti-spam — with the antivirus portion of the product being the more versatile of the two.

The three core applications are the antivirus engine, the mail-scanning engine, and a task scheduler. Many common program options are available by right-clicking the tray icons, so you don’t need to drill down through the program’s configuration menus as much as you might for some other apps of this kind. Each program’s defaults seem to be decent for everyday use: by default, Dr.Web’s protection traps pretty much all file creation and access actions, including anything downloaded from the Web.

The program’s creators claim they employ an intelligent scanning engine that doesn’t need to constantly rescan the same files. Malware, adware, and hacking tools are all broken out into their own categories, so each can be handled differently from the other if you’re inclined to do so. Each type of threat can be given a default action and a “what to do if this fails” action — for instance, a virus could be defaulted to “move to quarantine,” with “block” as the fallback action in case the virus can’t be moved. I’ve long been in favor of regarding malware/adware as viruses, but it’s nice to have this added degree of flexibility in case for some reason you need to have a given piece of adware running.

Dr.Web Antivirus for Windows Doctor Web Ltd.
$40 for 1 PC/year

Archive scanning is turned off by default, with the justification for this being that it slows down scanning without substantially increasing security. Ditto scanning e-mail archives (although it’s not clear from the documentation which e-mail applications are supported), again on the grounds that it will slow the system down without really making things any safer. Specific directories and files also can be set to be excluded by default from scanning, if you need to, and it’s also possible to selectively suppress scanning of objects on the local network and on removable drives. The scanning engine also can be configured to send e-mails or notifications if something is detected — useful if you’re administering multiple desktops, but maybe not as important for an individual user.

There are some other things about the program, aside from its relatively limited scope of protection, that also are irritating. For one, the program populates the system tray with three icons: one for the e-mail subsystem, one for the antivirus system itself, and one for the program’s task scheduler. It’s not clear why they use their own scheduler instead of Windows’s native scheduler. Also, the anti-spam system is even less configurable than TrustPort’s anti-spam system — for one, there’s no visible way to even control the sensitivity of the spam filter. It’s possible to change how it stamps messages suspected of being spam, though: by default the message subject is prefixed with “[SPAM],” but you can change that as needed. What’s unforgivably primitive is the whitelist/blacklist function, which is nothing but a pair of text boxes. Being able to point to an e-mail client’s address book or having some other mechanism that’s a little more flexible would help.

In sum, Dr.Web is limited in scope, if efficient in its protection. If you eventually decide you need broader coverage, though, you will probably have to go to an entirely different application, unless Dr.Web is significantly expanded in future revisions.

ESET Smart Security

ESET Smart Security is a protection suite from the folks who gave us the NOD32 antivirus product. NOD32’s been around for a while now and gets high accolades from people who use it, but this is ESET’s first attempt at building a whole suite of protection, with NOD32’s antivirus protection as part of that.

The installation process gives you the option of simply accepting all the program’s defaults or allowing some degree of expert option-setting (which always can be done later, too). I chose to use the “simple” setting at first, just to see how well the program behaved. The only real decision I had to make was whether to allow file sharing for my computer in my local network, something the program advertised as being best for wireless connections.

The program’s protection consists of a real-time file-system and Internet monitor, scans for Microsoft Office documents and Outlook e-mail, and a number of peripheral threat-detection technologies (the “ThreatSense Scanning Engine”). ESET only announces its presence when there’s something newsworthy, like the interception of a virus in a user download. Most of the time it runs silently; by default, the virus signature database updates itself quietly in the background without user prompting. The program’s tray icon can pop up a notification balloon to tell you that a new set of definitions or program updates have been applied. Scans initiated from a right-click context menu can be run in the foreground or sent to the system tray to run silently in the background.

ESET Smart Security ESET LLC $59.99 for 1 PC/year

The mail scanner checks both incoming and outgoing messages and also scans Outlook mail (cleaning and moving any infected messages to their own folder). The mail module also includes a few other options to make handling Outlook e-mail that much easier: e-mail bodies can be converted to plain text by default, and you can elect to have any already-scanned e-mail rescanned by default after a signature update. Sadly, the anti-spam module doesn’t give you very detailed control over how messages are classified, but it does intelligently detect mail sent from people in your address book as being good, and also automatically whitelists recipients to whom you reply.

If you’re not using Outlook, NOD32 also can scan whatever port is used for POP3 traffic (110 by default; it’s editable). You also can set the level of modification made to inbound e-mail depending on what your e-mail client can handle. The default setting is maximum efficiency, so only people using an older e-mail client (older than three years, say) might need to tinker with this setting.

Anything downloaded from the Web is automatically scanned. An advanced user also can configure ESET to scan traffic from different Web clients using one of two modes: passive, for higher compatibility; or active, for more effective filtering. I tried both modes and noticed little, if any, difference in speed or behavior. Finally, you can whitelist or blacklist HTTP addresses (i.e., pre-emptively designate given sites as “good” or “bad”), and ESET lets you feed in a plain text file to define those lists rather than just punch them in by hand.

The firewall’s default protections are entirely automatic. I didn’t have to touch much of anything to do my usual Web browsing or to work with applications that needed the network. Aside from automatic mode, the firewall also can work in interactive mode, where program behaviors that aren’t already covered by existing rules can have rules generated for them based on user feedback, or policy-based mode, where behaviors not covered by a predefined rule are automatically blocked. You also can define network zones, where anything in a given zone (such as your LAN) is handled with an assumed level of trust.

If you’ve already used the NOD32 products before, ESET Smart Security makes for a good step up to something more comprehensive. And if you haven’t used ESET’s products before, you’re liable to be impressed: the whole suite runs with the same quiet efficiency that NOD32 itself did.

Microsoft Windows Live OneCare 1.6

“Disappointing” is one of the nicer words people have used to describe Microsoft’s Windows Live OneCare. Part of me wonders if this is Microsoft deliberately holding back a bit to avoid antitrust accusations and incurring further legal trouble, but that still doesn’t explain the generally lackluster feature mix shown here.

OneCare’s protections consist of an antivirus system, controls for IE 7’s anti-phishing filter, periodic performance tune-ups, and backup and restore functionality. Each one of these things can be subjected to strong criticisms. The antivirus protection has in the past fared very poorly against other programs; the anti-phishing filter is for IE only (even if other Web browsers do have anti-phishing protection); and the backup and restore functions are limited to data and not bare-metal backup, something third-party programs have been offering for quite some time now. Apart from its antivirus features, it feels like little more than a front end to many existing Windows functions. Perhaps the single best attribute is the fact that it’s available in a 90-day trial version, as opposed to the mere 15 or 30 days that other packages use.

Microsoft Windows Live OneCare 1.6 Microsoft $49.95 for 3 PCs/year

When tested against other antivirus products in the AV-comparatives test back in August 2007, OneCare’s protection was only ranked as “standard” — trapping 90.3% of 800+ pieces of in-the-wild malware (which is on the lower end of the scale of tested products). On the plus side, OneCare’s detection system was pretty scrupulous: when I performed an on-demand scan of a known-bad item, OneCare took the time to perform a quick inspection of the rest of the system. ‘ This prolonged the scan a bit more than usual (and I would have liked to see some feedback to that effect), but as an additional protective measure it makes a fair amount of sense.

The system-optimization functions, referred to here as “Performance Plus,” run in five phases: removing unneeded files (such as the clutter that builds up in temp directories), defragmenting the hard disk, running a virus scan, checking for what files need to be backed up, and obtaining high-priority security updates from Microsoft. Nominally all this can be run on a schedule — it’s set by default to run every four weeks — but you can always run the cleanup cycle on demand if you need to.

The backup utility is somewhat like a scaled-down version of the backup utility found in Windows Vista, which is a way of saying it’s simple, if sometimes also a little too simple. When invoked, it scans for certain file types and includes them in the backup set by default, but you’re also allowed to manually specify additional directories or files that aren’t automatically chosen by OneCare’s preprogrammed backup criteria. The results are saved in a folder labeled “Windows OneCare Backup,” so they’re difficult to mistake for anything else, and you can always run the backups on demand if you don’t want to wait for the program to decide you need it.

The backup repositories themselves can be written to CD/DVD drives, an external or alternate hard drive, or a network share, but unfortunately no provision is offered within the OneCare product itself for remote network backup (as per what services like Mozy offer). Also, the scope of the backup is limited to personal data — you can’t back up the OS or the system state and restore it from bare metal. This feature has been persistently missing from just about every version of Windows, and only really provided in any form by third-party programs (barring the full-system backup-and-restore available in the higher-priced SKUs of Vista). I just find it irritating that Microsoft isn’t even selling the ability to do this through its own system-protection tool.

OneCare’s other major feature is anti-phishing controls — for IE only, which in practice means no real added functionality. (If you habitually run another browser, you’ll be left with whatever anti-phishing technology they provide, if any.) There’s a sprinkling of other reasonably useful tools scattered throughout OneCare, such as the Firewall Connection Tool — a convenient little menu for setting up firewall rules based on what you’re trying to do (e.g., “File and Printer Sharing,” or “Connect my Xbox 360 to my Media Center PC”). But compared with what else is out there at roughly the same prices, OneCare is still way too thin an offering — even if it does protect three PCs for $50 a year.

TrustPort Workstation

TrustPort Workstation sports an interesting mix of system-protection tools — aside from the usual stuff like antivirus, anti-spam, and firewall, there’s a virtual encrypted disk utility, digital signatures for e-mail, and data-shredding tools.

The antivirus portion of TrustPort has one immediately unique feature: the ability to use multiple antivirus scanning engines, as licensed by the manufacturer. By default the Norman (not Norton!) antivirus engine is installed, but others can be licensed and added if needed. You optionally can use “sandbox” on-demand scanning, which adds further protection, but at the cost of performance (it’s off by default). If you attempt to download an infected file through an HTTP connection, regardless of what browser you’re using, you’ll be redirected to a page that says “Virus infection found” with details about the virus. Viruses intercepted during a file-copying operation throw up an “Infection found / Access denied!” dialog which closes automatically after 30 seconds.

TrustPort Workstation AEC $55 for 1 license/year

TrustPort also scans incoming e-mail on port 110 for viruses, independent of whatever e-mail client you’re using. The mail scanner also includes an anti-spam engine, which adds an “X-Spam-Found” header to the message, but if you’re already running a client that has its own spam controls, you can shut this off. The anti-spam engine has a blacklist/whitelist function, but there doesn’t appear to be an easy way to add entries to either list. (It would be nice to have some way to integrate an external address book with this function.)

The firewall’s not as immediately user-friendly as, say, ZoneAlarm’s firewall; you need to dig into it a bit if you want to customize it beyond the most basic behaviors. You can define application-specific rules, for instance, but only by hand — there doesn’t appear to be any learning mechanism for applications that ask for network access. The default rules seem to be decently well-constructed, though, and you can always edit them or revert to the factory settings without too much trouble. A small clutch of network utilities — like a geographic ping tool, and a network-traffic monitor — help round things out nicely. (The presence and design of these tools is to me another hint that the suite as a whole is meant more for professionals than end users.)

TrustPort’s encryption tools are a mini-suite unto themselves. You can create encrypted file archives; sign, encrypt, and decrypt files using public/private key pairs; and create encrypted virtual disks. The latter is essentially what’s available in the third-party open-source freeware program TrueCrypt (which I’ve evaluated before), and the implementation here is similar — the virtual disk is just a file which can be stored anywhere, and is encrypted with your choice of algorithm and password. When mounted, it behaves just like a regular drive, except that all data copied to it is encrypted on the fly. The data shredder, too, is not functionally all that different from freeware programs that do the same thing, but it’s handy to have around.

The whole feature mix for TrustPort — and its price tag ($55 for one machine/year) — makes it feel like it’s aimed more at professionals than regular users. But that same feature mix may make it that much more appealing to a user with a more professional bent.

ZoneAlarm Internet Security Suite

The ZoneAlarm product used to just be a firewall, not a security suite that includes anti-virus, spam protection, and a host of other features. The original ZoneAlarm firewall-only product is still available in various iterations (including a simplified free version), but ZoneAlarm’s creators also publish ZoneAlarm Internet Security Suite. It’s a firewall plus it has antivirus, e-mail protection, and privacy and parental controls, and a number of other things, all available in a fully-functional 15-day trial version.

ZoneAlarm’s firewall remains outwardly familiar to anyone who’s used the product before, although over several revisions it has gained various refinements to its functionality. In the default security mode, it spends 21 days learning about what applications you use, and then automatically switches over to the high-security mode (which can be manually overridden if you like). This also reduces the number of false alarms you might get. Apps that have binaries that change frequently also can be tagged by the user to keep from generating more false alarms. One adjunct to the firewall is the “OSFirewall,” which guards against applications changing key system settings, such as which programs load at startup. In high-security mode, any programs that try to do this will be flagged by ZoneAlarm for your explicit approval.

Most security suites now treat viruses and spyware as the same sort of threat; ZA is no exception. To further guard against spyware, ZA can block specific Web sites that attempt to install something malicious, and the user can always single out specific programs or sites to be exempted from such treatment. ZA’s e-mail scanning works with any POP3/SMTP mail client, although its spam filter only works with Outlook and Outlook Express, which is a little disappointing. The spam filter itself is fairly flexible and configurable, although it includes a few features I don’t see many people bothering with — like the “challenge” function, which responds to suspect e-mails with a message asking the sender to confirm they’re a human being. (Does anyone even use this sort of thing anymore?)

Another major feature ZoneAlarm boasts is personal data security. The program’s encrypted “myVAULT” lets you store things like credit card information or other personal data that you don’t want transmitted over the Web in the clear. Known-good sites such as eBay and PayPal (which are preconfigured) can be exempted from this. My only problem with this particular feature is that you have to manually punch in the data to be protected — which some people may simply not bother with — but I doubt there’s any feasible way to trap those sorts of things automatically. I also liked many of the little features scattered through ZA: “Game Mode,” activated by right-clicking the tray icon, silences all alerts with either an automatic allow or deny response so the user can run games or other full-screen activities without being interrupted.

The IM security module also lets you block IRC connections if desired, and add a layer of encryption to IM communications. The parental-control system uses a predefined category list to let you choose what to block, but it doesn’t allow much fine-grained control: you can’t block everything and then selectively unblock certain sites, which seriously limits its usefulness.

My single biggest complaint with the program centers around several aspects of its performance. The program took several seconds to kick in and allow user interaction after a logon, and the program’s own UI would sometimes become unresponsive. Calling up the main overview pane sometimes takes several seconds to render; ditto some of the informational screens (like the safe applications list).

There’s one thing that I can’t deny about ZoneAlarm: the price is excellent. A year’s protection for a single PC is $49.95, but you can buy protection for three computers for $59.95 — perfect for households or small workgroups.

Contact Information