Security 2006: How suite it is

GCN Lab tests next year's desktop security software today

Teleworking is a great idea. But research indicates that organizations don't necessarily do it, because it means letting a legion of home PCs access the network. And who knows how those home PCs'or systems set up in remote offices'are protected?

Emerging technology is making it possible to control, quarantine and enforce policies on remote systems, but at minimum, these computers should be running an effective security suite.

As you probably know, there are several security software suites aimed at client systems, with each program adding new functionality as the years go by.

These suites fend off viruses, spam and spyware, and include an integrated security center and personal firewall.

But as threats change, so does the software. For instance, Trend Micro's PC-cillin now has built-in wireless intrusion detection.

These suites are generally easy to install and maintain without needing a system administrator. And they do a good job of protecting users from common threats.

The GCN Lab looked at the latest versions of four leading security suites, including the just-released 2006 versions from McAfee Inc., Panda Software USA, Symantec Corp. and Trend Micro Inc. Only Panda's software was shrink-wrapped when we tested it. All others were gold code, meaning they'd been finalized but not yet shipped to end users. All four products are widely available now.

In general, we like our client security software to be exhaustive, but not burdensome. In other words, we'd rather it scan and red-flag too many files than ignore some, but only if it can do so in a timely fashion.

To that end, we like Panda Platinum 2006 Internet Security. Yes, it probably scans thousands of files that don't pose a problem.

And if it did so in an unreasonable amount of time, we'd resent its thoroughness. But the software is quick and ruthless when it comes to rooting out possible problems.

McAfee Internet Security Suite 2006

Pros: Clean, informative interface

Cons: Long scan times, insufficient password security

Performance: C+

Features: A-

Ease of use: A-

Value: A-

The $70 Internet Security Suite from McAfee has one of the cleanest and most informative control panels we've ever seen. You can use it to find out basic information about your system or drill down into a lot of specifics. You can even expand your threat knowledge, tapping McAfee's re-sources to see what worms are rampant in the world and in what countries.

We checked the software's virus map and found there were more than 10,000 known viruses on the attack in the United States, which makes you realize how dangerous things are out there. (Interestingly, the two safest countries in the world, virus-wise, were Chad and Myanmar.)

McAfee also provides access to an extensive hoax database. Hoaxes are among the least discussed types of malicious programs. Everyone has seen them. You get an e-mail forwarded to you from a friend at work saying the new KillMyBroccoli virus is running wild and the only way to stop it is to erase several .DLL files in your root directory.

Moreover, the hoax claims, antivirus programs can't stop the deadly Broccoli virus. Of course the virus is fake, but some people are compelled to hurt their own systems and forward the message to friends. In a sense it is a virus without any actual code. McAfee's hoax database attempts to bust these myths and keep you from getting fooled.

The pop-up information boxes (read: advertisements) that plagued the McAfee suite in 2004 and 2005 are mostly gone. You will still get occasional pop-ups, but they slide in from the right side of the screen and actually contain useful information. We used a test system for about eight hours and only one of those pop-up information tabs appeared, and it gave us the option to never allow them on-screen again.

At first we thought the new McAfee suite did not include anti-spyware software be-cause nothing was mentioned about it during installation. It turns out that's because McAfee's antivirus scanner also looks for spyware. This could be good and bad. It's great because you can run one scan and take care of everything. The bad part is the scan times are extremely long.

On our test system with a 140GB hard drive and 30GB of data, the McAfee software took over 39 minutes to complete a scan. And it only scanned 47,216 files, which is far fewer than half the programs we tested. It did locate two viruses we planted on the system, but it missed a small spyware program we wrote specifically for the test. It also did nothing about cookies in the browser, something most of the other programs looked at.

One minor security problem we found was in the access control part of the suite. This lets you set different security levels for different users. With McAfee, if you forget your password the software can ask you a predetermined question to help identify you and remind you of the password. But you are locked into only five questions, including some that could be easy to guess, such as 'What was the make of your first car?' A bad guy could try Ford or Chevrolet until he gets it right. We think the user should be able to define both the question and the answer to get the password.

McAfee Inc., Santa Clara, Calif., 888-847-8766, www.mcafee.com

Norton Internet Security 2006

Pros: Good performance, clean interface

Cons: Firewall requires seven-day training

Performance: A

Features: A-

Ease of use: A

Value: A-

The $70 Norton Internet Security 2006 suite is a solid performer with a user-friendly front end. And the 2006 version can actually find and kill spyware, unlike previous versions the lab tested, which could find spyware but do nothing to eliminate it.

The suite runs the middle ground in terms of balancing aggressiveness with handholding, performing a quick virus scan before installation to ensure the system is relatively clean. It didn't detect our spyware during the in- stall process, but did catch it later when we ran a full scan.

Norton does make use of pop-ups, but only when the program takes an action such as deleting a virus or automatically updating the computer to protect it from a new threat.

These pop-ups only stay on the screen for a few seconds and then go away. There is also a small yellow Norton button added to the taskbar that gives you the security status of the software. It's informative, yet out of the way.

The personal firewall is quite good, but the learning mode it goes through when first installed is a bit odd. When you first put the suite on your system, the firewall goes into learning mode for seven days.

During that time it will let any program access the Internet as it tries to learn your habits and see what you need to use. Fortunately it will revert to standard mode if your virus profiles go out of date or your computer security is somehow compromised during those seven days. The suite relies on other protections, such as its virus-scanning engine, to protect you during the vulnerable time.

The good thing about learning mode is it eliminates the need to constantly tell the firewall that yes, Internet Explorer is allowed to access the Internet. Still, we think it might be better to add the profiles of commonly used programs to the firewall's database instead of opening a seven-day window to the world. Nothing bad happened during our test period, but it could have.

In terms of performance, Norton found both test viruses and our custom spyware during the review. Overall, it scanned 161,127 files in just 26 minutes and 22 seconds.

The Norton suite offers steady, reliable performance, and it does so without getting in the way of your daily work, which is a first for a Norton program of this type.

Symantec Corp., Cupertino, Calif., 408-517-8000, www.symantec.com

GCN Lab Reviewer's Choice: Panda Platinum 2006 Internet Security

Pros: Excellent detection, aggressively kills spyware

Cons: Confusing registration process

Performance: A+

Features: A

Ease of use: A-

Value: A-

Pandas are cute, cuddly bears, right? Not Panda Platinum 2006. This $80 security program is as aggressive as an angry pit bull. It detected more malicious or potentially hazardous code than any of the competitors we tested, and did so reasonably quickly.

Right from the start, Panda gets tough on malware. When you install the software, it will scan memory and do a quick version of the system scan to make sure there are no existing infections.
During this process it found our test spyware program and eliminated it before it was even in- stalled, something none of the other programs was able to accomplish.

Once installed, Panda continued to perform beyond expectations. It found two additional potential spyware programs on the test system that we did not even know were there, and were not detected by the other programs reviewed.

One was a supposedly helpful program installed by the computer's vendor to keep the system up to date with drivers. But technically that program, though well intended, is spyware since it was put there without the owner's knowledge and has the potential to send information about habits and configuration back to the company. Even though it was not a malicious program, it was nice to see that Panda gave us the option to kill it.

Panda even gets down and dirty with browser settings. It tagged 10 cookies as potential spyware and gave us the option to eliminate them.

Certainly, not all cookies are spyware and many help enhance the Web browsing experience. But unscrupulous Web sites automatically place many cookies on a PC, and if your browser security settings are low enough, nothing will stop them. Panda puts full control in user's hands.

The software also scanned far more files by default than all others tested, looking at 347,657 general files on the system as well as 7,505 e-mail messages. It was able to locate all our test viruses and it completed the scan in 22 minutes and 26 seconds, which was a fairly good time considering the extra volume it processed.

Some companies would argue that Panda scanned unnecessary files that could not possibly be viruses, and if the scan times were unreasonably long, we might take that into consideration. But we say that type of thinking lets virus writers in the back door'extra security can't hurt.

The Panda software uses an advanced form of heuristics called genetic heuristics to find viruses that are unknown or new. This is a fancy way of saying the software looks at code before it runs to look for viral properties, even if the viral signature itself is unknown.

In this manner it can identify unknown viruses before they actually run. Most AV software lets a program run first and then tries to detect viral activity. We created a few simplistic un- known viruses and they were all caught before they got off the ground.

The only real problem we had with the Panda software was the confusing registration process required to get the software working.

When you do an install, it tells you that you have to register to make the program work and launches a Web page for you to enter your information. At the same time, a pop-up window appears saying the program is installed but you need to reboot to make it work. If you click reboot, you can't finish filling out the registration form.

Other than an odd and confusing way to register the program, the Panda software was extremely aggressive and accurate, which is exactly what a remote of small office user needs. When shopping for strong client protection, Panda offers good reason to look beyond the big names in security software.

Panda Software USA, Glendale, Calif., 818-543-6901, www.pandasoftware.com

PC-cillin Internet Security 2006

Pros: Easy to use, educates users

Cons: Long update processes, URL filter works only half the time

Performance: B-

Features: B+

Ease of use: A

Value: A


In a review of security suites that seem to be getting easier to use, Trend Micro's $50 PC-cillin is the easiest. In fact, it is also the best client-based security suite for users who may not know a lot about security or general computing issues.

As you use PC-cillin, it does its best to explain what exactly spyware is and why some of it is bad.

It also goes a long way toward explaining what the program itself is doing to protect a system.

For example, when it's running a virus scan, PC-cillin will let you know about how far along it is in the process, something none of the other tools did.

It even reminds you of good computing practices in the report it generates at the end of a scan, saying that while it's great that no viruses were found, you have to update the program regularly. Basically, expect a lot of handholding when using PC-cillin.

It also comes with a nice wireless intrusion detection program and vulnerability monitor. The former is perfect for working at hotspots or on a home WiFi network. The latter offers a single-click option for downloading missing Windows patches.

The program was the quickest to scan our test system for viruses, at 13 minutes and 13 seconds, but it also scanned the fewest files by default, looking at only 42,189.

This isn't to say PC-cillin would necessarily be less secure if a PC were under attack, but it doesn't give you the same out-of-the-box granular control as other suites that scan everything they find and flag potentially annoying programs. To its credit, PC-cillin found our test viruses and custom-written spyware application.

The one area where PC-cillin performed poorly was content filtering. For example, we set it to block all adult- and gambling-related content, but we were still able to visit several sites that obviously should have been banned.

The odd thing was that the program would let us drill down into a prohibited Web site and then, for no apparent reason, decided to block us saying the URL was prohibited. But that didn't stop us from going back and exploring other areas of the supposedly blocked site. The filter simply did not work right at all.

In short, PC-cillin is a good program if you or your agency's users don't have in-depth knowledge of security issues. It also does a good job of educating people on good computing practices.

Trend Micro Inc., Cupertino, Calif., 800-228-5651, www.trendmicro.com

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above