Old-school anti-virus vendors learn new tricks

Testing reveals that traditional AV vendors have added defense-in-depth, BYOD protection

1 2 3 Page 2
Page 2 of 3

Total Security also employs automatic exploit blocking, including taking a special look at Java-based programs, which can be highly troublesome in terms of security. This prevents any exploit from even running. It could cause some trouble for legitimate programs that try to use those known holes, but it’s unlikely that any useful program would try to do that, and those settings can be overridden if necessary.

Total Security also offers one of the best anti-phishing protections that we tested here. In addition to maintaining a database of known phishing scams, it adds real-time heuristic analysis to any e-mail that comes into a protected endpoint that looks for things like what information an e-mail is asking a user for, what actions the mail is trying to solicit and if anything has been obfuscated or spoofed. That way, if a user on a protected client is the victim of a targeted attack that has never been deployed against anyone else, and thus is not in the database, it can still be caught and flagged based on the message itself – a really nice feature for a first line of defense endpoint product.

Total Security also offers its own firewall to prevent brute force type attacks and a trusted mode that works as a database of the MD5 hash files of known good programs. So if you want to install Skype for example, Total Security knows the hash of the actual file that users need to get and install. Sort of like a virus scanner in reverse, it checks known installation files against their actual profiles to make sure that nothing has been changed or modified before letting it continue.

In addition to great protection in depth, Total Security also offers two unique features not found in other programs. The first is Safe Money, a browser mode that completely locks everything down while in use. It is automatically started whenever a user goes to either a shopping site like Amazon, a banking site like Wells Fargo or one that handles payments like PayPal. The included database of known banking-type sites is extremely detailed and constantly updated, and users can add one in if, for example, visiting their local online branch does not trigger the Safe Money protections. The only reason that Safe Money isn’t active all the time is that it’s extremely resource intensive, so only turned on when needed.

While in Safe Money mode, browsers are brought into a sandbox that prevents any program from executing on the protected system. Keyloggers and screen grabbers won’t function for example. You can’t even take a screenshot of the Safe Money mode in action (we tried a variety of methods) because doing so could be used to steal passwords and account information. Once you leave a banking-type site, the browser reverts back to normal, which is indicated by the Safe Money green border disappearing.

A second unique component to Total Security is the ability to roll-back a system to its last known good profile should a virus somehow still get around all the protections that Kaspersky has put in place. It’s not a total roll back like Apple’s Time Machine, but can roll back most files to a pre-infection state. The only way we could test this feature was to disable Total Security, inject malware, and then reactivate it. The roll-back process worked fine. Most people will probably never need to use it, but it’s nice to know it’s there just in case.

McAfee LiveSafe

The McAfee LiveSafe product is one of the easiest to use in this roundup, and the company makes it fairly easy to install the product on multiple devices without charging extra, so long as all of them are for the same user. So a business or enterprise would need to do it a bit differently, but adding PCs, Macs, iOS or Android devices is a relatively simple process in any case.

+ ALSO: McAfee plans enterprise security package for fast threat detection and response +

Beyond the standard protection offered by most products reviewed here, LiveSafe also adds in some defenses in depth and extra features. These include things like a very good password manager that can keep those safe across multiple platforms, and a personal locker that encrypts and protects information from any external sources or unauthorized users.

Mobile device features include the ability to wipe a lost or stolen phone or tablet with a simple click from the command console. Devices can also be managed through the LiveSafe console to do other things as well, like backing up important files.

The McAfee LiveSafe product also includes an e-mail scanner and spam blocker that makes use of quite a few dynamic filters. The only problem is that the mail scanner didn’t perform very well. Actual messages from contacts would sometimes get flagged as phishing scams when they clearly were not. Other times, gobs of obvious spam would be allowed through normally, even if it all came in together over a few minutes with identical subject lines. We couldn’t really tune the anti-spam product beyond letting it know each time it let a spam e-mail though, but even then, that was no guarantee that the same e-mail wouldn’t make it through the defenses again. As a backup for endpoint e-mail security LiveSafe would work fairly well, but as a front line defense, it’s probably not quite good enough.

By contrast to the poorly performing anti-spam component, the website adviser tool worked great, warning us about websites with suspicious code and not letting that code load should we drop onto a corrupted page. There were no false positives in any of our adviser testing, and it correctly identified all threats on pages where we knew they would be lurking.

Symantec Norton Security

Symantec has been in the anti-virus market almost longer than anyone, especially when considering its acquisition of the Norton product line years ago. However, until this year, they also had one of the most convoluted pricing structures and product lines in the industry. Tossing all of that aside, Norton Antivirus, Norton Internet Security and Norton 360 are now rolled into a single service called Norton Security. Created by the Symantec Technology and Response team, it offers the same high level of protection to consumers, business and enterprises. And it works with PCs, Macs, Android and iOS devices.

+ ALSO: Symantec tailors sharper small business security suite +

The Norton product worked well on the desktop, but was really the standout star for mobile devices, adding helpful features that were either not available or not implemented nearly as well elsewhere. For one, Symantec protects not just against spam texts on phones, but also from unwanted calls, an amazing feature that we really loved. Not only could we block calls from telemarketers or robo-callers, but Norton Security also let us block any calls from people who deliberately obscure their numbers, as many unscrupulous scammers do.

Also for mobile, beyond scanning for viruses, Norton Security catalogs and rates each app you download through it’s App Advisor. Based on each app’s performance, the Advisor will warn users if certain thresholds are too high. For example, an app might be a huge battery drain due to sloppy programming or the way it implements different features. Even if the app isn’t technically malware, having it on your phone might be a bad thing because it drains too much power.

Other apps might conduct borderline behavior like collecting information about other apps on a phone and nagging a user to install more products. Or, it might be outright malware disguised as something else. Pure malware is dumped from a phone, but those grey area programs are presented to a user with all the facts about their bad behaviors. A user can then decide whether to trust them anyway, or simply to avoid the risk and uninstall the app.

Most of the mobile features are designed to work on Android, though the iOS platform is given a few extra tools beyond just malware protection, like the ability to trigger a scream on a lost phone so that it can be located if it’s anywhere within the area. And that scream is really loud so that it can be heard even the missing phone is inside a case, jacket pocket or dropped inside a closet somewhere.

The user interface for Norton Security is simple to use, and is presented as a Web portal which can be accessed from any protected device. From there, any device within that account can be managed. It’s also the place where a user would go to initiate help with finding a lost or stolen phone.

Features that go beyond traditional anti-virus on the desktop include an identity safe and a password manager. Both use AES 256-bit encryption to protect either important files or passwords. The password manager is especially elegant, allowing users to enter one memorable password instead of the real ones for each website they visit which requires it. The real passwords can be something long and complicated like a series of random letters and numbers that no human could easily remember, yet with the password manager, they don’t need to. Symantec really put an emphasis on both of these areas this year, and it shows. Both are the best of breed of the programs that have those features.

One more thing that the Norton product offers is 24/7 technical support. In fact, Symantec promises to work with people who can’t use the software to remove a virus infection. If the company tries and fails to remove malicious programs, it will give the user his money back.

Panda Global Protection

The Global Protection suite from Panda Security offers traditional anti-virus protection for PC, Mac and Android devices as well as iOS devices under certain circumstances, along with some nice extra features to keep desktop systems healthy beyond just having good security.

+ A LOOK BACK: Panda announces antimalware service +

For mobile security, Panda offers protection for Android devices with a set of anti-virus tools that can be installed directly onto a tablet or phone. For iOS, it’s a bit trickier than that. You get a license to install the mobile software on a Mac desktop or laptop. Then you connect the iOS device to that computer to initiate scanning. The extra step is a bit odd and a little bit of a pain, but the protection worked just as well, finding an app with malicious tendencies that we had installed on the test iOS phone and properly identifying it as such.

On the desktop, you get identity protection that keeps you from accidentally entering personal information, or having a program try and secretly do it behind your back. You can of course override this setting on a case by case basis – sometimes you need to enter that information to do things online – but it does alert you that this is taking place.

The biggest extra however is the inclusion of a full PC Tuneup suite, which cleans your system of any unnecessary cookies and temporary files that may be slowing it down. When using Tuneup with a particularly older PC in the test bed which had not been used in a while, the performance increased by 30% when looking at new boot times and file access routines. The suite also includes a secure erase function for files that wipes them out so completely that they can never be recovered by any means.

Global Protection is the most like traditional anti-virus in that there is not a lot of defense in depth behind it. That said, it did pick up on almost every bit of malware we tossed at it, including stopping malware from a drive-by website attack from reaching a host system. When combined with the included Tuneup software, it can make for a speedy and safe PC or Android device. Even using it on a Mac is a good thing, though the extra hoops required for a pure iOS device probably means those users are better off elsewhere with more dedicated solutions.  

Trend Micro Premium Security

Trend Micro Premium Security has one of the best overall packages for building a defense in depth across multiple devices. It was one of only two packages to get 100% of the anti-virus and exploit protection completely correct, with no false positives.

+ ALSO Trend Micro for Enterprise Security +

Trend Micro makes it extremely easy to add new devices to the protection scheme regardless of the OS or platform, which is perfect for an office with a large BYOD program. It’s as easy as having users scan a QR code with their mobile device and then getting a license number from a system administrator to expend one of the company’s licenses to protect the approved new tablet, phone or mobile device. Approved users can have their device protected and able to safely join the network in minutes.

In terms of scanning, the Trend Micro product is also one of the fastest that was tested. A full scan on a test desktop system often took between two and three minutes less than with other programs. For Android devices, the scanning normally took less than a minute, and the speedier scan times didn’t hurt its accuracy.

The Premium Security product contains several elements designed to keep users from falling victim to common scams, including an e-mail scanner that automatically detects and flags suspected phishing e-mails. It does this by checking to make sure links are going where a user thinks they are, and that no information has been spoofed or hidden. If any of these are detected, the email is flagged as suspicious and put into a quarantine area by default. Users can still override that setting in the event that the mail is from a legitimate source, but in our testing it caught phishing scams right away 100% of the time with no false positives, one of the only programs with anti-phishing protection to be able to do so.

1 2 3 Page 2
Page 2 of 3
7 hot cybersecurity trends (and 2 going cold)