ALWIL Software has offered antivirus software (both free and commercial) for twenty years or so. I recently reviewed avast! Free Antivirus 5.0, and found it to be a solid free offering. To get full protection, however, truly security-conscious avast! aficionados have had to supplement the antivirus with separate firewall and antispam, but not anymore. ALWIL's brand-new avast! Internet Security 5.0 ($59.95 direct; includes 3 licenses) combines antivirus, antispyware, firewall, and antispam in a single lightweight suite.
At 43 MB, the suite is a relatively small download, and it installs quickly too. Even including a required reboot, it was ready in less than five minutes. As with most modern suites, avast! Internet Security's main window reflects overall product status, with a big "Fix Now" button to correct problems. The status for all components feeds into the overall status indicator by default, though you can choose to have it ignore specific elements.
Long-time avast! fans start to hear voices. No, they're not crazy. It's just a little voice from the program that announces such things as "Virus database has been updated." Version 5.0 has a new voice, a female-sounding one, with the option to use a simple chime instead, or no sound at all.
Smooth-Running Firewall
Like many personal firewalls, avast!'s asks you to specify the zone for your network--Home, Work, or Public. If you choose Home, the firewall allows all network activity with no restrictions. In the Work zone, the firewall controls the precise level of network and Internet access for each program. In the Public zone, the firewall blocks all incoming communication and forbids all network access to programs that don't already have application rules defined.
Choosing the Public zone makes sense if you're logged in at a seedy Internet cafe or other non-secure network, though you won't be able to use tools like Instant Messaging that must receive incoming connections. The unrestricted home zone is only reasonable when you're on a home network that's protected by a router with Network Address Translation. Even there I'd recommend choosing the Work zone, which is the default.
The firewall passed all of my port scan and other Web-based tests. As far as the "attacking" sites could tell, the computer at my IP address didn't even exist. Evaluating the program control feature was a bit tougher. By default, the firewall denies access to known bad programs and uses a database to pre-configure access for known good programs. For unknowns, it defaults to allowing access, but keeps watch for suspicious activity.
I tested the firewall's ability to detect suspicious activity using a collection of leak-test utilities. These programs demonstrate techniques that actual malware uses to sneak past simple program control--techniques like injecting code into trusted programs, or remotely controlling them. The anti-malware component did block a few of these samples, but all of the rest managed to perform their sneaky tricks without a peep out of the avast! firewall.
My ALWIL contacts explained that since there's no malicious payload in the leak test programs there's no reason for avast! to block their behavior. That makes sense. Norton Internet Security 2010 and Panda Internet Security 2010 work in just the same way.
On the other hand, I got impressive results when I attacked the test system using exploits generated by the Core IMPACT penetration tool. The anti-malware component blocked about a third of the attempts as Trojans and the firewall blocked over half the rest as exploits, identifying the precise exploit by name in most cases. The rest of the exploits failed to penetrate the test system. That's a great showing--I especially approve of security systems that specifically identify exploit attempts. If a web site is attacking my system I definitely want to know about it, even if the attack didn't succeed.
The firewall is also plenty tough. I attacked it using a number of different techniques that would be available to malicious software. I couldn't turn it off by tweaking Registry settings, as it prevented any change to its own settings. My attempts to kill its processes using Task Manager got slapped down with "Access Denied." When I tried to stop the firewall's essential service it popped up a warning of a possible malware attack. Good show!
This is the first time avast! has offered a firewall, and it's looking very good right out of the gate.--Next: Accurate Antispam
Accurate Antispam
The antispam component filters incoming POP3 and IMAP e-mail, marking spam messages by inserting "*** SPAM ***" in the header. The Mail Shield module also strips out any malware and marks such messages with "*** VIRUS ***". Avast! integrates with Microsoft Outlook as a plug-in and hence can automatically configure Outlook to move spam messages into a special folder. Those using avast! with other e-mail clients will need to define a message rule to do that job. This full integration also means it can filter any type of e-mail account in Outlook.
The avast! spam filter requires no configuration or training. You will want to turn on the option that automatically whitelists anyone to whom you send e-mail. And be sure you don't turn off the LiveFeed option. This feature uses a constantly-updated online database for more accurate spam filtering, and it seems to work quite well.
I tested the spam filter with over ten thousand messages from several real-world e-mail accounts. Downloading a thousand messages with the spam filter engaged took about 30% more time than without. You'd never notice that negligible slowdown. The filter proved to be quite accurate. It blocked just 1.2 percent of valid personal mail and 1.6 of newsletters and other valid bulk mail. 92.9 percent of the undeniable spam was correctly identified as such. That's better than the spam filtering in most suites, though ZoneAlarm Extreme Security 2010 still rules, with 97.0 percent of spam caught and zero valid personal messages.
For more information about my testing, read How We Test Antispam.
avast! Internet Security 5.0 Antispam Chart
Decent Virus and Spyware Protection
Avast! gets good (but not great) marks from the independent testing labs; the best commercial suites get high marks across the board. The anti-malware protection in the avast! suite is exactly the same as what's found in avast! Free Antivirus 5.0. That's a great benefit for those choosing the free product, which performed well in comparison with other free products. But, again, top commercial products tested out better than avast! in almost all categories. Here's a rundown of how avast! shapes up against suites--for full details on the antivirus/antispyware features see my review of avast! Free Antivirus 5.0.
Avast!'s score of 7.1 for malware removal is good, but it doesn't approach that of the top suites. PC Tools Internet Security 2010 scored 8.3 on this test, and Norton came close, with an 8.0. In a parallel test using commercial keyloggers, avast! scored just 3.8 points; Norton was the top suite in this category with 7.5; Panda took a respectable 6.2 points. As always, I give much less weight to the keylogger test, in terms of both removal and blocking.
The many "shields" comprising avast!'s realtime protection were quite effective at preventing malware from infesting my clean test system. avast!'s 9.4 points tied BitDefender Total Security 2010. However, Norton and PC Tools (along with Panda Cloud Antivirus Free Edition 1.0) did even better--all attaining 9.6 points. As for blocking installation of keyloggers, avast! scored a lowly 3.9 points.
While the actual test results are the same as those of the free product, I expect more from a full-scale non-free suite, so I've given the suite a slightly lower rating than the free product in this area.
For more information about my testing, read How We Test Anti-malware.--Next: Some Impact on Performance
avast! Internet Security 5.0 Anti-Malware Chart
Some Impact on Performance
The absolute necessities for a security suite are antivirus/antispyware, antispam, and a firewall. Many security suites offer a variety of additional components or features. Among the more common of these are backup, system tune-up, parental control (of varying quality), a mechanism to flag transmission of sensitive personal data via e-mail or web forms and the ability to block active phishing (fraudulent) URLs. The avast! suite includes none of these extra features--it sticks strictly to the essentials.
Considering this lean, mean style I was surprised to find that avast! had a noticeable effect on the boot time of my test system. A hundred reboots with no suite present averaged almost precisely 60 seconds; a hundred reboots with avast! installed took 65 percent longer. That's not as much of a hit as caused by ZoneAlarm (111 percent), CA Internet Security Suite Plus 2010 (127 percent) or AVG Internet Security 9.0 (137 percent), and it's still a bit below the average suite impact. But it's noteworthy, and all the more disappointing, given the leanness of the suite.
This suite's results varied widely in my test of browsing speed, and I had to throw out quite a few test runs because Internet Explorer crashed midway through. I also tossed a few test runs that took an inordinately long time. Even so, the test took 61 percent longer with avast! installed. That's the biggest hit caused by any of the current crop of suites, though some in last year's group had an even bigger effect.
In the remaining tests avast! demonstrated low (but not lowest) impact on performance. It added 13 percent to the file move/copy test. K7 TotalSecurity Version 10.0 added just 2 percent, and Panda just 3 percent. In the test using a script to install and uninstall several large packages avast! added 22 percent to the time required. Panda didn't have any measurable impact on this test, and eScan Internet Security Suite for Home Users Version 10 added just 4 percent.
Another test measures the time requires to zip and unzip a large collection of files. With avast! installed this test took 7 percent longer. Panda and eScan added just 4 percent, and Norton added 5 percent.
Overall, avast!'s impact on system performance wasn't too bad. Some suites like eScan and K7 were significantly less of a drag but were also significantly less effective. On the other hand, Norton Internet Security 2010, our top-rated suite, had a smaller impact in all but one of the tests.
If you're an avast! fan, this suite lets you run your favorite antivirus without having to drag in a firewall and antispam from some other source. But for $10 more you could get a more feature-rich suite from Norton, ZoneAlarm or BitDefender. In the end it depends on what you want.
Sub-ratings:
Firewall:
Antivirus:
Antispyware:
Performance:
Antispam:
Privacy: N/A
Parental Control: N/A
More Security Suite Reviews:
Source Citation
"avast! Internet Security 5.0." PC Magazine Online 27 Jan. 2010. General OneFile. Web. 1 Feb. 2010.
No comments:
Post a Comment