The most recent articles from vnunet.com

Review: Webroot Internet Security Essentials

Dave Bailey — 2009-02-16T11:17:00.000Z

Dave Bailey, vnunet.com, Monday 16 February 2009 at 11:17:00

A good anti-malware package which includes online backup

Webroot Internet Security Essentials (Wise), launched in the UK last month, is aimed squarely at home and home/office users, and adds an online backup service for extra security.

Installation of the 36MB package takes under 10 minutes, less if you defer downloading definition updates until after the base program is installed. Users can also opt for the Webroot 'Ask' toolbar and search assistant to be integrated with Internet Explorer.

Webroot licenses its anti-virus detection engine from enterprise vendor Sophos, and on first startup Wise steps through an initial setup wizard, which kicks off with a system memory scan to check for malware processes already running on the system.

The wizard then invites users to join Webroot's Automated Research Network, allowing information to be returned to Webroot's labs for processing and forensic analysis for incorporation into its threat definition updates. We are of the opinion that users signing up for this should get something in return, such as the ability to install Wise on an extra PC.

After this step, users can opt to schedule a computer 'clean-up' and the main threat sweep. Clean-up involves deleting internet, Windows and third-party application items, with the option to recover these files if required.

The final piece of configuration is to set up the online backup by selecting a standard username and password. The service comes with 2GB free, and the option to add more space if needed. However, on clicking the 'Increase Online Storage Space' URL, we were taken to a web page informing us that we were already using the 'maximum amount of backup space'. But on some installs of Wise on other systems we did get the option of upgrading our online storage space, albeit with prices quoted in dollars: $8.33 (£5.77) for 5GB up to $58.33 (£40.44) for 50GB.

The service initially backs up the logged on user's Desktop, Favourites, My Documents and My Pictures data. But subsequent backups can be used to store any data on the system, and users can schedule when backups occur.

We then downloaded the 34MB of security definitions, giving a total of more than 937,000, after which we were invited to register. The user interface is similar to Webroot's other malware products, such as its AntiVirus and Spy Sweeper packages, and is probably the easiest to use on the market.

Users can do quick sweeps to purge malware from system memory, the registry and operating system folders, or full sweeps which enable the behavioural detection facility and check any compressed files found on the system. Finally, a custom sweep can be specified, which allows total control over which partitions to check, what files to process and what quarantine options to specify if any threats are detected.

Users can also set the processor utilisation level (five settings) before scans commence to ensure that any other programs running concurrently with a scan are not significantly affected, although you can't change this level when scans are running.

There was a significant difference in processor utilisation in the upper and lower settings when we installed Wise on a Sony Vaio VGN-BZ11MN notebook which had an Intel Core 2 Duo P4800 2.26GHz processor with 2GB of 800MHz system memory running Vista Enterprise.

A full system scan on this system took 13 minutes and checked 390,000 'targets', although users should flush the internet cache, defrag the hard drive and remove any temporary files before running anti-virus scans. Session logs can be inspected, but we'd like more information on the amount of memory/registry/file/folder items being scanned, although it may be that inexperienced users won't want to see this information.

We did detect malware on a dual-boot Windows Server 2003 Standard Edition/ Windows XP Professional system by running Wise on XP and checking the Server 2003 partition using a custom scan.

The W32/IRCBot-XA worm and W32/sdBot-DKI backdoor Trojan, as well as an App/XNet-B remote administration tool, which the Sophos malware engine tagged as a potentially unwanted application, were all picked up and quarantined. Sophos provides information on how to remove such applications, but inexperienced users might have difficulty with the procedure.

Overall, Wise is a very good package, but the problem with evaluating security packages like these is that there are very few independent testing facilities that can fully stretch the software.

AV-Test.org, an IT security testing and consultancy service, offers this kind of testing and the results are available online. Webroot's products are not specifically benchmarked, but Wise uses the Sophos malware engine and the most recent results show all tests passing at a level of over 95 per cent.

Review: Trend Micro Internet Security Pro 2009

Dave Bailey — 2009-02-05T16:46:00.000Z

Dave Bailey, vnunet.com, Thursday 5 February 2009 at 16:46:00

Latest package protects desktop PCs and some mobile systems

Trend Micro's Internet Security Pro 2009, launched in October, can be used on up to three desktop systems to protect against a variety of malware and security threats.

The original basis of the package was the old PC-cillin anti-virus scanner but, as with all desktop security packages, extra features have been added as the threat landscape has changed.

Support is limited to desktop Windows systems, 32/64-bit Windows Vista Ultimate, Vista Business, Home Premium and Home Basic (all with Service Pack 1), Windows XP (32-bit) Home/Professional Edition (with Service Pack 2) and Windows XP Media Center/Tablet PC 2005 Editions (with Service Pack 2).

The main security features in the package are anti-virus and anti-spyware functions, personal firewall, spam email filter, parental controls, data theft prevention, and phishing/pharming protection.

The Pro version also has an activity dashboard giving a summary of the security threats found, and access to the logs created when Pro 2009 has performed a scan. There's also a password-protected vault for storing confidential documents in case the computer is lost or stolen.

Another extra feature is a system tuner which checks hard disks for recoverable space, finds unused entries in the system registry, checks programs that load up automatically when the system starts, and lists tracking cookies and web site addresses found in the browser.

The other two extra features are the ability to protect selected mobile phones by installing an agent on the handset, and a toolbar which can be installed on your browser that rates web site safety and can be used to check the reputation of any available wireless networks, perform keystroke encryption and rate instant messaging and webmail security risks.

We installed the package on three systems, the first being a Sony Vaio VGN-BZ11MN notebook which had an Intel Core 2 Duo P4800 2.26GHz processor with 2Gb of 800MHz system memory running under Vista Business.

A full system scan on this system took 66 minutes and checked 223497 'targets', although users should flush the internet cache, defrag the hard drive and remove any temporary files before running anti-virus scans. Checking a separate Windows 7 partition gave a time of 15 minutes to check 99,500 targets.

Installation on all three systems took around 10 minutes, after which we updated the package with the latest threat signatures and ran full scans on all systems. On the Sony notebook, Pro 2009 picked up the fact that we hadn't applied patches to the Office Professional 2007 suite we had installed, but nothing else apart from several cookies.

Although support is limited to desktop Windows systems, users can check system drives on shut down server operating systems by sharing the root system drive and pointing the scan at that drive.

We also installed Pro 2009 on a dual-boot test server running Windows XP on one partition and Windows 2003 Server Standard Edition on another partition. We knew the server to be infected with malware, and Pro 2009 picked it up and quarantined it correctly.

We could look through the security logs produced when Pro 2009 performed a scan to see details on the malware, but it seems that a log was produced only when malware was actually found. We would prefer to see timestamps corresponding to when the scan started and finished, as well as how many system memory items and files were checked.

One really irritating feature on some anti-malware packages is that the feature window cannot be expanded to full size, and this is the case with Pro 2009. The user interface, as with most security packages, needs to be investigated fully to make sure there are no default options which could actually decrease the security of your system.

We found one of these in the custom scan settings under the 'What kinds of files do you want to scan?' option. The default option is set to 'Only files likely to pose a risk', but users should really be setting this to 'All kinds of files', unless they're sure that someone out there is not working on hiding malware in 'files not likely to pose a risk'.

The firewall can be customised up to a point, but users cannot block specific ports and protocols, although whether this level of usability should be provided in security packages of this type is a moot point.

The system can be password-protected against unauthorised changes to the settings. It was also easy to log on to the TrendSecure web site and manage which systems we wanted to protect with Pro 2009, so if users replace a computer it's easy to install Pro 2009 on the new one and deactivate the licence on the older system.

Overall Pro 2009 is an impressive package, but with several niggles. One problem with evaluating these packages is that there are very few independent facilities that can fully test anti-malware products. One such facility is AV-Test.org, whose most recent test results indicate that Pro 2009 does not offer better protection than competing systems.

First Look: Sophos Endpoint Security and Control 8.0

Dave Bailey — 2008-10-01T12:58:00.000Z

Dave Bailey, vnunet.com, Wednesday 1 October 2008 at 12:58:00

Upgrade adds integrated endpoint security, malicious script detection and anti-rootkit functions

Sophos Endpoint Security and Control is an integrated endpoint security system aimed at small and large enterprises needing to secure the desktops and laptops of employees, contractors, partners and guest visitors.

The package was updated in September to incorporate malicious script and rootkit detection, and consists of Enterprise Console, Anti-Virus, Client Firewall and Network Admission Control.

Sophos says that Enterprise Console can manage "tens of thousands" of desktop systems, all from a single console. The system can be used to manage Linux, Mac OS X, NetApp Storage Systems, Netware, Unix, Windows and Windows Mobile.

Users can be prevented from attaching removable storage devices or installing applications which IT managers do not want running on their networks, such as games, instant messaging and VoIP clients.

Email and Simple Network Management Protocol messages can be displayed on systems which have malware, or any administrator-defined unwanted applications installed or running on the network.

We looked at version 8.0 installed on a Windows Server 2003 R2 system running Dynamic Host Configuration Protocol, Domain Name Services and Active Directory.

Installation was quick and easy, and loading the Enterprise Console allows you to create what Sophos calls a 'library' which stores and deploys software and security updates from the Sophos web site.

If your network is a large one, so-called 'child' libraries can be set up to bridge subnets and take the strain off your main 'central installation directory'.

Storing all the data used for reporting from Sophos' scanning engines requires an SQL Server database. For small firms the standard Microsoft SQL Server Desktop Engine should suffice, but larger firms will probably want to hold data in an enterprise SQL Server database version 2000 or 2005.

We could create a group to contain the desktop systems which were members of our Active Directory domain, and then scan the network by specifying an IP address range for Endpoint Security and Control to use, or simply synchronising with Active Directory.

After the group was set up it was simple to scan for problems, such as the lack of security updates or the presence of any malware.

This quick look at the Sophos system showed it as easy to manage and likely to replace a lot of point products in enterprises. The full review later will have details on how the system can lock down devices and how the Sophos' Network Admission Control server performs.