Here’s my review of new Avast 7 in Windows 8 Consumer Preview. New Windows system contains upgraded Windows Defender version 6.2, which has now full antivirus functionality and runs by default. Microsoft basically put there what they used to call Security Essentials (but the name is too long as per modern guidelines, I guess). So I wanted to test and see if third-party antivirus in Windows CP would be welcome. That means that Defender would need to be shut down automatically. I liked the previous versions of Avast and always recommended that security software, besides, it did perform very efficiently.
If you like to use power stuff , try Norton 360 from Symantec promotion page here. It has been updated to version 5 recently (version 2011). Norton 360 v5 is a huge security and computer maintenance suite that includes several modules: PC Security (antivirus and firewall), Identity Protection, Backup, and PC Tuneup. In this version, similar to Norton Internet Security 2011, Norton 360 features the latest generation of the Norton reputation-based detection and prevention technology. Here’s the direct download link to the 90-days trial: http://buy-download.norton.com/akdlm/dm/estore/downloads/OEM/N360/5.0/N360_184.108.40.206_MS_LOEM_MRF1441_5671.exe?LNG=EN&None&fileExt=.exe
I like applications from Avast. I know it is not wise to be hooked on security software, because when you get used to something, you isolate yourself from all the other similar stuff, and one security tool is never enough. But still, to me Avast makes incredibly pleasing software. The main thing I like about it (And I mean anything starting from free Avast antivirus) is that it’s completely seamless and not intrusive at all (especially when you shut down the sound messages). I hate when an antivirus behaves like an unexpected guest, setting his rules instead of following your rules.
So I installed Avast Internet Security version 5.0.677. And it is great from a user interface perspective. Yet there are some very important features to mention. As I reviewed in one of my recent posts, Avast free antivirus v.5 performed with flying colors in the drive-by test. That basically tells you a lot about the company, because it takes time and effort to watch those web threats spreading around. In the Internet Security package have some extra stuff to appreciate: a sand box tool which allows to run any program in the virtual environment (similar to instant virtual machine):
I have installed McAfee Internet Security with 6-month complimentary subscription for Facebook users, but I’m confused to tell whether it is version 2010 or 2011, because it is not shown anywhere. Maybe it is just a smart marketing move, but I would call it a sneaky move, as the packaging design on their official website shows no difference. About window tells me the following: Security Center version is 10.5 and VirusScan 14.5.
First I’d like to say something good about McAfee IS. Installation went very easy and fast [screenshot] — no reboot required, no annoying registration forms, no nothing. Installation options were presented well [screenshot]. The program, once it is running, feels very light on system resources. It would be ridiculous to say that a McAfee application cannot get its job done, as well as Symantec these guys probably spent a fortune in Reasearch and Development and most tests and reviews say they are good. But there were some really surprising things to me.
I take care of my files, and if there’s something I need to know — I need to know that in details. OK, Mcafee IS found few viruses during the scan of some downloaded samples and presented the report:
Ok, I want to see the details of the viruses and Trojans found in my files, so I click the links to see an explanation. A new window opens in the internet browser where I can see exactly that McAfee has empty database entries under the names W32/Autorun.worm!ji and Generic.gh. With risk assessment Low it probably means that they have no clue of what they found and how to prove it is a virus. Or maybe the engineers at McAfee just don’t care. Because for the suspect Artemis!83A917492B0D [screenshot] they even have no trace in the database, “page not found”, 404, you know. What did they find then? Not much, I’m afraid it just what is called “false positives” — files with inner structure elements which resemble elements of malware. And I don’t mind pointing to some dangerous areas, as no one can be 100% percent sure, but tell me something reasonable, suitable for a human. Literally: “We are not sure, but this file looks suspicious, click here if you want to know why… We suggest we delete it, or quarantine (isolate), so you could decide later what to do…” Here’s what I call human approach.
Are you a Facebook user? Here is a link to a free 6-month subscription of McAfee Internet Security 2011, complimentary for all Facebook users: http://us.mcafee.com/root/landingpages/affLandPage.asp?affid=773&lpname=272multi&cid=70235 If you are not, you can register and receive that nice software as well. Why McAfee? Well I found it interesting to see in the last issue of Russian computer hacking magazine (http://www.xakep.ru/articles/magazine/xa.asp) a heuristics test of Kaspersky Internet Security 2011, Eset NOD32, Avira AntiVir, and McAfee (all latest builds).
Here’s the final round of my antivirus drive-by test. Preparation for the drive-by test and setup configuration is described here (part 1) and here (part 2). First of all I wanted to see if major free antivirus programs would be effective against web threats. To make picture complete I also tested Norton Antivirus 2011 and ESET NOD32 Antivirus, yet surprisingly they did not show 100% protection as I expected from paid software. Again, it is important to note that I checked only the first lines of defence, because there are few of them to mention:
1. web site blocking based on IP, from the list of known domains containing malware
2. detection of malicious scripts while browsing
3. detection of exploit code before a web browser triggers it
4. shell-code detection
5. detection of downloaded installer (based on virus signatures or heuristics analysis)
As detection of sploit portion fully installed and functioning may take lots of man hours, I say an antivirus fails if it does not react up to 4th barrier, this is important to understand.
AVG Anti-Virus Free Edition 2011 (version 10.0.1136) performed very poorly in my drive-by test, I also noticed system slowdown while web browsing. Preparation for the drive-by test and setup configuration is described here (part 1) and here (part 2).
The only exploit pack it detected was SEO Exploit kit, all others were undetected. Here’s the results:
I have Avast Antivirus free edition, version 5.0.677 in my lab for drive-by test. Preparation for the drive-by test and setup configuration is described here (part 1) and here (part 2). I love Avast, because it is fast and not intrusive at all. It has been performing very well since version 4, and now it simply shines. That is why I was very pleased to see that it passed all my tests with malicious web-sites!
Look at the results:
Avira AntiVir Personal 10.0.0.567 - Free Antivirus is under test today. Preparation is explained here (Part 1) and here (Part 2). I knew free edition of Avira would perform badly, as it is even stated on their website: no “AntiDrive-by [which] prevents against downloading viruses when surfing” and no “WebGuard [-] protection against malicious websites”. Anyway it did something, let’s see the results:
OK, let’s prepare the test platform. As I explained in the part 1, I use Oracle VM VirtualBox (recently updated to version 3.2.10) as a host sandbox. This sandbox I can use as a virtual computer to install basically any operating system. For the drive-by antivirus test I choose Windows Vista Home Premium SP2 32-bit. The idea is to make my system vulnerable, so it could be poisoned. Therefore, I intentially do not install any updates. Additionally, I install Adobe Reader 8.1.1 and Java Runtime 220.127.116.11 — both have known security holes. At that point the test OS is finished and I create a copy of it, because once it is infected (I’m sure it will be), I will need a clean one.