A firewall for your hard drive

There’s no quicker way to infect your system than to tread online without the aid of a firewall. Unscrupulous saboteurs the world over are constantly on the hunt for unprotected PCs, and when they find them, it’s open season for unleashing keyloggers, dialers, Trojans, and other toxic trash the riff-raff carry in their arsenals. But with a firewall, you always know exactly what’s trying to access your PC, leaving you in command of who comes and goes.

Apply that same philosophy to your hard drive and you have DriveSentry. Borrowing a page from Microsoft Vista and its now infamous UAC, DriveSentry intercepts write requests to your hard drive, giving you an opportunity to deny or allow the action. To prevent being inundated with permission requests from harmless applications, DriveSentry implements an auto-advisor feature. Every time a new program runs, the advisor dials home and looks for a match against a whitelist of trusted applications, as well as a blacklist of known threats. Like your old high school cliques, programs are labeled according to how DriveSentry and the majority opinion among the community of users view them. A good program could potentially be deemed dangerous, or vice versa, though we didn’t run into any issues with mistagged programs during our tests. We did, however, run into an annoying number of pop-up alerts, even for trusted applications. Opening Notepad, for example, prompted a pop-up letting us know the advisor was dialing home, followed by a second alert telling us the program has been cleared to run. We dig the diligence but not the constant cries for attention.

DriveSentry’s greatest strength lies in its level of customization. The dizzying array of options is enough to overwhelm even staunch RTS fans raised on micromanagement, but for those willing to put in the time, you’re afforded a meticulous level of control over what files every program can or cannot write to. You can also create custom rules blocking a program’s access to entire folders or drives. Removable media, such as your USB key and optical discs, are protected too. And for armchair auditors, the Logs tab keeps track of every attempted write ever made and whether or not it was allowed.

We tried our best to thwart DriveSentry, but viruses and spyware never stood a chance, as long as we intervened. Should less-savvy users ignore the warnings, or worse, should a band of hackers infiltrate DriveSentry’s servers, the advisor could conceivably feed bad advice.

Even with the potential risks, DriveSentry offers a level of protection rivaled by only BufferZone. Combined with an anti-malware suite, this is as close as it comes to creating an impenetrable defense; just prepare yourself for a steady, and annoying, stream of alerts.

Protects you from threats on the web, but not from yourself

Just surfing the Internet can be enough to infect your system and grant malware uninvited access to your hard drive. But what about the malware that is invited? Malware writers know that the quickest way to infiltrate a system is through the end user, and there’s no shortage of dirty code masquerading under the guise of helpful applications. By the time you realize you’ve been duped, it’s too late, and it’s here that ForceField ultimately falls short.

Like BufferZone, ForceField protects at the application level, enveloping your web browser in an emulation layer. You’ll know ForceField’s working by the green border glowing around your browser. As you surf the web, unsolicited downloads write to a virtual file system, which prevents rogue sites from thrashing the OS. As a second layer of protection, ForceField issues a warning whenever you’re about to enter a site known to distribute spyware, at which point you can enter anyway or hightail it to safer corners of the web.

But unlike BufferZone, this one-two punch falls far short of providing an impenetrable defense. ForceField focuses only on web browsing, leaving email, IM clients, and other connected applications exposed to the same dangers. And while ForceField neutralizes unsolicited downloads occurring behind the scenes, it won’t save your system if you accidentally execute a malicious file or willingly install a seemingly innocent application only to find out later it was laced with spyware.

ForceField was still in beta from during our tests, and we uncovered a few rough edges. Despite support for both Internet Explorer and FireFox, we initially couldn’t get either browser to load through Vista’s start menu; instead, we had to right-click the ForceField icon in the taskbar. Several reboots later the problem disappeared. XP wasn’t affected, but some applications managed to load unprotected browser windows in both OSes, exposing a major vulnerability.

When we navigated the same shady websites we surfed with BufferZone, ForceField indentified only some of them as potentially harmful, letting several others slip through undetected. You have to wait while downloaded files undergo a scan for known malware, and we had little success getting ForceField to flag files embedded with Trojans and other common cruft. False positives were much less of an issue, but that’s little consolation given the weak detection of real threats.

By limiting virtualization to just automatic downloads made through the browser, ZoneAlarm also limits the product’s appeal. In its current form, ForceField can’t be counted on to provide a reliable defense. And even though ForceField isn’t intended as a stand-alone security application, there’s not enough to it justify a $30 investment.

Zonealarm Forcefield 2008

Trojan Horse Named after the mythological wooden horse used to sneak Odysseus and other Greek heroes into Troy, a Trojan Horse will masquerade as a legimate program but will unleash a harmful payload once installed.

Worm Computers worms are self-replicating programs that burrow into systems, seeking out vulnerabilities to exploit. The ability to spread without any user action makes them particularly dangerous.

Spyware Ever  feel  like you’re being watched? If your PC’s infected with spyware, you just might be. Even worse, spyware not only monitors your activities but can also hijack your system with redirected web searches and other annoyances.

Polymorphic To avoid detection, polymorphic malware constantly changes its own code, often using encryption with a variable key. This stealthy technique poses a problem for typical scanners.

Most enthusiasts view McAfee as just another resource hog often found in OEM systems alongside perfomancepillaging bloatware. Fair assessment or not, this is the perception McAfee’s up against in trying to win over the PC elite. It helps that the company isn’t blissfully unaware of the importance placed on perfomance; its latest edition promises to raise the bar with a more efficient engine that won’t drag your system down.

In our testing, McAfee fell in the middle of the pack instead of leading the charge. RAM consumption crept above what we’d consider lean, and while scanning for malware, CPU utilization often hovered around 40 percent. That in itself isn’t criminal, but we felt swindled when all it bought us was the second- slowest scan time of the bunch-although, remarkably, we didn’t see much of a drop in gaming or day-to-day computing perfomance.

McAfee’s list of features ranges in practicality from beneficial to the unlikely to ever be used. Occupying the former camp are spyware protection., a highly configurable firewall, e-mail and IM guards, basic parental controls, and a file shredder. But we just can’t get stoked about the virus map, which displays global viral hot spots, or the HackerWatch module,which looks for patterns of attack around the world to report to ISPs. And still other  feauters, like Active Protection for real –time safeguards, will be made available only through future updates-boo!

Living up to its name, McAfee Total Protection 2009 proved a formidable adversary against all types of malware and even stopped malicious  websites from loading. We also dig McAfee’s SiteAdvisor tool, which not only identifies questionable search results but also gives a detailed report n why the URL is suspect . But no matter how good it protects, we’re not willing to endure slow scanning perfomance or wait for features that should have been available at release.

McAfee Total Protection 2009 3-User