Protects you from threats on the web, but not from yourself

Just surfing the Internet can be enough to infect your system and grant malware uninvited access to your hard drive. But what about the malware that is invited? Malware writers know that the quickest way to infiltrate a system is through the end user, and there’s no shortage of dirty code masquerading under the guise of helpful applications. By the time you realize you’ve been duped, it’s too late, and it’s here that ForceField ultimately falls short.

Like BufferZone, ForceField protects at the application level, enveloping your web browser in an emulation layer. You’ll know ForceField’s working by the green border glowing around your browser. As you surf the web, unsolicited downloads write to a virtual file system, which prevents rogue sites from thrashing the OS. As a second layer of protection, ForceField issues a warning whenever you’re about to enter a site known to distribute spyware, at which point you can enter anyway or hightail it to safer corners of the web.

But unlike BufferZone, this one-two punch falls far short of providing an impenetrable defense. ForceField focuses only on web browsing, leaving email, IM clients, and other connected applications exposed to the same dangers. And while ForceField neutralizes unsolicited downloads occurring behind the scenes, it won’t save your system if you accidentally execute a malicious file or willingly install a seemingly innocent application only to find out later it was laced with spyware.

ForceField was still in beta from during our tests, and we uncovered a few rough edges. Despite support for both Internet Explorer and FireFox, we initially couldn’t get either browser to load through Vista’s start menu; instead, we had to right-click the ForceField icon in the taskbar. Several reboots later the problem disappeared. XP wasn’t affected, but some applications managed to load unprotected browser windows in both OSes, exposing a major vulnerability.

When we navigated the same shady websites we surfed with BufferZone, ForceField indentified only some of them as potentially harmful, letting several others slip through undetected. You have to wait while downloaded files undergo a scan for known malware, and we had little success getting ForceField to flag files embedded with Trojans and other common cruft. False positives were much less of an issue, but that’s little consolation given the weak detection of real threats.

By limiting virtualization to just automatic downloads made through the browser, ZoneAlarm also limits the product’s appeal. In its current form, ForceField can’t be counted on to provide a reliable defense. And even though ForceField isn’t intended as a stand-alone security application, there’s not enough to it justify a $30 investment.

Zonealarm Forcefield 2008

A simple package that combines two detection engines for maximum efficacy

German security specialist G Data has been producing anti-virus software for over 20 years, but there’s nothing retro about anti virus 2008.

Open it up and you see a basic user interface giving direct access to the main functions (starting and scheduling scans and updates), as well as a few information panels. Click on “Options” and you can set some default behaviors  and toogle options like heuristics. As with Spyware Doctor . the emphasis is on practically.

G Data Anti Virus secret weapon is it “Double Scan” technology, which uses two independent detection engines to scan suspect files. They’re referred to simply as “Engine A” and “Engine B”, with Engine A described as the more effective but slightly more resource –heavy of the two. In reality, Engine A is a licensed implementation of Karspersky’s scanning engine, while Engine B is licensed from Avast. You can use both in combination or just one if you’re worried about resource usage we saw no penalty to using both engines, as per the default configuration.

This raises a potential concern: since G Data doesn’t own the scanning engines, it’s reliant on third parties to keep its libraries up to date. But the Karspersky engine has a great track record, and runs to a commendable hourly update schedule.

G Data supplements this with its own “Outbreak Shield” system, using data from email security specialists  Commtouch to identify traffic patterns that look like a virus outbreak. In theory, this lets it keep malicious emails off your system even before the threat is identified. It may be largely redundant in these days of web mail and hardened email clients, but it’s good to have.

Despite its multiple engines, G Data anti virus added just six seconds to our boot time (CPU spikes and hard drive activity continued for around 20 seconds afterward, though that’s always a hazard on a Vista system). It then occupied 46mb of RAM when idle-same as Kaspersky.

It was only to be expected that, in our tests, G Data anti virus would duplicate Karspersky’s excellent score. But, thanks to the Avast engine, it also flagged up the eGuardian chile-protection package that the Russian scanner considered harmless. That’s a very impressive performance.

G Data anti virus has its share of interface foibles. We’ve never known a product to provoke so many Vista UAC prompts-even anodyne actions such as opening the “options” window caused a system interrupt. And many windows( such as the virus scan details view) don’t appear in the taskbar, which can be confusing.

Another slight downside to G Data anti virus is its price. It isn’t extortionate by any means, but Karspersky 2009 can be found more cheaply online. Since the Russian offering is also more configurable , and gives practically identical protection, we’ll keep Karspersky as our A list choice.

But G Data anti virus is a simple, functional package, and when it comes to ppeace of mind it’s hard to fault its “belt and braces” approach to malware detection.

Spyware Doctor’s simple front end emphasizes manual scanning, rather than real –time detection. By default, it runs an automatic scan every week, but the schedule can be customized too.

You can run custom scans too, though it’s a pain; you have to navigate through a directory tree to choose the folders to scan. It’s not a package for tinkereres, but the few options you do get are perfectly practical: for example, you can tweak the scan priority, specify websites or files to ignore and optionally create a system restore point before acting on discovered threats.

Scan based protection is backed up by real-time “intelliguard” protection, using ten “guards” , each providing a distinctive sort of protection. File guard, for example, blocks known malicious applications, while network guard keeps an eye on your network settings. The guards can be individually toggled on and off , giving you direct control over exactly what the program watches over.

In practice, it proved a decent guardian. As soon as we clicked on an infected file-even without opening it=a requester leapt up warming us of danger ahead. It scans email as it arrives too, and a free downloadable browser defender add-on brings web protection.

PC Tools Spyware Doctor + Antivirus 2009 Version 6.0

Why pay more when you can get the same or better for less

At $80 for a one-year subscription, Karspersky charges more than any other suite we tested. If you buy the downloadable version instead of a retail boxed copy, the license is good for up to three users-that’s little consolation to single-PC households.

Kaspersky also holds the undesirable record for longest install time. What started off as a pokey two-minute install balloned into an agonizing eight minutes composed of a tediously long update and no less than two reboots.

Once we were finally up and running, Kaspersky began to atone for its pricing and installation sins. Like Norton’s package, Kaspersky signifantly shortens subsequent system scans by skipping files already determined to be clean. During an initial runthrough, Karspersky’s iChecker algorithm makes note of certain files digital signatures and saves them in a special table. If the signiture matches the next time a scan takes place, the file will be skipped over. The result is that a 12-minute system scan was reduced to a blazing one minute and 14 seconds, finally setting a record Karspersky could be proud of.

Like the other full-featured suites, Kaspersky crams a multitude of tools into neatly organized package and manages to set itself apart in some areas. Rather than limit e-mail scanning to Outlook and POP3, Kaspersky also analyzes IMAP traffic. It boasts a banner-ad blocker and through parental controls, the ability to limit how much time children can roam the web. Finally road warriors will appreciate the option automatically disable scheduled scans when running on battery power.

Kaspersky provided a formidable wall of defense against both viruses and spyware, keeping our test bed protected against Trojans, dialers, and other Internet-bound ills. But so did some of the less-expensive suites.

Kaspersky Internet Security 2009 (3 User)

An old favourite gets a new look.

Now in version 8.0, AVG’s latest release appears to have taken a page or three form from Vista. A redesigned interface sports high-resolution icons and a more colorful palette, and even the system tray icon feels borrowed from Microsoft’s newest OS;turn off one of the security modules and the icon turns red, alerting you to impending doom, even if you’ve only disabled the spam filter. That’s just wacky. Thankfully, you can turn off the ominous notifications.

No other AV application we tested consumed more RAM, our perfomance benchmarks took the biggest hit with AVG installed.During a system scan( which, while not the slowest, dragged along at the tail end of all the suites), CPU utilization averaged 25 percent with sporadic spikes reaching as high as 84 percent. We didn’t know if AVG was scanning of having a seizure.

AVG provides one of the more feature –rich packages of the bunch. In addition to the new scanning engine, you’ll find spam and spyware protection, a firewall, safeguards against drive-by downloads, immunity against IM-bound attacks ( ICQ and MSN only), a customizable scheduler, and a rootkit scanner. Trying it all together is a back end brimming with options to satiate even the most demanding security connoisseur.

We especially like the concept behind AVG’s web protection, we just wish it worked better. The Active-Surf-Shield component scans visited web pages for malicious code and the Search Shield checks Google, MSN, and Yahoo search results for active threats, but enabling them slows down web surfing. And at the time of this writing, Search Shield is not working with Firefox 3.0.

AVG’s detection rate dips below that of the best-performing AV apps during Virus Bulletin’s extensive testing but still earned a VB100 award, meaning it caught all of VB’s in-the-wild viruses with no false positives. AVG also excelled in our tests. Just make sure you have a modern system to run it on.

Grisoft AVG Internet Security – 2 Year Subscription

Trojan Horse Named after the mythological wooden horse used to sneak Odysseus and other Greek heroes into Troy, a Trojan Horse will masquerade as a legimate program but will unleash a harmful payload once installed.

Worm Computers worms are self-replicating programs that burrow into systems, seeking out vulnerabilities to exploit. The ability to spread without any user action makes them particularly dangerous.

Spyware Ever  feel  like you’re being watched? If your PC’s infected with spyware, you just might be. Even worse, spyware not only monitors your activities but can also hijack your system with redirected web searches and other annoyances.

Polymorphic To avoid detection, polymorphic malware constantly changes its own code, often using encryption with a variable key. This stealthy technique poses a problem for typical scanners.

Most enthusiasts view McAfee as just another resource hog often found in OEM systems alongside perfomancepillaging bloatware. Fair assessment or not, this is the perception McAfee’s up against in trying to win over the PC elite. It helps that the company isn’t blissfully unaware of the importance placed on perfomance; its latest edition promises to raise the bar with a more efficient engine that won’t drag your system down.

In our testing, McAfee fell in the middle of the pack instead of leading the charge. RAM consumption crept above what we’d consider lean, and while scanning for malware, CPU utilization often hovered around 40 percent. That in itself isn’t criminal, but we felt swindled when all it bought us was the second- slowest scan time of the bunch-although, remarkably, we didn’t see much of a drop in gaming or day-to-day computing perfomance.

McAfee’s list of features ranges in practicality from beneficial to the unlikely to ever be used. Occupying the former camp are spyware protection., a highly configurable firewall, e-mail and IM guards, basic parental controls, and a file shredder. But we just can’t get stoked about the virus map, which displays global viral hot spots, or the HackerWatch module,which looks for patterns of attack around the world to report to ISPs. And still other  feauters, like Active Protection for real –time safeguards, will be made available only through future updates-boo!

Living up to its name, McAfee Total Protection 2009 proved a formidable adversary against all types of malware and even stopped malicious  websites from loading. We also dig McAfee’s SiteAdvisor tool, which not only identifies questionable search results but also gives a detailed report n why the URL is suspect . But no matter how good it protects, we’re not willing to endure slow scanning perfomance or wait for features that should have been available at release.

McAfee Total Protection 2009 3-User