AVG Anti-Virus Free Edition is one of the most popular products on CNET Download.com, with 61 million downloads. On Thursday, publisher AVG Technologies, formerly known as Grisoft, plans to introduce the full version of AVG Anti-Virus 8.0. This upgrade will feature significant changes to the program, integrating the previously stand-alone tools of AVG Anti-Spyware, AVG Anti-Rootkit, and recent AVG purchase LinkScanner as well as showcasing an entirely new interface.
... Read more
About five years ago I installed the family version of Symantec's Norton Internet Security software on one of my PCs, rendering the machine unusable. Not only couldn't I get any access to the Internet, it was impossible to uninstall the program. I ended up having to reinstall the operating system and all my applications--except Norton Internet Security. At the time I said I would never again install a Symantec security program on any PC, but about a year ago I bought a PC that came with 90 days of Norton 360, and the program won me over. When the free trial period was over I even coughed up $80 for a year's subscription. Apart from the frequent nags about my need to back up (I prefer to use my own manual backup strategy), I'm happy with the Norton 360.
Now the other side of the coin: I've used CheckPoint's ZoneAlarm firewall--both the free and pro versions--for many years, and on many different PCs. The program would occasionally prevent a legitimate program from performing some operation, but on those rare instances I merely shut the firewall down long enough to complete the task, and then turned it back on. No problem.
Until this morning, that is. I spent four hours trying to update a Web site via ftp, only to be told that access to my ISP's ftp server was denied. I tried using the WS_FTP Pro ftp program, Windows Explorer, Firefox, and even a WYSIWYG Web editor, but nothing could get through to the server. I could access the remote system on another PC on my network, but I wanted to avoid having to move the files in question to that PC to complete the transfer. Just last week I had ftp'ed some files without a problem.
After several calls to my blameless ISP, a tech suggested that I uninstall ZoneAlarm. Not just shut it down (which I had already tried), but completely uninstall the app. This struck me as somewhat extreme, but after spending so much time trying to figure out the glitch, I thought it was worth a try. And what do you know: as soon as ZoneAlarm was off the system, I could access the ftp server without a hitch.
Customize your firewall's ftp access using these settings in the free Comodo Firewall Pro.
I suppose I could try to figure out why ZoneAlarm all of a sudden threw a monkey wrench into my server access, but it's quicker and simpler to rely on another free firewall. My ISP's tech guy said he trusted the firewall built into XP, which he claims Microsoft has improved tremendously. But its protection is one way: it doesn't monitor traffic from the PC to the Internet, just stuff inbound. Instead, I loaded the free Comodo Firewall Pro, which also scans your system for viruses, spyware, and other threats. Since I use a remote-access service to log into this PC while on the road, I chose to review requests for incoming connections rather than to block them automatically, which means I'll have to click through a few more pop-ups. But for me this is a small price to pay for the added convenience of remote access.
After you install the Comodo firewall it starts to train itself.
After you install the program and reboot, Comodo "learns" your system, running through the standard processes and services. It also learns as you open your browser and other network-connecting applications for the first time. Once its training is complete, you can click the Comodo icon in the system tray to view your blocked and allowed connections, as well as other traffic data. You also get a snapshot of your running applications, and your choice of five security and alert-frequency settings.
Get a snapshot of your system security on the Comodo Firewall Pro's summary page.
So what did my morning in tech-support hell teach me? First, that my ISP's tech support staff is worth their weight in gold (even if I did assume at first that it was all their fault). Second, that I'm glad there's a myriad of free options when it comes to PC security software. Third, that things change quickly in the computer world, and it doesn't pay to be glued to your assumptions. And fourth, if a program encounters a problem accessing the Internet, check for a conflict with your security software before you get on the horn to your ISP's tech support.
Tomorrow: tweak Windows XP for optimum performance.
(Credit:
Symantec)
Who says there are no second chances? (Maybe Patriots fans, I dunno.) If you missed out when Fry's offered Norton AntiVirus 2008 free after a pair of mail-in rebates, the deal has returned at Buy.com.
Once again, it's the three-user edition, meaning you can install it on up to three PCs. The software protects against viruses, spyware, rootkits, and the like. CNET liked it, though readers definitely did not. As I said last time, if you're unhappy with the software yourself, you're only out a couple stamps.
Speaking of the rebates, this deal requires a pair: one for $34 on the software itself, the other a $20 competitive rebate. That means you need to provide proof of purchase/ownership for just about any other software utility (get the full deets here). The first rebate offer expires February 9, so you've got the week to pull the trigger. Shipping costs--nada.
When it comes to antimalware software, the first decision any Windows user needs to make is whether to go with an integrated suite of software or pick and chose specific products, such as a firewall, antivirus, and antispyware software. If a suite came preinstalled, it's certainly a tempting option. Dealing with a single company and not having to install new software has obvious appeal. But, I think it's the wrong way to go.
For one thing, the software suites can be complicated to use. Oftentimes they have been known to slow down the computer. And they cost money, whereas there are many free antivirus, antispyware, and firewall programs to chose from.
Plus, they may be overkill. In what has been called feature creep, they typically include many different types of protective software in addition to the baseline antivirus, antispyware, and firewall. This added complexity can negate the single product simplicity advantage.
Among the extras are antispam software that many people don't need, and, a case can be made that fighting spam is a server side thing, not something best done on your computer.
My colleague from The Personal Computer Show, Alfred Poor, has recommended against software suites many times on the show. He cites "bloatware" as the main reason:
"... the publisher piles on features not because they are practical or useful, but so that they can win the 'battle of the checkbox' where buyers go for the program with the most features. This leads to more software running in the background, which means a performance hit at the very least, and an increased chance of conflicts with other applications. My advice is to buy what you need, and no more."
Another big consideration is that, taken as a whole, software suites don't offer the best protection.
Leo Notenboom, made this argument last week on his Ask-Leo Web site. Quoting from How do I pick the right tools to protect my system?
"Would a bundled application (all defenses in one) be necessarily more effective than several standalone products? In my fairly strong opinion, no. I base that primarily on the four+ years of problem reports and feedback that I've received here at Ask Leo!. It just seems that the combined suites cause more problems and miss more malware or security issues than a well chosen set of individual solutions."
Why don't the suites offer the best protection? Here too, I agree with Leo:
"My theory is that the suites start with a really good single product...in order to create a suite the manufacturer then buys or creates what I can only assume are second-rate additional components..."
The ZoneAlarm firewall is a case in point. I like the free firewall and would buy the commercial version for the additional features. But I can't; at least not without also buying either antispyware or antivirus software from CheckPoint. So I pass.
Interestingly, I disagree with Leo's recommendations for antivirus, antispyware, and firewall software. But, even people who disagree on the specific choices, agree that making specific choices is the way to go.
As for Alfred's point about bloatware, a comparison of the assorted software bundles offered by ZoneAlarm/CheckPoint shows no less than 16 types of defensive software included in the top-of-the-line product.
Another example of an antimalware product being assimilated into a suite comes from Eset.
In his newsletter/blog last week, Scot Finnie discussed the stand-alone NOD32 anti-virus program vs. their suite of anti-malware software called Eset Smart Security. As for the new version of NOD32, Scot writes "...my preliminary impression of Nod32 3.0...was quite positive. That product is available as a standalone upgrade to Nod32 2.7..."
But regarding the suite he says "I looked pretty extensively at Eset Smart Security in late beta, and I didn't think much of the firewall at all. Plus I have no use for Eset's antispam solution. So I am definitely recommending *against* the new $60 Eset Smart Security (ESS)."
Finally, a note from the school of hard knocks.
After reading some good reviews of F-Secure Anti-Virus a while back, I installed it on a couple machines. On one machine, when I later installed Spy Sweeper, the antispyware product from Webroot, I learned about an incompatibility with F-Secure Anti-Virus.
Another machine had the free ZoneAlarm firewall installed. When I tried to install F-Secure Anti-Virus, it complained about ZoneAlarm, basically saying it's either us or them. The F-Secure product would not install unless the ZoneAlarm firewall was removed.
What possible conflict could there be between an antivirus program and a firewall? My guess is that F-Secure had a single installation program for both their software suite and their standalone antivirus, and they hadn't customized the antivirus installation to not bother checking for firewall software. Just a hunch.
The debate over individual antimalware products will continue until Windows truly becomes secure. Until that day, fight assimilation and opt for standalone antimalware products.
See a summary of all my Defensive Computing postings.
Earlier I had a trilogy of postings about DropMyRights (Part 1, Part 2 and Part 3) that included the warning to run Microsoft Office applications in restricted mode in case a file (Word document, Excel spreadsheet, etc.) carried a virus or some other type of malicious software.
But what do you do if a Word document or Excel spreadsheet doesn't display or work properly when the application is run in restricted mode? A decision needs to be made whether to trust the file and open it in unrestricted mode.
If the file was sent to you by e-mail, you'll no doubt be tempted to judge it based on the person who sent the message. Don't.
For one thing, you can't trust that the reported sender of an e-mail message is the actual sender. It is trivially easy to forge the From address in an e-mail message. And even if the message really did come from the person in the From address, and you trust that person, you still should not assume the file is safe. The sender's computer could be infected with malicious software that sent the e-mail message on its own, without human involvement. But what if the trusted person actually sent the file on purpose? It still could be infected with malware without him or her knowing it.
What to do?
The safest thing, of course, is to delete the file. But if you want or need to use it, then I suggest using the Virus Total and/or Jotti Web sites. Each site lets you upload a file to be scanned by multiple antivirus programs.
The last time I used Virus Total, a free service from Hispasec Sistemas, it scanned my suspicious file with 29 different programs. The list included popular antivirus software from Symantec, Kaspersky and Clam, some less well-known products such as NOD32, Avast and Panda, and a host of products that I had never heard of such as DrWeb, Ikarus and TheHacker. That's the good news.
The bad news is that there probably won't be a consensus opinion. Each time I submitted something suspicious to Virus Total, the results were all over the map. For example, in this screenshot from July 10, you can see that 7 of the 29 programs felt the file was malicious. Democracy is great in other contexts, but here, I'd rather be safe than sorry.
Sourcefire just announced its acquisition of ClamAV. ClamAV is by most estimates the most commonly used open-source antivirus product on this planet, with over 10 million downloads (and a significant percentage). Great, great move by Sourcefire.
There's just no end in sight of this open-source M&A market, friends, and this time it was one open-source project buying another. I like that. Keep it in the family.
Nick Selby over at The 451 Group has a great analysis. He writes:
... Read moreThe NOD32 antivirus program from ESET has its share of enthusiasts. After a long, detailed review of the field, Scot Finnie in February called it the best antivirus product of 2007.
Based on Mr. Finnie's reviews and recommendation, I've been installing NOD32 on the computers of some of my clients. I've also lived with it a bit on one of my computers and had no major gripes.
Until yesterday.
NOD32 is using 88% of the CPU after having been shut down. Click for full-size image.
I was about to run Microsoft Update on a Windows XP machine for the third or fourth time, and was getting tired of waiting for it complete. So this time, I turned off ("Quit") NOD32 beforehand.
It didn't seem to make much of a difference, as Microsoft Update still maxed out the CPU while checking for new patches and seemed to take forever to complete.
But while I was waiting, I took a look at the system using Process Explorer, a great free program, now from Microsoft but formerly from Sysinternals. Surprise, surprise. NOD32 was using 88 percent of the CPU cycles. Despite the disappearance of the system tray icon, it never really shut down.
In the screen shot above (click for a full-size image), the highlighted line is nod32krn.exe, and you can see from the CPU History that it has been using a good portion of the processor horsepower.
NOD32 version details. Click for full size image.
I've been down this road before. This isn't the first time the user interface of an application says that it is not running but the underlying Windows service is still running (in Windows XP: Control Panel -> Administrative Tools -> Services). Windows Update is like this. So, too, is the Windows Security Center.
But NOD32 won't let you shut down its Windows service. The Stop option is disabled. I've seen enough episodes of ''Star Trek'' to know how important a manual override is. NOD32 doesn't have a manual override.
The version of NOD32 in question is the current version, 2.70. Click on the screen shot at the right to see the full details on the version of NOD32 being used at the time.
UPDATE (July 17, 2007)
Randy Abrams, the Director of Technical Education for ESET, the company behind NOD32, explained why NOD32 only partially shuts down.
"As for the inability to completely shut down NOD32, that is necessitated by the nature of security software and the threats we face. NOD32 implements technologies designed to prevent malicious software from disabling it. While NOD32 offers the user the ability to partially turn off NOD32 services, in order to allow the user to completely do so we would have to allow malware to easily disable NOD32. Additionally, the low level at which anti-virus software runs means that system stability may be compromised if it is completely removed - making it potentially dangerous to completely remove the software without a reboot. The anti-stealth technology in NOD32 that is designed to be able to detect active rootkits must operate at a system level at least as low as the rootkits it is detecting."
And he goes on to explain that NOD32 can be totally shutdown after a reboot:
"To temporarily disable NOD32 without uninstalling it on a Windows XP System, I would recommend using MSConfig and temporarily disabling the startup item NOD32KUI and the service NOD32 Kernel Service.
Although you can't stop the NOD32 Kernel Service, you can change it from the normal startup mode of Automatic to Manual or Disabled. Addressing the CPU usage observed with NOD32 half shut-down Mr. Abrams says:
"Typically when NOD32 is disabled the resource consumption will go down to about zero. There can be very strange cases where the exact combination of hardware and software create conflicts. These conflicts can be a real bear to track down."
Being a programmer, I feel his pain. And NOD32 in normal usage is not a resource hog at all.
I asked Mr. Abrams about other defensive software (antivirus, antispyware, firewalls and the like) that asks for confirmation from a human being when it gets a request to shut down. On this point he said:
"There are definitely a variety of approaches that can be taken. Each will have trade-offs in terms of security implications. Malware that can shut down a security program can also intercept messages. It is a calculated risk. "
And, on a lighter note, Mr. Abrams adds:
"Remember, in Star Trek the ultimate manual override still required a senior officer's verbal confirmation and was not valid for all starships (we hope). Ultimately, NOD32 can be uninstalled without difficulty, but we wouldn't want any random Trible (hey, they are great at replication) to be able to come along and disable every copy of NOD32."
You've got to love a company with a sense of humor. :-)
Finally, let me put this in perspective. NOD32 has been a well reviewed product, which motivated me to try it in the first place. At my computergripes.com site I often gripe about software that I continue to use and recommend. Nothing's perfect. But you'll never see me griping about, for example, Microsoft's antivirus product because it has been so poorly reviewed, I won't bother with it.
Symantec has added Norton Antivirus 2008 and Norton Internet Security 2008 to it's Beta Center. Enhancements to Norton Antivirus 2008 include better performance and updated Symantec Online Network for Advanced Response (SONAR) heuristics. Enhancements to Norton Internet Security 2008 include those in Norton Antivirus 2008 plus Norton Identity Safe (from Norton Confidential), and enhanced network monitoring. Both pieces of software are expected to include new browser vulnerability protection, codenamed "Canary", in their final release.
The Symantec beta program includes no technical support, although customer feedback is welcome. Symantec reminds participants in the beta program not to install these apps on production machines. Beta software is intended for testing only.
I often joke about the reputation we analysts have for wild hyperbole and speculation but I also realize that some of this well deserved. For example, one frequent analyst diatribe is the "technology X is dead" rap. Point to some technology and become the industry beacon who foretells its demise. Someone resurrects this tired strategy every few years.
The latest version of this old analyst song is that "antivirus is dead." The theory states that new threats are simply too fast, stealthy, and targeted for tried-and-true antivirus software from vendors like McAfee, Symantec, and Trend Micro. After all, antivirus software operates on an a posteriori model where antivirus vendors find malicious code in the wild, develop software signature defenses, and then distribute these signatures to customers. The "antivirus is dead" crowd believes that this model can no longer keep up.
As a member of the brotherhood of industry analysts, I apologize to the world for this soundbite-focused oversimplification. Indeed, antivirus is not dead but like other security technologies its role has changed. Like other IT categories, client security depends upon a layered "defense in depth" model. There is still plenty of pedestrian malware out there that antivirus software is perfectly capable of addressing. Yes, there are other more ominous threats as well which is why desktop software vendors now provide intrusion prevention heuristics as part of their security suites. In other words, add another layer of protection to enhance security and protect against another type of threat. In its simplest form this description categorizes all security strategies.
Saying antivirus software is dead is like saying that airbags made seatbelts obsolete. In fact, airbags simply made seatbelts a part of an overall safety system and thus enhanced automotive safety.
Finally, can someone please introduce me to the analyst who proclaimed that "mainframes are dead" back in 1990 or so? Even after all of these years, I doubt that anyone would own up to such a ridiculous and wildly inaccurate assertion.
- prev
- 1
- next
