All-in-One Security
Suites of antivirus, antispyware, and firewall software can provide convenient, solid protection against today's worst threats. Our tests of ten contenders show who's got your back.Senior Associate Editor Narasu Rebbapragada covers security topics for PC World; Tom Mainelli is a senior editor.
Narasu Rebbapragada
It takes a multifaceted strategy to fight today's complex range of security threats, which can no longer be neatly separated into distinct categories. Worms may ride in with spam, and spyware apps may unleash Trojan horses, so your PC requires multiple kinds of security software to stay safe.
You can build your system's defenses with stand-alone antivirus, antispyware, and firewall products, or you can get everything in an all-in-one suite. Opting for three or more separate security apps lets you pick the best of breed in each category, but running them can be a complicated--and expensive--task. Security suites offer convenience and affordability; their individual components, configurable from one interface, are designed to interoperate smoothly. That said, suites require a certain degree of trust in that you're depending on one company to protect your computer and data completely. Since running multiple antivirus engines and firewalls can invite major system problems, people who want a suite should buy one and stick to it. (See "10 Tips for Running Security Suites" for more information.)
In this story:
Suite Contenders
Symantec's suite, our Best Buy, performs well, has a lot of features, and is easy to use.
To find out if today's suites are worth the commitment, we chose ten products--a combination of new and established offerings--to run through a gauntlet of performance and usability tests (for more details, see our expanded chart).
We looked at four factors: performance (malware detection and speed), features, design (ease of use), and price. The packages ranged from $40 to $80 for first-time software purchases with a year of updates; subsequently you'll have to pay a renewal fee ($25 to $60 per year). In regard to performance, remember that security software is only as good as its last update, which can contain tweaks to its engine as well as new malware signatures. As for features, the products were relatively consistent, though some had useful add-ons.
To assess design, we looked at how simple the suites were to install, how easy their features were to find, and how well the software explained its options. We also evaluated malware warning alerts to determine whether the dialog boxes provided enough information to let you make an educated decision about what to do next. Above all, we looked at performance, determined by how well each suite detected and blocked incoming threats as well as by how effectively it cleaned up malware already on a system. We contracted with German research company AV-Test.org, which threw more than 174,000 worms, viruses, back-door programs, bots (aka zombies), spyware components, Trojan horses, and adware samples at each suite. In addition, AV-Test.org analyzed each suite's heuristics (its ability to detect as-yet-unidentified malware), as well as each firewall. We also checked how fast each could perform a full security sweep of our test system and how much running it slowed down our apps in our WorldBench 5 tests.
Though our testing was extensive, we didn't fully evaluate behavior-based detection. The Microsoft, Panda, and Zone Labs suites offer this technology, which can identify a new threat by the actions it takes (for example, if a program tries to make suspicious Registry changes). This feature can offer a viable supplement to signature-based detection, but testing it thoroughly proved too unwieldy for this review.
Best Protectors
All of the suites we tested proved good at something, but none excelled at everything. Our Best Buy, Symantec's suite, performed consistently across our tests. Highlights include a second-place ranking in detecting AV-Test.org's collection of back doors, bots, and Trojan horses, and a perfect firewall score. It provides instant-messaging protection, parental controls, and a data-privacy feature. Its interface could be more streamlined, though, and its telephone tech support charges a whopping $30 per incident.
The top performer in our malware tests was McAfee's suite, which also has extra features such as instant-messaging protection and an antiphishing plug-in for Internet Explorer. However, the suite suffers from a bad installation routine and pricey phone support ($3 per minute).
Zone Labs' suite, which integrates an older version of CA's lackluster eTrust antivirus engine, ranked seventh in our performance tests, despite its great firewall. Zone Labs plans to update its CA engine in June. Regardless, the suite still managed sixth place overall, as it's packed with features and easy to use.
The poor performance of the BitDefender suite surprised us. Slow speed, a mediocre adware scanner, and a less-than-impressive firewall contributed to the suite's ninth-place overall ranking.
Aluria's suite can scan packed files but not compressed executable programs.
Newcomer Aluria's inexpensive but bare-bones suite placed last. The software can scan your whole drive, but it lacks the ability to scan a user-defined set of files and folders. It also can't look for malware embedded within packed executable files such as ASPack or UPX. (Worm authors hide malware within packed executables, and sometimes, to avoid detection by security software, they take existing malware and repackage it.) In addition, at its default settings Aluria's firewall is too permeable, and it's a resource hog.
Viruses, Spyware, and Adware
Panda supplements its top-notch heuristics with behavior-based malware detection.
McAfee and F-Secure's packages did the best job of finding what's loosely classified as viruses and spyware, each scoring among the top three in relevant tests. Panda's package was the best in heuristics tests. The McAfee and Aluria suites surpassed the group in detecting adware.
A note: Spyware has become the catch-all term for keyloggers, adware, back doors, and other Web-borne predators--many of which are not new and not classified as spyware by researchers. In our tests, we differentiate between spyware and adware. The really nasty spyware is included in AV-Test.org's collection of bots, Trojan horses, and back doors; a suite's detection rate for the last of these is a good indicator of how well it works against spyware. Detection of adware--software that can bring unwanted ads and collect data on your Web surfing habits--is a separate test.
Most of the suites were 100 percent successful at detecting the 1822 components of boot, file, macro, and script malware from the January 2006 WildList, a public list of widespread viruses, worms, and bots. Surprisingly, Aluria's package missed all boot-virus components, the beta version of Microsoft's offering failed to spot 14 components of seven worms, and Trend Micro's suite missed two components of one worm. In our WildList tests, boot-virus components were statistically insignificant, which explains Aluria's 100 percent score in our chart. Nevertheless, your security software should detect all WildList threats.
On AV-Test.org's collection of 168,523 back doors, bots, and Trojan horses, results were mixed. CA's suite detected only 37 percent of back doors, 72 percent of bots, and 39 percent of Trojan horses. Zone Labs' suite scored worse, spotting 30 percent of back doors, 49 percent of bots, and 31 percent of Trojan horses. F-Secure's suite was the strongest, catching more than 98 percent of these threats.
In adware tests McAfee's suite scored best, catching 96 percent of 713 actively running components. Aluria, with its background in fighting adware and spyware, ranked second with an 89 percent detection rate. Once again, though, the Zone Labs package performed worst, detecting only 46 percent of adware.
To assess heuristics, AV-Test.org evaluated how well the suites could proactively spot January 2006 WildList malware without the benefit of January (and newer) signature updates. Panda's suite dominated, detecting 91 percent of the files. F-Secure's was a distant second, catching 76 percent. At 41 percent, the Microsoft app's heuristics were the worst; Zone Labs' suite was second from the bottom. We should note, however, that the behavior-based features of the Microsoft and Zone Labs suites (also present in Panda's product) might make up for their poor showing, thereby improving their overall results. For example, AV-Test.org found that Panda TruPrevent will block up to 90 percent of network and e-mail worms and that Zone Labs' OSFirewall will stop up to 70 percent of network and e-mail worms.
We also tested all of the suites on their detection of malware within compressed archives such as.zip,.rar, and.cab files, and within runtime compressed program files like ASPack and UPX. Most of them could look in files that were compressed once, multiple times, or as a self-extracting archive, but they were less uniformly able to penetrate runtime compressed program files. The F-Secure, McAfee, and BitDefender suites did best; Aluria's and Zone Labs' brought up the rear. Aluria says that the ability to unpack a compressed executable will be included in its suite's next version, due later this year as a free upgrade for current users. Zone Labs says that it is working with CA to improve its product's detection of packed malware and that its OSFirewall detects and blocks both known and unknown malware as soon as the packed file opens.
In a perfect world, security software would detect and block all threats at first sight. In reality, bad stuff slips through the cracks. We tested the packages' ability to clean up files, Registry entries, and Hosts-file changes made by ten WildList worms. McAfee's package cleaned the most malware files and system changes, scrubbing everything except a variant of Mytob that targeted the security software itself. Microsoft's product also did well, purging all worms and remnants except Registry changes made by Netsky.BA and Mytob.AR. F-Secure's suite proved better at finding malware than at removing it, cleaning only five of the ten worm files.
Firewalls That Fight
While the line between antivirus and antispyware protection has blurred recently, software firewalls are still distinct animals, monitoring inbound and outbound network traffic and flagging suspicious behavior. The firewalls of the ten suites we tried all let you set some sort of general security level, whitelist and blacklist individual applications, and enable specific ports and network protocols.
Great firewalls can differentiate between good and bad traffic, alert you to serious trouble, and provide enough detail about detected activity for you to make an educated decision about whether to allow it. Subpar firewalls pipe up so frequently with undecipherable information that you may end up blocking traffic you need--or worse, turning the firewall off.
We tested the suites' firewalls for their ability at default settings to block attacks from outside sources, as well as from malware apps already on the PC. The CA, Microsoft, Symantec, and Zone Labs products each scored 100 percent in our inside-attack tests: Malware was unable to deactivate the firewall in memory, delete it from the hard drive, or steal the rights of legitimate programs (some malware, for example, will be dressed up to look like Internet Explorer and will try to grab all the rights that you have granted IE). And back-door applications placed on our test computers both before and after we installed each of these four suites weren't able to access the Internet.
At its default settings Aluria's firewall failed all of our inside-attack tests, but at its high setting it passed both the stolen-application-rights test and the back-door test. Aluria says that the suite's default security level, which leaves open network ports 80 and 443, is purposely set to minimize the number of initial firewall alerts a user will receive. "We want our customers to be able to configure the product the way they want to," says Jack Dunston, product manager for Aluria Software.
The CA eTrust security suite integrates Zone Labs' sophisticated firewall.
We also tested the firewalls to see whether they could spot malware attempting to smuggle data out of the PC. Zone Labs' firewall was again 100 percent successful, passing all 17 leak tests, with Microsoft's in second place, passing 7 tests. The other products earned very low scores, and Panda's passed none of the leak tests. Keep in mind that AV-Test.org runs standardized leak-test utilities available to security vendors. Zone Labs, for one, builds its products to pass all leak tests; Panda, on the other hand, says that it doesn't optimize its software for leak tests, instead relying on its TruPrevent behavior-based technology to decide whether a piece of code is malicious.
In our tests to evaluate the products' response to outside attacks, the packages from CA, F-Secure, McAfee, Panda, Symantec, and Zone Labs received scores of 100 percent. These suites blocked all standard and stealth port scans. They halted Internet traffic trying to enter the PC through ports opened for SMB-based file sharing, which suggests that they can differentiate between good and bad traffic on your home network. They also did not reveal data about our test PCs' operating systems. Once again, however, Aluria's firewall failed two of the four tests at default settings, though it would have scored 100 percent at its high setting. Both Trend Micro's and BitDefender's firewalls did not block open SMB shares--and neither did the Microsoft firewall, which also rendered the OS guessable to port sniffers.
Extras, Extras
The Web Site Filter acts as Trend Micro's parental controls.
All of the suites except Microsoft's have antispam protection; beyond that, they offer slightly different feature sets. The McAfee and Panda products packed in the most security extras, while the Microsoft one had the least (although OneCare does include backup software and disk tune-up tools).
Except for the Aluria and Microsoft products, all of the suites have parental controls where you can block undesirable Web site categories such as sex, drugs, and gambling. Trend Micro's suite offers equivalent URL filtering, though it doesn't call the feature parental controls. While CA's suite doesn't provide its own parental controls, it does include a separate CD that offers the service through BlueCoat's K9 Web Protection. Zone Labs' package supplies Smart Filtering Dynamic Real-Time Rating for categorizing Web sites that aren't currently on a user- or software-defined whitelist or blacklist. The BitDefender, McAfee, and F-Secure suites go the extra mile, permitting parents to specify times when their kids can and can't surf the Web.
The CA, McAfee, Norton, Panda, Trend Micro, and Zone Labs suites offer privacy controls that prevent sensitive data, such as credit card information, from leaving your PC--however, the suites' high-privacy settings are aggressive. For example, the maximum privacy setting in Symantec's suite invoked a high-risk cookie alert every time a site dropped a cookie onto our test system, even when it was from a reputable site such as the New York Times site or PCWorld.com. At the suite's default settings, cookies like these are not considered high risk.
Other cool features: The McAfee, Panda, Symantec, and Zone Labs suites scan several instant-messaging clients for infected attachments. (Microsoft's scans only MSN Messenger.) The Panda, Trend Micro, and Zone Labs packages warn you when interlopers are mooching off your Wi-Fi connection. (McAfee's $80 Wireless Home Network Security Suite also offers protection for your Wi-Fi network.)
Zone Labs' controls for IM clients are extensive.
While some extra features are handy, others only bulk up a suite's interface. A prime example is Symantec's Norton Protection Center, an additional window that monitors the functions of the suite's components. Adding another icon to your already crowded system tray, it pops up regularly to tell you the status of your security protection. It also presents marketing for other, related products; the Data Recovery portion will show a status of "no coverage" until you buy and install Symantec's $50 SystemWorks utility suite.
Installation and Usability
Microsoft's firewall alert about LimeWire activity was more informative and polished than BitDefender's.
Suites are simple to use when they install cleanly, organize your configuration options well, run quickly, and alert you clearly to potential malware. Microsoft's and Trend Micro's suites fit those criteria the best, but for different reasons. Microsoft's product is easy to configure because there just isn't a lot to configure--a setup that many PC users might find limiting. On the other hand, Trend Micro's suite does an excellent job of cramming a multitude of options into a well-structured and aesthetically pleasing interface.
All the suites installed properly, and all configured our test PC's network settings correctly. (Right now, Microsoft's Windows Defender antispyware app is a separate software install.) Our few gripes were with McAfee's suite: Its painful installation required five restarts and the creation of a user name and password. A subsequent dialog box makes you opt out of receiving newsletters about virus threats, McAfee promotions, and McAfee partner promotions. Also, initially we couldn't download software updates via Firefox; we had to use Internet Explorer and temporarily allow pop-up windows.
CA's suite was the worst integrated, depositing four icons in our system tray. Plus, the main interface doesn't link to Blue Coat's parental controls.
Symantec's suite seemed to talk the most, regularly popping up software status alerts and cookie warnings. Some people may want this level of explanation; those who don't may prefer F-Secure's suite, which has a lot of deep settings but little instruction about managing them.
Speed also differentiated the products. Panda's suite performed the fastest on-demand virus scan, taking 6 minutes, 39 seconds to speed through 14.7GB worth of files and folders on our test PC. Trend Micro's was second-fastest with a scan time of 7 minutes, 37 seconds. F-Secure's was the slowest, completing the scan at a glacial pace of 28 minutes, 46 seconds. F-Secure says that its real-time protection and its five scan engines--two for viruses and one each for spyware, rootkits, and heuristics--slow down scan speed.
McAfee doesn't differentiate between adware and spyware, calling either one a PUP.
We measured the suites' drag on system resources by installing them with default settings and then running WorldBench 5. Microsoft's product imposed the lightest load, increasing the execution time of each our nine WorldBench 5 application tests by 4 percent or less. (An increase of 15 percent would be noticeable.) The Aluria suite was the hungriest resource hog, more than doubling the execution time of our ACDSee PowerPack and Microsoft Windows Media Encoder tests. BitDefender's package also bogged down our system, causing a 25 percent time increase in our Microsoft Office 2002 test and a 69 percent time increase in the Mozilla test.
As for malware alerts, Microsoft's firewall warnings gave complete program and path information for apps trying to access the Internet. BitDefender's package had clearer virus alerts than firewall warnings. The McAfee suite refused to classify a threat as adware or spyware, instead using the vague term PUP--potentially unwanted program--to describe both. For a closer look at the alerts, see each suite's full online review, accessible via our expanded chart.
Overall, even the highest-rated suites, from Symantec and McAfee, weren't the best at all tasks, so power users may still want to mix and match best-of-breed security components. Many other people, though, will find it hard to beat the convenience of one-stop security shopping.
Let Your ISP Provide Your Security Suite
Nobody genuinely enjoys spending money on security software, but savvy computer users understand that it's a pill they have to swallow. What many people don't realize, though, is that they may already have access to such software--for free.
As Internet-based dangers have increased, large Internet service providers such as America Online, EarthLink, and PeoplePC have bolstered the security packages they offer to their customers. Often the packages are a combination of homegrown tools and off-the-shelf apps, some of which are included in the suites we tested for this story.
AOL's De Facto Suite
For example, AOL's Safety and Security Center bundles the company's own spam-protection, parental-control, pop-up-blocking, and antiphishing tools together with the firewall, antivirus, and antispyware components of McAfee's suite.
AOL's package, a 28MB download, consists of numerous different applications, but to users the bundle should appear as a single, seamless program, according to Andrew Weinstein, a company spokesperson. "We made the Internet easy; now we want to make security easy, too," he says.
One of the ways AOL tries to make life easier for its customers is by blocking many Internet threats at its servers, before they ever reach users' computers. Weinstein says that each day the company blocks about 8 million phishing attempts and nearly 1.5 million pieces of spam from reaching its customers.
EarthLink Fights Spyware
EarthLink took its efforts to create an all-in-one security package so seriously that it purchased the antispyware software company Aluria in 2005. Now EarthLink's Protection Control Center--a 16MB download free to dial-up and broadband customers and available to non-EarthLink customers for a $5 monthly fee--includes apps created by both companies, as well as antivirus and firewall features from partner Authentium.
One of the reasons EarthLink chose Aluria as a partner early on was that its technology is very adaptable, says Ben Kaplan, EarthLink's product manager of security applications. "We could apply their technologies to our own and control how it looks." The result is a simple, consolidated interface that EarthLink users understand, he says. The company estimates that about 1.4 million people currently use the software.
PeoplePC, an EarthLink subsidiary that provides budget dial-up Internet access, recently launched its own Aluria-based Internet Security Pack. The software is similar to the EarthLink suite but sports its own look. The company's Security Plus members can download the program for free, and standard members can purchase the product for $2 per month.
So why are ISPs going to all the trouble and expense of offering these comprehensive security services? It's simple--they want to keep their customers happy. As Kaplan puts it, "We're heavily invested in protecting our consumers and bringing great value to their staying with EarthLink."
Tom Mainelli10 Tips for Running Security Suites
Attempting to install and run a full-featured security suite can be a complex and daunting proposition, especially if the task involves replacing one vendor's product with another company's package. We asked several security companies to contribute advice on properly installing and maintaining security software.