Whether you know it or not, you’re constantly under attack by nefarious netizens. Why? Because your computer contains a gold mine of goodies just waiting to be exploited by wrongdoers.
Everything from your banking information and credit card numbers to your processor cycles and Internet connection are valuable commodities sought after by online thieves. We’re talking about denial of service (DoS) attacks, threats to your finances, and all-out identity theft. And if that weren’t enough, the culprits are continually developing new and increasingly complex techniques to take over your system for their personal gain, spurring an arms race between the digital crooks and the PC security vendors cashing in on the mayhem. But just how much protection do you really need?
In response to these ever-increasing threats, a host of new security applications have started to emerge, and each one promises to offer a level of protection be-yond that of your traditional anti-malware arsenal. The developers of these programs claim it’s no longer enough to rely on databases of known threats to catch viruses and spyware, and that today’s strains of PC pestilence are able to outsmart traditional safety measures. But is this truly the case, or is this simply another attempt to sell more crapware?
To find out, we gathered a host of next-generation security apps, installed them on our systems, and then put their claims to the test. We’ll tell you whether these new apps deliver on their promises and whether you should be rushing to upgrade.
A one-click salve for Internet-induced infections
We’ve had our share of “uh-oh” moments, when curiosity superseded our better judgment and we impulsively clicked a suspicious link or downloaded a suspect file. In most cases, those moments have been followed by a laborious malware disinfection, or if the damage was severe, a full-blown Windows reinstall. Trustware Security promises to make those situations a thing of the past. To prove it’s serious, the company will pay you $500 if BufferZone fails to keep your PC secure, with a few caveats (http://tinyurl.com/2nvc23). Normally, we’d worry that such lofty claims would result in a Chapter 11 filing, but despite our best efforts, we were unable to wreak irreversible havoc on our test systems and claim our bounty.
| By configuring removable media and network paths to open in a virtualized shell, you’ll keep your PC protected from every angle.
BufferZone works its wizardry by isolating all web-based activities, including email and IM software, at the application level. Without BufferZone, application write requests can alter critical system files and make changes to the all-important registry, allowing malware to muck up a system. But with BufferZone installed, applications stay sheathed in a virtualized shell, and write requests are diverted to a virtual folder. Programs think they’re writing to the OS, but everything stays intact, even when executing a dirty file. And unlike traditional anti-spyware and anti-virus applications, BufferZone doesn’t rely on definition updates; it blockades your system equally well against both known and unknown threats. Rounding out BufferZone’s list of tricks is the ability to protect your system from harmful files residing on removable media, such as USB keys and optical discs.
What BufferZone won’t do is install on Windows Vista; compatibility is limited to XP with SP2. It’s true that Vista has yet to gain traction among consumers, but we’d expect an app that touts next-gen capabilities to support the latest OS. Trustware assures us this support is forthcoming.
|Tired of relatives asking you for free tech support? Install BufferZone on their PCs and schedule it to periodically and automatically undo Internet-based changes. Finally, you can stop screening your phone calls!|
After installing BufferZone, we trotted indiscriminately through the web’s darker recesses, visiting every unsavory website we could find. Along the way, we installed toolbars, agreed to suspicious ActiveX requests, and downloaded infected files that would normally spell disaster. But no matter how badly we tried to muddle our system, damage stayed contained within BufferZone’s virtual folder. Emptying the buffer was like waking up from a bad dream—all our nasty downloads disappeared, along with any changes they made to our browser. That means legitimate changes, such as toolbars and add-ons, disappeared too, as it’s an all or nothing proposition with BufferZone; once you click, there’s no going back—and no last minute warnings, either. To save downloads you trust, you can right-click and move them out of the buffer prior to emptying it.
We didn’t notice a performance hit when using BufferZone, save for a short delay the first time we opened a program and BufferZone ran an optimization routine on it. And if true to its word, Trustware will have full Vista support by the time you read this.
Protects you from threats on the web, but not from yourself.
Just surfing the Internet can be enough to infect your system and grant malware uninvited access to your hard drive. But what about the malware that is invited? Malware writers know that the quickest way to infiltrate a system is through the end user, and there’s no shortage of dirty code masquerading under the guise of helpful applications. By the time you realize you’ve been duped, it’s too late, and it’s here that ForceField ultimately falls short.
Like BufferZone, ForceField protects at the application level, enveloping your web browser in an emulation layer. You’ll know ForceField’s working by the green border glowing around your browser. As you surf the web, unsolicited downloads write to a virtual file system, which prevents rogue sites from thrashing the OS. As a second layer of protection, ForceField issues a warning whenever you’re about to enter a site known to distribute spyware, at which point you can enter anyway or hightail it to safer corners of the web.
| Select the Private Browser to cover your tracks and ForceField will block cookies, prevent pages from being added to the history, and erase auto-fill and completion entries.
But unlike BufferZone, this one-two punch falls far short of providing an impenetrable defense. ForceField focuses only on web browsing, leaving email, IM clients, and other connected applications exposed to the same dangers. And while ForceField neutralizes unsolicited downloads occurring behind the scenes, it won’t save your system if you accidentally execute a malicious file or willingly install a seemingly innocent application only to find out later it was laced with spyware.
ForceField was still in beta form during our tests, and we uncovered a few rough edges. Despite support for both Internet Explorer and Firefox, we initially couldn’t get either browser to load through Vista’s start menu; instead, we had to right-click the ForceField icon in the taskbar. Several reboots later the problem disappeared. XP wasn’t affected, but some applications managed to load unprotected browser windows in both OSes, exposing a major vulnerability.
|A major security flaw allows pop-ups to open outside of ForceField’s virtualization shell, giving malware an open door to your system.|
When we navigated the same shady websites we surfed with BufferZone, ForceField identified only some of them as potentially harmful, letting several others slip through undetected. You have to wait while downloaded files undergo a scan for known malware, and we had little success getting ForceField to flag files embedded with Trojans and other common cruft. False positives were much less of an issue, but that’s little consolation given the weak detection of real threats.
By limiting virtualization to just automatic downloads made through the browser, ZoneAlarm also limits the product’s appeal. In its current form, ForceField can’t be counted on to provide a reliable defense. And even though ForceField isn’t intended as a stand-alone security application, there’s not enough to it to justify a $30 investment.
Not Approved, $30/year
Is heuristic scanning the future of home PC security?
Norton takes a different approach to next-gen security than both BufferZone and ForceField. Rather than employ virtualization technology to quarantine damage imposed by malicious code, AntiBot looks to prevent contaminants from ever having a chance to cause a ruckus—virtual or otherwise—by catching them before they’re able to load. It does this through heuristic scanning: analyzing the behavior of every running process and program, looking for characteristics most commonly associated with malware. Like the developers, Norton doesn’t bill AntiBot as a stand-alone security application but instead recommends running it alongside your existing anti-malware suite. Nevertheless, we threw AntiBot into the infested online jungle to see if it—and our system—could emerge unscathed.
|We dig programs that are easy to configure, but AntiBot gives you very little control over how it operates, making it impossible to fine-tune its behavior to complement your surfing habits.|
AntiBot’s quick installation will appeal to folks who prefer a no-fuss setup, but power users are sure to lament the lack of customizable options. You can choose whether to automatically quarantine detected threats and whether you want the option of saving your work before doing so, but AntiBot affords little else to the end user.
For all its simplicity, AntiBot was no slouch on the seedier side of the web, going about its work while running quietly in the background and without hampering performance. We agreed to install ActiveX controls when prompted, downloaded files we knew contained payloads, pretended we knew nothing of the dangers lurking on P2P networks, and attempted to install every spyware-plagued game and screensaver we could find. Additionally, we turned off our firewall and failed to update our XP install, which left it armed only with SP2. But despite reckless computing habits that would make even our Dell-owning relatives shudder, AntiBot stopped the majority of threats from taking down our system. Before dirty code could muck our OS, AntiBot froze the operation and alerted us to impending doom. In the case of an unknown danger, a window appeared showing us what suspicious behavior prompted the alert, such as trying to register executables to run on reboot or attempting to write to the Windows directory.
| After disinfecting a dirty file, click the Details link and AntiBot displays exactly which processes were terminated, what files it deleted, and which registry keys it removed.
Yet for all that it caught, AntiBot wasn’t invincible. It failed to prevent malware from hijacking Internet Explorer: Malicious agents managed to change our homepage, and several tabs went missing in the Internet Options menu. Even our hosts file took a hit, highlighting the weaknesses of heuristic scanning. But AntiBot’s biggest failing is that other security products already employ real-time protection, so why pay more for an add-on that really just does more of the same? And if you already own one of Symantec’s existing security packages, such as Norton AntiVirus 2008 or the all-in-one Norton 360 bundle, we can’t imagine you’d be thrilled at the prospect of spending more money on protection that should have been included in those packages.
Not Approved, $30
Better than the competition - and free!
"Anything you can do I can do better.” We suspect PC Tools has a motivational poster bearing this catchphrase in its board room, because it appears to be the philosophy behind its ThreatFire security app. Just like AntiBot, ThreatFire uses a heuristic scanning engine to unearth malicious malware before it has a chance to grapple with the OS. But the similarities end there, which is a good thing.
| Custom rules make it possible to thwart brand-new worms even before signature up-dates are made available, and the setup wizard will hold your hand from start to finish.
ThreatFire picks up the installation routine where AntiBot leaves off, and rather than throw a few arbitrary options at the end user, the app gives you customizable control over additional subsets of the application. If you’d rather not tinker, the default options will keep the set-it-and-forget-it folks protected, but power users will want to poke around the menus and tailor ThreatFire in ways AntiBot doesn’t allow, such as enabling automatic restore points before quarantining files. You can also schedule rootkit scanning at set intervals, just as you would with your anti-virus software. But we’re most enamored with the Advanced Rule menu, where you can set up custom security rules for virtually any kind of threat. If you want to create a rule that disallows any process from deleting or overwriting files in the Windows/System32 folder, you can do that and then configure exceptions for programs or processes that might legitimately need those types of privileges. Give your custom rule a name and description, and you can enable or disable it thereafter with a click of the mouse. And to add icing to an already tasty cake, ThreatFire’s wizard walks you through the process in plain English, so you never feel overwhelmed or unsure about what you’re doing. Bravo!
|Color codes indicate the type and severity of attack. In this case, the yellow box warns that the screensaver we just downloaded might be up to no good.|
Like AntiBot, ThreatFire runs quietly in the background, making its presence known only when it detects a threat. Pop-up windows are color-coded based on their severity, with red indicating an automatic eradication based on known malware and yellow signifying suspicious activity flagged by the heuristic engine. If you’re unsure of what to do, a hyperlink brings up a Google search of the offending file. Gray windows round out the color scheme and represent a potentially unwanted application (PUA). These processes share similar traits to spyware but may be required to run depending on the program they come bundled with. These too carry Google links, but this is one area in which we prefer AntiBot’s more detailed rundown, which tells us exactly what the file is trying to do.
Romping recklessly through the net, just as we did before, ThreatFire caught more threats than AntiBot did, preventing the same malware from altering our hosts file or killing IE’s Internet Options tabs. And did we mention ThreatFire’s free? Combined with the advanced options, it’s a clear winner.
A firewall for your hard drive
There’s no quicker way to infect your system than to tread online without the aid of a firewall. Unscrupulous saboteurs the world over are constantly on the hunt for unprotected PCs, and when they find them, it’s open season for unleashing keyloggers, dialers, Trojans, and other toxic trash the riff-raff carry in their arsenals. But with a firewall, you always know exactly what’s trying to access your PC, leaving you in command of who comes and goes.
Apply that same philosophy to your hard drive and you have DriveSentry. Borrowing a page from Microsoft Vista and its now infamous UAC, DriveSentry intercepts write requests to your hard drive, giving you an opportunity to deny or allow the action. To prevent being inundated with permission requests from harmless applications, DriveSentry implements an auto-advisor feature. Every time a new program runs, the advisor dials home and looks for a match against a whitelist of trusted applications, as well as a blacklist of known threats. Like your old high school cliques, programs are labeled according to how DriveSentry and the majority opinion among the community of users view them. A good program could potentially be deemed dangerous, or vice versa, though we didn’t run into any issues with mistagged programs during our tests. We did, however, run into an annoying number of pop-up alerts, even for trusted applications. Opening Notepad, for example, prompted a pop-up letting us know the advisor was dialing home, followed by a second alert telling us the program has been cleared to run. We dig the diligence but not the constant cries for attention.
|Keep track of every file and registry change made to your hard drive by looking in DriveSentry’s logs. Even Windows Update can’t make changes without being noticed.|
DriveSentry’s greatest strength lies in its level of customization. The dizzying array of options is enough to overwhelm even staunch RTS fans raised on micromanagement, but for those willing to put in the time, you’re afforded a meticulous level of control over what files every program can or cannot write to. You can also create custom rules blocking a program’s access to entire folders or drives. Removable media, such as your USB key and optical discs, are protected too. And for armchair auditors, the Logs tab keeps track of every attempted write ever made and whether or not it was allowed.
|Putting your trust in DriveSentry’s community of users will cut down the number of false-positive alerts, but we’re not so keen on letting others dictate our security.|
We tried our best to thwart DriveSentry, but viruses and spyware never stood a chance, as long as we intervened. Should less-savvy users ignore the warnings, or worse, should a band of hackers infiltrate DriveSentry’s servers, the advisor could conceivably feed bad advice.
Even with the potential risks, DriveSentry offers a level of protection rivaled by only BufferZone. Combined with an anti-malware suite, this is as close as it comes to creating an impenetrable defense; just prepare yourself for a steady, and annoying, stream of alerts.
We’ve seen what the best in generation 2.0 security software has to offer, but how do these new-school apps stack up against a pair of traditional favorites?
Today’s malware continues to evolve at an alarming rate, and only a handful of next-generation security applications have passed muster in our stringent Lab tests. But none of these applications is intended as a stand-alone security suite, making us wonder if we really need an additional layer of protection if we’re already surfing on a solid foundation. To find out, we challenged a couple of traditional favorites to see if new threats really call for new ways of fighting them.
|Whoever said you have to pay for adequate protection never gave AVG a whirl. In this case, AVG detected a virus before we could even start the download.|
Representing the bang-for-buck camp, we chose AVG (free, http://free.grisoft.com) for its excellent scanning ability and even sweeter price tag. It’s not that we’re unwilling to pay for anti-virus software, but when we last examined AVG, it earned a 9 verdict (March 2004), besting the two not-free programs it was pitted against. Fast forward to today and not much has changed. AVG kept our test system clean during our haphazard jaunts around the web, and the real-time protection stopped us from opening innocent-looking files with malicious code nestled inside, including email attachments. But far from being a do-everything solution, AVG left us vulnerable to spyware, and its free edition doesn’t come with a firewall. Windows Defender did a good job of picking up the slack, but some spyware still slipped by, and Windows XP’s built-in firewall shields only against inbound threats, not outbound.
|To keep new strains of malware from sneaking onto your system, Kaspersky actively seeks out suspicious behavior and immediately notifies you of it.|
Next, we turned our attention to Kaspersky’s Internet Security 7.0 ($80, www.kaspersky.com), a full-fledged security suite combining anti-virus scanning, spyware protection, and a firewall all rolled into one. Kaspersky also boasts hourly anti-malware updates, closing the window of opportunity for new threats to sneak by unobserved. And should that happen, the real-time monitoring and heuristic engine provides a formidable wall as a last resort. The laundry list of features, such as on-the-fly Internet traffic scanning, goes on and the vigilance paid dividends every time we tried to install a program with hidden malware. Kaspersky even detected bundled adware before it had a chance to finish installing.
|If you routinely find your system infected by this many viruses, it’s time to look toward improving your computing habits rather than adding layers of protection.|
But in the end, your computing habits ultimately play the biggest role in defending against malware. By avoiding high-risk scenarios, such as visiting illegal download sites, and staying behind a firewall, you greatly reduce your chances of getting an infection. And you needn’t ever pay for protection against online threats. We like how BufferZone kept us shielded behind a virtualized shell and DriveSentry left little room for malicious agents to slip through, but these paid programs are overkill even for power users, making ThreatFire the sole standout. Combine ThreatFire with AVG and Defender, and you’ll have a free bundle that keeps you one step ahead of the bad guys.