Security Software - Reviews & Tests

[Qui Peccavit]

 . 

Reviews and Tests of Security Software

Since this is the General Help section, I hope it is o.k. to provide some general assistance for the verification of downloaded archives, given the fact that we are often in doubt about the legitimacy of a crack or key generator whose origins or inner workings are unclear. On the other hand, many anti-virus or firewall programs exaggerate their nervousness and some of them would even go so far as to intercept downloads and delete files without any respective notice at all. In order to be able to properly separate the wheat from the chaff, it is indispensable to use not just any, but a good and reliable combination of security tools. Selecting the best programs is what the following paragraphs are trying to assist you with.

Further below there is a bunch of links to security related review and test sites. Make sure you read the individual reviews and the explanation of the testing procedure used, not just the global ranking. Why is that important? Because some sites have weird criteria when rating hard- and software.

For instance, some magazines or web sites would give bad marks for «ease of use» when a firewall offers many configuration options because «this confuses the consumer and bears the risk of making bad choices». True, but it also means that if you can't configure anything, the software decides what you download and run, not you. This can become extremely annoying when a manufacturer issues a statement on their website «ABC-KillVir triggers a false positive, but there is definitely no spyware in our product» while ABC-KV simply won't give you any option to allow the software to run. Even «complicated» software comes with default settings for inexperienced users, so the criticism is somewhat pointless, but readers need to be aware of these irks when comparing test results.

Second, there are editors who downgrade a software because of its high price. In my humble opinion, the price should never, ever be calculated into any rating of any product category, because everybody can decide for themselves if the specifications and features are worth the money in their book. Moreover, who in their right mind would risk their system to be compromised just to save a couple bucks? As a member of this site, the price should not be your primary concern, so make sure not to miss out on a great software just because a certain magazine uses stupid formulae to calculate average ratings.

The same goes for the balance between features and criteria in general. For instance, if you don't have any little monsters in your house (or if you know how to educate them), Parental Controls are probably not of importance. Consequently, a firewall whose total score is lower because of shortcomings in that area might still be a more adequate choice for you if it did well in tests that are more relevant in your particular situation.

When it comes to firewalls, some manufactures and magazines optimize/test only the «way in», claiming that once the spyware is on your machine, the battle is already lost. This is simply wrong. As long as a spy cannot tell anybody what he saw in that secret underground laboratory, it doesn't really matter what he found out. By the same token, leak tests against crapware calling home on the «way out» are just as important as intrusion protection. If you acquire your software without an equivalent financial commitment, a good firewall that prevents programs from calling home is twice as important for members of this forum as it is for somebody who purchases software legally. Any test of security software worth that denomination should include leak tests as well, not only intrusion tests.

Finally, don't give two much on the last few percent or viruses detected, i.e. the first three to five products are often changing position between different testers on different dates. How come? Well, since security products are updated daily while computer magazine contributors have a deadline (or a new girlfriend) to meet, one product might have been updated before the editor left the office whereas its competitor might come in a few hours later and therefore runs the tests on an «outdated» engine or signature. Add to that the fact that different manufacturers/testers focus on different things and you might think that ABC is «better» than DEF because it caught 99.8% instead of only 99.5% of all pests thrown at it. Taking into account that the vast majority of machines gets infected by crap that has been around for ages, getting the latest variant on the day of the test is a rather theoretical exercise. As long as two products are within the same ballpark, other selection criteria, eg. configuration and fine-tuning options or resource hunger, are usually more relevant.

An example of how it's done right is MatouSec:

  http://www.Matousec.com/projects/windows-personal-firewall-analysis/

These guys explain their test setup, explain the reasons why they give importance to which features/results and do a thorough job. Not all of the following go to equally great lengths, but since we are talking about security, you will prefer to err on the side of caution and rather read too much than not enough.

Others do not compare as many products as they should or do not analyze them in depth -- the use of resources seems to be something that few editors consider, probably because they always have the latest hardware at their disposal. With the time, you will develop a sense for what is a good test site and who just tries to bring in advertising revenue. It's the old saying about giving a man a fish for a day or teaching him how to fish for a lifetime.

Finally, this sermon reflects a little bit of my personal preferences. Yours might be different, so I do not only include my favourites but a broader spectrum for you to choose from, in alphabetical order to avoid bias -- and because the most elaborate and sophisticated test results are often published in other languages than English, on paper instead of a website.

Anti-Virus Comparisons, Reviews & Tests

  http://www.2009softwareReviews.com
  http://antivirus.about.com/od/roguescanners/Rogue_Scanners.htm
  http://antivirus.about.com/od/securitytips/tp/virusalerts.htm
  http://www.AntivirusNews.net/index.php?option=com_jmovies&Itemid=54&task=showca tegory&catid=21
  http://www.Antivirus-Software-Guides.com/guides.html
  http://www.AV-Comparatives.org
  http://www.AV-Test.org
  http://www.BestAntivirusDownload.com
  http://reviews.CNet.com/1990-6600_7-6768133-1.html
  http://reviews.CNet.com/4566-3667_7-0.html
  http://www.CompareSpywareRemover.org
  http://www.ConsumerSearch.com/www/software/antivirus-software/
  http://www.DrSafeMode.com/2008/02/24/fsecure-anti-virus-2008-review/
  http://www.Expert-Reviews-Online.com/spyware_removers/
  http://www.FirewallGuide.com/anti-virus.htm
  http://freeSoftwareComparison.wordpress.com/2007/07/16/free-antivirus-comparison/
  http://www.MouthShut.com/product-reviews/Quickheal_Antivirus_2008-925090768.html
  http://www.PCAdvisor.co.uk/reviews/index.cfm?prodcatid=31
  http://www.PCPro.co.uk/archiveproductsearch/32/Security
  http://www.Pocket-Lint.co.uk/tags/t.phtml/Security%20software/reviews
  http://www.SoftList.net/listing/security___privacy/anti-virus_tools.html
  http://www.StarReviews.com/Antivirus-Software.aspx
  http://Anti-Spyware-review.TopTenReviews.com
  http://Anti-Virus-Software-review.TopTenReviews.com
  http://Privacy-Software-review.TopTenReviews.com
  http://www.Virus-Bg.com
  http://www.Which.co.uk/reviews/security-software
  http://review.ZDNet.com/filter/Internet+security+and+firewall?categoryId=3667

Anti-Virus and Firewall Support Fora

  http://forum.Avast.com
  http://forum.Grisoft.cz/freeforum/index.php?0
  http://forum.Antivir-pe.de/index.php?langid=1
  http://forum.BitDefender.com
  http://www.Bullguard.com/forum/
  http://forums.ClamWin.com
  http://forums.Comodo.com
  http://forum.DrWeb.com
  http://CAforums.ca.com/ca/
  http://forum.F-Prot.com
  http://forum.F-Secure.com
  http://forum.Kaspersky.com
  http://forums.McAfeeHelp.com
  http://forums.Microsoft.com/windowsonecare/
  http://social.answers.Microsoft.com/Forums/en-US/category/mse
  http://www.WildersSecurity.com/forumdisplay.php?f=15
  http://forum.Norman.com
  http://community.Norton.com/norton/
  http://support.Tallemu.com/forums/
  http://www.PCTools.com/forum/index.php
  http://supportforums.SunbeltSoftware.com/
  http://vba32.de/wbb2/
  http://forum.ZoneLabs.org/zonelabs

Online Virus Checks

  http://www.Sophos.com/virusinfo/hoaxes/
  http://www.Snopes.com
  http://www.ThreatExpert.com/submit.aspx
  http://www.VirusTotal.com/metodos.html</P>http://www.AntiVirus.com/free_tools/
  http://HouseCall.Anti-Virus.com
  http://www.TrendMicro.de/virinfo/n_search.htm
  http://www.BitDefender.com/html/free_tools.php
  http://Fun.S-One.net.sg/download/antivirus.html
  http://www.McAfee.com/myapps http://Vil.nai.com/vil/default.asp
  http://www.NortonWeb.com http://www.Symantec.se/securitycheck
  http://www.PandaSoftware.com/activescan
  http://Scan.Sygate.com http://Scan.Sygatech.com
  http://www.TinySoftware.com/home/tiny2?s=9107547958550537657A2&la=EN&va=&ver=W&pg=a ctivex
  http://www.TU-Berlin.de/www/software/hoax.shtml for newbies

Firewall Comparisons & Reviews

  http://www.All-Internet-Security.com/top_10_firewall_software.html
  http://www.AntivirusNews.net/index.php?option=com_jmovies&Itemid=54&task=showca tegory&catid=20
  http://www.AntivirusNews.net/index.php?option=com_jmovies&Itemid=54&task=showca tegory&catid=22
  http://www.FilterGuide.com
  http://www.FirewallGuide.com/test.htm
  http://www.ITReviews.co.uk/software/soft8.htm
  http://www.Matousec.com/projects/firewall-challenge/results.php
  http://www.Matousec.com/projects/windows-personal-firewall-analysis/
  http://www.PCAdvisor.co.uk/reviews/index.cfm?prodcatid=155
  http://www.PCMag.com/category2/0,2806,1639159,00.asp
  http://www.TheTechHerald.com/article.php/200842/2234/BitDefender-Total-Security-2009-Review
  http://Personal-Firewall-Software-review.TopTenReviews.com
  http://Internet-Security-Suite-review.TopTenReviews.com
  http://www.WebUser.co.uk/products/Firewalls_203_index.html

Anti-Trojans and Remover

  http://www.Agnitum.com
  http://www.Anti-Trojan.net
  http://www.AntiViralDP.com
  http://www.AntiY.net
  http://www.DiamondCS.com.au
  http://www.SaferSite.com
  http://www.StartupMgr.com
  http://www.SimplySup.com

When it comes to Security Suites, you want to revisit these sites periodically, because a software that was great in it's heyday may no longer be able to defend the title half a year later. By the same token, former resource hoggers that were improved over the years hardly get a fair chance because of their previous reputation. After a while you know who reflects your own experiences and preferences best and it won't take a lot of time to keep an overview of the market.

Now all that remains to do is congratulate you for your initiative and interest -- more people should worry about these topics before installing anything else -- thank you for your patience with the long sermon and wish you a great day.

Stay out of trouble, 

  Qui Peccavit  

  ... le Maitre du Désastre

 . 

[shought]

Thanks for your post, it's indeed a nice philosophy on how to pick a security solution.

I like the way you write, not from your perspective, but from an objective perspective ;)

Btw: Welcome to our forums!

[Qui Peccavit]

.

While we are at it ...

It appears s as if some people were using AVs without any selective options (ignore button, etc.). For instance, some security suites block the entire .rar file already during the download or in IDM's temporary folder before re-assembly, without a chance for the user to say «Don't worry, I know what I am doing». Sometimes the respective file can be gotten back from the «Quarantine» folder, but it is a rather uncomfortable procedure if it becomes necessary too often because the heuristic settings are too aggressive.

Some Arabic and Chinese sites include an infected file in the package, which is independent of the rest, i.e. doesn't affect the actual contents. It is often called «Setup.exe» or something similar to fool newbies, but can be safely deleted without diminishing the functionality of the crack, key generator or whatever the contents of the archive was. Of course, some fixes do contain malware, which is the reason why more than one key generator or crack exists for the same software/version. Last but not least, when heuristics are set above a certain level, many Security Suites tend to become a little nervous, it seems ...

There are sometimes four or five cracks and key generators for a program in a compressed archive, most of which work just fine -- the fact that one element in an archive is bad does not always mean that the whole thing wouldn't work without endangering the system. Sure, one has to be careful and know what one is doing, but in many of these cases, one could, with all due respect, tend to call the premature panic reactions a (partially) false positive. In other words, «keep the best, delete the rest» -- and get a combination of security programs that permit to do just that.

Be sure to submit suspicious files that allegedly contain a virus to an online scanner like ThreatExpert or VirusTotal before blowing the horn, because expressions like «probably a modified ...», «generic», «possibly a variant of ...», etc., indicate a false positive due to heuristic guessing and speculation rather than a real malware. The same goes for different identifications from different engines, i.e. ona AV thinks that it is Spyware_123, the second AV believes it to be Virus_567, and so forth. A warning to your fellow members is always appreciated, but make sure that the pest is real instead of screaming in panic as soon as a red window pops up. When you advise others of an infected archive, be precise and specific, calling the culprit by its name, variant and version, which is much more helpful for analysis and verification than the primitive and stupid «... contains malware!» battlecry of n00b leechers.

Although this seems pretty evident and self-explaining, one cannot always assume that everybody is aware of these things. Since most of the time it's «professionals» whom one sees around the insider boards, i.e. the same couple dozen guys running the show, it appears as if everybody knew the tricks of the trade. One should probably not take that for granted.

Consequently, please allow me to express my gratitude for giving me an opportunity to point out possible risks in more detail and, if I may, to refer to a few related facettes of the topic discussed in a post about protection against malware -- one can never be careful enough, especially those who may not know how to deal with those pests.

Have a pleasant day without too much stress.

.

[Rock Lee]

Nice post, I was looking for some more test sites for a certain guide. (Yes, I'm still working on it, researching) Anyway, really good lists you put together.

:lol: to the forums too

[Qui Peccavit]

.

With regard to the risks of Trojans, Virii and Spies in general ...

Whenever somebody uses stolen software from unknown sources, make sure to use a good security software and its latest updates. It is not always possible to test everything found on the web, because everybody who uses pirated software knows the aforementioned fundamental rule of precaution and takes care of themselves.

Sometimes one would provide downloaded links for a software without using it oneself, for instance when preferring a different AV, firewall, video converter or CD burner than the one posted, or because the file is simply too big to get it with a slow connection. A second aspect to take into consideration are the laws of large numbers: the more software links or tutorials someone posts, the higher the probability to have a foul apple in the basket. The practical solution: ask yourself «would it ruin my day if I found out that this contained a virus?» and if it does, simply do not download the software, thereby keeping anger and stress levels in check. Heck, you might even decide to search for a clean alternative and post it for your fellow members.

As long as there is no «uploaded by me» or «tested and working» statement beneath a particular bunch of links, the latter should be regarded as a service on a «take it or leave it» basis, as a free piece of information to those who might be interested, not as a manufacturer warranty. By the way, folks, «tested and working» means «all functions activated after reboot and with the Internet re-connected», not a screenshot of a «successfully finished» setup routine.

I cannot even count how often I found crap in posts from other members of any forum I frequent, from absolutely everyone, including the VIPs and powers that be -- from everybody, no exception. During the course of time it happens, we are all human and a warning message in the respective thread is appreciated, because an alert saves others the waste of time.

It is not necessary, though, to send Private Messages in reaction to such a triviality, because they don't help others to avoid the trap. A warning is welcome and useful, complaints in PMs, as understandable as they might be, are not. Warn others, provide an alternative if you can, but then move on. At the end of the day, it's just a couple of bytes, not a matter of life or death.

Let's hope nobody gets this the wrong way, but people who cannot deal with the risks of theft might be better advised to purchase their software legally, and I honestly mean no offense with this. It is in your own best interest to accept responsibility for your downloads -- for your own safety, please do not rely on others to always check, verify and clean everything beforehand. After all, by the time you are complaining it's already to late ...

Rendering a sincere apology to those who wasted a few minutes on a download that didn't meet their expectations, let us thank those among us who are smart enough to look into the gift horse's mouth ... but scan for yourself next time.

Thank you for your attention, have a great day and take care.

Be safe,

Qui Peccavit

... le Maître du Désastre

.

[demonon]

Ugh..

It is not done right on Matousec.

Matousec is a test where the companies pay to get a review. That certainly is not showing that the are independent and fair.

The tests also are made for firewalls, however most of the tests are for HIPS.

A while ago they tested malware defender, a HIPS without any network control of any kind. (that is different now)

It got around 80%!

Matousec is also dropping tests which is a must when testing firewalls. For example, perfTCP and perfUDP.

Those two tests show how well the traffic is when they are passing through a firewall is investigating them.

That surely MUST be a part of a firewall test.

Another thing can be said about AV's of any kind.

IMHO, you should rather rely on your brains and not on a blacklisting software.

Of course one can add sandboxie or returnil for true protection when disaster strikes.

One should only consider a blacklisting software when it has some kind of advanced methods for detecting virusses.

For example, Prevx edge, Vipre AV and Twister AV.

I do think it's a serious problem when people solely rely on a AV and tell others how good their AV is because they never got infected.

The truth is; one can remain uninfected for years with a bad AV, but you also can get yourself infected in a matter of minutes with a very good one.

User education should come first, I dare to bet that it's almost impossible not to get infected if one just downloads from reliable sources and doesn't click on everything.

This is basically what you said in your last post,

but advising matousec or just a AV is just asking for troubles.

BTW, your username is "the one who sins"?

[robalm]

Sweet.