Anti-Virus Comparative Summary Report 2010 Language: English
Summary Report 2010
Awards, winners, comments
Last Revision: 9
- 1 -
Table of Contents
Overview of levels reached during 2010 3
Summary of the Annual Awards 9
Copyright and Disclaimer
- 2 -
At the end of every year, AV-Comparatives releases a summary report to comment on the various anti-virus products tested over the year, and to mention again the high-scoring products of the various tests. Please bear in mind that this report looks at all the comparative tests of 2010, i.e. not only the latest ones. Comments and conclusions are based on the results shown in the various comparative test reports of AV-Comparatives, as well as from observations made during the tests
( http://www.av-comparatives.org/comparativesreviews )
Overview of levels reached during 2010
It is important that readers understand that the STANDARD level/award is already a good score, since it requires a program to reach a certain standard of effectiveness. Many programs that are not listed on AV-Comparatives would not reach this required level; therefore the ones that are included in our tests can be considered to be a selection of very good and high-quality anti-virus products.
Below is an overview of levels/awards reached by the various anti-virus products in AV-
Comparatives’ tests of 2010.
Grey+N/A: vendor did not want to get awarded/evaluated
Black+N/A: vendor did not take part
Although STANDARD is already a good score, tests in which a STANDARD award (or lower) was reached indicates areas which need further improvement compared to other products. ADVANCED also indicates areas which may need some improvement, but are already very competent.
- 3 -
If you plan to buy an anti-virus program, please visit the vendor’s website and evaluate their software by downloading a trial version, as there are also many features and important considerations (e.g. compatibility, graphical user interface, ease of use, price, support etc.) that you should evaluate for yourself. As explained above, the perfect anti-virus program or the best one for all needs and for every user does not exist. Our winners’ category is based on test results and does not evaluate or consider other factors that may be of importance for specific users’ needs or preferences. Being recognized as “Product of the Year” does not mean that a program is the “best” in all cases and for everyone; it only means that its overall performance in our tests throughout the year was consistent and unbeaten.
a) Overall winner of 2010 (Product of the Year):
To be rated “Product of the Year“ by AV-Comparatives, an anti-virus program must have very high detection rates of malware (and also potentially unwanted applications), high proactive detection, produce very few false positives (FP), scan fast and reliably with a low system impact, protect the system against malware/websites with malicious software without relying significantly on user decisions/interactions, cause no crashes or hangs, and have no annoying bugs.
Based on the awards given by AV-Comparatives during 2010, a number of programs had such good overall results that it was impossible to separate them fairly (see overview on previous page).
Although several products were qualified, we wanted to name only one Product of the Year. In order to do this, we had to use criteria other than just the overall test results of the year. We decided to give the award to the program that has made the most progress relative to last year (in order to motivate all manufacturers to keep improving their products). On this basis, the 2010 AV-
Comparatives Product of the Year award goes to F-Secure.
History of Product of the Year:
- 4 -
b) On-Demand Malware Detection winners:
A high detection rate of malware – without causing too many false alarms - is still one of the most important, deterministic and reliable features of an anti-virus product.
The following products received the ADVANCED+ award in both overall On-Demand Detection tests, in February and August 2010. The figure shown is the average of the two test results: G DATA
(99.7%), AVIRA (99.5%), Symantec (98.6%), F-Secure/PC Tools (98.4%), BitDefender/eScan
c) Proactive On-Demand Detection winners:
The retrospective tests show how good the static/offline proactive detection of the various Anti-
Virus products with highest settings is (how good they are at detecting new/unknown malware). A high (proactive) detection rate must be achieved with a low rate of false alarms.
The following products received the ADVANCED+ award in both retrospective tests of 2010. The figures shown are the AVERAGE of the two test results, but the SUM of the false positives from both tests: G DATA (~61%, 20 FP), AVIRA (~56%, 21 FP), Microsoft (~55%, 6 FP), F-Secure (~54%, 4 FP),
ESET (~54%, 9 FP).
- 5 -
d) False Positives winners:
False positives can cause as much trouble as a real infection. Due to this, it is important that antivirus products undergo stringent quality assurance testing before release to the public, in order to avoid false positives.
The products with the lowest rate of false positives during 2010 were F-Secure (4), Microsoft/eScan
(6) and BitDefender (7). These figures represent the SUM of the false positives from both FP Tests.
e) On-Demand Scanning Speed winners:
It is recommended that users regularly perform a full scan of their entire systems, in order to check that all the files on their machines are still clean.
The products with the highest on-demand throughput rate with best possible detection settings were Avast/AVIRA (~16.4 MB/sec), Symantec (~16.0 MB/sec) and Panda (~15.9 MB/sec).
- 6 -
f) Overall Performance (Low-System-Impact) winners:
Anti-virus products must remain turned on under all circumstances, while users are performing their usual computing tasks. Some products may have a higher impact than others on system performance while performing some tasks.
K7, Kingsoft, Sophos, Avast and Microsoft demonstrated a lower impact on system performance than others.
g) On-Demand PUA (potentially unwanted applications) Detection winners:
The amount of adware, spyware and other fraudulent/rogue software circulating on the Internet has increased a great deal over the past few years. Such applications are not typical malware and their classification is sometimes not an easy task; they are usually described using the term “potentially unwanted applications” (PUA). Many products proved to have good coverage of unwanted applications. The following three products showed the highest detection rates of such programs:
h) Malware Removal Detection winners:
Unfortunately, due to various reasons we were not able to conduct the Malware Removal Test this year, and so there are no awards in this category. We expect to run this test again in 2011.
- 7 -
i) Whole-Product Dynamic Protection winners:
Security products such as Internet security suites include various different features to protect systems against malware. Such protection features can be taken into account in whole-productdynamic tests, which are tests under real-world conditions. F-Secure, Symantec, AVIRA and
Kaspersky all received the Advanced+ award in this test.
The Whole-Product Dynamic Test is the closest possible simulation of real-world malware protection, i.e. what the average PC user would experience in real life, and so may be regarded as the most relevant single test. The anti-virus vendors have also indicated, quite independently of us, that they regard this test as the most meaningful. Consequently, we felt that this was another good reason to give the Product of the Year award to F-Secure, which was the winner of the Whole-Product Dynamic
- 8 -
Summary of the Annual Awards
On-Demand Malware Detection
Proactive On-Demand Malware Detection
Overall Performance (Low System Impact)
On-Demand PUA Detection
Low False Positive Rate
On-Demand Scanning Speed
Whole Product Dynamic Protection
Product of the Year 2010
- 9 -
AV-Comparatives Summary Report 2010
The awards and certifications mentioned in this report are based purely on our test results. The program reviews are based on our own observations and opinions. We strongly recommend potential buyers of any of the programs in this report to evaluate the software themselves by using a trial version, and to consider other factors which we have not looked at here (such as e.g. compatibility, price and technical support), before making a purchase.
- 10 -
Avast Internet Security ( www.avast.com
Avast produced another solid performance in 2010, with good results throughout, especially in On-
Demand Malware Detection Tests. It wins a Gold Award for On-Demand Scanning Speed and a Bronze
Award for Overall Performance.
Avast Internet Security’s setup wizard offers a choice of standard or custom installations, whereby the custom installation offers an ideal range of options. It is possible to choose the language for the installation, plus additional languages to be used when the program has been installed; components of the suite, such as the firewall, can be selected individually, and the destination folder can be changed.
Once the desired options have been selected, the remainder of the setup process is quick and easy.
A restart is required to complete the installation. We were a little surprised to note after the installation that Windows Firewall had not been deactivated by Avast setup, and that both firewalls were running together, which is generally not recommended. An Avast dialog box did ask us whether the current network should be regarded as private or public.
- 11 -
When you restart the computer after the installation of Avast Internet Security 5, you may be in for a surprise, on two counts. First of all, the program talks to you. Assuming your PCs has speakers, you will hear a friendly female voice saying “Welcome to Avast”. This is very disconcerting if you are alone in the room! The same voice also announces other events, such as updates, in whichever language has been selected for the interface. Of course, sounds can easily be turned off in Settings.
Opening up the main program window will also surprise anyone used to the Avast 4’s bizarre CDplayer interface. All Avast 5 security programs have a clear, modern design that couldn’t be more different from its predecessor.
There is a vertical menu column on the left-hand side of the window, with buttons for the main functions and components of the program: Summary/Status, Scan Computer, Real-Time Shields,
Firewall, Antispam & Blockers, Maintenance. Clicking on one of these menu items shows the relevant information/options in the main panel of the window, and also expands some sub-menus for that item as well. This design makes it extremely easy to navigate around the program, and find what you want quickly and easily. The big status display at the top of the window is green and reads “Secured” when all is well. In the event of a problem, this changes to yellow, and reads
“Attention”. A big “Fix Now” button allows the problem to be remedied with a single click:
Clicking on “Scan Computer” gives the user the choice of quick, full or custom scans. No scheduled scan is set by default, but can be created using the custom scan option. A minor criticism is that this procedure is a bit complicated for beginners. Updating can be done by clicking on Maintenance
| Update, which allows both the virus definitions and the program itself to be brought up to date.
- 12 -
The Avast program window adapts well to a resolution of 800x600 pixels, using scroll bars where necessary, and so could be used on a netbook. There is no site security ratings applied to Google searches in Internet Explorer. When we tried to download the EICAR test virus, Avast popped up a warning to say the threat had been intercepted, with no user action required:
Avast’s uninstall program is excellent, offering options to change, uninstall, repair or update the program. Consequently you can run a repair installation to replace lost or damaged files or registry entries, or add/remove components of the suite, as well as removing it completely.
Avast has one stand-out feature that we have never seen before in an Internet security suite or antivirus program: a sense of humour! Avast is one of very few programs that allow multiple interface languages to be installed, so that the user can change the language used in menus and dialogs. Such a feature is very useful in multi-lingual environments. Avast is really different in that one of the languages offered, in keeping with its name, is “Pirate Talk”! The screenshot below will give you an idea of how it works:
- 13 -
This “language” extends to the voice announcements too. We’ll leave it to your imagination to decide when you might hear “Avast me hearties, yer blacklist of dangerous seadogs be safely aboard” or “Avast! Thar be a scurvy man o’ war off yer starboard bow”. Given that this is entirely optional experience, we can only congratulate Avast on putting some fun into what is normally a very serious subject. We note that the menu and dialog boxes used to change language remain in normal English when Pirate Talk is selected, so there’s no danger of your being stuck with a computer that talks like a pirate; that might be rather embarrassing when you have guests for dinner.
The user interface design of Avast is exceptionally clear, modern and easy to use. Both the initial setup and the program’s uninstaller provide a full range of options, including component selection.
Our one criticism is the fact that setup does not disable Windows Firewall when installing Avast’s own one; we feel it should at least warn about this. Otherwise, it’s excellent for beginners and experienced users in terms of installation and use, and even allows you to have a bit of fun.
- 14 -
AVG Internet Security ( www.avg.com
For AVG, 2010 was a good year, with Advanced awards in all the malware detection tests it took, an improvement on last year. It also received an Advanced+ award in the Performance Test.
AVG Internet Security 2011 offers a choice of setup options, “Quick” and “Custom”. The Quick option is well suited to non-experts, while the Custom option gives technically proficient users the chance to change the destination folder, and select which components and interface languages are installed:
Both setup variants give options to install the AVG desktop gadget for Windows 7/Vista, and the
AVG Security Toolbar, which provides a safe Internet search function.
The most noticeable component of the AVG suite is the gadget for Windows 7/Vista, which sits in the top right-hand corner of the desktop, and shows important status information and tasks. It can be closed if desired. Given that Windows 7 hides all system tray icons by default, this is arguably a good means of showing less-experienced users the state of their security software.
- 15 -
The main program window of the AVG suite has a large central panel with an icon for each component (antivirus, antispyware, firewall etc.) showing its status, e.g. a tick in a green box indicates that the component is working normally. Additionally, there is a status area at the top of the window showing the overall security state. In the event of a problem, such as databases being out of date, the status display at the top changes to “You are not fully protected!” and a “Fix All” button appears:
Big buttons in the left-hand panel of the window allow the user to run an update or scan with a single click, and easily set the scan options, such as full scan or custom scan, or set up a scheduled scan (this is not configured by default). This panel also shows the date/time of the last update, last scan, and subscription expiration. There are traditional menus along the top of the window, which can also be used to access the individual components, as well as some tools. The program is fully useable at a screen resolution of 800x600 pixels, making it suitable for use with netbook screens.
A very useful feature of AVG’s suite is the Link Scanner, which rates web search results for security.
In Bing and Google, a green tick or orange exclamation mark is placed next to each item in the search results, to indicate safe or risky, respectively. To see how AVG reacts when a threat is discovered, we attempted to download the EICAR test virus. A warning message appeared, notifying us that a threat had been detected and blocked. No user intervention is required here, which is ideal for inexperienced users.
- 16 -
The AVG suite’s uninstall program in Control Panel has options to remove, repair, or change the suite. A repair installation can thus be run to replace any missing files or settings, and components can be added or removed after the initial installation. We chose to remove the AVG firewall. After a system restart, it had been cleanly removed from the program interface, and Windows Firewall had been reactivated.
The user interface design of AVG Internet Security 2011 is outstanding. Setup provides a straightforward default installation for beginners, but allows advanced users to select components and languages. The program interface is clear, simple and easy to use, and adapts well to small netbook screens. Uninstall options leave nothing to be desired. In short, AVG has been exceptionally well thought-out and is very hard to fault.
- 17 -
Avira Premium Security Suite ( www.avira.com
Avira had an exceptional year in 2010, and was a close runner-up for Product of the Year. It received an Advanced+ award on all the malware protection tests and the performance test. It wins a Gold Award for On-Demand Scanning Speed, plus Silver Awards for On-Demand Malware Detection,
Proactive On-Demand Detection, and Whole-Product Dynamic Detection.
Avira asked us to use the program’s highest heuristics setting for our tests. Users of Avira should bear this in mind, and may like to change the heuristics settings on their own PCs to the highest level too. We hope that AVIRA will in future set the heuristics to high by default.
Avira Premium Security Suite’s installer offers both a simple Express setup, and a Custom installation for advanced users. The latter offers a choice of installation folder and the components to be installed:
- 18 -
There is a post-installation configuration wizard, which allows the user to select the desired level of heuristics, and the type of risks to be guarded against:
We note that “Games” and “Jokes” are not actually threats, and this may prove confusing to some users. Not all extended threat categories are selected by default, users may consider checking their settings and whether they want to enable some more of them to enhance protection.
Avira’s Security Suite uses a familiar layout, with a column of menu buttons down the left-hand side of the window, and a main panel with relevant information and tools.
- 19 -
The default Status page shows whether the main protection features, such as real-time antivirus protection, web protection and the firewall, are active. In the event of a critical component being inactive, the item’s symbol changes to an exclamation mark in a yellow circle, and the link to the item’s right changes to “activate”:
The Status page also displays the date of last update, along with a “start update” link, and subscription information. There is a link at the bottom of the window to start a complete system scan. Setting up a scheduled scan can be done by clicking on Administration, Scheduler. The details of the scheduled scan are already set; it just needs to be enabled by ticking the relevant box. A custom scan can be done by clicking “Local protection” and then “Scanner”; we have to say that this is not exactly a beginner-friendly arrangement, with some rather incomprehensible icons.
Avira Premium Security Suite fits perfectly into a resolution of 800x600 pixels, and so the program could be used on netbooks. There are no site security ratings for Google searches in Internet
Explorer, unfortunately. When we tried to download the EICAR test virus, Avira played an audible warning, and popped up the following warning message:
This warning is set to disappear automatically after 10 seconds; this is convenient for many users, though may worry some beginners.
Avira Premium Security Suite’s uninstall program includes the option of changing the components installed, but unfortunately no repair installation.
Avira Premium Security Suite is essentially straightforward to use, with the most important functions easily accessible. Components can be selected individually when installing and uninstalling. We feel that some small changes, such as clearer, user-friendlier icons, might make it more attractive to beginners.
- 20 -
BitDefender Internet Security ( www.bitdefender.com
BitDefender did very well in this year’s tests, achieving excellent scores in the On-Demand Malware
Detection Tests, Proactive Tests, and the On-Demand PUA Detection Test. It also did very well in terms of false positives, and receives the Bronze Award for this.
The setup program for BitDefender Internet Security runs a quick scan for malware before installation commences, which would obviously be helpful if installing the program on a computer that had already been infected. It also asks whether to disable Windows Firewall and Windows
Defender, and offers a choice of Easy and Custom setup options. Unfortunately, beginners installing the program have to make the decision on Windows Firewall and Defender before being able to choose the Easy Setup; it would seem to us that simply including the default settings (disable both
Windows components) in the Easy Setup would be a better way round. A feature unique to
BitDefender (as far as we know) is the choice of three different user interfaces for the program when installed: Basic, Intermediate and Expert. The Basic View is very simple, with just three big buttons; the Expert View offers a wide range of menu options and tabs, giving a huge choice of configuration options; and the Intermediate View is somewhere in between. Setup shows thumbnail pictures of each interface and allows one to be selected; it informs us that it easy to change to another interface after installation.
- 21 -
The Custom Setup allows the user to configure and activate or deactivate the suite’s features (such as firewall and parental control), but unfortunately there is no means of actually removing any of the features. Finally, Setup asks whether the network to which the computer is currently connected is private or public.
Unfortunately, lack of space means that we are unable to review all three interface options provided by BitDefender Internet Security 2011. We have decided to consider the Basic View and to assess its suitability for beginners. It is certainly a clean and simple interface. There is a big status indicator graphic, three big buttons, and a search box for help and support:
The status indicator is very clear and obvious. When all is well, it takes the form of a white tick
(checkmark) in a green circle, with the annotation “Your computer is protected”. In the event of a problem, e.g. real-time protection being deactivated, the graphic changes to a white exclamation mark in a red circle, and the annotation changes to a warning message. The button below, marked
“View all issues” becomes active; clicking on it allows the user to see a list of problems and select which ones should be fixed. Whilst this choice may be perfect for advanced users, it would seem more appropriate for the beginner’s interface to have a button marked “Fix all issues” which simply corrects everything without any further questions.
The three big buttons in the main panel of the window are marked Security (a drop-down menu),
Update Now (a single button), and My Tools (another menu). The single Update Now button could not be clearer or simpler, and is perfect for beginners. However, we feel that even advanced users might wonder what items would be found in menus marked “Security” and “My Tools”, and what the difference could be. We note that Quick Scan is found in both menus; we also find ourselves asking why “View & Fix All Issues” is found in the My Tools menu, rather than Security. As all the items in the default Security menu are scan-related, it might make sense to call the menu simply “Scan”.
Finally, we would question whether a beginner would have any idea what the “Vulnerability Scan” might be.
- 22 -
The “Help and Support” search box below the big buttons appears to be an extremely good idea, giving quick and easy access to guidance in using the suite. As the default menus do not include any obvious means of scheduling a scan, we decided to use the search box to look for help. The item “How Do I Schedule a Computer Scan?” was immediately visible in the search results:
Clicking on this link immediately brought up clear instructions as to how to schedule a scan, for both Intermediate and Expert Views, but not for Beginner View. Not surprisingly, we feel that making an easy-to-use beginner interface with quick access to help on important everyday tasks is not much use if the instructions provided only relate to the more advanced levels.
We were pleased to see that BitDefender’s uninstall program includes a repair option, which allows missing or corrupted files to be replaced in the event of a malfunction. Unfortunately there is no means of selectively uninstalling any of the components, only to remove the suite completely.
BitDefender offers some useful, albeit not perfect, options for beginners and more advanced users during the setup process. The choice of three different user interfaces is most innovative and is, in principle, a very good idea. The basic design of the beginner’s interface is essentially very good, but has unfortunately been let down by poor execution, and could be much improved with a few simple detail changes.
- 23 -
eScan Internet Security Suite ( www.escanav.com
eScan achieved excellent results in 2010, receiving an Advanced+ award in all the tests it took part in. It was particularly successful in terms of low false positives, for which it wins a Silver Award.
eScan Internet Security’s setup program is simple. There is a one-time choice of interface language, plus the opportunity to change the location of the installation folder, but no means of changing the components to be installed, or any settings.
The main program window is somewhat unusual in its design. The most visually striking feature is the row of very artistic icons at the bottom of the window, representing File Antivirus, Mail
Antivirus, Antispam, Web Protection, Firewall, Endpoint Security and Privacy Control. Whilst a lot of work must have gone into making the sleek artwork, complete with mirror effect, we’re not so sure that it’s terribly clear what each icon represents, with the exception of the firewall icon. Mousing over the icons produces a tool tip saying what the icon does, though even then it might not be clear to some users what Endpoint Security actually means here.
- 24 -
By default, the program opens on the File Anti-Virus page. This gives some basic information on status, though quite what “Proactive Scan Status” is, and why it’s disabled by default, isn’t quite clear to us. In contrast to the highly visual icons at the bottom, the status information in the main panel is almost unformatted text, making it more difficult to pick the important information out from the less important. For example, when real-time protection is switched off, the only indicator is that the small, plain-text word “Started” changes to “Stopped”. This could be very easily overlooked. Of course, the indicator for the File Anti-Virus at the bottom will change from a tick in a green circle to a cross in a red circle. Given that not all users will immediately know what these icons are, we would suggest that a big, clear written warning of any problem would be an improvement.
Above the main central panel of the window are three big buttons: Scan, Update, and Tools. All of these produce further options to click on in the main panel below. It might not be terribly obvious to a beginner that to get back to the start page, one needs to click on the left most of the pretty icons at the bottom. However, the essential functions, i.e. updating and running full, custom or scheduled scans, can be easily reached by clicking on these buttons.
A strip at the top of the page shows the date of the virus signatures, and a link in the same area gives access to licence information and the chance to enter a licence key. The window management buttons in the top right-hand corner of the window consist of a very standard-looking Minimise button, and a Close button that resembles a “Power Off” symbol. The latter might be a bit confusing to some, as it could appear that it might actually disable the program completely, rather than just closing the window.
The program is fully usable at a resolution of 800x600 pixels, and so could be used on a netbook screen. There are no obvious safety ratings applied to Google searches in Internet Explorer. When we tried to download the EICAR test virus, eScan Internet Security popped up a warning message saying that the file had been quarantined, meaning that no user intervention is required. The message box has a button to start a scan, if desired. It automatically closes after some seconds.
- 25 -
eScan Internet Security’s uninstall program does not have either a repair function, or any means of uninstalling selected components only. It does a simple all-or-nothing removal. eScan tell us that this is deliberate, as they recommend using all components of the suite, and doing a complete uninstall and reinstall if a restore procedure is needed.
Whilst the essential functions of eScan’s suite are not exactly hidden away, we think it would be fair to say that it has one of the more challenging interfaces amongst the programs we have tested.
The big icons at the bottom of the window are very prominent, but it is not very clear what most of them do. The information on the status of real-time protection is clear enough when you find it, but it is written very inconspicuously in small, unformatted text. We are a little concerned that, as a result of these two factors, the program does not provide any effective warning in the event that system protection is not functioning optimally.
- 26 -
ESET Smart Security ( www.eset.com
ESET is arguably the best program not to have won an annual award this year. With its weakest two results being Advanced, ESET has achieved solid results across the board in 2010, especially in the
Performance, On-Demand Detection and Proactive Tests, with low rates of false positives.
We were initially pleased to see that ESET Smart Security’s setup program has standard (Typical) and custom options. Unfortunately, the Typical installation is still a bit too complicated for beginners, as it asks about e.g. detection of potentially unwanted programs, while Custom asks more questions but does not give a choice of the components to be installed. File copying is quick in both versions of setup, and the program starts immediately after installation, without a reboot being required. We were pleased to see that new updates are automatically downloaded almost immediately after setup finishes:
The main program window of ESET Smart Security has a very clean, simple and modern design. In a vertical panel on the left-hand side of the window is a menu of the most important areas:
Protection Status (default), Computer Scan, Update, Setup, Help. Clicking on one of the menu items brings up the relevant options/information in the main panel of the window. It is exceptionally easy to navigate one’s way around the program like this.
- 27 -
A link in the bottom left-hand corner of the window allows the user to change to Advanced Mode; this adds a Tools menu and some sub-menus to the menu panel. For example, sub-menus for
Antivirus and Antispyware, Personal Firewall and Antispam Protection are added to the main Setup menu. Additionally, Advanced Mode will add additional links to some of the pages. For example, on the main setup page, an additional link to “Entire advanced setup tree” is added. Finally, some additional menus appear in the top right-hand corner of the window. We find the choice of two modes, and ease of switching between them, a very good idea. Beginners can see a very simple interface with essential features and information, which does not overwhelm them, while experienced users can easily get to more detailed configuration options. This report will concentrate on the Standard Mode interface.
The Protection Status page clearly shows the most essential information, namely the protection state, date of last update (albeit in a slightly confusing format), and subscription expiry. In the event of a problem such as real-time protection being disabled, the status display changes to
“Maximum protection is not ensured” in red, a sub-heading shows which components are disabled, and a link appears in red to start the deactivated components:
Clicking on the link immediately reactivates the protection. Updating and scanning are very easy to do in Smart Security, thanks to the very obvious big buttons in the menu panel. However, setting a scheduled scan appears only to be possible in Advanced Mode (none is set up by default). We would suggest that ESET should make it possible and indeed easy to set up a scheduled scan; a simple link could be added to the scan options page.
The ESET Smart Security window fits perfectly in a resolution of 800x600, and is even useable
(through the use of scroll bars) at 640x480, meaning that it can be used on netbooks and old, lowresolution monitors.
ESET does not have any sort of site security rating for Google search results in Internet Explorer.
When we attempted to download the EICAR test virus, Smart Security immediately showed the following message, telling us that the “threat” had been deleted; no user intervention was required.
- 28 -
Although the uninstaller program for ESET Smart Security does not have any means of selectively uninstalling components, the firewall can be disabled in the Advanced Options. This is not very easy to find, but allows advanced users to use Windows Firewall, without any unnecessary warning from
ESET Smart Security. The antispam component can also be disabled this way. We were pleased to see that there is a repair option to restore any missing or damaged files or settings:
ESET Smart Security has a very well designed, simple and modern interface, which makes it easy for inexperienced users to find almost everything they need. An easily toggled Advanced Mode gives experienced users access to more detailed settings, including selection of the components to be used. Our only suggestion for improvement would be a simple means of letting beginners set up a scheduled scan.
- 29 -
F-Secure Internet Security ( www.f-secure.com
F-Secure has done exceptionally well this year, receiving Advanced+ awards in all of the malware protection tests (both On-Demand Tests, both Proactive tests, the Dynamic test and the PUA test), and the Performance test too. It also had the lowest rate of false positives in our On-Demand tests.
Consequently, F-Secure is winner of the Gold award for low false positives, and a Gold award for
Whole-Product Dynamic Protection. Although it is joint winner of the Gold Award for Whole-Product
Dynamic Protection, F-Secure must be additionally commended for reaching its high score without any user intervention being required. Due to its overall extremely high performance, F-Secure wins the Product of the Year award.
F-Secure asked us to test their programs using default heuristic settings, rather than the highest heuristic settings which we normally use. This means that our test results for F-Secure represent the level of detection/false positives provided by the standard configuration.
F-Secure provides a single installation file which can be used to install either Anti-Virus 2011 or
Internet Security 2011; the unified installer will make life easier for advanced users and technicians who frequently install both programs. The first step of the installation procedure is to choose the language for the program and setup; only one can be selected. The single installer also works as a trial version, simply by leaving the field for the subscription key blank. There is a choice of
Automatic or Step-by-Step installation; Automatic does not ask any further questions and is thus ideal for beginners or anyone wanting a default installation. The Step-by-Step installation allows the user to choose the installation folder, but component choice is unfortunately very limited; the only choice is whether or not to install the parental controls component:
- 30 -
The setup wizard downloads updates before finishing, meaning that the computer is fully protected as soon as the installation is completed.
The main F-Secure Internet Security window is very clean and simple, with 3 large buttons (Status,
Tasks, and Statistics), plus three smaller buttons (Scan, Check for Updates, and Settings).
Additionally, the status of the system is displayed in large letters above the big buttons. If all is well, the status will read “Your computer is protected” in green.
In the event of a problem, e.g. if real-time scanning is disabled, the status display changes to “Your computer is not protected” written in red. Underneath there are instructions on how to fix the problem, in this case “turn on real-time scanning”. Unfortunately, there is no “Fix” button or link; to reactivate real-time protection, you have to click on either the Status button or the Settings button; either of these then presents a clear option for switching the protection back on. Whilst this should not trouble experienced users, we feel that a large, obvious “Fix All” button next to the status display on the main page would be ideal for beginners.
- 31 -
The Statistics button displays information on the time of the last update, subscription expiry, and the results of virus scans and email filtering. This is all neatly and clearly displayed on one page:
Updating the virus definitions can be done very easily by clicking the “Check for updates” button on the start page of the main window. All scan-related functions can be found in the Scan menu, also on the start page. This allows full and custom scans to be started, and a scheduled scan to be configured (using “Change scanning settings”). A scheduled scan is not set to run by default.
The program window is fully usable at a resolution of 800x600 pixels, making it suitable for use on netbooks.
- 32 -
One of the features of F-Secure Internet Security 2010 is a web filter that adds safety ratings to search results in Internet Explorer. The normal “traffic light” system of green for safe, yellow for caution, red for danger is used, as shown below:
When we attempted to download the EICAR test virus, F-Secure reacted instantly with a message to say that the virus had been removed; no further action was necessary, which is ideal for beginners.
We were disappointed to see that the program’s uninstaller only allows complete removal. There is no repair option, or any opportunity to selectively uninstall components of the suite. There appears to be an option entitled “Remove selected features”, but this has been disabled, and is thus merely an irritation.
F-Secure Internet Security 2011 is essentially well-designed, with a clear and easy-to-use interface.
However, we feel it could be improved by a “Fix All” button to correct any problems, and repair/change options in the uninstaller.
- 33 -
G Data Internet Security ( www.gdata.de
2010 was another excellent year for G Data in our tests. It achieved industry-leading scores on the
On-Demand Detection Tests and one Proactive Test, and very good scores on all other tests. It was shortlisted for Product of the Year, and received Gold Awards for both On-Demand Malware
Detection and Proactive On-Demand Malware Detection. G Data uses two third-party antivirus engines, which can be used individually or together in different situations, e.g. real-time protection, on-demand scans etc.
G Data Internet Security has been extremely well designed when it comes to installing and using the suite. The setup program offers “Complete” and “Custom” options, for beginners and advanced users respectively. The Complete installation is ideal for beginners, as it does not ask any questions that a non-expert would not understand. The Custom installation, however, gives the user more choices, such as the destination folder, and which components to install:
We are pleased to see the option of selecting which components to install, which is sadly missing from too many other security suites. Both installation variants allow the user to decide whether to run a weekly scan or not, the default option being “yes”.
- 34 -
The main program window has been very well designed, giving a clear picture of the security status of the PC at a glance, with a “Correct” button which becomes active in the event that e.g. virus definitions are out of date. This enables the user to correct any problems that may arise with a single click. All the protection features are clearly displayed on the main page of the program, with status and links for tasks and options neatly arranged on the same line as each item:
For example, the “Last virus check” line shows the status (when the last scan was carried out) and the “Virus scan” menu with options for full or quick scans, scanning individual folders etc. Each of the main sections, i.e. Virus Check, Updates, Internet and Email, has its own options link for more detailed configuration. In short, the main program window presents a clear overview of the features and their status, with easy access to tools and configuration options. There is also a “CPU load” display in the bottom left-hand corner of the window, showing CPU usage by the G Data program, and for the system as a whole. Another excellent feature of G Data’s design is the ability to fit all its features into a 640x480 resolution, ideal for netbooks.
- 35 -
We tested G Data’s reaction to finding malware by attempting to download the EICAR test virus. The program reacted instantly, displaying a notification that the “virus” had been blocked. No user intervention was required, but there is the option to prevent further virus alerts:
The choice of components installed can be changed after installation by going to the Programs and
Features applet in Control Panel. We chose to uninstall the G Data firewall, and use Windows
Firewall instead. We were particularly pleased to note that the Firewall element in the program interface is neatly removed from the window, without any warning messages being displayed:
Internet section of window, with G Data firewall installed
Internet section of window, after uninstalling G Data firewall
The only thing we felt was missing from the program was a repair option in the program installer, as this can be useful for quickly fixing a malfunctioning program.
G Data Internet Security 2011 has been extremely well designed, making it easy to use for both beginners and expert users. All important information and tools are easily accessible from the program’s main window, which remains remarkably uncluttered. The program window adapts cleverly to smaller screens and addition or removal of components. Whilst beauty is in the eye of the beholder, we suspect that many people would agree that the program’s design is not only practical but also elegant.
- 36 -
K7 Total Security ( www.k7computing.com
K7 produced respectable malware detection results in its first year in our tests, receiving awards in all the tests it took. It did well in the Proactive and PUA tests, and got the highest score in the
Performance Test, thus winning the Gold Award for Overall Performance.
Installing K7 Internet Security 10 is a quick and simple process. Unfortunately there are some few small bugs in the current version, although the manufacturers tell us that they are working on fixing these. The last page of the wizard displays a summary of the “Current Settings”, consisting of
“Setup Type”, “Destination Folder”, and “User Information”. There is a message accompanying this:
“If you want to review or change any of your installation settings, click Back”. Clicking Back does not give any opportunity to change or even view these settings, which could be annoying for some users.
When Setup completes, there is no prompt to restart, but equally no evidence that the program is up and running, so we decided to restart the PC anyway. Having done this, we were greeted by the
K7 product activation wizard, and noted that a K7 system tray icon had appeared. The wizard allows
- 37 -
the user to enter a serial key, or supply a name and email address to use the program as a trial.
Completing this wizard allows the program to update, and installation is complete. On checking in
Windows Action Center we were surprised to see that although K7’s own firewall was up and running, Windows Firewall had not been disabled. This contradicts the generally accepted principle that two software firewalls should not be run together, to avoid conflicts.
Whilst the colour scheme of the main program window may not be to everyone’s taste, the interface is actually clear and simple. The main panel of the window shows the status of the individual protection components of the suite, along with licence information and the date of the last update.
Five big buttons are arranged as a menu down the left-hand side of the window: Home,
AntiMalware, Firewall, Privacy, and AntiSpam. Clicking on one of the buttons opens the relevant configuration options in the window’s main panel. Home brings up the status display, i.e. is the default when opening the program.
In the event that a component is not working properly, e.g. real-time protection is not enabled, the status display for that component will change to a red button with the word Disabled:
- 38 -
Currently, there is no means of correcting the problem(s) from the status page. Reactivating the real-time protection requires the user to click on Anti-Malware; re-enabling the firewall requires a visit to the Firewall page. Whilst this would not represent a problem for experienced users, it is not ideal for beginners. A big “Fix All” button would be a significant improvement.
Updating the program is very easy, as there is an “Updates” button at the top of the window.
Various scan options are available under AntiMalware; setting up a scheduled scan (none is configured by default) involves clicking on the Tasks tab on this page.
It is actually possible to use K7 Total Security at a screen resolution of 640x480 pixels, as all the functional areas are accessible. This means that the program can be used with netbooks and even old, low-resolution monitors.
There is no site security rating feature for Google searches in Internet Explorer to warn users of risky sites. When we attempted to download the EICAR test virus, K7 deleted the file and produced the following message box:
This shows that the threat has been blocked, without any user interaction being necessary, and even lets advanced users see where the downloaded file was deleted.
The uninstall program for K7 Total Security 10 does not include either a repair function or the ability to uninstall any components selectively; it’s just an all-or-nothing program removal.
K7 has in many ways produced a simple and practical interface. Unfortunately, it is currently spoiled by the absence of a few practical features, such as disabling Windows Firewall, prompting for a reboot after installation, and an easy fix for problems reported on the status page. When the vendors have resolved these minor issues, we feel that the program will be easy for everyone to install and use.
- 39 -
Kaspersky Internet Security ( www.kaspersky.com
As usual, Kaspersky achieved very good results in our 2010 tests, with Advanced being the minimum level reached in all cases. It had two awards reduced from Advanced+ to Advanced level due to
(unusual) high levels of false positives, but was one of only four programs to reach Advanced+ standard on the Whole Product Dynamic Test. It receives the Bronze Award for Whole-Product
Dynamic Protection as a result. Kaspersky Internet Security includes Safe Run mode, allowing suspicious applications to be run in a sandbox, and a virtual keyboard, which enables sensitive data to be entered without being captured by a keylogger.
Kaspersky asked us to use the program’s highest heuristic setting for our tests. Users of Kaspersky should bear this in mind, and may like to change the heuristics settings on their own PCs to the highest level too. We hope that Kaspersky will in future set the heuristics to high by default.
Kaspersky Internet Security 2011 has a custom setup option (“Change installation settings”).
Unfortunately, this does not allow the user to select the components to be installed, only the location of the program folder. Installation is quite quick and simple.
Kaspersky Internet Security has a fairly familiar sort of design to it.
- 40 -
At the top is a status display with a big round button. If all is well, the button will be green, and the message displayed will be “Your computer is protected”. In the event of a problem, the button changes to yellow (minor) or red (major), a warning message is displayed, along with the nature of the problem, and a “Fix it now” button appears. This makes it very easy to see the system status and correct any problems.
In a column down the left-hand side of the window are buttons representing different protection areas, namely Protection Center (default), Safe Run, Scan, Update Center, Parental Control, and
Tools. Clicking on one of the buttons on the left opens the appropriate page in the main panel of the window. The default Protection Center page has links to every individual component of the suite, divided up into the areas “Files and Private Data Protection”, “Systems and Applications
Protection”, and “Online Security”. Clicking on one of these strips expands it to show its subcomponents, and clicking on one of these shows its configuration options. This makes it straightforward to access all of the suite’s many components quite easily.
The program can easily be updated from the Update Center, and scans can be run simply by clicking on Scan. Setting up a scheduled scan was not so easy, however, and we resorted to looking in the help files. Even with this, we feel that the process is still a bit too complicated for a beginner, and would like to see it made simpler. There is no scan scheduled by default.
Kaspersky Internet Security 2011 has a desktop widget for Windows 7/Vista:
This gadget is arguably very elegantly designed, but unfortunately not very practical. It is not annotated in any way, so many users will simply not realise what it is. The green indicates all is well, and the buttons allow quick file scanning and safe run, but without any annotation, these features are only of any value to inquisitive users who like to explore and investigate.
Kaspersky Internet Security is fully usable at a resolution of 800x600 pixels, and so is suitable for use on netbooks. When we ran a Google search in Internet Explorer, there were no obvious site security rankings to be seen on the first page of our search results; however, Kaspersky tell us that when known bad sites are shown amongst the results, they will be clearly marked in red. When we tried to download the EICAR test virus, Kaspersky showed a warning that a virus had been detected.
After a few seconds, the warning box changed to show that the virus had been “denied”:
No user action is required.
- 41 -
We were pleased to see that Kaspersky’s uninstaller includes a repair option, to restore missing or corrupted files and settings. Unfortunately there is no means of removing components selectively, only the entire suite.
The interface design of Kaspersky Internet Security 2011 is clear and simple, allowing easy access to a great range of features without overwhelming the user. Essential functions and information are easy to find, with the exception of scheduling a scan, which could be made easier.
- 42 -
Kingsoft Internet Security ( www.kingsoft.com
Kingsoft scored very highly in our Performance Test, and wins a Silver Award for Overall
Performance. However, the fastest anti-virus program is still no good if it does not protect adequately, and 2010 was not a great year for Kingsoft in our malware detection tests. It failed to receive an award in any of them, despite introducing cloud technology. Sadly, this represents a step backwards relative to its results last year, and leaves Kingsoft as the weakest overall program in our tests. Because of this, Kingsoft will not be included in our tests in 2011. However, we believe that the manufacturers are determined to improve the performance of their products, and are confident that a new and much-improved Kingsoft program will return to our tests in the future.
Installing Kingsoft Internet Security involves 2 phases. The first phase, called “Installer”, allows the user to choose the installation directory and decide whether to install the firewall:
The second phase, entitled “Setup Wizard”, allows customised configuration of the features, though we are not certain how useful this is. It would seem unlikely that anyone would want to disable real-time protection and the firewall at this stage, having just installed them.
- 43 -
We were also rather confused as to what “Advanced Defence Attack Protection” might be:
Kingsoft appears to be unique amongst the programs tested here, in that it installs what appears to be a device driver for the network service.
The most important thing to note is that Kingsoft Internet Security is not a single program with a unified interface, but actually three separate programs with widely differing interfaces. The three programs are AntiVirus, AntiSpyware, and Personal Firewall.
- 44 -
The Antivirus window has links that will open the other two programs: “View network security status” opens the firewall window, and “Check your computer now Use Kingsoft AntiSpyware” [sic] opens the AntiSpyware window (producing a Windows 7 UAC prompt). The AntiSpyware window informs us that the Antivirus program is installed, although there is no means of starting it.
Unfortunately, the only other thing the three windows have in common is confusing interfaces and mysterious use of English. The most prominent button on the AntiSpyware window invites us to
“Score for your system”.
- 45 -
Due to the exceptionally complicated and varying interfaces of the program, we unfortunately lack the space to provide any sort of reasonable review of the features we have discussed for other programs. We can say that when we tried to download the EICAR test virus, a fairly standard sort of message box informed us that it had been detected and deleted:
All three windows will fit into an 800x600 pixel resolution, and so could be used on a netbook.
Unfortunately, even the uninstall options are very confusing. The Programs and Features applet in
Windows 7 Control Panel has three Kingsoft items: Kingsoft Basic Service, Kingsoft Internet Security
9 Plus, and Kingsoft Vulnerability Fix. Uninstalling Kingsoft Internet Security 9 Plus involves negotiating the following dialog box:
We do not wish to hurt the feelings of Kingsoft’s developers and designers, but for English-speaking users it is realistically very difficult to find anything positive about the interface of their Internet
Security Plus suite. Not only is every program window in some way confusing in its own right, there are three different windows, each with its own style. We imagine that users would only consider tackling such a daunting interface if the Kingsoft suite was exceptionally good in some other important area, but sadly this is not the case. Four of the other vendors in our test make free antivirus programs that are vastly superior in terms of interface design and much better in terms of malware detection too. We would respectfully suggest that making a simple, one-window user interface with basic commands in clear, correct English would be an important step towards making
Kingsoft a marketable product.
- 46 -
McAfee Internet Security ( www.mcafee.com
McAfee had generally good results this year, especially in the PUA Test and Performance Test.
Unfortunately it did have awards reduced because of higher rates of false positives in both On-
Demand Malware Detection Tests.
Both standard and custom installations are available in McAfee Internet Security 2011. Whilst the standard installations is extremely simple, we were pleased to see that the custom installation is very flexible and allows the selection of individual components of the suite:
Virus definition updates are downloaded during the installation process, so once setup has finished and the computer has been restarted, the system is fully protected.
- 47 -
The main program window is rather unusual in its “tall and thin” design, but is sleek and modern, and clearly shows the most important information and features at a glance:
Towards the top of the window, a horizontal stripe shows the security status of the system. When all is well, this stripe is green, and displays the message “Your computer is secure (no action required)”. In the event of a problem, the top stripe changes to red, with the message “your computer is at risk”; the section below contains details of the problem and an obvious button for correcting it, e.g. if the firewall is turned off, the message will read “Firewall: Off” and there will be a button marked “Turn on”:
- 48 -
When all is well, the area below the status stripe will show more stripes for the most important protection areas, namely real-time scanning, updates, firewall, and subscription. Clicking on one of these stripes shows links to related tasks and information. For example, clicking on Real-Time
Scanning gives the option to scan the PC, Updates allows the user to check for new virus updates, and Subscription displays the expiry date of the current licence. All the most important information and tasks are thus easily accessible from this area. A scheduled scan is configured by default; the date and time of the next scan, together with the option to change the schedule, can be seen by clicking on Real-Time Scanning.
Detailed configuration options can be found in a number of further stripes in the main panel of the window. Clicking on a stripe causes that section to expand, showing relevant links. The program interface adapts to different screen sizes, so that it is fully useable on netbook screens.
Internet Security 2011 incorporates McAfee’s Site Advisor software, which gives safety ratings to
Google searches in Internet Explorer. A familiar “traffic light” colour coding system shows which links are safe to click on, and which should be avoided:
When we tested how McAfee Internet Security reacts to the EICAR test virus, a McAfee message box appeared, informing us that the “virus” had been quarantined:
The McAfee suite’s uninstall program is unfortunately very short on options. There is the choice of uninstalling Site Advisor without the remaining components, or vice versa, but that’s it. If you want to change the selection of components, or repair the installation, you have no choice but to perform a complete uninstall and then reinstall.
McAfee Internet Security 2011 has an unusual but effective design, which makes it straightforward to find essential information and features. We were pleased to note that setup allows the user to choose which components are installed; the same choice when uninstalling, plus a repair option, would be ideal.
- 49 -
Microsoft Security Essentials ( www.microsoft.com/security_essentials )
Despite being one of only two free programs in our tests, Microsoft Security Essentials achieved very creditable scores this year, especially in the Proactive Tests and Performance Test. It wins a Silver
Award for Low False Positive Rate, and two Bronze Awards: Proactive On-Demand Malware
Detection, and Overall Performance.
Scope of the program
Microsoft Security Essentials is an antivirus program, provided free to home users and small businesses with up to 10 PCs. Unlike the paid-for Internet security suites which make up most of the programs in this review, there are no firewall, antispam or child-protection features incorporated. It should be noted that since Windows XP, a firewall has been built into Windows operating systems (please see note about version 2.0 below). Spam filters are built into recent
Microsoft email programs such as Outlook 2010, and Windows Live Family Safety can be downloaded for free. Consequently, Microsoft might be justified in claiming that they make all the other features of a security suite available for free. However, this report will focus solely on the Microsoft Security
Please note that this review refers to version 1.0 of Microsoft Security Essentials. Version 2.0 was released shortly after this report was written, and has some new features as well as improvements to existing ones. During setup, version 2.0 checks to see if Windows Firewall is enabled, and provides an easy means of turning it on if necessary.
The setup procedure for Microsoft Security Essentials is very quick and simple. There is no choice of beginner or advanced installations, but given the nature of the program this would not be applicable anyway. There are no options as such, but there is a warning to uninstall any existing antivirus software, which also offers some advice on how to do this:
- 50 -
When setup completes, there is the option to scan the computer for threats (after updating). The main program window then opens, and an update of virus definitions commences.
After installation, we looked at the Security status in Windows Action Center, and were interested to note that Windows Defender (Microsoft’s antispyware program, built in to Windows Vista/7) had been deactivated, and that Security Essentials was registered as the system’s sole antispyware program. Microsoft tell us that this is because the antispyware protection in Windows Defender is included in Microsoft Security Essentials.
Microsoft Security Essentials has a tabbed interface for its main program window. The program opens on the Home tab by default, the other tabs being Update, History, and Settings. The Home tab shows the system status, with a computer screen icon containing either a white tick
(checkmark) on green if all is well, or a white cross on red if there is a problem. There is also very basic information on real-time protection and whether the definitions are up to date. A separate panel at the bottom of the Home page shows when the last scan was performed, and when the next scheduled scan is set to run. A weekly Quick Scan is scheduled by default; this can be changed by clicking on a link right next to the scan status. A third panel on the right-hand side of the home page gives very quick and easy access to different scan types. Because Microsoft Security Essentials is a free program, there is no subscription, and thus no subscription information.
The Update tab is self-explanatory and could not be simpler; there is one big button marked
“Update”, and that’s it, aside from a few update-related statistics. The History tab shows any items of malware that have been found, and what action was taken at the time; the Settings tab allows more detailed configuration changes to be made. This is arranged very simply with the various configuration areas in a vertical menu in the left-hand panel, and a modest range of options for each area in the main panel.
- 51 -
In the event that there is a problem with the program, e.g. real-time protection is disabled, a big red button appears in the main panel of the Home tab, with the appropriate solution, namely “Turn on” in this case:
The Microsoft Security Essentials fits perfectly into an 800x600 resolution, and is thus suitable for using on low-resolution screens such as those found on netbooks. Not surprisingly for a free antivirus program, there is no form of safety rating for web search results with Internet Explorer, either in Google or even Bing, Microsoft’s own search engine. When we tried to download the
EICAR test virus, the reaction from Microsoft Security Essentials was a little more interactive than with many other programs. A warning message appeared, saying that the threat had been
“suspended”, and inviting us to click on “Clean computer” to remove the threat.
When we did this, Microsoft Security Essentials popped up a second message box a few seconds later, to inform us that the program had successfully “cleaned” the computer.
The program’s uninstaller does not have any options for selectively uninstalling components, but this is to be expected, as there is only one component. Unfortunately, there is no repair option either, meaning that the program must be uninstalled and reinstalled in the event of a malfunction.
Microsoft Security Essentials lives up to its name, by providing basic antivirus protection. Microsoft would appear not to have wasted too much time or money on the aesthetics of the program, but the interface is clear and simple and all the most important functions can be found easily.
- 52 -
Norman Security Suite Pro ( www.norman.com
In only one of the tests it took this year did Norman fail to win an award. Unfortunately, its total of four Standard awards for malware protection is identical to the level it reached last year, i.e. there has been no improvement and Norman will not be featured in our tests in 2011. We would hope to see a new version of Norman returning to higher levels of protection, and to our tests, in the future.
We were pleased to see that Norman Security Suite has both standard (“Complete”) and custom installation options. The standard option asks no questions at all, and simply installs using the default settings. The custom option allows advanced users to choose which components they wish to install, and change the destination folder:
A reboot is required to finish the installation. The Norman firewall configuration wizard then appears. This also has a beginner’s option, which sets all items to default; the expert option asks which browsers and email programs are used, and whether file sharing should be allowed. We find this to be a simple and effective method of firewall configuration, which should suit both beginners and experienced users.
- 53 -
Whether users will feel reassured by the Norman wooden puppet, wearing an armoured waistcoat but no pants, we cannot say.
The main program window is designed in a logical and straightforward way. In a left-hand panel is a vertical menu, consisting of buttons for each of the program components, plus Home (default). The main panel shows the relevant information and options for the item selected on the left. Home has a summary of the status of all the components, a white tick (checkmark) in a green box indicating that all is well with the relevant item. If an important item is disabled, the status icon changes to a white exclamation mark in a red box, and an adjacent link enables correction of the problem:
- 54 -
There is an update button on the home page, enabling all components to be updated. Finding subscription information is somewhat inconvenient. Clicking on “Install and Update”, and then on
“License Wizard” starts a wizard(!), which, assuming the license key has been entered correctly, will show you when your license expires. We feel this is an unnecessary complication, and that simply showing the licence expiration date on the home page would be much simpler.
To run a scan, you need to click on “Antivirus and Antispyware”, and then look for the “Scan computer” link. Creating a scheduled scan (none is set by default) can be done using the Task
Editor link on the same page; this is perhaps not the most intuitive route for beginners. We note that running both updates and scans involves clicking on a User Account Control prompt, even with
Windows 7’s default settings. Beginners might find this something of a barrier to their attempts to improve the computer’s security.
The Norman Security Suite window fits perfectly into a resolution of 800x600 pixels, and so could be used on a netbook screen. There are no search safety ratings in Google searches in Internet
Explorer. When we attempted to download the EICAR test virus, Norman played a rather strange audible warning sound, which we cannot really describe, and produced the following warning message:
The “threat” was thus blocked without any user intervention being necessary.
We were pleased to see that Norman’s uninstall program has a repair option, so that any missing or corrupted files and settings can be replaced easily. The Uninstall option would simply uninstall the whole suite, but it is possible to add or remove components directly from the program’s own interface, under “Install and Update”.
Norman Security Suite excels when it comes to giving users installation and configuration choices, with default and customisable options for both. The interface is very logical and tidy in its layout, but we feel it makes some tasks, e.g. setting a scheduled scan or finding subscription information, rather too complicated for beginners.
- 55 -
Panda Internet Security ( www.pandasecurity.com
Panda made a good impression on its return to our tests, reaching at least Advanced level in every test. With lower rates of false positives it would have achieved even higher awards. It did especially well in the On-Demand PUA Detection Test, winning the Gold Award, as well as a Bronze Award for
On-Demand Scanning Speed.
Panda Internet Security 2011 offers three choices of installation, namely Minimum, Typical, and
Typical performs a default installation without asking the user any further questions, while Custom allows the choice of which components to install:
- 56 -
Although the option of deselecting the Panda firewall is included in the component selection, the next step specifically asks whether to use the Panda Firewall or Windows Firewall.
After a reboot, the main program window can be opened. This is a very sleek modern design in blue and black:
The main panel of the window shows the system status by default, and is divided into 3 sections:
Protection, Maintenance, and Updates. Protection shows all the protection features (antivirus, firewall etc.) with their status: green for enabled, red for disabled, grey for not configured/installed. The Maintenance section is for the backup feature, while the Update section shows the dates of the last update, licence expiry, and an “Update now” link. Additionally, there is a row of tabs along the top of the window: Scan, Reports, Quarantine, and Services. The Scan tab gives easy access to full, custom and vulnerability scans, and the option to set up a scheduled scan
(this is not configured by default). All the essential functions are thus easily accessible from the main window.
When all components are working properly, there is no overall status display. However, if there is a problem, a large notification appears at the top of the window, complete with a big button marked
“Solve” to restore the correct settings:
- 57 -
After the installation, a warning like the one above appeared, informing us that we needed to update the program. Unfortunately, clicking on the “Solve” button or the “Update now” link appeared to have no effect. Eventually, we noticed that a second Panda icon had appeared in the
Windows Taskbar; clicking on this brought the “Panda Internet Security 2011 update wizard” window to the front – this had previously been hidden behind the main Panda window, even on our
1600x1200 display. This “wizard” then enabled us to successfully update the program. We do not understand why a “wizard” is necessary at all, as it doesn’t ask any questions; we also find it inexplicable that its window is hidden behind the main window, rendering it invisible to non-expert users. Given the importance of getting regular updates of antivirus signatures, we would urge Panda to rethink this policy, and simply allow the suite to update without further ado when the relevant button is clicked.
The program window is fully usable at a resolution of 800x600 pixels, and so will work properly on a netbook. When we tested the program’s reaction to a simulated threat, in the form of the EICAR test virus, Panda Internet Security produced a warning message, informing us that the virus had been neutralised:
The message is clear and simple, with no intervention required, making it ideal for beginners.
However, information buttons next to the words “virus” and “file” give advanced users the name of the virus, and the location where it was detected, respectively. This is an innovative approach, which will suit both experienced and inexperienced users.
Despite the suite’s web protection, there is no site safety ratings provided in Google searches in
Internet Explorer, which is a shame.
Unfortunately, the only option provided by the program’s uninstaller is complete removal. There is no means of running a repair installation or selectively removing components, even though the latter is available during initial installation of the program.
Panda Internet Security 2011 provides a setup wizard with options for both beginners and the most demanding of expert users. The program interface is very modern and enables easy access to the most important program functions. However, we are concerned that the “update wizard”, hidden behind the main program window, may prevent some users, especially inexperienced ones, from keeping their virus definitions up to date.
- 58 -
PC Tools Internet Security ( www.pctools.com
2010 was the first year that PC Tools has participated in our tests and it got off to a very respectable start. It achieved very good results in the On-Demand Malware Detection Tests and the
On-Demand PUA Detection Test.
The installation of PC Tools Internet Security 2011 is very simple. There are no options as such, only a request to specify whether the network the computer is connected to is Trusted or Untrusted (i.e. private or public):
A short malware scan is performed at the end of the setup routine.
The suite has a modern interface design with a vertical menu in the left-hand pane of the window.
In this menu are buttons marked Status, Start Scan, IntelliGuard (= real-time protection), and
Settings. Clicking on one of these menu items shows the relevant options in the main pane of the window. By default, the program opens on the status page. Please note that the screenshot below shows a trial version; clicking on any of the items in red brings up a dialog box with options for entering a licence key or buying one online.
- 59 -
The status page is dominated by four big buttons marked Scan Now, IntelliGuard, Anti-Spam, and
Firewall. Clicking on Scan Now starts an “IntelliScan”, i.e. a quick scan of vulnerable areas. Clicking on any of the other three big buttons brings up the relevant configuration options for that feature.
A tabbed section at the bottom of the main panel contains an area with summary information about
“General Protection”, Anti-Spam and Firewall. The default General Protection section gives information on subscription status, dates of last update and last scan, and the status of the
IntelliGuard real-time protection.
In the event that real-time protection is disabled, both the big IntelliGuard button and the small
IntelliGuard information line at the bottom will indicate this. Clicking on the big button brings up the IntelliGuard configuration page, where there is a link which will reactivate the protection.
Clicking on the word “Off” in the line at the bottom of the window will also restore real-time protection, without any further clicks being necessary. Whilst none of this should trouble a moderately experienced user, we feel that one big warning notice and one big “Fix All” button would make it easier for beginners to put things right in the event of a problem.
Updating the virus definitions manually can be done easily by clicking on “Smart Update” in the top right-hand corner of the window. Clicking on the Start Scan button in the menu list in the left-hand panel gives a range of scan options, including Intelli-Scan (short scan of critical areas), Full and
Custom Scans. Rather confusingly, the Start Scan button in the bottom right-hand corner of the
Status page simply runs a quick scan without asking any further questions. Two types of scheduled scan are preconfigured: a quick scan every day and a full scan every week. It is straightforward to edit these settings by clicking on Settings | Scheduled Tasks.
The program is fully usable at a resolution of 800x600 pixels, and so could be used without any difficulty on a netbook.
- 60 -
PC Tools Internet Security 2011 adds site safety ratings to Google searches in Internet Explorer.
This takes the form of traffic-light coloured symbols, i.e. green for safe and red for dangerous.
Additionally, the entire summary text of any unsafe results is highlighted in red to make it very clear that it’s a risk:
When we tried to download the EICAR test virus, PC Tools immediately popped up a warning message, informing us that the download had been quarantined:
Unfortunately, the uninstall program of PC Tools Internet Security has no repair or selective uninstall options; it’s simply an all-or-nothing removal. In the event of a program malfunction, it would be necessary to uninstall and then reinstall.
PC Tools Internet Security 2011 has a straightforward modern interface which gives good access to the most important tools and information. We feel that a single warning for protection failure, along with a single obvious correction button, would make the program better for beginners.
- 61 -
Sophos Endpoint Security and Control ( www.sophos.com
Sophos achieved very creditable scores in all the tests it took this year, achieving at least Advanced level every time. It also wins a Silver Award for Overall Performance.
Sophos asked us to test their programs using default settings, rather than the highest settings. This means that our test results for Sophos represent the level of detection/false positives provided by the standard configuration.
Nature of the program
Sophos Endpoint Security and Control is a security program which consists of antivirus, firewall,
HIPs, Application Control, Device Control, Data Leakage Prevention and URL Filtering. It is designed and marketed for use in business networks. Consequently, the features and interface cannot be directly compared to the home-user Internet security suites which make up the majority of the programs in this review.
Unsurprisingly for a business product, the Sophos setup wizard does not provide separate installation choices for beginners and advanced users. However, there are three very sensible options in the short, simple setup process. These are: location of the installation folder, whether to install the firewall, and whether to automatically remove any existing third-party security software.
- 62 -
A reboot is required to complete the setup process. When using the system for the first time after installing the software, we found it was necessary to configure the Sophos firewall in order to access a shared folder on our server.
The main window of Sophos Endpoint Security and Control is modelled on the Windows Explorer interface of Windows XP. There is a menu bar at the top, and below that a toolbar with Back,
Forward, Home and Help buttons. As many configuration options open in the same window, these navigation buttons are very useful. A smaller pane on the left-hand side contains two boxes, respectively entitled “Status” and “Help and Information”. The Status box contains essential data such as the state of the firewall and real-time protection, and date/time of the last update. This area does not contain the subscription information, big status display graphic or “Fix All” button commonly found in home-user security suites, but this is in keeping with a business product designed to be installed and configured by IT professionals. The Help and Information box has links to various help and support-related topics.
The main panel of the Sophos window shows big icons for important configuration tasks and tools.
These are arranged in four groups: Antivirus and HIPS, Firewall, Tamper Protection and Updating.
Full, custom and scheduled scans can easily be started or configured from the icons in the antivirus section. There is no “update” button, but again this must be taken in the context of a managed business product. A virus definition update can be started manually by right-clicking the Sophos system tray icon, and choosing “update now” from the context menu.
- 63 -
The program window is usable at a resolution of 800x600, although it would be tricky to access the buttons at the bottom of some dialog boxes. This means that it could theoretically be used on a netbook, but in practice netbooks are very unlikely to be used for serious business purposes.
Sophos Endpoint Security and Control does not add any sort of rating to Internet Explorer search results in Google, though of course any businesses deploying it may well have other means of web filtering, such as physical security devices or proxy servers.
When we attempted to download the EICAR test virus, Sophos produced a notification that the download had been stopped:
Sophos creates a minimum of two items in the “Programs and Features” list in Windows Control
Panel, namely Anti-Virus and AutoUpdate. If the firewall is installed, it appears as a third item in the list. Thus it is very straightforward to uninstall the firewall separately from the antivirus component. If this is done, all firewall-related elements are neatly and cleanly removed from the user interface, although Windows Firewall is not automatically reactivated.
None of the Sophos uninstaller items in Control Panel has a repair feature, although in a business network where the client software was installed remotely, this would not be a problem.
Sophos Endpoint Security and Control has a simple, clear and familiar interface with easy access to all features and tools relevant to business users. It is easy to install or uninstall the antivirus element and the firewall independently of each other.
- 64 -
Symantec Norton Internet Security ( www.symantec.com
Like last year, 2010 saw excellent results for Symantec in our tests. Its overall performance led to it being a close runner-up for Product of the Year. It was particularly strong in the Dynamic Protection
Test, for which it is joint winner of the Gold Award. It also did extremely well in the On-Demand
PUA Detection and On-Demand Scanning Speed Tests (all Silver Awards), as well as On-Demand
Malware Protection (Bronze Award).
Symantec asked us to use the program’s highest heuristic setting for our tests. Users of Norton products should bear this in mind, and may consider changing the heuristics settings on their own
PCs to the highest level too. We hope that Symantec will in future set the heuristics to high by default
Installing Norton Internet Security 2011 is exceptionally quick and easy, and can really be done with two clicks. Having double-clicked the setup file, the user only needs to click “Agree and
Install” to begin file copying. The “Install Options” button merely allows the destination folder to be changed; unfortunately there is no choice of components.
The time-remaining display starts off by claiming “less than a minute remaining”, and this is actually true, the installation is completed in under a minute.
- 65 -
The main program window is built around a vertical list of the program’s components, such as antivirus, antispyware, firewall, browser protection etc. in the right-hand half of the window. These are grouped into three main areas: Computer Protection, Network Protection, and Web Protection.
The left-hand half of the window is used for the titles of these groups and related functions, e.g. there are links to Quarantine and Live Update in the Computer Protection section. This layout allows
Symantec to show a considerable number of features and tools on one page in a tidy and comprehensible manner, even if some beginners might feel a little daunted at the wealth of items displayed.
Each of the protection features has a sliding on/off switch which can be used to disable it. If a critical item such as antivirus or firewall is disabled, the world map area at the bottom of the window (which normally has rather dubious practical value), is used to display a large warning notice, along with a very big and obvious “Fix Now” button:
If antivirus has been deactivated, reactivation launches a quick scan of critical areas, which is a sensible precaution. Subscription information is clearly displayed in the bottom left-hand corner of the window, in the practical form of the number of days remaining. Links to the update and scan functions can be found in the Computer Protection section; the Scan Now link is highlighted in yellow, making it stand out from the other tools. Clicking on Scan Now brings up a dialog box of scan options, including quick, full and custom.
- 66 -
One option in Norton’s Settings dialog box gave us some cause for concern. “Smart Definitions”, which is disabled by default, appears to be a clearly superior option. In fact, it attempts to improve performance by downloading only the most recent/relevant definitions; obviously this is at the expense of maximum security. Whilst Smart Definitions are well explained if you search Norton’s
Help, we feel that e.g. a warning message when activating the feature would let users know that they are potentially reducing security.
The program window fits perfectly into a resolution of 800x600 pixels, and so could be used without any difficulty on a netbook screen. We were pleased to see that Norton adds safety ratings to
Google searches in Internet Explorer, using the standard traffic-light colour scheme. Below is an example of a warning:
When we tried to download the EICAR test virus, Norton popped up the following warning message:
As no information is given in the message box as to what has been done with the threat found, we feel this could be worrying for inexperienced users. Clicking on “View Details” provides further information, informing us that the “threat” has been deleted, but simply adding the word “deleted” to the original message box might save some time and worry.
Unfortunately, Norton’s uninstall program does not have either a repair function or the ability to remove components selectively. The only option is to leave settings and personal data behind, in the event that the suite is to be reinstalled later.
Symantec have succeeded in producing an interface which shows all the many features of the program on a single page, and allows easy access to the most important functions. We might suggest a few additions, such as an optional beginner’s interface with fewer items displayed, and the chance to install or uninstall components selectively. On the whole, however, we feel the designers of Norton Internet Security have done a very good job.
- 67 -
Anti‐Virus Comparative – Summary Report 2010 ‐ December 2010 www.av‐comparatives.org
Trend Micro Titanium Internet Security ( www.trendmicro.com
Trend Micro’s results in its first year in our tests do leave some room for future improvement. In particular, it failed to reach certification level in either of the On-Demand Malware Detection Tests, although its scores in the PUA Detection Test and Whole-Product-Dynamic Test were much more encouraging.
Installing Trend Micro Titanium is a very simple process. There are effectively no options, which do at least make it very easy for beginners to install. When the process has completed, a message box appears, informing us that there is no need to update the program manually:
Trend Micro Titanium’s program window is probably the smallest of any antivirus program we have seen, and will even perfectly fit into a 640x480 resolution. At the top is a large status display strip, with a white tick in a green circle and the word “Protected” if all is well, or a white exclamation mark in a yellow circle if a component is disabled. In the latter case, a button marked “enable now” appears, allowing the user to reactivate the relevant feature:
‐ 68 ‐
Anti‐Virus Comparative – Summary Report 2010 ‐ December 2010 www.av‐comparatives.org
An additional pop-up warning appears near the system tray, indicating that protection has been disabled. This makes it apparent to the user that the security software needs attention, even if the main program window is not open. The area below the status strip shows further information, on the number of threats stopped, status of parental controls, and subscription information. In accordance with the notice displayed after setup, there is no update feature anywhere, presumably due to the program’s dependence on cloud technologies.
A final strip at the bottom of the window has four buttons; two are marked Tools and Scan respectively; tool tips appear over the other two on mouse over to show that they relate to Settings and Security Report. The Tools button allows configuration of Parental Controls and Data Theft
A scheduled scan is set by default during installation. This can be easily configured by clicking on the
‐ 69 ‐
Anti‐Virus Comparative – Summary Report 2010 ‐ December 2010 www.av‐comparatives.org
Trend Micro Titanium Internet Security does not add any visible safety ratings to Google search results in Internet Explorer. When we tested its reaction to a threat by trying to download the EICAR test virus, the program brought up a very clear information box, informing us that the threat had been removed. No further action was required.
Trend Micro Titanium’s uninstall program unfortunately does not have a repair option, or any means of uninstalling components selectively. We note that the program does not have its own firewall, relying on Windows Firewall instead, so there would be no need to uninstall an alternative firewall anyway.
Trend Micro Titanium Internet Security is very simple to install, and has a neat, simple program design that is straightforward to use. It is suitable for use on netbooks and old, low-resolution monitors.
‐ 70 ‐
Anti‐Virus Comparative – Summary Report 2010 ‐ December 2010 www.av‐comparatives.org
TrustPort Internet Security ( www.trustport.com
TrustPort achieved very good overall results in 2010. It reached at least Advanced standard in every test, and would have done even better but for an elevated level of false positives in one test. It wins the Bronze Award for On-Demand PUA Detection. TrustPort uses two third-party antivirus engines, which can be used individually or together in different situations, e.g. real-time protection, ondemand scans etc.
TrustPort asked us to use the program’s highest heuristic setting for our tests. Users of TrustPort should bear this in mind, and may like to change the heuristics settings on their own PCs to the highest level too. We hope that TrustPort will in future set the heuristics to high by default.
Installing TrustPort Internet Security is very quick and easy. Unfortunately there is very little choice available, only the destination folder can be changed. Updates are downloaded and installed during the installation, and Setup asks which of the email programs on the computer should be configured for email antivirus protection. A reboot is required to complete the installation.
The main window of the TrustPort suite is a very modern design, which shows all important status information and configuration options on one page, divided into three main horizontal stripes:
Antivirus, Network, and Updates. A status display at the top of the window shows whether everything is in order; if not, a warning appears, as shown below:
‐ 71 ‐
Anti‐Virus Comparative – Summary Report 2010 ‐ December 2010 www.av‐comparatives.org
There is no “Fix All” button, but the bold red text in the relevant section shows where the problem lies. In this case, we can see that the program needs updating; the “update now” link is right next to the red warning text. After updating the program, we see that the status indicator at the top changes, to show us that all is well:
Running quick, full or custom scans can be easily done from the “scan for viruses” link in the
Antivirus section. Setting a custom scan is rather more complicated, however. You need to click on the “Expert Settings” button in the bottom left-hand corner, then select Scheduler, and create a new scanning task. Subscription information is not displayed directly on the main page, but can be found easily by clicking the “About” link at the top of the window.
The program window easily fits into a resolution of 800x600 pixels, and so could be used on a netbook screen without any difficulty. There is no search result ranking facility for Google searches in
Internet Explorer, unfortunately. However, when we attempted to download the EICAR test virus,
TrustPort brought up the following message in the browser window:
No user intervention is required.
Unfortunately, TrustPort does not provide either a repair function or any selective uninstall options.
The uninstall program simply does an all-or-nothing removal.
TrustPort Internet Security 2011 is very simple to install, though this is partly because of the unfortunate absence of any options. Its user interface might appear a little cluttered to some, but effectively shows almost all important information and tasks at a glance. We would be pleased to see a simpler means of setting a scheduled scan, and Repair/Change options in the uninstaller.
‐ 72 ‐
Anti‐Virus Comparative – Summary Report 2010 ‐ December 2010 www.av‐comparatives.org
Copyright and Disclaimer
This publication is Copyright © 2011 by AV-Comparatives e.V. ®. Any use of the results, etc. in whole or in part, is ONLY permitted if the explicit written agreement of the management board of AV-
Comparatives e.V. is given prior to any publication. AV-Comparatives e.V. and its testers cannot be held liable for any damage or loss which might occur as a result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives e.V. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use or inability to use, the services provided by the website, test documents or any related data. AV-Comparatives e.V. is a registered Austrian Non-Profit-Organization.
For more information about AV-Comparatives and the testing methodologies, please visit our website.
Translation: David Lahee
AV-Comparatives e.V. (January 2011)
‐ 73 ‐
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project