Old-school antivirus vendors learn new tricks
Testing reveals that traditional AV vendors have added defense-in-depth, BYOD protection
In an era when businesses are scrambling to defend against sophisticated advanced persistent threats, old school antivirus may seem like a relic. But traditional antivirus companies are changing with the times, delivering defense-in-depth for a BYOD world.
In this review, we looked at products from seven of the original antivirus vendors, each dating back to at least the 1990s: AVG, ESET, Kaspersky, McAfee, Symantec, Panda Software and Trend Micro. We focused on ease of installation and management, ease of use, plus the protection each suite offered beyond traditional signature-based antivirus. Special emphasis was placed on the software’s ability to also protect mobile devices running both iOS and Android. (Read an analysis of the antivirus market.)
+ ALSO ON NETWORK WORLD: New weapons offer hope against cyber-attacks +
We found that despite its shortcomings, traditional antivirus remains an indispensable part of any network’s security posture. The reasons are twofold: First, antivirus still works to catch the low-hanging fruit. An updated antivirus database can protect endpoints from almost all of the typical threats that a user is likely to run into.
Secondly, companies in this review have added a slew of new features, including privacy scanners, social media link monitoring, behavioral analysis, tune-up software and anti-phishing protection, as well as the ability to lock down both computers and mobile devices.
The winner in our testing was Trend Micro Premium Security, which has one of the best overall packages for building a defense-in-depth across multiple devices. It was one of only two packages to catch 100% of exploits, with no false positives. And it has an easy to use interface, a quick install process, and a huge maintenance suite of helpful programs. (Watch a slideshow version of this test.)
Coming in a close second was Kaspersky Total Security, which also scored 100 in our exploit testing. Kaspersky also has excellent anti-phishing protection, an automatic exploit blocker, a firewall, and a feature that allows you to roll back a device to a pre-exploit state, should an attack get through. Plus, it has a unique Safe Money feature that protects users making banking transactions.
Symantec has wisely consolidated its numerous versions of Norton into one product: Norton Security. The Norton product worked well on the desktop, but was really the standout star for mobile devices. For example, Symantec protects not just against spam texts on phones, but also from unwanted calls. Features also include an identity safe and a password manager. Both use AES 256-bit encryption and the password manager is especially elegant.
AVG Anti-Virus 2015 stands out for harnessing the power of the cloud. With AVG’s cloud-based management, protection can be extended to devices not on the network. And AVG takes advantage of cloud-based global threat intelligence to update its signatures.
ESET Smart Security goes beyond traditional antivirus, with advanced traffic monitoring and exploit blocking. It also extends security features typically associated with BYOD devices, such as locking down data if a device is stolen, to enterprise laptops. ESET also continues to support devices running Windows XP.
We found McAfee LiveSafe to be the easiest to use. LiveSafe also adds extra features, including a very good password manager, and a personal locker that encrypts and protects information from external sources or unauthorized users.
Panda Global Protection is the most like traditional anti-virus in that there is not a lot of defense in depth. That said, it did pick up on almost every bit of malware we tossed at it, including stopping malware from a drive-by website attack. A big plus is the inclusion of PC Tuneup software.
Here are the individual reviews:
AVG AntiVirus 2015
AVG AntiVirus 2015 is a complete set of protection products for individual systems, which can be tied into either AVG CloudCare management software for large enterprise deployments or AVG Zen for smaller installations.
Both management solutions require separate installations, though linking Zen or CloudCare into devices on a network is a fairly smooth process. It would be nice however, especially for installations with fewer users, if Zen were included automatically as part of the installation process of the main program.
+ ALSO: Antivirus software is falling behind the bad guys +
Zen is a pretty ingenious product that allows for the management of all devices within your group, which could be everyone working at a small business. The complete security status of every device that falls under a manager’s purview – individual users have to agree to join the group – can be seen from a single interface regardless of platform.
So if someone’s Android phone is running with outdated virus definitions – it does not yet support iOS devices - it will show on the Zen console. Administrators can fix security concerns on managed devices, even going so far as to turn firewalls on, reboot systems that require major updates and manage most other security settings. If a device is offline, its last security status will have been uploaded to the cloud so that it’s still viewable.
Any commands from the main console, like updating virus definitions, will similarly be uploaded to the cloud and then executed the next time a device powers back up. Because this is cloud-based, the location of the user isn’t a factor. The enterprise level CloudCare product works in a similar way to enhance AntiVirus installations, just with menus and functions designed more to handle a massive number of users at the same time.
In terms of the program itself, the look of AntiVirus 2015 has been updated from previous versions to feature larger buttons and an easy-to-use dashboard that gives a glance at the total security settings for a protected device. The dashboard is still a touch sales-like, showing incomplete security ratings in certain areas unless additional products such as backup tools are also purchased.
The anti-virus scanning engine has also been improved. It’s still one of the slowest in this roundup for scan times, but very accurate against zero-day threats because of the inclusion of cloud-based outbreak protection. As soon as a new virus starts to break out in the world, even if it’s happening in another continent, the malware’s properties will be captured by AVG users and worldwide honeypots and saved in AVG’s cloud. Properties of that new malware will be instantly shared with all connected devices. That way, any instance of the same malware will be blocked even before an official definition is added to the database.
Our testing found that the new scanning engine was good, though not quite perfect in terms of catching malware at the earliest possible time. For example, downloading a known corrupted file from the Internet failed to set off an alarm. A later full scan of the PC did catch it and remove it, and it was also caught when we tried to actually run the file. So AVG works well because of its defense-in-depth, even if something gets past its primary safety net.
ESET Smart Security
ESET is one of the few companies that still offers a standalone anti-virus solution through their NOD32 Antivirus platform, which might appeal to specialized markets such as gamers who want some protection, but not at the sake of performance. Smart Security is the complete bundle of multi-layered protection, but it only works on PCs and laptops. A mobile version of the product that protects Android devices is available through ESET Multi-Device security, which can be bundled as part of a Smart Security purchase or through an enterprise deployment.
+ ALSO Developing a smart approach to SMAC security +
Even though ESET does offer protection for Android phones, the core program is obviously designed to work with laptops and desktops, and offers a few more features for those computers over most of its competition. For one, Smart Security is optimized to work with PCs that are still running Windows XP, with support for that scheduled to continue through at least 2017. If you still have XP-based systems in your network, Smart Security would be a good choice to keep them protected. When tested on a desktop running Windows XP Service Pack 3, Smart Security ran more quickly and more efficiently than any other program in this roundup. And it was able to detect all the threats we threw at it, including a few that were specifically designed to compromise the XP OS.
ESET Smart Security also brings the level of device threat protection normally found only for mobile phones and tablets to laptops, another feature that helps set Smart Security apart from others here. When a laptop protected by Smart Security is lost or stolen, there are several things a user can trigger to help get their property returned. At the first level, a simple message can be pushed to the device that shows who it belongs to and how to get in touch with them. Assuming someone honest finds it, the help message may be all that is needed to get it returned.
But just in case, Smart Security will lock down any laptop that is reported lost. Anyone who tries to log into the lost or stolen notebook will be directed to a sandbox account that keeps all of the other data hidden. The notebook will secretly snap photos of the unauthorized user to both identify the thief and also to help build a case against them. Finally, Smart Security offers the same kind of “Where is my device?” functionality found on a lot of mobile phone security programs where it will locate itself on a map in near-real time to help with recovery.
Giving tools for laptop recovery is a great idea in a security package. The one negative is that Smart Security does not support remote wiping of data. Notebooks are different than phones in that a remote wipe could take a lot of time, but I know certain businesses or government agencies that would rather wipe the data from a device and just write it off than worry about trying to recover the physical property.
Smart Security has a lot of advanced features beyond simple virus protection too. One of the newest features that we were able to test is the exploit blocker. ESET has determined that several programs have known vulnerabilities inside them that are often exploited by attackers at all levels, including ones that use APTs to break into networks. So ESET has locked down programs like Adobe Reader and Internet Explorer to close the gaps that many advanced threats use. Instead of trying to just scan for malware directly, it prevents any program from exploiting those known gaps.
In testing, when used against a program that attempts to exploit Explorer to drop malware on a system from a corrupted webpage, that process was stopped by the exploit blocker before the malware could even get through the gate. Compared to most other programs that allowed the malware in and then detected it, the ESET solution offers better security by preventing the malware from even entering a protected client.
Smart Security also offers traffic monitoring, something that is normally only seen in very high-level enterprise products. The traffic monitoring component scans outgoing traffic to detect even previously unknown malware from calling home to a control server or trying to reach out across a network. We tested this feature with some malware left over from our traffic monitoring review and found that ESET was able to detect even the most hidden files as soon as they tried to communicate, something almost all advanced malware needs to do at some point.
For an all PC-based network of laptops and desktops, ESET Smart Security offers one of the best protection schemes in this review, even adding features like lost laptop protection and some security functions normally only found in very advanced protection schemes. Adding Multi-Device security can also protect Android devices too, although it would be easier from an installation point of view if they would simply combine all of that protection together into a single product.
Kaspersky Total Security
The Kaspersky Total Security product was one of only two packages in this review to get 100% of the anti-virus and exploit protection completely correct, with no false positives. That level of protection comes from a robust defense-in-depth that relies on multiple techniques and programs to keep either PCs or mobile devices safe. For the PC, there is even a last defense roll-back mode available in case the worst should occur.
+ ALSO: 7 all-in-one security suites: Anti-malware for all your devices +
Total Security can be installed on any desktop, Android or iOS device. For mobile devices the core protections include anti-phishing and anti-malware protection, as well as a safe browser mode that protects personal data from being stolen by malicious apps, and a password manager for easy and secure logins for multiple sites. The protection on Android goes a little bit further, with the ability to lock down a phone if the SIM is ever removed, which would prevent someone from stealing a phone and dropping their own SIM inside it. When we tried, the phone remained unusable.