Sunday, March 25, 2007

Spyware Doctor with AntiVirus 5.0 Review

Spyware Doctor 5.0 with AntiVirus is effectively a completely different product from Spyware Doctor 4.0. PC Tools rebuilt its flagship product from the ground up over a period of many months, developing it in parallel with the existing product. This Vista-compatible from-scratch rewrite was designed to deliver a "smaller, faster and supercharged" product. It also displays some of the problems you might expect in a version 1.0.

PC Tools developed the antivirus component entirely in-house. West Coast Labs has already awarded it Checkmark certification for virus detection and removal; ICSA Labs hasn't finished testing it yet. And it will be included in the next round of testing by Virus Bulletin. The virus and spyware scans are completely integrated, so the biggest difference you'll notice is the much longer time required for a full scan. On my standard clean system, a full scan with all options enabled needed 1 hour 15 minutes. That's not what I'd call supercharged. The faster but less-comprehensive IntelliScan component ran in about 15 minutes. Spyware Doctor 4.0 scanned the same system in 7 minutes! Of course, it wasn't trying to scan for viruses too. A better comparison would be Spy Sweeper 5.2 with Anti-Virus at just under 25 minutes or Norton Internet Security 2007 at a bit under 30 minutes. [Note: Representatives from PC Tools were surprised at my report of Intelli-Scan taking 15 minutes. Their tests showed it running in one to two minutes, though they did identify a situation in which turning AV settings to their highest could slow the scan way down. Naturally, they plan to fix that problem ASAP. And in fact, it turned out I had accidentally cranked up the AV settings on my clean test system. When I re-tested with the default settings, Intelli-Scan ran in under two minutes. It really did take fifteen minutes on the malware-infested systems; that didn't change. –njr]

Though I didn't actually measure performance before and after installation, I got the distinct impression that SD5 slowed down my test systems, especially the malware-infested ones. Launching programs from the desktop seemed to take extra long, and IE7 in particular loaded slowly. Of course, these virtual machines have significantly less memory and hard drive space than your average computer, so any performance hits will be exaggerated.

As always, Spyware Doctor employs many layers of security to keep your system free of malicious software. The first line of defense is Site Guard, which blocks access to malicious sites. Site Guard isn't browser-specific—in fact, it blocks access to bad sites even if the program trying to connect isn't a browser. Site Guard would have prevented me from downloading over half of my malware samples, about the same as Spy Sweeper's equivalent Internet Protection Shield. It also derailed the installation of several samples that require Web access for full installation.

There are a bunch of other "OnGuard" layers, too. The new E-mail Guard scans incoming and outgoing mail attachments for spyware and viruses. Startup Guard, Browser Guard and Network Guard block malicious changes to the start-up sequence, your browser, and network settings, respectively. Process Guard halts malicious processes, File Guard prevents access to known malware files, and Keylogger Guard stops keyloggers based on behavior. Taken all together this layered protection should keep out most malware. However, in testing it seemed to me that not all the OnGuard modules were pulling their weight. Process Guard and Keylogger Guard in particular didn't seem to be giving a 100 percent effort to the team, as I found during testing.—Next: Can the Doctor Cure My Ills?

Can the Doctor Cure My Ills?

I installed SD5 with AV on a clean system and let it get all available updates. Then I threw nineteen malware samples at it, including adware, spyware, Trojan horses, and rogue antispyware products. Impressively, it wiped out fifteen of the malware installers the moment I clicked on them, completely preventing any whiff of installation. The other four managed to launch, but SD5 didn't let them finish installing their malicious payloads. Wow! That's better than SD4 did, and in fact better than any other product tested with this same collection. However, it didn't hold up against my commercial keylogger samples. Where SD4 detected all eight samples and prevented installation of all but one, SD5 detected only seven and didn't completely block one of those. That's not a huge difference, but I expected as good or better performance.

Because SD5 blocked so very many of the spyware samples by whacking their installers on sight, I challenged it with a set of twenty modified samples. In each case I renamed the file and changed a few nonexecutable bytes using a byte-level editor. Here's where the OnGuard modules seemed to be asleep at the switch. SD5 still blocked eight of the modified samples from installing, but completely missed six others, including a rather nasty Trojan. As for the remaining six, it popped up warning after warning about this or that malicious behavior but didn't actually manage to keep the malware from installing. In a similar test with modified samples, NIS 2007 and Spy Sweeper 5.2 both did much better.

As usual, I tested SD5's ability to clean up existing problems by installing it on eight malware-infested systems and running its full scan, including the optional rootkit scan. One system put on a veritable fireworks display during SD5's installation, popping up dozens of messages about errors in different areas. The installation finally completed, but the program itself crashed every time I launched it. Fortunately, rebooting in Safe Mode and running a scan there solved that problem—good save!

The full scans were taking well over an hour per system, so after a few of those I switched to Intelli-Scan. This more focused scan finished in about 15 minutes and detected all of the preinstalled malware. However, several of the threats required a full scan for complete removal, so I didn't really save time. That doesn't worry me; if my antispyware reported that it detected a serious problem I would definitely scan again with every possible detection method turned on.

In the end, SD5 detected every single one of the nineteen spyware samples and successfully removed all but two. It left behind significant executable files for those other two, though they may not have been able to function at their full nasty efficiency. That's pretty good, but in an equivalent test SD4 successfully removed all but one—a different one! Here's more evidence that this really is a brand-new product. Like its predecessor, SD5 detected seven of the eight commercial keyloggers. But whereas SD4 fully removed the seven it recognized, SD5 left one crippled but running and left the rootkit portion of another still hiding.

I ran into some other oddities while testing. I have a simple text file listing my malware samples by name along with their associated files and Registry keys. SD5's full scan insisted that this file was actually a part of the SurfSideKick malware and kept deleting it. PC Tools technicians verified that this behavior is caused by some of the new heuristic detection methods. I didn't hit any other false positives, but this one left me wary. I mean, it's just a text file! On several systems the main Spyware Doctor screen got stuck in a "checking status" mode at start-up and didn't recover for 5 minutes or more. The experts at PC Tools know why this happened and they say it'll be fixed very shortly.

I like the way all of the OnGuard modules now report their actions in a single History list. I like the fact that Smart Update works without any user intervention. The list of quarantined malware items is now much more informative than in the past, offering as much detail as the scan results page and more. There's a lot to like in this update. The problem is, as many users in the Spyware Doctor forums are commenting, it seems the company released it before it was entirely ready. For blocking and removal of spyware it's slightly better than SD4, but it's not as strong against commercial keyloggers. And my tests with modified malware installers suggest it may not do as well against new and unknown threats. Spyware Doctor 5.0 is still a good choice if you're currently without protection (shame on you!), but if you're using 4.0 you may want to wait for 5.1 before you upgrade. If you don't have any protection at all (shame on you!) and you can't wait for version 5.1, you ought to check out Spy Sweeper 5.2 with AntiVirus.

Wednesday, March 21, 2007

Stop Viruses for Free

Avira AntiVir PersonalEdition Classic 7

I am not going to hide myself from the truth, but plainly admit it: Avira AntiVir is my favorite, but that doesn't mean it's the best one here. After all, everything is a matter of personal taste...and despite the large number of computer magazines and sites, there's no 100% fair test; basically, that's the reason I won't have a winner today.

Before getting to know Avira AntiVirus, I used to close my antivirus each time I needed my computer to work as fast as it could, but now things have changed. There's not much to say about this program, but there are three things that should be mentioned for each one here today - interface, features and limitations, because each of these antiviruses has a commercial version too.

AntiVir has a nice tabbed interface that contains six tabs, each one being dedicated to a certain task. These areas are Status, Scanner, Guard, Quarantine, Scheduler and Reports. The Configuration screen has two possible layouts, the basic default one and an Expert mode that allows you to play with the advanced program options.

This antivirus is very easy to use and it won't tie a cannonball to your computer's foot when real time monitoring is enabled. The PersonalEdition Classic doesn't have the MailGuard module that can protect you from malitious emails and each day a window that suggests purchasing the Premium edition opens. Even more, the Premium edition gives you access to an exclusive updates server, being also able to detect adware and spyware, besides viruses. Anyway, the free version is a good choice, and I advise you to give it a try!

Avast! Home Edition 4.7

My last client today is Avast! Home Edition, this one being slightly different from its companions. The differences can be found only using each one of them to face your computer's hardware, software and your personal preferences, but I can only hope that I am helpful enough to give you at least a first glance on these programs.

Perhaps the greatest difference between Avast AntiVirus and most antiviruses around is its interface. While most antiviruses look good or very good, in the best cases, this one is a true eye candy. Avast! Home Edition has a skinnable interface, but you'll probably wonder as much as I did what's the catch with the "Enhanced User Interface"...and unfortunately there's only one way to find out the answer: buy the commercial version. Anyway, what we have here is good enough to get us started, so let's dig in deeper, using the szc-kde interface.

On the features side, this program also comes with useful and special tools that we didn't see here today, like the Network Shield that can protect you from worms attacks, and the Web Shield, designed to keep away any evil lurking in Web pages from your computer. At last, we have protection from threats hidden inside email messages, to offer complete protection.

This is only the top of the Avast! pyramid, and I can guarantee you it's a pleasure to visit it. I don't know about you, but I won't get to Egypt anytime soon, so Avast! Home Edition can be an excellent way to entertain yourselves while staying safe. Enjoy it!

Norton Antivirus 2007

Discussion about the new Norton Antivirus 2007 software. Is the 2007 version an improvement over previous versions? Has Symantec finally fixed lingering problems such as its unfavourable notoriety of being a resource hog? Read on!

The Norton brand is probably the most synonymous brand when it comes to virus protection software. Norton Antivirus has been in existence since 1990, and since then a growing number of people have come to rely on the Norton name to protect their computers from virus attacks. In fact, Norton Antivirus is considered the most widely used antivirus software in the world today. Over the years, Norton Antivirus has constantly underwent upgrades as a means of trying to improve on its ability to detect a growing number of viruses that are being spread. Additionally, each generation of the software incorporates several new features and services as a way of making it more effective in its task of detecting and eliminating (or quarantining) viruses as well as turning it into a more robust application. For example, in recent years, Norton Antivirus has begun to incorporate the detection not only of viruses but also of Trojan horses, spyware and worms as a direct response to the growing proliferation of these potentially harmful pieces of malware. With the release of Norton Antivirus 2007, users should expect to see another set of new features that will help it remain the top of its class when it comes to virus protection. One of the biggest changes in the 2007 version over the previous 2006 version is the decision of the Norton Antivirus team to rewrite much of the code for the application. The result of this overhaul is a faster and lighter version of the antivirus software. Rewriting the code also meant that the interface was streamlined as well. Unlike the previous version, where each task appeared in a separate desktop window, the 2007 version wisely uses tabs inside just one window, which makes it much easier to manage. Under the hood, Norton Antivirus also benefited from the code rewrite. For instance, the virus scan and the spyware scan now run simultaneously, which drastically cuts down on scanning time. Norton Antivirus 2007 also incorporates many of the functions of Norton Personal Firewall, which means the application can now also double as a “light” firewall. Another very important feature of the new version of Norton Antivirus is the incorporation of enterprise level anti rootkit functions. This powerful level of protection against rootkits is well worth the price of the software especially with the growing prevalence of rootkit based attacks on computers. Overall Norton Antivirus 2007 is still arguably the best antivirus protection one can get, and the new version was definitely worth the wait unlike previous versions which disappointed.

AntiVirus Protection Advice to Internet Users

Virus has been a great threat to internet users. Protecting yourself from this destructive program is a basic necessity for internet users even if you are just checking your e-mail.

You cannot avoid viruses because sooner or later you will have one. What's important is that have the knowledge about viruses and how to use Anti Virus protection.

You can take precautionary measures to protect your computer. Also, you will know what to do if your computer got infected with a virus. Allow me to give you some advice about having Anti Virus Protection.

Educate yourself about Viruses.

Having basic knowledge about viruses would help you in easily solving the problems brought about by a virus. This way you know the ways you can get a virus, signs of having a virus, different types of viruses, what it does to your computer and how it can damage your files.

Be careful when online.

They say that prevention is better than cure. Although, the chances of getting a virus is very high, it is still suggested that you are careful when surfing websites, downloading files from email or web and installing programs.

Some programs may look very attractive but they can be dangerous to your computer. Taking precautionary measures will result into minimal chances of your computer being infected with a Virus.

Make a smart decision.

There are Anti Virus softwares which you can download for free such as AVG, Panda etc. But there are also some which you need to buy before you can use them. Compare their advantages and disadvantages.

You may be getting a free anti virus protection but it does not satisfy your needs. Or you may decide purchasing one but you are on a tight budget.

Think of what you need from an anti virus protection, get information on the prospect software, make a comparison and then decide which one to download or purchase.

Know your Anti Virus Protection.

Once you have installed an Anti Virus program, ensure that you know the basic information regarding the software. Read the manual or user guide as a starter.

Then use the internet to look for other helpful information about the anti virus protection.

Furthermore, you can seek assistance from the Customer Service of the software provider if available.

Regularly Perform Virus Scan.

Depending on your anti virus settings, you can do a quick scan everyday just to ensure that your computer is clean from any viruses. A full scan is not recommended as an everyday online habit specifically if you do a lot of things when online.

A full scan is very slow because it will check all the files on your computer. While a quick scan will just check the important sectors on your computer.

Always update your Anti Virus Protection.

Everyday, a new virus is being introduced. Thus, it is important that your anti virus software is updated so that it can detect and repair the newest virus.

Some anti virus programs have automatic update functionality. This means that every time you have internet connection, your anti virus program will be updated. But if yours does not have that setting, then you may need to run an update regularly.

There is no need to worry too much about viruses because there are just some things you need to know and do to ensure that your computer is safe and secure. Have enough knowledge about viruses and anti virus protection to have a safer online experience.

About the Author

Dave Poon is an accomplished writer who specializes in the latest in Internet Safety. For more information regarding Anti Virus Protection please drop by at
Computers Blogs - Blog Top Sites Directory of Computers/Tech Blogs