Bake-Off: Desktop Security Suites

Norton Internet Security 2009 (Beta)
Symantec submitted the only beta product in this review, the Norton Internet Security 2009. The company said during a briefing that the product was more or less in its final state to fit within the parameters outlined for this roundup. Care was taken to ensure the security tests were conducted with the latest definitions database applied.

The new Norton is broken out in three areas: computer, Internet and identity. The computer panel shows the settings for antivirus, antispyware and advanced protection. The Internet panel has smart firewall, intrusion prevention and e-mail scanning. The identity panel has Identity Safe and antiphishing. A little widget on the left side of the screen shows total CPU usage and how much Norton is using. The application never exceeded 5 percent, even during the full system scan.

Installation was done in 40 seconds and was entirely painless. There was no need to reboot the system after installation, so reviewers began the scan of the clean system immediately. About 15 minutes in, the application returned an error and had to close. It made an attempt to connect with Norton's support Web site to explain what the error was. Reviewers just rebooted the system and restarted the scan; it completed successfully 45 minutes later.

The features are fairly standard and easy to configure. The language is simple to understand. Every time an application tried to access the network, the application logged it but did not display the pop-up boxes, which were limited to infections or things that actually required user intervention. During security testing, a virus tried to access the registry; Norton quietly blocked and removed it but didn't issue an alert. Although it was not very successful at preventing malware from entering the system, the application partially redeemed itself by cleaning up the system.

Kaspersky Internet Security 2009
The Kaspersky Internet Security 2009 features an updated antimalware engine that reportedly scans the system faster than previous versions. The software scans for malware in a variety of ways, including traditional blacklist and whitelist methods, to analyze unknown code to identify whether it can cause harm. The system pops up little messages in the corner of the screen with alerts, but for the most part works quietly without needing much user intervention.

The Kaspersky Security Analyzer, based on vulnerability intelligence technology from Denmark-based Secunia, scans for vulnerabilities, which can take the form of unpatched applications or commonly used configurations that are security risks. The analyzer points users to a Web site with detailed information on how to fix the vulnerability. Kaspersky 2009 also offers firewall rules, application monitoring and antiphishing virtual keyboard to thwart keyloggers and parental controls.

Kaspersky 2009 uses a color-coded banner at the top of the application to alert users when action must be taken. The first time, since the definition databases were out-of-date, the banner was red; once the update was performed, the banner went back to normal. Later on, when the analyzer found vulnerabilities, the banner turned yellow to indicate there were noncritical actions waiting to be performed. The initial full-system scan on a clean system took an hour and 12 minutes, but the two subsequent scans (that found malware) were much faster, clocking in at 12 minutes, 12 seconds and 45 minutes.

On the test, Kaspersky 2009 successfully prevented only one Trojan (JS Agent) from downloading by diverting the browser to its own page with a red banner, warning the user of the attempt, the name of the threat and the URL of the site. This is also logged by the system. It was unable to detect scripts running or other Trojans being downloaded. After scanning to try to remove the malware that had been downloaded, the suite did not find them at all, which was worrisome. The suite was disabled manually and the initially blocked Trojan was downloaded intentionally. The third scan detected and successfully removed that Trojan but did not find the others.

The reporting interface was comprehensive, with the ability to compare multiple scan reports at once with detailed descriptions of the location of the vulnerabilities, threats and adware. The reports sometimes seemed a little hard to read, and the ability to detect malware being downloaded from rogue Internet sites did not exactly inspire confidence.

Next: Trend Micro Internet Security v.16.10.1079