Taking care of your system these days seems to be a less complicated task than it used to be a few years back. Now, protection against malware begins the moment you install your operating system. Windows 7 offers some basic security through Windows Defender and also provides a better solution under the shape of Microsoft Security Essentials, which is free of charge and can be installed on systems passing genuine validation. So, going with Windows 7 may be the winning hand after all.
security software is the way out for most users. The reason behind this choice is given by the extended set of options such solutions come with, but also by the myth that paid antivirus comes with better detection and elimination capabilities. Although the engine is the same, there are some differences between the paid and free versions of security software of the same company with regards to the protection components offered.
In other words, the engine components available in the products are what you are paying for. Thus, free apps may have antivirus or anti-spyware capabilities, but a paying customer definitely receives increased protection for the system through a bunch of components (such as email scanner, web shield, behavioral analysis, etc.) not included in the free edition of the product. Moreover, there are currently no freebies with a EULA that extends their use to corporate environment. So, you are bound to run them for personal use only.
To blast the misconception that freeware antivirus is not equally talented at recognizing malware as paid products, we grabbed five antivirus solutions for comparison and threw them in the ring with 16,704 malware samples (trojans, backdoors, exploits, spyware, worms, etc.). The purpose of the test was not to reveal detection differences between the free and paid product from the same company, but compare a free product from one company with a paid product of another.
In the freeware corner, there was Microsoft’s Security Essentials and Avira’s AntiVir Personal (version 9, as the test was conducted before version 10 came out). Paid products included Kaspersky Anti-Virus 2010 and ESET’s NOD 32 at first. The fifth product included has a little of both worlds: avast! Pro Antivirus 5.0 brings script shield and sandbox capabilities to the table on top of the features included in the free version. However, none of the two features were relevant for our experiment, which consisted in simply feeding the malware database to each of them and checking up the amount of threats left behind.
The malware database used during the tests was formed by both new and older threats, collected throughout a period of 2 years (2008 and 2009) and included vicious items like Waledac or Downadup. Prior to the experiment, all products were updated to the latest definitions available on March 1, 2010. A second test was carried out on March 22 in order to notice detection improvements with a new set of signatures.
All products benefited from the same treatment and scanned the database offline. To ease their job and quicken the entire process, we eliminated all archives, giving the threats full exposure. So, it all boiled down to the level of detection and elimination each product could offer.
With signatures updated on 3/1/2010, the first antivirus thrown in the malware cage was Microsoft Security Essentials. We have to mention from the beginning that MSE proved to be by far the most problematic of all tested products. Despite its intuitive interface, scanning and elimination of the threats took much longer than we expected. Scan results, however, were pretty good, as MSE managed to kick out more than 14,000 samples, leaving a total of 2,662 threats available on the test system.
Moving to Avira AntiVir Personal 9, the experience improved exponentially, as the application took a little under one hour and a half (1h23’) to clear 15,707 samples. In this case, there was no need for multiple scans as the application took care of the threats from the first pass. Out of the total amount of threats discovered, AntiVir Personal marked 61 as suspicious and they were automatically locked to quarantine.
Both MSE and Avira AntiVir Personal offer an intuitive interface that does not require any effort to handle. Malware management upon detection can be set to an automatic action of your choice, while scan scheduling is supported by both applications. One inconvenience on Avira AntiVir Personal’s side is the advertising window that pops after certain activities have completed. As for MSE, you cannot escape joining Microsoft Spynet and avoid sending anonymous information to Microsoft’s servers about detections and actions taken.
The first paid product put against the malware load was Kaspersky Anti-Virus 2010. All the options integrated in the application are the clear sign of paid quality. Besides anti-malware protection, this product can also scan incoming and outgoing mail messages for the presence of malicious code, check HTTP traffic, and verify data sent/received through IM programs. Anti-phishing, a component not seen in free security products, is included in Kaspersky Anti-Virus 2010.
Kaspersky Anti-Virus was also faced with our threat database and it did pretty well on the job, which took 3h49'23'' to complete. Although we expected outstanding results, or at least better than in the case of freeware products, there was nothing like that. The set of 16,704 samples was mutilated, leaving behind 1,523 threats.
Just like in the case of Kaspersky, ESET's NOD 32 brings a sturdier collection of options, which includes protection against threats coming through email (POP3 checking), HTTP/HTTPS, not to mention heuristics management. For testing purposes, the application was set up to maximum alert: ThreatSense parameters configured to check out all sorts of files, advanced heuristics enabled and the same goes for Anti-Stealth technology (rootkit detection).
Although we had our hopes up, with NOD 32, things did not get better either when it came to rooting the nasty stuff out of the system. On the contrary, the application managed to chop only 7631 threats in our database.
This sure looks like definite proof of inefficiency in protecting your system, but it is not exactly so because NOD 32 relies quite heavily on behavioral detection, which means that malware content had to be executed for the application to pick it up, which we did for the samples that would initiate the infection procedure immediately. To our surprise, they were promptly detected and eliminated from the damaged system. Unfortunately, because the testing process would have taken too long to complete, we chose to drop NOD 32 from the comparison experiment.
avast! 5 is kind of playing for both teams as the only limitations of the free version compared to the Pro edition are the lack of the script shield, sandbox, firewall and spam protection in the former. Despite the fact that none of these tamper with our experiment, we decided to go with avast! Pro Antivirus instead of the free edition.
With the application updated to the latest files available on March 1, we followed through with the trial. No more than 8 minutes and 13 seconds passed and the avast! lady announced the scan completed, while the Scan window agreed to the statement; we did the test again and this time glued our eyes on the process just to make sure nothing went wrong. With a processing speed of over 9MB of data per second, it couldn't have gone wrong.
The results were pretty encouraging, with a total of 15,305 dormant threats eliminated. That translates into 1,399 malicious items still present on the system. All this in a little over eight minutes.
After the first round of experimenting, the percents recorded were as follows: Avira AntiVir Personal 9 leads with 94% detection and elimination rate, followed by avast! Pro Antivirus with 91.6% and Kaspersky Anti-Virus 2010 with 91%. Falling on the last spot is Microsoft Security Essentials, with 84% detection and elimination rate. It looks like paid products stick close together, while the two freebies are a 10% gap apart.
Running the second test (on March 22) on the set of malware that had not been eliminated the first time made absolutely no change in the statistics. MSE managed to nab another nine samples; Avira reduced the remaining threats by five items, leaving 992 threats behind. Kaspersky had the greatest improvement in the second test because it succeeded in eliminating another 78 items from the test database, thus increasing detection/elimination rate to 91.3%. avast! Pro Antivirus registered the smallest improvement, as it eliminated only three samples after the update.
Conclusion
Judging strictly by the detection/elimination rate on a locally stored malware database, it looks like the freebies are in control. However, paid products, despite less powerful efficiency, provide protection against threats that come your way through various distribution means, such as drive-by downloads, email, scripts, etc.
Additionally, some of them (such as Kaspersky Anti-Virus 2010) feature behavioral detection of threats, which increases its efficiency as it can bust malware not yet signed. In other words, security software developers will integrate extra tools in different versions of the same application to convince you to open your wallet.
Security products under freeware license are not without flaws either. Some of them may come with nagging pop up screens, such as Avira AntiVir Personal’s notifier, or simply do not count in protection modules designed to increase security and improve detection. In the end, choosing between a paid or free of charge antivirus depends entirely on your needs and computer usage knowledge.
The test conducted is just a mere example that freeware antivirus products have what it takes to sit at the same table with paid ones. All the products included in the experiment were chosen based on the popularity statistics on Softpedia.
softpedia
Sabtu, 03 April 2010
Kamis, 01 April 2010
Google Chrome 5.0.360.4/5 Dev with Integrated Adobe Flash Player
The rumors yesterday tuned out to be accurate, Google has just announced a deeper integration of the Adobe Flash Player in Chrome. Specifically, the latest development builds now come bundled with the Flash Player, though the feature is not enabled by default. Google says this path is more convenient for users, who don't have to download and install the plug-in separately, but there aren't that many other benefits at this moment. Google Chrome 5.0.360.4 dev for Windows and Mac and Google Chrome 5.0.360.5 dev for Linux now come with the Flash plug-in pre-installed.
"The traditional browser plug-in model has enabled tremendous innovation on the web, but it also presents challenges for both plug-ins and browsers. The browser plug-in interface is loosely specified, limited in capability and varies across browsers and operating systems," Linus Upson, VP Engineering at Google, wrote.
"That’s why we are working with Adobe, Mozilla and the broader community to help define the next generation browser plug-in API. This new API aims to address the shortcomings of the current browser plug-in model. There is much to do and we’re eager to get started. As a first step, we’ve begun collaborating with Adobe to improve the Flash Player experience in Google Chrome," he announced.
Google Chrome 5.0.360.4/5 dev
Google Chrome 5.0.360.4/5 dev is a very small update focused exclusively on the new plug-in integration. It bundles the latest Adobe Flash Player 10.1.51.95 (10.1 beta 3) and comes with a basic plug-in manager that allows you to see all the installed and active plug-ins. The integrated Flash Player is not enabled by default. You have to launch Chrome with the --enable-internal-flash command line switch to get the integrated plug-in instead of the global one you may already have installed on your system.
The new plug-in manager lists all the plug-ins you have installed, like video players, Java and Adobe Flash, of course. You can disable any of them, for troubleshooting, for example, and also see where they are installed and what MIME types they handle. It is the first iteration of the newly integrated Flash plug-in, so there are still some issues. The plug-in may be enabled even if you decline the license agreement or specifically disable it in the manager. The integrated plug-in is not available for 64-bit Linux users.
Google says that integrating Adobe Flash saves users the hassle of having to download and install it manually, which can be a problem especially on some Linux systems. There is also the added benefit of having the plug-in updated automatically using Google Chrome's existing update system. The Chrome developers will work with Adobe engineers to make Flash play nice with Chrome's sandbox environment, which isolates web pages from each other and from other software or system components that may be running. The sandbox is one of Chrome's most touted features and is a big improvement to browser security and stability.
Next-generation NPAPI
Google says this is just the first step in creating a "next-generation browser plug-in API," which is currently being discussed by Mozilla along with Adobe and "the broader community." Mozilla is proposing an overhaul of the rather ancient NPAPI (Netscape Plugin Application Programming Interface) on which all platform-independent plug-ins are based today. The changes would create a safer and more secure platform and also provide more advanced functionality. The project is at the very early stages.
"The traditional browser plug-in model has enabled tremendous innovation on the web, but it also presents challenges for both plug-ins and browsers. The browser plug-in interface is loosely specified, limited in capability and varies across browsers and operating systems," Linus Upson, VP Engineering at Google, wrote.
"That’s why we are working with Adobe, Mozilla and the broader community to help define the next generation browser plug-in API. This new API aims to address the shortcomings of the current browser plug-in model. There is much to do and we’re eager to get started. As a first step, we’ve begun collaborating with Adobe to improve the Flash Player experience in Google Chrome," he announced.
Google Chrome 5.0.360.4/5 dev
Google Chrome 5.0.360.4/5 dev is a very small update focused exclusively on the new plug-in integration. It bundles the latest Adobe Flash Player 10.1.51.95 (10.1 beta 3) and comes with a basic plug-in manager that allows you to see all the installed and active plug-ins. The integrated Flash Player is not enabled by default. You have to launch Chrome with the --enable-internal-flash command line switch to get the integrated plug-in instead of the global one you may already have installed on your system.
The new plug-in manager lists all the plug-ins you have installed, like video players, Java and Adobe Flash, of course. You can disable any of them, for troubleshooting, for example, and also see where they are installed and what MIME types they handle. It is the first iteration of the newly integrated Flash plug-in, so there are still some issues. The plug-in may be enabled even if you decline the license agreement or specifically disable it in the manager. The integrated plug-in is not available for 64-bit Linux users.
Google says that integrating Adobe Flash saves users the hassle of having to download and install it manually, which can be a problem especially on some Linux systems. There is also the added benefit of having the plug-in updated automatically using Google Chrome's existing update system. The Chrome developers will work with Adobe engineers to make Flash play nice with Chrome's sandbox environment, which isolates web pages from each other and from other software or system components that may be running. The sandbox is one of Chrome's most touted features and is a big improvement to browser security and stability.
Next-generation NPAPI
Google says this is just the first step in creating a "next-generation browser plug-in API," which is currently being discussed by Mozilla along with Adobe and "the broader community." Mozilla is proposing an overhaul of the rather ancient NPAPI (Netscape Plugin Application Programming Interface) on which all platform-independent plug-ins are based today. The changes would create a safer and more secure platform and also provide more advanced functionality. The project is at the very early stages.
Langganan:
Postingan (Atom)