Deep Six your spam problems Unique, next generation technology: Affordable, easy to deploy, simple to maintain. Patent-pending technology rejects junk Email before messages can be sent. Read "Connection Scoring beats Content Filtering" at WindowsSecrets.com. U.S. sales only. www.tyrnstone.com

Speed up your computer Run our free Optimize scan to find out how to fine-tune Internet and System settings. Identify clutter from your registry and hard drive. PC Pitstop Optimize can make your computer faster and more stable. www.pcpitstop.com

Backup your data with ZipBackup Finally, a backup program that is easy to use. ZipBackup's Wizard makes backups a snap for beginners. Filtering, scheduling and disk spanning make it a powerful tool for experts. For a limited time, Windows Secrets readers receive 25% off. www.zipbackup.com

See your ad here

• "AV-Test.org found that Panda TruPrevent will block up to 90 percent of network and e-mail worms and that Zone Labs' OSFirewall will stop up to 70 percent of network and e-mail worms."
  

Panda TruPrevent and Zone Labs OSFirewall are terms for behavior-based protection. But there's nothing in PC World's ratings about the relatively high success rate of this new technique.

Behavior blocking isn't a panacea. But when combined with traditional signature scanning it's a major enhancement. It should hardly be ignored. (Behavior-based protection should not be confused with heuristics, a technique that looks for suspicious patterns in executable code. See TechTarget's Apr. 12 article on antivirus trends.)

I arranged an interview with Andreas Marx (photo, right), co-manager of AV-Test.org. I was one of the first American journalists to write about this university-based antivirus research group in my Executive Tech column back on Feb. 23, 2004. At that time, the lab's ratings of antivirus programs were being used by German publications, but its work wasn't yet widely reported by U.S. magazines.

Explaining the value of behavior blocking to stop new malware variations, Marx told me by telephone:

• "We're seeing at least 200 to 300 new variants a day. The malware writers are using optimizations ... They're not only doing the modifications, they're also creating several variants. This can't be detected any more by virus scanners without antivirus [signature] updates. ...
  
  "Only ZoneAlarm and Panda have behavior-based solutions that block malware by its bad behavior. That kind of advanced protection is not just relying on traditional signature-based solutions but also mechanisms to protect the user against unknown malware as well.
  
  "Most of the other companies — like Symantec, McAfee, F-Secure, Trend Micro — they will include such behavior-based solutions in their software as well in two to three months, as soon as the new 2007 editions come out."

• "We agree that behavior-based protection is becoming increasingly instrumental in fighting zero-day threats, for which no signature-based patch is yet available. Eventually PC World security reviews will thoroughly test a product's behavior-based protection. During the testing period for this particular story, however, we were not able to test behavior-based protection in a manner that was fair, defensible, and repeatable during our testing window for the story, which was well before the July 2006 publication date. Rather than conduct unsatisfactory tests, we chose to focus on features included in all programs.
  
  "We make clear in the story that behavior-based protection was not included in our testing and that it could have an impact on overall results. Later in the process we were able to get some top-level statistics on Panda's TruPrevent and Zone Labs OS Firewall, two behavior-based technologies. We included that information in the story."

• "Zone Labs' firewall was again 100 percent successful, passing all 17 leak tests, with Microsoft's in second place, passing 7 tests. The other products earned very low scores, and Panda's passed none of the leak tests. ... [Panda] says that it doesn't optimize its software for leak tests, instead relying on its TruProtect behavior-based technology to decide whether a piece of code is malicious."
  

This paragraph indicates that all of the products (except for one) failed more than 50% of the tests. So just how bad are those "very low scores"?

Table 1, below, shows the percentage of leak tests that each security suite passed, according to raw data sent to me by AV-Test. Most of the products passed only one or two of the 17 tests. Aside from the single paragraph cited above, none of this was mentioned in PC World.


Table 1. Percentage of 17 leak tests passed by security
software. Higher numbers are better. Source: AV-Test.org

PC World's editors say:

• "Our evaluation of security suite firewalls included seven tests for blocking malware already on the system (inside attacks) and four tests for blocking malware outside the system (outside attacks). Leak tests represented one of the seven inside attack tests. While we felt it was worthwhile to include leak test results as a portion of our overall rating, we chose not to weight it heavily or to report on these tests in detail. Leak tests are standardized, publicly available tests for which companies can optimize their firewalls. We believe that AV-Test.org's other inside attack tests were most representative of a product's ability to fight real-world malware."
  

• "PC World's philosophy in testing security suites is to test the strength of individual components of that suite and then combine the results in an overall PCW Rating. To run some of these component tests, it is sometimes necessary to disable a product's malware detection capabilities in order to get the malware samples onto the test PC. In some cases, this involves altering default settings.
  
  "However, this approach tests several scenarios that exist in real world, including situations in which the malware is already on a PC before the software is installed and ones in which a user has, for whatever reason, turned off detection features. In either of these scenarios, a user may need to use one component of a security suite to get rid a PC of malware even if another component of the suite might have been able to detect it."
  

• "Security suites are integrated products with many features, like virus scanning and personal firewall protection. For example, in case of ZoneAlarm, the firewall was top-class, but the virus detection was rather poor, so they lost some points here. Even then, the ranking was still 'Good,' as it's a good product, so the rating is perfectly fine. (Maybe it should even be mentioned that ZoneAlarm confirmed the problems we have seen in their antivirus product. We have also supplied the missed viruses, worms and bots to them, so they can add detection for them with the new few updates — and they did! So we were even helping improving their product, as well as all others.)
  
  "1. Again, the behaviour-based features of all 10 products were reviewed, but only two of them actually included something we could test. Almost all 2007 products will include behaviour-based warnings, so we can review it in more detail than now.
  
  "2. Leak tests: The prevention of firewall leaks is just one of many different tests we have performed. We attacked the firewall against a set of inside and outside attacks, against real malware. Leak tests are (as the name is saying) special test programs which are not reflecting the real-world protection in a proper way. As I said, the protection against real-world threats is much more important and this was included in the ranking with much higher weights, as the user wants to be protected against keyloggers, backdoors and bots/zombies (real-world malware!) and not necessarily against leak tests. Leak tests are harmless, but malware is not harmless.
  
  "3. We tested both the on-demand scanner protection and the protection by the real-time/on-access virus guard. In order to check the guard, we need to access malware in some way (e.g. by copying files or double-clicking on it) and see if it's blocked or not blocked. This test was included in this review — and some products performed not so well here, but this is included in detail at the Web page. In addition to this, we have also tested the on-demand scanner as a separate feature. In order to test the on-demand scanner, you need to switch off the real-time protection mechanisms, as you want to test the scanner, not the guard. So the test was simply split into two parts which have to be tested separately and independently from each other."
  

Contents Index

	1. Hardware firewall. For small-office networking, the most affordable secure firewall is the Linksys Wireless-G WRT54GL router (left, about $70 USD street), which offers 802.11g Wi-Fi and also includes four wired Ethernet ports. To cover more than a few adjacent rooms, consider the Linksys WRT54GX ($160), which doubles the usual "g" range. Be sure to enable WPA or WPA2, either of which provide strong Wi-Fi security. The WRT54GL (previously named WRT54G) and the WRT54GX are PC Magazine Editors' Choice winners.
	2. Security suite. ZoneAlarm Internet Security Suite (left, $60 street) has long been rated as the best all-in-one software firewall, antivirus program, and antispam filter — now with antispyware scanning and Windows OS kernel protection. It has Editors' Choice awards from PC Magazine and CNET as well as being rated "the best all-around protection" by Consumer Reports Magazine. (Turn off ZA's real-time spyware protection so this can be handled by your antispyware program, shown below.)
	3. Antispyware program. For individual PC users, the most effective remover of spyware is Webroot Spy Sweeper 4.5 (left, under $35 per year), according to comparative tests published by PC Magazine. The previous version, 4.0, was also top-rated in tests by PC World. (Note: PC Mag has also given an Editors' Choice to Encore PC Tools Spyware Doctor 3.2.) For businesses that are looking for a centrally managed solution for 10 or more seats, Webroot's Spy Sweeper Enterprise ($240 per year for 10 users) has won the latest comparative review by Windows IT Pro and was rated a Best Buy by SC Magazine.
	4. Update management. Windows Update and Microsoft Update are no longer recommended. To protect against questionable Microsoft downloads, knowledgeable users should configure Automatic Updates to Notify me but don't automatically download or install. Then read our free and paid newsletters to learn which patches not to select. Home users and small-business networks should deploy critical patches using Shavlik's NetChk Protect (free with registration for one year for up to 10 PCs). The technology has won top honors from Redmond Magazine and SC Magazine. The product is complex, so be sure to read our tutorial and workarounds. For larger businesses, GFI LANguard Network Security Scanner ($495 for 32 machines) is top-rated by WindowSecurity.com and MCSE World. —————— For non-U.S. sources of information on a product reviewed above, enter the model name into a search box at one of the following links: Canada / U.K. / Elsewhere The Security Baseline section appears in every issue. It summarizes the top ratings of trusted reviewers in four categories of products that every PC needs for protection against threats.

Contents  Index

Contents  Index

Contents  Index

The Popularity Dialer rings you up Ever want to get out of a dull meeting? Ditch a blind date? Or just make people think you're so popular that your cell phone is constantly ringing? You can do all these things using the free Popularity Dialer. Simply select one of five different voices, enter your phone number, and specify when you'd like to receive the call. At the appointed time, your "boss" calls you with an urgent request — or whatever conversation you elected to receive. The service has been in development for months but (because blogs have recently discovered it) it's just begun to get, well, popular. So its creators, Jenny Chowdhury and Cory Forsyth, are having a little trouble scheduling all the calls that people request to happen at the same minute. There's a button to make a donation so the service can get more bandwidth, if you're so inclined. More info

Contents  Index

Contents  Index

• Visit our Unsubscribe page.
  

Contents  Index

Get the latest on Windows.

Enter your e-mail address to receive the free Windows Secrets Newsletter twice a month.

 
For instance: jan@example.com