SOFTWARE cafe

Flock 2.0 beta 2

2008-08-29T08:55:00.000-07:00

Flock, the social Web browser built using Mozilla's implementation of XUL, is based on one principle: More of what you want the Web for, connecting with people and services, should be built into and aggregated by the browser. I used Flock 2.0 beta 2 for several days and found a lot to like and a few shortcomings. Overall, however, Flock achieves its goal. The changes in Flock 2 from the previous version don't seem to me sufficiently major to merit a full version-number bump, though perhaps moving to the underlying Firefox 3 foundation justifies it, bringing all the goodness from that new release, including its lauded Awesome Bar.

As with Firefox, Flock has installers for Linux, Mac OS, and Windows. Installation is routine, but paranoid users should beware: The "Allow gathering of anonymous usage statistics" check box is selected by default. The option that makes the app your default browser is also checked. On the other hand, the installer does ask before importing bookmarks and settings from your existing Firefox or Internet Explorer setup.

Flock's interface is a bit more fun than Firefox's or Internet Explorer's, and tabs are somewhat clearer than those in Firefox. A My World button loads a Web page combining all your Feed, Friend, and Media activity. Flock's side panel lets you view and interact with Friends from your social networks, and there's a Media bar for viewing image and video feeds. A built-in Blog Editor, Web clipboard, and Photo Uploader also set Flock apart from other browsers.

Several small buttons right next to the address bar let you interact with the page you're visiting. The most unique and useful are just to the left of the address bar, signaling pages with media streams, feeds, and search. The buttons make it easy to incorporate the page's content and services right into the browser. To the right of the address, two options—the first for Digg and the second for e-mail—make it easy to share the current page with others

FireFox 3

2008-08-29T08:44:00.000-07:00

Three years in development, over 15,000 bug fixes and feature improvements, a new page rendering engine, remarkable performance gains, multiple OS integration—you could say the several hundred engineers working on Firefox have been busy. And their work has paid off. Speedy performance, thrifty memory usage, and, in particular, the address bar that now predicts where you want to go when you start typing (what Mozilla insiders refer to as the Awesome Bar) firmly plant Firefox at the top of the Web browser hill, flying the flag of our Editors' Choice for browsers.

When you install Firefox 3, you don't have to worry about losing anything from Firefox 2—history, bookmarks, start page, search engine preference, and even downloads performed in the earlier browser version—all will be there to greet you like old friends. The installer for Firefox 3 is available in 46 languages, from Afrikaans to Ukrainian. The US English version weighs in at a 7.1MB for Windows, 17 for Mac OS X, and 8.6 for Linux. Installation is as painless as it gets—it took me about 20 seconds on a far-from-new XP system.

Firefox 3 looks barely different than its predecessor, but it's undergone a minor face-lift—in particular, the Forward and Back buttons, in combination, look like a sideways keyhole. The browser buttons and window frames have also been redesigned to conform with the look of whichever OS you're running—Windows XP, Vista, Macintosh, or Linux.

Comodo Firewall Pro 3.0

2008-08-09T01:07:00.000-07:00

The Comodo Firewall Pro 3.0 (CFP) it’s not a free software for noncommercial use—it's free to all, period. According to Comodo CEO Melih Abdulhayoglu, it will remain free indefinitely. A well-thought-out set of protection levels lets it conform to the needs of any user, from novice to über-geek.

This new version has a refined-looking user interface without the separate Comodo Launch Pad used by version 2.0: Future add-ins will plug directly into CFP. Its main screen shows overall system status, much as many security suites do. It also includes Comodo news, a tip of the day, and links to configure program features. Most suites display a red warning if you turn off a significant security element, but CFP figures that if you turned it off you must have meant it. CFP shows a red X only if there's something actively wrong with the configuration, in which case it offers a link to a built-in diagnostic that could fix the problem.

Comodo's press materials mention a significant reduction in memory footprint despite the new features. I happened to have an installation of version 2.0 handy, so I took a quick look using Task Manager. Indeed, version 2.0 tied up over 22MB of memory, while version 3.0 used less than 7MB it’s Reduced by two thirds

NEXT --- Flexible Features of Comodo Firewall Pro 3.0

Flexible Features of Comodo Firewall Pro 3.0

2008-08-09T00:54:00.000-07:00

Comodo Firewall Pro 3.0 give the choice of protection levels starts during installation. If you choose Basic, you get a simple personal firewall that protects against attack from outside and controls which programs can access the Internet, much like ZoneAlarm's free firewall. Choosing Advanced turns on the Defense+ feature, which monitors and protects many other critical system resources. Defense+ is similar to the OSFirewall feature found in ZoneAlarm Internet Security Suite 7. Of course, turning on Defense+ means you'll get a lot more queries and notifications from the program.

And Another choice during installation tells the firewall to cut down on pop-up queries by automatically approving any program found in comodo's database of almost a million safe programs. Only a confirmed masochist would turn down that offer. By default, the firewall blocks all unsolicited incoming connections. The installer warns that this will interfere with file-sharing programs, Remote Desktop, and any other applications that require your system to act as a server. If you're a Kazaa fiend, just choose to allow (and monitor) incoming connections.

In another move aimed at reducing unnecessary pop-ups, Defense+ starts off in Clean PC mode, assuming that all programs already on the hard disk are safe. As you use the computer, CFP automatically learns what those programs do and creates rules specifically to allow their actions. That way they'll be allowed to do their jobs even if you later choose a stricter security level. Programs not already present on the hard disk (downloads, programs on removable media, applications launched across the network, and so on) are subject to Defense+'s full scrutiny.

The network firewall module offers a similar set of security levels. In the default Train with Safe Mode, the network firewall allows outbound access for known safe programs and queries the user when an unknown program attempts access. Like Defense+, the firewall has a training mode in which it automatically makes rules to allow all connection activity it observes. If you raise the security level to Custom Policy mode, the network firewall permits only the network activity that's explicitly allowed and won't automatically create any rules. For most users, the default Train with Safe Mode is appropriate.

NEXT --- Safe from Hacker Attack.
PREVIOUS --- Comodo Firewall Pro 3.0

Safe from Hacker Attack

2008-08-09T00:48:00.001-07:00

Someone subjected the firewall to his usual barrage of Web-based tests, including port scans and a variety of other sneak attacks. As expected (based on Comodo's past performance), CFP passed with flying colors. All ports were stealthed, making the computer invisible to hackers. Every personal firewall needs to pass this test, since the built-in Windows Firewall can stealth ports.

If you also unleashed your inner hacker, attacking the firewall using methods available to malicious software. If the bad guys can turn off your protection, it's no protection at all. Many people couldn't disable it by changing Registry settings or configuration files. Terminating it using Task Manager failed: I killed off the visible user interface, but the firewall protection remained active. Disabling the Comodo Firewall Helper Service got the product's attention: The status indicator on the main page turned red. But the actual firewall protection is provided by a kernel-mode driver that was completely unaffected. My wacky attempt to turn off protection using simulated mouse clicks did succeed, but just barely. Setting the firewall to Disabled using fake clicks required pixel-perfect accuracy—there's no way a malicious program could automate the process. CFP is fully armor-plated against attacks by the bad guys.

When an unknown program attempts Internet access, CFP displays a standard confirmation pop-up asking you what to do. In addition to the usual allow and block options, though, it also lets you choose from one of several predefined policies: Web Browser, Email Client, FTP Client, Trusted Application, Blocked Application, and Outgoing Only. Choosing one of these when appropriate can head off queries about other types of access. The über-geek user can even build new predefined policies. Of course, if you stick with programs well known enough to be on Comodo's safe list, you won't see these pop-ups at all.

NEXT --- Double-Plus Defense with Comodo Firewall Pro 3.0
PREVIOUS --- Flexible Features of Comodo Firewall Pro 3.0

Double-Plus Defense with Comodo Firewall Pro 3.0

2008-08-09T00:41:00.000-07:00

I still believe that identifying malicious software by comprehensive analysis of all behaviors is a better solution than just watching for isolated actions. When I tested ThreatFire 3 and Norton Anti-Bot, they did a great job of blocking real-world malware using this type of holistic analysis. And because they look at the program as a whole, they don't flag valid programs that happen to use some of the same techniques. But Comodo Firewall Pro's implementation of single-action behavior blocking is among the best I've seen, especially the option to switch into Installation mode.

Malware writers use a variety of techniques to evade simple program control. Most of these involve either pretending to be a trusted application or getting a trusted application to do their dirty work. And virtually every such technique is covered by Defense+'s monitoring. When I tried running a dozen "leak test" programs that demonstrated these techniques, Comodo Firewall Pro blocked them all. Every single leak test triggered an orange alert reporting that iexplore.exe was launching an unknown program and asking whether to proceed. Since this warning would appear for absolutely any program not on the safe list, I always allowed it. And every time a leak test program tried to create a file or folder, it caused a red or orange alert. Here, too, I chose to allow the action. I blocked only those that actually sounded suspicious, like modifying a protected Registry key or trying to access iexplore.exe in memory.

To see how Comodo Firewall Pro handles innocuous but unknown programs, I installed a dozen PC Magazine utilities, selecting ones that hook deeply into Windows to accomplish their work. They generated quite a few Defense+ pop-ups; I recorded these in a list but allowed all of the reported actions. The results were somewhat surprising. Not counting repeats of the same type of warning (for example, multiple file creation alerts), the leak test programs averaged four alerts apiece, the majority of them orange.

While Comodo Firewall Pro's firewall module takes care of all the basic firewall tasks, Defense+ adds proactive prevention of behaviors that might indicate malware. It monitors a wide variety of system activities, such as interprocess memory access, installation of device drivers, and establishment of global Windows hooks. It watches for changes to specific sensitive files, Registry keys, and COM interfaces. And it detects programs that circumvent Windows for direct access physical memory, the screen, the keyboard, or disk drives. That's a lot to track! It doesn't need to monitor programs that are on the safe list, which takes some of the load off.

NEXT --- Advanced Settings of Comodo Firewall Pro 3.0
PREVIOUS ---Safe from Hacker Attack

Advanced Settings of Comodo Firewall Pro 3.

2008-08-09T00:34:00.000-07:00

Comodo Firewall Pro 3.0 is all things to all people. It can act as a simple personal firewall that handles only the basic functions. It can broaden its protection to many critical system areas (with a concomitant rise in the number of pop-up queries). And a super-techie can tweak just about any part of it. Best of all, it's free!

Settings for Defense+ include access to the lists of safe and quarantined files as well as to files pending review. You can add to the list of files, Registry keys, and COM interfaces that Defense+ protects (though you'd better know what you're doing). And you can get an informative list of running processes with the option to terminate any one of them—kind of like a super-powered Task Manager. The novice user can simply use the CFP firewall with or without Defense+ and never touch any settings other than the overall security level. For the confirmed tweaker, though, there are tons of configuration options.

In firewall configuration you can manually add a new trusted or blocked application, adjust the way it stealths ports, and define trusted or blocked networks, among other things. comodo's CEO waxed philosophical about the company's intentions. "We have to protect the Internet," he said, noting that unless every PC is protected, we'll all suffer. He calls the product simply "version 3" because it's more than just a firewall, and notes that prevention should be the first line of defense. In his estimation, comodo is like an insurance company that wants to see you stay healthy, while some security vendors are perhaps more like drug companies in that they profit when you're not healthy.

PREVIOUS --- Double-Plus Defense with Comodo Firewall Pro 3.0

avast! antivirus 4.8 Home Edition

2008-07-30T19:36:00.000-07:00

As always, I rely on the large independent testing labs to certify the efficacy of a product's virus protection. In a test of avast!'s ability to scan and remove viruses on demand, AV-Comparatives rated it Advanced, their highest level. In a separate test of its ability to detect viruses using proactive behavior-based techniques, it earned an Advanced rating, the second-highest level. avast! also gets good marks from Virus Bulletin. It hasn't missed any viruses on Virus Bulletin's tests since 2004, though it failed one VB100% test due to a false positive.

The product installs quickly, though it does require a reboot to finish the installation. I found it to be quite chatty. It speaks the message "Virus database has been updated" when appropriate. When it detects a virus, a siren whoops and a voice warns "Caution—a virus has been detected." You can turn off or replace the sounds if they become a problem. In addition to the expected system tray icon for the product itself, you'll see another for the Virus Recovery Database, or VRDB. This unusual feature takes a census of the files on your system, retaining data about the three most recent versions. If a virus manages to get past avast!'s initial protection, the VRDB can be useful in repairing infected files. By default, it builds the database automatically when the computer is idle, so you don't have to think about it at all.

avast! has certification for virus detection from both West Coast Labs and ICSA labs, but neither one gave it its higher certification for virus removal. Results from AV-Test in Germany were similar. That lab rated it very good (its top rating) at spyware detection, good at malware detection, and merely satisfactory at cleaning up infections. On that test, Norton and McAfee scored the same in those two detection categories but rated very good at cleanup.

The labs seem to agree, then, that avast! is better at detecting malware than at removing it. The $39.95 Professional Edition does include a few additional features. Its users can switch to an advanced user interface that allows more detailed configuration. It offers a command-line scanner and the ability to schedule regular full scans. A script blocker watches for dangerous scripts on Web pages, and its PUSH updates feature goes beyond the free version's automatic update checking. If you're using avast! in a business environment, you must purchase the Professional Edition. But the free Home Edition is 100 percent full-powered where it counts: clearing viruses and spyware off your system and preventing any new infestations.

NEXT --- Testing the New Malware Removal

Testing the New Malware Removal

2008-07-30T19:32:00.000-07:00

Once I launched avast! it began detecting malicious software in memory: I heard its siren and audible warning over and over again. In all but one test system it asked to run a boot-time scan. After the boot-time scan completed and Windows restarted, a couple of the systems requested another boot-time scan because they detected threats still running in memory. What the heck—I allowed it.

But on one system, avast! remained locked in combat with a particular sample, never actually able to remove it or even stop it from running. After four boot-time scans I had to admit that it wasn't going to get any better. I hadn't tested avast! against my malware collection before, because previous versions promised only to remove viruses. For this inaugural test run, I started by installing the app on a number of test systems infested with malware samples, including adware, spyware, worms, Trojan horses, rootkits, and rogue antispyware products. One of my samples tried to interfere with installation of security software, but avast! installed without any trouble. I hadn't tested avast! against my malware collection before, because previous versions promised only to remove viruses. For this inaugural test run, I started by installing the app on a number of test systems infested with malware samples, including adware, spyware, worms, Trojan horses, rootkits, and rogue antispyware products.
avast! antivirus 4.8 Home Edition I frequently see problems with system stability when a security product's installation requires a reboot. If a preinstall scan or real-time scanner deletes part but not all of a seriously entrenched malware program, the system may blue-screen on reboot or simply hang. While avast! does need to reboot to complete its installation, it caused no such problems. It did offer to run a boot-time scan during this initial reboot. To get a clearer view of the program's operation, I declined that offer. I frequently see problems with system stability when a security product's installation requires a reboot. If a preinstall scan or real-time scanner deletes part but not all of a seriously entrenched malware program, the system may blue-screen on reboot or simply hang.
While avast! does need to reboot to complete its installation, it caused no such problems. It did offer to run a boot-time scan during this initial reboot. To get a clearer view of the program's operation, I declined that offer. I frequently see problems with system stability when a security product's installation requires a reboot. If a preinstall scan or real-time scanner deletes part but not all of a seriously entrenched malware program, the system may blue-screen on reboot or simply hang. While avast! does need to reboot to complete its installation, it caused no such problems. It did offer to run a boot-time scan during this initial reboot. To get a clearer view of the program's operation, I declined that offer. Testing the New Malware Removal
NEXT --- Pspyware Psychology
PREVIOUS --- avast! antivirus 4.8 Home Edition

Pspyware Psychology Avas

2008-07-30T19:26:00.000-07:00

A product originally designed to fight spyware and other nonvirus malware will typically work hard to clean up all the traces it can find. Files and Registry traces left behind may not be actively malicious, but they take up space and can gunk up your system. A virus-fighting program, on the other hand, figures that its work is done once it repairs or quarantines the infected executable.

There's a serious difference between virus-type threats and other kinds of malware. In order to propagate, a virus has to fly under the radar, remaining as inconspicuous as possible. Typically the virus hides by infecting an existing executable file; the virus code runs with a minimum of fuss and doesn't keep the infected file from doing its normal job. Spyware programs don't have to be so subtle. They can slop any number of files and Registry keys into your system and just hope you won't notice right away. Trojan horse programs masquerade as useful programs, so they, too, have no reason to hide.

This difference in psychology shows up very clearly when you compare avast!'s cleanup style with that of Spyware Doctor. In most cases, Spyware Doctor cleaned up amazingly well, deleting not only the essential executables, but all (or almost all) of the Registry traces and data files installed by malware as well. Avast!, on the other hand, left behind the vast majority of file and Registry traces even when it successfully quarantined all essential executable files..

PREVIOUS --- Testing the New Malware Removal
Next--- Powerful Resident Protection Avast

Powerful Resident Protection Avast!

2008-07-30T19:19:00.000-07:00

To check the Web shield protection, I attempted to redownload all of my malware samples. Naturally a fair number were no longer available from the original URL, but avast! caught well over half of the still-available ones before the download began. Next, I opened a folder full of sample malware installers in Windows Explorer. Even the minimal file access required to display file details in Windows Explorer was enough to set off the on-access protection—it wiped out over half the samples. When I tried again using unique hand-modified versions of all the samples, it caught exactly the same group, indicating that its detection system wasn't fooled by my tweaking.

For the samples that weren't immediately wiped out, I launched each in turn and noted avast!'s reaction. In most cases avast! did not kill the installer process itself, but it wiped out some or all of the executable files that were installed—I heard a lot of sirens! I gave it full credit if it prevented installation of all executable files associated with a threat and half credit if it tried but missed some executables. On this test it scored a phenomenal 9.6 of 10 points. That beats both WAV's 8.9 points and Spyware Doctor's 8.5. Again, this is a new test set, so we can't compare with older scores.

But avast! is clearly doing a superb job of preventing malware installation. avast!'s Resident Protection module blocks many possible routes that malware could use to sneak into your system. It scans files arriving via e-mail—POP3, IMAP, or Outlook/Exchange. It examines any file received through almost 20 different instant messaging clients and almost 30 different peer-to-peer download programs. Its "Web shield" can abort the download of a malicious file before it even starts. And it examines all programs on access. Clearly it will be tough for a malicious program even to reach your system, and even tougher for it to actually execute.

PREVIOUS --- Pspyware Psychology
Next--- The Features

The Features avast! antivirus 4.8

2008-07-30T19:15:00.001-07:00

Avast! has long been a popular free antivirus. The independent labs give it good marks, though not as good as the very best. Now it also removes spyware—not as well as Spyware Doctor or WAV, but better than most. And it's a seriously tough protector against attacks on a clean system

The avast! user interface is completely separate from the underlying protection engine, which means it's possible to change the UI utterly just by selecting a different skin. You can get dozens of skins from the company's Web site, some designed in-house and some crafted by enthusiastic users. Skins don't have to be rectangular; they don't even need to have straight sides. You'll find skins in all shapes and sizes, including some themed on cultural icons like Star Trek and Spider-Man. This feature has nothing to do with the product's level of protection, of course, but it's fun.
PREVIOUS --- Powerful Resident Protection

AVG Anti-Virus 8.0 Free

2008-07-25T00:30:00.000-07:00

The AVG Anti-Virus 8.0 Free fully integrated antivirus and antispyware scanner checks files on demand, on schedule, and on access. It also scans incoming e-mail messages for threats and can optionally scan outgoing messages as well. Some reviewers have reported—incorrectly—that e-mail scanning works only for the first 30 days. According to AVG's CEO, Karel Obluk: "With the free version, what you see from the very beginning is what you get and will be getting always. There are definitely no expiring functions." The free version updates definitions automatically once per day; more frequent automatic update checks (as often as every 15 minutes) are available in the paid version.

AVG Anti-Virus 8.0 Free Spotting Spyware I've put a whole new set of malware samples into play since I torture-tested the full AVG suite last month. My samples contain a wide variety of malicious programs, including adware, spyware, Trojans, rootkits, polymorphic threats, worms, and rogue antispyware programs. I installed AVG Free on infested virtual machines and challenged it to clean them up.

Something about the malware on the very last system I tested just wouldn't let AVG's installation finish. AVG would get almost to the end and then report an error, asking that I reboot and try again. I did, several times, and even tried to install the program in Safe mode (which, it turns out, is not supported). Nothing I did could make it work.

The antivirus technology is the same as that in the full AVG Security Suite 8. In fact, the antivirus is the strongest part of the suite, which didn't rate well overall. It got the VB100% award in Virus Bulletin's last three tests, and ICSA Labs certifies it for virus detection. West Coast Labs goes further, giving it checkmark certification for both virus detection and cleaning, plus another checkmark for Trojan horse detection. European lab AV-Comparatives bestowed its top rating for on-demand virus removal but didn't rate the product as high on tests of behavior-based detection. AV-Test of Germany rated the utility very good at spyware detection, good at virus detection, and merely satisfactory at cleaning up what it detected.

NEXT--- Security Scanning with AVG 8.0 Free

Security Scanning with AVG 8.0 Free

2008-07-25T00:29:00.000-07:00

A full scan on standard clean test system took 30 minutes when set to Fast priority and closer to 45 at Automatic. The fast mode runs at about the same speed as Webroot AntiVirus with AntiSpyware and Firewall (WAVASF) and noticeably faster than Spyware Doctor with AntiVirus 5.5. By contrast, avast! antivirus 4.8 Home Edition, AVG's main free competitor, scanned the same system in under 10 minutes. Do keep in mind that these figures are intended for relative comparison only. The products will probably work faster on your own system than on the resource-limited virtual machine I use for testing.

The fast mode runs at about the same speed as Webroot AntiVirus with AntiSpyware and Firewall (WAVASF) and noticeably faster than Spyware Doctor with AntiVirus 5.5. By contrast, avast! antivirus 4.8 Home Edition, AVG's main free competitor, scanned the same system in under 10 minutes. Do keep in mind that these figures are intended for relative comparison only. The products will probably work faster on your own system than on the resource-limited virtual machine I use for testing.

That same Resident Shield was quite effective at keeping malware from installing on my clean test system. As soon as I opened a folder containing the samples, the shield started wiping them out. Like avast!, it eliminated just over half the samples on sight. And when I tried AVG Free with hand-modified versions of those shoot-on-sight samples, it still wiped out all but one. I launched each of the samples that survived this initial massacre and noted whether the utility completely prevented installation of any executable files (full credit), tried unsuccessfully to block installation of executable files (half credit), or just plain missed the threat.

PREVIOUS--- AVG Anti-Virus 8.0 Free

NEXT--- AVG's LinkScanner

AVG's LinkScanner

2008-07-25T00:26:00.000-07:00

AVG Anti-Virus 8.0 Free Searching for certain terms, like warez, will always turn up dangerous sites—hosting illegal downloads is itself enough to merit the red flag. But I had to do a lot of searching to come across sites the utility would flag for some other reason—for example, hosting a Trojan disguised as a video codec. I was surprised to find that Search-Shield stopped me from visiting some of the red-flagged sites—according to the help, that feature is turned off. Thompson explained that AVG free maintains a local database of known bad sites and will block those even though it doesn't run a full analysis of every page you visit.

As AVG's exploit expert Roger Thompson pointed out, sites from search results are potentially the most dangerous you visit. They're often sites you've never accessed before, and you never know where clicking a search link will send you. So by specifically scanning links in search results, AVG can offer truly useful protection against malicious Web sites. AVG's LinkScanner technology analyzes the code on a given Web page looking for drive-by downloads, code to exploit browser vulnerabilities, and other threats. Its analysis happens in real time, so if a normally safe site gets hacked, the utility catches the problem immediately. The converse is also true: If a hacked site gets repaired, LinkScanner gives it a green light. LinkScanner's toolbar installs in both Internet Explorer and Firefox. Its Search-Shield feature checks all search results from Google, MSN, and Yahoo! and inserts an icon identifying the site as safe, questionable, risky, or dangerous.The full AVG suite also includes Surf-Shield, which extends this analysis to every site you visit.

PREVIOUS--- Security Scanning with AVG 8.0 Free

Reviews of Norton Internet Security (NIS) 2008

2008-07-22T08:31:00.000-07:00

* Type: Business, Personal, Professional

* OS Compatibility: Windows Vista, Windows XP

* Tech Support: Built into product, including live chat

Norton Internet Security 2008 Organizationally, the main screen is little different from that of NIS 2007, though it has traded its cheerful blue background for a tougher-looking patterned black. You still get an overview of all the security modules and a great big icon that reflects overall status. If it's anything but the green check mark that means fully protected, just click Fix Now to set everything right. Symantec continues to polish and enhance its flagship Norton Internet Security suite.

The 2008 edition adds full-scale password and identity management, and its new BrowserDefender technology offers even stronger defense against Web-based attacks. Borrowing a page from Norton 360's playbook, NIS 2008 now offers a built-in, multilayered help system. For the multicomputer home, it now includes a network map and optional remote monitoring of other NIS 2008 installations. Antispam and parental controls remain second-class citizens, present only if you install the optional Add-On.

NEXT--- Fabulous Firewall NIS 2008

Fabulous Firewall NIS 2008

2008-07-22T08:28:00.000-07:00

I usually run a set of "leak test" utilities to check whether the firewall can handle malware that tries to evade normal program control. In the past, NIS hasn't detected these because they have no malicious payload—which is completely reasonable. This version, however, did block all but two of a dozen samples, identifying them with generic names such as "Trojan Horse," "Hack Tool," and "Downloader." This probably doesn't make users any more secure, but it gives us security testers a warm, fuzzy feeling.

The suite's firewall puts all ports in stealth mode, making them invisible to hackers—that almost goes without saying with modern firewalls. The NIS 2008 firewall blocked all my Web-based tests; in several cases it reported a port-scan attack and blocked the "attacker" for half an hour. As in previous versions of NIS, the latest firewall is armor-plated against attack by malware. I couldn't find any way to disable it programmatically (and believe me, I tried). Panda's firewall was also pretty tough, but it gave way to my last-resort attack using fake mouse clicks—NIS resisted even that attack. And BitDefender Total Security 2008? Well, I showed that a malicious program could turn off that suite's protection by disabling essential services—it needs to get tough, like the other two!

PREVIOUS--- Reviews of Norton Internet Security (NIS) 2008

NEXT--- New Network Map NIS 2008

New Network Map NIS 2008

2008-07-22T08:26:00.000-07:00

A single NIS 2008 purchase includes three licenses for the modern multicomputer home. New in this version, the Network Map identifies all the computers and other devices that it can "see" in the network and flags those that have NIS 2008 installed. By going through a fairly elaborate "discovery" procedure, you can configure the suite to allow the NIS 2008 systems to remotely monitor each other. The only information you get is the main status icon, though. I wish it would offer a little more detail. Whether it's a big problem, such as no firewall active, or a small problem, like Windows Updates not set to automatic, all you see is a simple red X icon. In any case, there's no option to remotely fix the problem.

The network map does have a few other tricks. By default, other computers on your local network are assigned the Default "trust level," which means file and printer sharing is allowed but other network traffic will be limited by the firewall. Change the trust level to Restricted and you block all access to your PC from the specified device. You can also choose Full Trust, which allows all network traffic except for known attacks and infections. However, Symantec advises against using this mode unless the default mode causes connection problems.

NIS 2008 can distinguish wired from wireless networking, and it can tell when your wireless network has encryption enabled. If you're so devil-may-care as to omit encryption, the suite warns you that your network isn't secure. It doesn't, however, report new computers on the network as possible intruders, as Panda Internet Security 2008 does. And on my wired/wireless office network it never did detect that my wireless notebook had joined the network. I do like the network map, but I think it has some growing to do.

PREVIOUS--- Fabulous Firewall NIS 2008

NEXT--- Thorough Malware Cleaning

Thorough Malware Cleaning

2008-07-22T08:20:00.000-07:00

While the 2008 edition hasn't been through independent lab testing yet, Norton AntiVirus 2007 got top marks from all the labs. Both ICSA Labs and West Coast Labs certified it for virus detection and cleaning; West Coast Labs also gave it Checkmark certification for detecting spyware and Trojan horses. And you have to go back to 1999 to find any occasion when a Symantec product did not receive the VB100% award from Virus Bulletin. In addition, a very recent test by AV-Comparatives rated Symantec's technology Advanced, the highest rating.

One of my test systems frequently goes into a blue-screen death spiral when security software does an incomplete cleanup job. NIS 2008 had no trouble with that one. I like the fact that Norton's new suite cleans up high-risk items the moment it finds them, rather than asking the user. It asks your permission only when the item is seriously low-risk. A malware sample on another system tries to protect itself from security software by interfering with the Windows Installer. NIS 2007 installed despite this chicanery, but NIS 2008 hit a wall, which was a bit disappointing. Still, on Symantec's advice I ran a Web-based scan and then booted into Safe Mode to delete the files identified by the scan. After that I was able to install the product and complete the cleanup process.

By default, NIS 2008 runs a preinstall scan during the installation process, and you'll definitely want to accept that default. When I installed it on my infested test systems, the pre-install scan detected and at least partially disabled almost three-quarters of the malware samples, including adware, spyware, Trojans, rootkits, and rogue antispyware programs. After a full scan almost every single one of the samples was gone—NIS 2008 scored 9.3 out of a possible 10 points. In the same test Spy Sweeper and Spyware Doctor scored 9.0 and 9.1, respectively; BitDefender rated 8.6 points

PREVIOUS---New Network Map NIS 2008

NEXT--- The Awful Add-Ons

The Awful Add-Ons

2008-07-22T07:59:00.001-07:00

While the suite as a whole has been streamlined and improved, the optional add-on pack seems to have been gathering dust on a shelf somewhere. I couldn't find any visible change in the antispam, parental control, and privacy control features since .

The antispam module integrates nicely with Outlook and Outlook Express. It's smart enough to import your address book into its whitelist, so messages from your existing correspondents will never be blocked. It can also automatically whitelist any address to which you send mail and whitelist the sender when you mark a message as not spam. And believe me, you'll need a fully populated whitelist to protect your valid mail from the spam filter's depredations. Panda erred in the opposite direction, blocking hardly any valid mail but letting more than half the undeniable spam into the Inbox. BitDefender hit the sweet spot—it blocked no valid mail from individuals, blocked almost new newsletters, and diverted 80 percent of the spam into its Spam folder.

PREVIOUS--- Thorough Malware Cleaning

NEXT---HELP..! NIS 2008

HELP…! NIS 2008

2008-07-22T07:59:00.000-07:00

In the past, Symantec has gotten a lot of grief about its tech support. PC Magazine readers frequently write me with gripes about waiting for hours, getting bad advice, or giving up on technicians due to language problems. NIS 2008's One-Click Support (originally introduced with Norton 360) aims to turn this perception around.

To start a support session, you invoke the built-in AutoFix feature. In some cases AutoFix will identify a problem and either fix it or direct you to the appropriate instructions. But if it doesn't you can get help via e-mail, telephone, or live chat. A handy screen shows the expected wait for each type of help. The live chat feature includes an option to let the Symantec analyst take charge and remote-control your computer to identify and fix the problem. And all of this happens within the NIS 2008 user interface. I put the system to the test and it worked fine. Of course, if you can't get on the Internet or your system is locked in a reboot death spiral, you'll still have to use direct phone support. Whether there's been any improvement in phone support remains to be seen. When I checked during testing, Symantec was estimating 12 minutes hold time for phone support, versus 2 minutes for live chat.

Norton Internet Security 2008 remains PC Magazine's Editors' Choice security suite. The unobtrusive firewall is tough as nails, and it actively identifies and blocks exploits and other intrusions. NIS 2008 did a super job of cleaning up malware in testing, and its cleanup is significantly more thorough than most. The new Identity Safe manages your passwords and personal information effectively. And if you have a problem, help is built right in. Now if Symantec would do something about the embarrassingly antiquated spam-filtering and parental-control modules…

PREVIOUS--- The Awful Add-Ons

Reviews Windows Vista SP1

2008-07-19T23:32:00.000-07:00

A few other details round out the SP1 release. First, compatibility with existing programs is far stronger. On the first release of the OS, only about 250 programs sported the vistaDirect3D 10.1, a worthwhile addition for hard-core gamers. The update also works with the x64 Extensible Firmware Interface (EFI), allowing x64 machines to perform network boots from an EFI device; vista originally supported only standard BIOS boots and EFIs for IA-64 machines. In addition, SP1 adds support for exFAT, the Extended File Allocation Table drive partition system, which numerous Flash devices use, although these devices cannot be used to increase system RAM through ReadyBoost. Also with SP1, vista now adds icons that distinguish HD-DVD (RIP) and Blu-ray drives from each other and from standard DVD drives, and improves connectivity with Windows Media Center Extenders. compatibility logos; that number now exceeds 2,500. In addition, over 15,000 components and drivers have official compatibility. In practice, this means that installing programs and connecting new devices is likely to result in instant compatibility. Mind you, you don't actually need SP1 to get all of these, since Windows Update offers them anyway, but they're built into the standalone version of SP1. With SP1, vista now supports

NEXT --- Installation Windows Vista SP1

Installation Windows Vista SP

2008-07-19T23:27:00.000-07:00

On new systems, Service Pack 1 (SP1) will ship as part of Windows Vista when it becomes available. Users already running the new OS will find SP1 (once Microsoft finalizes it in March) as a download from Windows Update (WU). If you don't have WU configured to notify you automatically about available updates, open Control Panel and launch Windows Update from there, clicking on Check for Updates if SP1 doesn't appear automatically in the updates list. If you see other critical updates but not SP1, install those (which can take a while if you haven't been doing so regularly) and keep checking until SP1 shows itself.

On the same desktop PC but a separate hard drive, I installed the full package—Windows Vista Ultimate with SP1 included—which Microsoft made available. The process took 81 minutes in total, with the same four reboots. The speed was actually noteworthy, given that installing the RTM of the original Vista Ultimate on the same machine took more than twice as long. Clearly, Microsoft has been working to reduce the time required for clean installs—a good thing for anyone who needs to install from scratch. In all three cases, when the installation was complete Vista gave me the standard log-on screen, the standard Windows Sidebar, and the standard Aero interface. In fact, before closer inspection, everything looked exactly the same as before. If you're looking for an eye-grabbing aesthetic upgrade, SP1 isn't the way to go. Then again, dramatic visual upgrades aren't the function of service packs.

To prepare this review, I performed several SP1 installs. Because I'm a registered beta tester, I was able to install the final release candidate, which was very close to the original Vista RTM (released to manufacturing) code, as a download from Windows Update. The download took about 15 minutes; your speed will vary depending on your Internet connection and how busy the Windows Update servers happen to be. Installation took 58 minutes, including four reboots. Finally, I installed the full Windows Vista Ultimate + SP1 package on my Gateway notebook, forcing a clean install by wiping the hard drive in the process. Total time: over 2.5 hours, but that's been my experience with installing Windows on laptops over the years. It just takes much longer than on desktops

NEXT----Peformance Differences of Windows Vista SP1

PREVIOUS---Reviews Windows Vista SP1

Performance Differences of Windows Vista SP1

2008-07-19T23:23:00.000-07:00

The time Vista takes to return from hibernation mode has dropped markedly (by about half, in fact); it takes even less time with my clean install. Wake time was a major irritation when using Vista RTM, not only for laptop users (a fact Microsoft quickly recognized) but also, from my experience, when running the OS on desktops. With both the download install and the clean install of SP1, I no longer have time to make coffee after pushing the power button on my desktop PC to bring it out of hibernation. Better still, with drive access no longer constant, I can start work (or play) that much more quickly.
Still, extracting from compressed folders on my machine showed an improvement of roughly 25 to 30 percent, while copying large folders (12GB was the largest I tried) demonstrated speed increases of about 20 percent. For local folder transfers, Vista still isn't up to the speed of Windows XP running SP2, although according to my informal observations it's within 10 percent. On my machines, the updated OS extracted from compressed folders almost twice as quickly as XP, but then again, unless you regularly work with gigabyte-size compressed folders, you're unlikely to notice a practical difference. What Microsoft does publicize is an improvement in the speed of copying files—both between local drives and from local drives to network shares—as well as the speed in extracting files from compressed folders.
My results show an improvement, but nothing to get excited about, unless you do such copying frequently and with large files and folders. This kind of improvement is vastly more important in the enterprise sector, of course (where pushing files to network shares goes on all the time) than for individual users. My clean installation of Ultimate with SP1 unquestionably behaved more snappily than either the original Vista or Vista with SP1 downloaded and installed. Snappiness refers to the speed at which menus respond, windows are redrawn, programs and data files open and close, and so forth. From the beginning, Vista had some significant issues with excessive hard drive use. The drive light would routinely stay fully or mostly lit for many minutes at a time, even when most programs had been closed. The downloaded SP1 improved this quite a bit, resulting in crisper performance, but the clean installation has improved the situation enormously. Then again, the clean installation has fewer programs installed, so you can't make a direct comparison.

NEXT---Security Of Windows Vista SP1

PREVIOUS---Installation Windows Vista SP1

Security of Windows Vista SP1

2008-07-19T23:17:00.000-07:00

Microsoft Windows vista Service Pack 1 As noted, improvements in security define SP1. First—and particularly important if you're a group administrator—the Group Management Policy Console (GMPC) has disappeared, and the Group Policy editor (GPEdit) focuses on local instead of global policy. The goal is to leave strategic group policy decisions in the hands of systems administrators rather than individual users.

Second, with SP1 on 64-bit vista, third-party anti-malware programs gain access to new application programming interfaces that let them directly extend the Windows kernel to provide lower-level detection of malicious code. That gives them a better chance at blocking or deleting such code. Another enhancement affects almost exclusively those who've purchased computers that shipped with vista installed. BitLocker, built into the original vista so that you could encrypt an entire drive, originally functioned only with the drive the OS boots from. To encrypt other drives (or folders), you had to use vista's Encrypting File System. With SP1, you can use BitLocker to encrypt any drive, even USB devices, and any partition, not just bootable volumes—an obvious improvement. But if your motherboard doesn't already contain a TPM (Trusted Platform Module chip), you can't use BitLocker unless you're willing to do some serious system configuration.

SP1 also allows Remote Desktop files to be signed, providing increased security across the connection established between machines using the Remote Desktop Protocol. Larger organizations will also be happy on at least two counts: vista PCs on a domain will no longer have difficulty working off-line; and SP1 adds the Secure Socket Tunneling Protocol, allowing for more secure access to VPNs.

PREVIOUS---Performance Differences Windows Vista SP1