|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
If you prefer you can read this issue
online from the Supporters' Area
here
0. EDITORIAL: Security Product Review, Part 2 0.0 EDITORIAL
In recent issues I've been examining the question of how well our computer security programs protect us against the latest generation of security threats. To properly answer this question I've been carrying out an extensive series of tests on popular security products. Last month I presented the first results. It wasn't good news. It showed that just about all the sixteen anti-virus, anti-spyware and anti-trojan scanners I tested could be easily terminated by hostile malware. That's really bad news as a lot of modern malware routinely attempts to pull down your security software. A recent report suggests a figure as high as 40%. I promised this month to give you the full results of my security tests. They are far too extensive to reprint in the newsletter but you can find them online here: http://www.techsupportalert.com/security_scanners.htm If you have time please read the full report, it's full of juicy information. However I've also prepared a summary table which you can find below. The first column shows whether the security product could detect process injection. That's a technique used by malware to hide inside legitimate programs that are current running on your PC. Once inside these processes, they acquire the rights and privileges of the host process. If the host process has the right to communicate with the internet, the malware automatically gets that right, too. The second column shows whether, independently of signature recognition, the security product could detect a malware program creating an autostart entry. In other words, could it detect an unknown program starting automatically with Windows? To pass the test the security product had to warn or prevent changes in the Startup folder as well as startup locations in the Registry. The third column shows whether the security product protects your PC against drive-by infections. I tested each product at three hostile sites. To pass the tests, protection must have been provided against all three. The final column show whether the security product can detect rootkits. I used two rootkits: Hacker Defender and FuTo. To pass, the product had to detect both. Here are the results:
Now, in mitigation some would argue that it's not the function of signature scanners to detect things like process injection or registry changes. These, it would be argued, are best left to intrusion detection and protection systems. That's fine, just make sure you have an IDS ;>) However, no one can say that signature scanners shouldn't protect you from drive-by downloads or rootkits. Only one product, WebRoot SpySweeper, managed to do that. Even then it only managed to protect against drive-by download sites by its "Spy Communication Shield" banning access to the sites. With the shield disabled, it failed to protect as well. Overall it's bad news all round. So what to do? I gave you my conclusion last month and it remains unchanged. I think it's pointless focusing on whether one security program is better than another when, in fact, all the security programs flunked. The reality is that it's not possible to secure your PC against a malware program that is allowed to run on your PC with full admin privileges. Thank Windows for this. Layering your defenses can clearly help. It doesn't solve the problem though. And the cost in complexity, inconvenience and processing power usage is high. There is a better solution: run your PC in a virtualized environment whenever connected to the internet. It's simpler and more effective than any other option. Remember though, virtualization is in addition to your normal security defenses. It doesn't replace them; it just makes their job easier. Next month I'll talk in detail about virtualization options. In the meantime, be careful where you surf and even more careful what you install. See you next month. Gizmo 1.0 TOP TECH SITES AND RESOURCES
1.1 Google Warns Surfers of Hostile SitesThis
is a useful innovation. Now when you do Google search and you inadvertently click a link
to a malicious site, Google flashes up a warning screen. It uses a database of bad sites
provided by stopbadware.org [1]. It works well though not quite as effectively as McAfee's
free SiteAdvisor plug-in [2] which is more comprehensive and has the added advantage of
warning you before you click a link. If you don't have SiteAdvisor I suggest you get it
now.
1.2 How Secure are Secure Web Pages?Most
folks believe that when they logon to a https site their username and password are
securely encrypted. Subscriber Michael Horowitz argues that this is not necessarily so and
I fully agree with him. It's an interesting read for computer users at all levels.
1.3 How to Get Rid of Spyware InfectionsI regularly get email from distressed readers whose machines have been infected by spyware. Here are some common symptoms of infection: -
new icons on your desktop linking to strange sites
If
you suffer any of these symptoms then download HijackThis from this page [1] and follow the
instructions on how to paste the output to the Tom Coyote web forums. These folks should
be able to help you permanently get rid of the problem and it won't cost you a cent
either.
1.4 A Free Stock Photo Site That Can Be TrustedLast
issue I mentioned the excellent everystockphoto.com site along with a reservation that one
should be prudent in giving your real email address to such sites. That advice is well
based but doesn't apply to everystockphoto.com. It's a volunteer based site that's clean
as a whistle. Highly recommended next time you are looking for a stock photo.
1.5 Convert Digital Photos to 3D for FreeNow
here's a clever idea. PictureCloud is a free web service that will convert a series of
digital images taken by walking around an object into a full 3D view. Kind of like
panorama stitching in three dimensions. It's free for private use, commercial application
costs around $1 per conversion.
** Additional Items in this Premium SE Edition ** 1.6 My Favorite Social Bookmarking Service Now Out of BetaLast
month I wrote in glowing terms about Diigo, the new social bookmarking site that offers a
more comprehensive set of capabilities than market leader Del.icio.us. Well, Diigo is now
out of beta and rolling. It not only allows you to store and share bookmarks, web pages
and page snippets, it also allows you to annotate web pages. Better still, when you
revisit a site your annotations are automatically displayed and, if you wish, you can
share them as well. Much to like here.
1.7 Lots of Free PhotoShop TipsWant
to whiten someone's teeth? Like to type on a curved line? Need to hand tint a photo? Find
the answers to these questions and many more at this impressive site.
1.8 Test Your Browser's Standards ComplianceDoes
your browser comply with the W3C standards? It's a question that's actually quite hard to
answer as there are so many different facets to compliance. Whatever, this site provides a
simple "acid test" to sort out the men from the boys. It appears that the only major
browser that passes is Opera 9.
1.9 Help for Windows 98 UsersLast
issue I mentioned a collective project I've started to help Windows 98 users migrate to
Linux. That's now well underway and I'll be reporting back to you soon. If you need
Windows 98 help right now you might like to check out this site recommended by subscriber
Randy Blake. As Randy says, "Gizmo, the dedication of the people here is amazing ..."
2.0 TOP FREEWARE AND SHAREWARE UTILITIES
2.1 Microsoft Virtual PC Now FreeI've been preaching the security benefits of surfing in a virtual environment for some time now so the recent decision from Microsoft to make available its Virtual PC 2004 product for free is most welcome. Hopefully it will suffer fewer problems than other free virtualization products such as SandBoxie and GreenBorder which, for whatever reason, just won't run on some PCs. Virtual PC [1], like VMWare [2], allows you to install another "virtual" computer on your real PC. You can use the virtual PC just like a normal computer. The security benefit derives from the fact that virtual PC is corralled off from your real PC so any malware can't affect your real PC. Additionally, you can easily reset the virtual PC to a former pre-infection state thus eliminating the infection entirely. It all sounds attractive but there's a major qualification. If you use Windows as the operating system for your Virtual PC then you need to buy a separate full copy of Windows as you can't legally use the same copy that's installed on your real PC. This is a big catch. It certainly makes Microsoft's decision to release Virtual PC 2004 for free seem much less generous: "Hey guys, get this; it's free! Just buy another copy of Windows." :>) You
could, of course, install a free Linux distro like Ubuntu for your Virtual PC. However, if
you are going to do that then you might as well use the VMWare Player [2]. It's also free
and a better product than Virtual PC. You can't create a virtual PC with VMWare Player;
it only allows you to run one that's already been created. But there are many
pre-configured machines ("appliances") available for free download [3]. You could also
create an appliance using Virtual PC 2004 as VMWare Reader can use Virtual PC images.
Free, Windows 2000 SP4 and later, 18.2MB
2.2 How to Build Your Own Web Site for FreeMany
folks would like to build their own site but are frightened to get involved with writing
HTML. An alternative to hand coding is to use a web hosting service that allows you to use
point-and-click tools to create a web site from a template. There are many of these
services but the current offering from the Microsoft Office Live Beta service is very
tempting. You not only get free site creation tools but also free hosting, five free email
accounts plus a free domain name as well. Microsoft claims that if you sign up during the
beta, the free hosting will continue even when the product goes live. It sounds like an
unbeatable offer but there is a small catch; it's for US based users only. Thanks to
subscriber Callie Jordan for letting me know about this. If you want to see what can be
achieved using the Microsoft service then check out Callie's own site [2].
2.3 Free Site Offers Online Notes ServiceSubscriber
R.D. writes, "Gizmo, I was reading your comments about Evernote, a product I use and love
but I didn't know if you were aware of Notefish that's rather like an online version of
Evernote. Firefox has an extension for it, so you can select something, right click, and
send it to Notefish. Actually I like Notefish over Evernote because it preserves the
formatting of saved web pages much better." Nice find, R.D. Notefish is a combination
notes organizer and web snippet manager that's ideal for researching any topic from your
next holiday to a PhD thesis. The fact that the information is optionally shareable only
adds to the power. It's free for personal use though registration is required.
2.4 A Quality IP Scanner for NothingSubscriber
Phill Jempson writes "Hi Gizmo, as a long time reader of Support Alert I've often kicked
myself for not emailing you about software I've been using and love. In an attempt to
remedy this I'd like to let you know about Angry IP Scanner. It's a basic network scanner
but one I use nearly every day in my capacity as a network support analyst and always
install onto any new PC as well as keeping a copy on my USB flash drive. It's beauty is in
it's ease of use. I use it to do quick and dirty troubleshooting scans, like checking to
see if a network segment is still up, finding the number of PCs on a subnet etc. It's also
a very small, single file which can even be run from the web site. A couple of things I
change when I first run it on a new PC are:
1. Go to Options > select Columns and move all available columns into the visible
section.
2. Go to Options > Options and set the display to "Only Alive".
There are also some useful plugins available from the website." Nice find, Phill. The
range of plug-ins is actually quite extensive. These include web and FTP detect modules,
Windows shares and DNS aliases and quite a few more. There are even instructions on how to
write your own. I just love collecting little tools like this for my tech toolkit. Note:
the download link is not well marked on the web site so I've included it here [2]. Free
Open Source, Windows (version not stated), 108KB.
** Additional Items in this Premium SE Edition ** 2.5 Free Email Filter ImpressesThis one is different. Spamato V0.99 is a free Open Source spam filter that uses multiple techniques to detect and remove spam. First, there is a Bayesian filter that "learns" what's spam and what's not. Then there is a collaborative network filter that takes into account what other users have manually classified as spam. A separate filter uses a database to identify known spam. Then there are two filters that check any web links and domains in the email against first, a known database of known spammers and second, against the number of Google references to that domain. Finally, there is a configurable rule filter. Now that's an impressive list. Even more impressive is the fact that Spamato doesn't use server black lists, a common used technique that all too often kills your real email as well as the spam. But the news gets even better. Spamato is written in Java so it's available for multiple platforms including Windows, Linux and OS X. It's also available in multiple versions: as a plug-in for Outlook, as an extension for Thunderbird and Mozilla mail or as a stand-alone email proxy that works with any POP email program. Enthused by these impressive specifications, I tried the Outlook Plug-in version. This version requires the Microsoft .NET Framework V1.1 in addition to Java 1.5. Installation was easy. There's a guide on the web site but the install procedure is sufficiently clear that you hardly need it. Initial performance was mediocre as Spamato, like all Bayesian filters, needs to be taught what's spam. I thought with its multiple filters in addition to the Bayesian the initial performance might be better but this was not the case. With a bit of "teaching" the results improved quickly. I've only been using it for a week now so I won't quote the performance statistics. What I can say is that it is its spam detection rate is looking good. The crunch will be the false positive rate and it's too early yet to tell. So what are the downsides? First, there are some early version bugs. For example, whenever I close Outlook I get an Outlook error message. It's not that serious, just annoying. Secondly, Spamato is clearly a work in progress - there are a few missing functions and yet-to-be implemented statistics. Third, this is not a product for novices. Training and tuning the filter requires both patience and experience. Furthermore, if you use the proxy version you'll need to know how to reconfigure your email accounts to use the proxy. Finally, this is a Java based product so you can expect it to chew up a lot of CPU resources when processing a lot of mail. On my test PC, a 3.2Ghz P4, it wasn't a problem but it could be a serious issue for users with slow PCs who get a lot of mail. My
conclusion: after a week of usage I'm inclined to think Spamato has the potential to be the best free spam filter yet for Outlook, Thunderbird and Mozilla users. However, it's not quite there yet and I suggest you wait until version 1.00 is released. If you are the type that's prepared to put up with a few bugs and annoyances then do try it. You'll be rewarded with some excellent filtering. Free Open Source, Windows, Linux, OS X, Java 1.5 required, 2.49MB (Outlook version)
2.6 A Free Program that Blocks P2P UsersP2P
services can be a real worry. Parents get justifiably concerned about what the kids are
downloading while sysadmins tear their hair out when they see their company's bandwidth
being soaked up by unauthorized P2P usage. Recently, subscriber Patrick Reynnolds wrote in
to tell me about File Sharing Sentinel, a free program that blocks the installation and
operation of file sharing programs. I tried it and it certainly works - I couldn't install
LimeWire and a copy of Shareaza that I already had installed no longer worked.
Furthermore, access to the program is password protected. That's the good news. The bad
news is the program can be disabled several different ways: by killing its process with
Windows Task Manager, deleting its startup entry and rebooting or simply uninstalling the
program. Of course, you need to have admin privileges to be able to do this but then again
if your users don't have admin privileges they can't install P2P software anyway. ;>)
Overall, a nice free program but too easily defeated for most practical applications.
Freeware, all Windows versions, 318KB.
2.7 Finally, Real ActiveX Support for Firefox and OperaEvery
Firefox and Opera user is painfully aware that some web sites such as Windows Update
simply won't work in their browser. That's because these sites employ non-standard
features using Microsoft's ActiveX controls. Such sites require Internet Explorer or
browsers like Maxthon and Avant that use the Internet Explorer Engine. Firefox users have
a "quick-fix" available in the form of the IETab and IEView extensions that open Internet
Explorer from within Firefox. Now there's a more complete solution. Neptune is a plug-in
that "embeds Internet Explorer functionality in Mozilla, Opera and Netscape browsers
running on any Windows platform with IE 4.0+ installed." Installation entails downloading
and running the Neptune executable and then copying the file npmeadax.dll to your
browser's plugins directory. For Firefox, that's C:\Program Files\Mozilla Firefox\plugins.
Once installed I was delighted to find that Firefox worked at the Windows Update site
perfectly. That's all very nice but there is a downside. Because the plug-in uses IE
components it potentially opens Firefox to any vulnerabilities in those components. Users
will need to weigh convenience against risk. Mind you, if you already using the IETab and
IEView extensions then you are already exposed to that risk. Free for use on a single PC,
IE4+, 148KB.
Got
some favorite utilities to suggest? Send them to
mailto:supporters@techsupportalert.com 3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES
3.1 Microsoft Security NewsPatch
Tuesday on the 8th of August delivered 12 new security updates [1] nine of which were
rated as "critical." In addition to several fixes for flaws in the Windows operating
system, the critical patches included updates for Internet Explorer, Outlook Express,
Visual Basic for Application and Microsoft Powerpoint. The later MS06-048 [2] is of
particular significance as it fixes a very serious flaw in Office, exploits for which are
in wide circulation. Equally important is MS06-040 [3] that patches vulnerability in the
server service in Windows 2000, Windows XP SP1 and SP2 as well as various Windows 2003
server configurations. Again, exploits are actively circulating so patch as soon as
possible. This one is potentially so serious that the U.S. Department of Homeland Security
has even issued an advisory warning users and organizations to patch immediately. All the
updates are distributed automatically by the Microsoft Update Service. It is extremely
important that users who do not have automatic updates enabled visit the Update Service
[4] now.
3.2 New Rootkit Ups the AnteSymantec
[1] has released details of a new rootkit labeled Rustock.A that uses a cunning
combination of techniques to evade detection by current rootkit detectors. The article
lists six techniques employed but the first two are of particular note: First, "Rustock.A
has no process. The malicious code runs inside the driver and in kernel threads." Second,
"Rustock.A uses NTFS Alternate Data Stream to hide its driver into the \System32:18467"
ADS. In addition, this ADS can't be enumerated by ADS-aware tools since it is protected by
the rootkit." The Symantec article is worth reading in full; it really gives you a good
idea of the sophistication of modern malware. The news is not all bad; F-Secure has
already updated their BlackLight rootkit detector [2] to pick up Rustock.A. The cat and
mouse game continues.
3.3 Top Anti-Spyware Program Suffers New Version WoesAm
I wrong or is security software quality assurance getting worse? This year we have seen major problems with the release of ZoneAlarm V6, Ewido V4, Trojan Hunter 4.5, CounterSpy 1.5 and now WebRoot SpySweeper V5.0. All are top rated products from respectable companies so it's not just slackness. My guess is that modern security products now overlap so much that interactions with other products have become a severe problem. Whatever, I've uninstalled SpySweeper V5 which caused my PC to slow to the point of uselessness and have gone back to V4.5 which is working like a charm. And I'm not alone.
3.4 Yet Another Firefox UpdateThese
proactive security updates are coming thick and fast. The latest V1.5.0.6, covers 12
potential flaws, seven of which are rated as critical. The update also includes some
improvements to product stability and Dutch language enhancements. To my knowledge there
are no current exploits in circulation that utilize any of these flaws. However, it is
essential that you update as the baddies routinely reverse engineer security updates to
identify flaws to exploit in unpatched machines. Users with Firefox automatic updates
enabled should have had the new version automatically delivered and installed. You can
check by selecting Help/About from within Firefox. If your version number is less than
1.5.0.6 then update manually from here:
3.5 Controlling Microsoft Windows Genuine Advantage HasslesA
couple of months back Microsoft used the Windows Update service to secretly download the
Windows Genuine Advantage program (WGA) onto your PC. This program checks to see if you
have a genuine copy of Windows. If the WGA program doesn't think you have, then you are
plagued with warning messages and worse, your ability to use the Windows Update site is
restricted. Now, I have no sympathy for software pirates but I don't like having programs
installed on my PC without my permission. Nor apparently do tens of millions of other
folks who, like me, have disabled automatic updates and now choose manually which updates
to install. But that's not the end of the problem. Apparently the WGA program is wrongly
identifying a number of genuine Windows systems as illegal. One report puts this figure
as high as 10%, though this sounds way high to me. Microsoft has conceded there have been
problems and have issued two updates to the WGA program, again secretly delivered via the
Windows Update service. They also have a web page dedicated to problem solving [1]. Many
affected users have taken a more direct route and disabled WGA using specially written
utilities. Here's a link [1] to one such tool that uses different techniques to remove the
WGA depending on the version installed. I have no way of testing this product so use at
your own risk.
4.0 OTHER USEFUL STUFF
4.1 Attractive Deals for Big Hard DrivesWant
some cheap storage for your media files? Buy.com is offering an external 500GB drive in a USB 2.0 enclosure for $189.95 after a $30 mail-in rebate [1]. Need to speed up an older PC? NewEgg [2] has the internal OEM version of Seagate's zippy 320 GB Barracuda 7200.10 for $89.99 if you use the coupon code, "buybarracuda."
4.2 Free Creative Activities for Young ChildrenFeel
your kids could be doing something better than watching TV? Then check out this free
weekly newsletter packed with easy craft activities for pre-schoolers. The activities look
like real fun and use common household items so they won't cost a cent. This
non-commercial newsletter is clearly a labor of love by the young mother who edits it and
the cause is totally worthy. So worthy I've decided to support it by offering a bit of
free promotion on my web site. I hope you'll support it, too, either by signing up or
sending this link to someone with young children. If you have a web site maybe you could
link to the site or if you are a forum or chat group member then maybe you could mention
it. I just love things like this; it's what makes the internet so wonderful
4.3 Test Your Web Design in 20 Different BrowsersGetting
a web page to look the same in every browser is a near impossible task. Discover just how
hard by using this free service that allows you to see how a web page looks in more than
20 different browsers. You can also see the effect of varying screen resolution and color
depth as well as turning off JavaScript, Java, Flash and media plugins. It all takes a
little time to run but that doesn't diminish the value of the service.
4.4 Help for Color Blind PC UsersSubscriber
Richard Hendricks writes, "Gizmo, I am red/green color blind and I have found this $8
shareware product [1] very helpful. It displays the name of the color of the pixel that
the mouse is over. It also can display the RGB values which I have found helpful with web
development and graphics editing." Thanks for that, Richard. The product described by
Richard may sound clumsy but it could be a boon to sufferers. Color blindness is
surprisingly common. The incidence varies between countries and even regions but figures
of 5-15% of the male population are common. It is much rarer in females. You can test
online whether you are affected at this site [2]. Given color blindness is so common, it's
something you need consider in web site design. You'll find some guidelines and resources
here [3], [4]. Shareware, $8, all Windows versions, 348KB.
4.5 How to Take Great Digital Photos in Poor LightWe've
all tried to take photos in situations with difficult lighting; too much, too little or
worst of all, both. However, there is a clever way of getting around this called High
Dynamic Range Photography (HDR) that involves melding together several shots using a
digital editor. I tried it and it works wonderfully. Full details here:
4.6 Codecs for Anime FansSubscriber
Joe Souza writes, "Gizmo, I watch a lot of fan sub anime, and some of the codecs they use
are hard to play. But as suggested by some of the sites that I go to a lot for anime, I
use the CCCP or (Combined Community Codec Pack). It does work great, plays everything
except quick time and real, and includes Media player classic and zoom player in the
installation. "
4.7 Useless Waste of Time DepartmentTest
your reaction time with this silly game where you need to shoot a tranquilizing dart at
some errant sheep. My rating was er, "Sluggish Snail." Maybe I need a few hours sleep or a
bucketful of coffee ;>)
** Additional Items in this Premium SE Edition ** 4.8 Twenty Ways to Secure Your Apache ServerNice
list of simple Apache configuration changes that can really improve your server security.
4.9 Give Your PC a Free CheckupSubscriber
Dougie Quinn recently wrote to tell me how much he liked auditmypc.com. It's a great site
and one I've mentioned before in the newsletter, though the latest version is just
bristling with new free online tools. They range from firewall security auditing through
to a first class download speed test.
4.10 Free Multi-Format Document ViewerI'm
receiving an increasing number of documents in .odt format, one of the native formats used
by OpenOffice. I located this free viewer offered by the developers of the TextMaker word
processor that allows me to read the documents without installing OO. It also handles
several other formats including, .doc, dot, .tmd, .sxw, .rtf, .psw, .pwd and more. I had
to set the file associations manually but that's no problem. Freeware, 4MB
5.0 TIP OF THE MONTH
5.1 How to Backup the Windows RegistryIn simple terms the Windows Registry can be thought of as a file containing an extended inventory of all your PCs hardware and software. When Windows starts up it consults the Registry in order to know how to relate to your specific hardware and software. It's a file that's essential to Windows. If it gets corrupted Windows won't be able to function properly. And it does get corrupted; rather too often actually. That's why it's good practice to have a backup copy. Easy, you say, I'll just copy the file to another location. In Windows 95, 98 you can do just this. The Registry consists of two files system.dat and user.dat located in the Windows folder and you can simply copy these to another folder to create your registry backup. ME adds a third file, classes.dat, but it too can be simply copied. This simple approach won't work with Windows NT and later versions as the Registry files are locked by the system and can't be easily copied. Windows addresses this by providing automatic backup of the Registry as part of the automatic System Restore feature. This feature is enabled by default when Windows is installed. If you have left the System Restore feature enabled on your PC then your Registry is automatically being backed up. If it gets corrupted Windows will automatically try to recover it from previous restore points. However, many users, me included, turn the System Restore feature off as it is a notorious disk space hog. Once turned off, your Registry is no longer being backed up. Thankfully, there are a number of utilities that will back up your Registry. One of the best is also free. It called ERUNT. ERUNT (Emergency Recovery Utility for NT) will backup the Registry for all Windows systems from NT onwards. It also allows you to recover from backup either through a special recovery program or through the Windows Recovery Console. And it's fast, very fast. With ERUNT it's also possible to set up automatic Registry backups using the Windows Scheduler. As a bonus, ERUNT includes another utility NTREGOPT that allows you to defragment your Registry. To be frank, I've never myself seen any performance improvement from registry defragging but then again it does no harm either. ERUNT is easy to use but it's not intended for raw beginners. Raw beginners will most likely have System Restore enabled anyway so they won't need to back up their Registry. Freeware,
Windows 95 and later, 773KB 6.0 FREEBIE OF THE MONTH
6.1 The Best Free Anti-Virus ScannerThis is good news for all users of free software. In a new initiative, AOL is now offering a free version of the excellent Kaspersky anti-virus program for download. It's been re-branded as "AOL Anti Virus Shield" and it's available to everyone, not just AOL users. What's exciting about this is that Kaspersky AV is one of the best commercial AV programs available and a clearly superior product to other free AV scanners such as AVG and Avast! To get a quality product like this for free sounds almost too good to be true. And so it is. Anti Virus Shield has some reduced features compared to the commercial Kaspersky version. Missing is KAV's sophisticated heuristics module and HTML scanning. Gone, too, is the ability to create rescue disks and to fully manage the quarantine area. The configuration options are also more limited. But the key features, the powerful KAV file scanner, real time monitor and email scanner are essentially the same. Automatic updates remain and can be configured to take place hourly. I've been trying it out on a test PC for a couple of days and have been quietly impressed. On my malware test data set the scanner detection rate was identical to the full KAV. Similarly, the real time monitor captured new infections just as well. Bear in mind, though, my test data set was small. On a more comprehensive set I'd expect KAV to perform better than AOL AVS as it has a heuristics module for the detection of new and unknown viruses that's missing in AOL AVS. The protection provided by AOL AVS against drive-by web sites was less impressive. KAV provided protection against infection for all three sites tested while AOL AVS flunked on two. This result can probably attributed to the omission of the KAV web scanner. The AOL AVS update function works really well. I've been getting several updates daily and the downloads have been at a similar speed to the full KAV - a much more impressive performance than either AVG Free or Avast!. I do have some concerns, though these are not really technical. Let's start with the AOL AVS license agreement (EULA). To download the product you need to provide a valid email address. The EULA makes it quite clear that AOL has the right to send its promotional material to this address. That's OK but disturbingly; they also claim the right to provide your email address to their affiliates. How many, well it's not stated but one can only wonder. The other worrying aspect is the license is only provided for 12 months. AOL has made no statements to clarify whether this will be renewed. A quite separate issue is that the AVS install also installs the AOL search toolbar in Internet Explorer. Now, it's a pretty decent search toolbar actually but I do like to have the choice what I install. Still, it is possible to uninstall it using Windows Add or Remove Programs. So how does it shape up compared to the other free AVS scanners, AVG Free and Avast!? Well, it's early days yet but my feeling is the AOL scanner provides better detection than both AVG Free and Avast! while at the same time using roughly the same level of resource usage. Additionally, it is more regularly updated. However both AVG Free and Avast! provide better protection against drive-by download sites than AOL AVS. In my tests of three drive-by download sites, AOL AVS allowed infection in two out of three cases while AVG and Avast! prevented infection in all three. That's a big difference. So you have a choice. If you visit a lot of weird sites in the nether regions of the web then stick with Avast! or AVG. If you mainly surf to well known sites then AOL AVS is a real option. Remember though, you still have to live with the AOL AVS licensing agreement. Free
software, Windows 98 and later, 13.9MB. ** Bonus Freebie for Premium Edition subscribers ** 6.2 Free Programs to Test Your PC's SecuritySubscribers regularly email me asking how they can test the adequacy of their computer security. There's no shortage of specialized security test programs available but I find that they often alarm or confuse non technical users. Indeed, the most common response I get when I recommend such a product is, "Hey Gizmo that program you suggested to me is infected with a virus." I then have to patiently write back and say, "No, the program is just testing the protection provided by your anti-virus software." I'm not kidding, it's true! If you really want to test your PCs, here are two programs, "Scoundrel Simulator" [1] and "PC Security Test 2006," [2] that are easy-to-use and completely safe to download and install. They are relatively simple tests but still useful. And remember folks, there is no reason to get worried if these programs provoke a warning from your security software. Indeed, you should only get concerned if you DON'T get a security warning. ;>) If you want to run some more tests, you can use the same programs I used for my recent security tests. You can find download links to each test I used in the actual test documentation [3]. These tools are designed for experienced users so please don't play around with them unless you know what you are doing. And please don't ask me for malware samples or links to hostile sites. It would be irresponsible for me to supply these to anyone outside the security industry. 7.0 MANAGE YOUR SUBSCRIPTIONThe best way to manage your
Premium SE Edition subscription is from the Supporters' Area of the Support Alert website.
There you'll also find all individual back issues, a downloadable back issue archive,
an extensive FAQ plus a growing list of resources exclusively available to Supporters. The Supporters' Area is protected. To log-in, use the security information sent to you when you first subscribed or as notified subsequently. If you no longer wish to receive this newsletter, send me an email at supporters@techsupportalert.com. Remember to state the email address at which you are currently subscribed. Receiving duplicate issues? If you are receiving an unwanted copy of the free edition of this newsletter, you can cancel that subscription by going to one of following links: Plain Text:
http://www.webelists.com/cgi/lyris.pl?enter=support.alert Note that the free and paid editions are totally different publications so you can unsubscribe to the free edition without any chance of impacting your paid subscription. The 46 Best-ever Freeware Utilities The Extended List of the Latest Freebies For lots more free IT newsletters see Thanks to subscriber A. Belile for proofreading this issue. You can contact this newsletter by snail mail at: Support Alert is a registered online serial publication ISSN 1448-7020. Content of this newsletter is (c) Copyright TechSupportAlert.com, 2006 See you next issue Gizmo |
