Contents
- Introduction
- Kaspersky Work Space Security
- McAfee Total Protection for Endpoint
- Trend Micro Worry-Free Business Security
- Symantec Endpoint Protection
- F-Secure Client Security
- Sophos Computer Security SBE 4.0
- Checkpoint ZoneAlarm Internet Security Professional
- ESET Smart Security Home Edition
- Alwil Avast! Professional Edition
- AVG Internet Security Network Edition
- Avira SmallBusiness Suite
- Results
Malicious software (malware) plays a central role in the continuing power struggle between the attackers and defenders of our computer systems. Therefore it is crucial to independently test the capabilities of the security products we trust to defend us.
There are many methods and techniques to test these products, various levels of configuration that can be applied, and multiple areas of potential focus. This report concentrates on two main security technology areas: out-of-the-box anti-malware detection (specifically virus and spyware detection) and default desktop firewall protection.
How we tested
System set-up: each test machine ran a fully updated and patched version of Microsoft Windows XP Professional (Service Pack 3). Security suites were then installed and updated to use the latest software versions. The solutions were tested using the default settings to ensure a fair and comparable test.
Anti-malware: all products were installed on separate identical hardware and software combinations using only default protection settings. All products were updated at the same date and time using a standard internet connection. The internet was disabled and physically disconnected following the update process to ensure that the products were frozen at a particular point. All products were completely isolated during testing.
Malware test sets were introduced to each product using standard inbound vectors, devices and protocols that included HTTP, SMTP/POP3, FTP, DVD and USB injection mechanisms to accurately represent real-world threats. Each test set also contained malware-free samples.
Firewall: solutions were tested in several areas, focusing on commonly used programs and services that require network access (internal and external). An external system was configured with various tools to identify potentially open ports on each endpoint. It is important to note that in a real-world deployment setting it is recommended that internal endpoints be protected by a separate corporate firewall at the network gateway, in line with good security practice. This testing, however, removed this layer of security in order to measure the effectiveness of the protection afforded by each desktop firewall. Ideally, it is expected that each firewall solution should deny ICMP requests and show all ports as closed or appropriately filtered. This helps protect against common network mapping techniques and automated probes during any pre-attack reconnaissance phase.
Linkedin 
RSS Feeds 
Newsletters 
Alerts
Hi ZDnet,
The testing you have conducted seems to have several flaws that could drastically effect the results;
Firstly: by disconnecting the machines from the internet during the test you are disabling many protection features that are enabled by default in many of the products. If these test are real world tests then I am sure you agree in the real world the machine would be connected to the internet(the majority of the time) and if not then a large portion of your threat samples would never reach the machine through the "real world" protocols you used ie HTTP and SMTP/POP3.
Secondly: Through the infection vectors USB and DVD that you tested, many products have the default capability to block programs from running automatically from these devices which in my experience is how threats are introduced, in these tests did the user actually have to find and click on the threat to execute it, and if so - is this "real world"?
Thirdly: How was the test set found? How many times had it been used? and how fresh were the samples? I would imagine that this would impact how realistic the results are to the real-world user.
I think for future tests you should look to provide a truly real world scenario that includes machines being connected to the internet throughout the test and that real live threats found on the internet during the test are used to determine how well products protect the user.
Looking Forward to future real-world reviews