malware - Malicious software that interferes with normal computer functions or sends personal data to unauthorized users via the Internet. Malware includes viruses, worms, Trojan horse programs, malicious browser helper objects, and programs that attempt to extort funds and/or remotely control computers without authorization.

Introduction

A topic that periodically surfaces is the value of running resident anti-malware programs when services such as Postini are available. To come to a rational decision requires understanding the limits of Postini.

What is Postini?

Postini is an online application that filters for SPAM and malware at the server level before emails are delivered to end users' computers. Filtering includes spam, Denial of Service (DoS) attacks, phishing, and viruses and worms. McAfee Security provides the antivirus service.

Postini is automatically offered and configured by Hargray, and Internet Services of the Low Country (ISLC) at no additional charge. An initial login to your Postini account may be required to activate the service.

Is Postini available with Time Warner?

Postini is not available for Time-Warner customers.

Time Warner offers free Computer Associates (CA) security products to their customers. Time Warner South Carolina customers may take advantage of it at http://www.rr.com/flash/index.cfm?startView=DOWNLOAD.

Warning: Uninstall previous security applications before using Time Warner South Carolina's CA product. Uninstall does not mean deleting shortcuts. Uninstallation must be done from Windows Control Panel.

Does Postini really help with spam email?

Postini does indeed help with the spam problem. But for best results, aggressive spam filter settings are recommended. To change settings, login to your Postini account and use the online menus to configure as desired. While there, be sure the anti-virus is set to on.

Is Postini's anti-virus all that a computer user needs for adequate security?

No. Postini only filters and scans email and email attachments. Sometimes it is not updated quickly enough following a breakout threat.

Because Postini cannot detect viruses or other malicious software downloaded with a web page or across a local network, it is currently an incomplete single solution. At the very least, a complementary anti-virus program should always be included as part of a PC's security package.

Resident Anti-virus/Anti-Malware Programs

There is not enough space here to list all resident anti-virus programs or to give full reviews. Only a few of the top performing products are mentioned.

Trial versions of popular anti-virus applications are available via download from the respective websites. Perform a search for Trial Software at each site.

It is important to not use more than one resident antivirus program at a time; doing so can invite serious trouble. Please uninstall previous antivirus software before installing any new or trial AV software.

Avira AntiVir

Avira is a German company that produces top-performing for-fee and free antivirus products. I have extensively evaluated both the free and fee versions of their antivirus product and can report they run acceptably with most systems. The free version lacks an antispyware module and has less system impact than the free products. However, the free version downloads from low-priority, low-speed servers and can be time consuming to update.

Visit Av-Comparatives and choose Comparatives. Read the March 2008 report to see how the premium version of Avira performed.

Eset NOD32

Of all for-fee programs I have tried, I prefer NOD32 by Eset because of its excellent detection and removal performance and nearly imperceptible system impact. NOD32 is a great choice that runs well on most computers in default installation mode. Installation can be customized to install only the basic resident real-time file scanner and updater, a configuration ideal for older computers.

NOD32 combined with Microsoft's free Windows Defender and ZoneAlarm Free Firewall make an ideal custom protection suite for home and home office users.

Eset have recently released their Eset Smart Security Suite or ESS which I now use exclusively on all of my computers. This is a tightly integrated product with a low footprint that should run acceptably on most any computer built since 2002. Earlier computers may have performance issues that cannot be further minimized except by installing only an antivirus product.

Kaspersky Internet Security 7.0

Kaspersky Lab have possibly the best reputation in the software security industry. Kaspersky was the first to feature malware detection in an anti-virus program and to this day remains a global leader in comprehensive detection and removal performance. An aggressive marketing campaign is underway in the United States with retail products now available at Staples and other stores.

An issue surfaced in 2007 regarding Kaspersky's iSwitft technology. iSwift uses Alternate Data Streams (ADS) metadata tags to catalog file status to reduce subsequent real-time and on-demand scan duration. While the technology does not cause trouble under normal conditions, there is a circumstance where iSwift can cause a problem if the "chkdsk" function is needed to make operating system repairs. "Chkdsk" may run an extremely long time on a computer that at anytime has had Kaspersky 6 or 7 installed. It is a permanent condition that can only be safely corrected by an operating system reinstall. If this is a concern, prospective users should avoid Kaspersky products.

Kaspersky Lab have announced that effective with version 8.0, they will modify their iSwift technology so that it does not adversely affect "chkdsk" functions.

F-Secure and MicroWorld eScan

Finland based F-Secure and India's MicroWorld Technologies use the Kaspersky engine for threat detection and removal. I have not tested either product except for the eScan Toolkit Utility which is part of my anti-malware arsenal when servicing infected computers.

Symantec (Norton) and McAfee

The two market leaders in anti-virus programs are Symantec and McAfee. Both companies have pre-install agreements with Dell and other manufacturers that give them an advantage over other competition. While they have excellent threat detection rates, their products can noticeably affect responsiveness of the average computer. Newer machines with dual-core processors should do well with Norton and McAfee, but users of older computers should approach these programs with caution.

Depending upon the operating system, older PCs with Intel NetBurst processors (Pentium 4 and its derivative Intel Celeron) running at less than 2.8 GHz with less than 512 megabytes available system RAM can be seriously handicapped by the resource-hoggish nature of each. This is notably true of Symantec/Norton home products. Of those products, Norton Internet Security is especially aggressive and should be approached with caution.

Norton Internet Security 2008 has been improved and does not appear to impact system performance with the severity of previous versions. Be aware that it may still require a few minutes for NIS 2008 to finish updating itself at startup. This can cause computers to be sluggish for a few minutes after power-on.

Norton Internet Security and Norton Antivirus are not recommended for dial-up users due to frequent program module update requirements. Presently, Norton Internet Security 2008 out-of-the-box or downloaded requires many MB of updates before it can be considered secure and fully functional.

Norton 360 and Norton 360 v2

Norton 360 is basically Norton Internet Security with a simplified interface. I evaluated it using a Dell SmartStep 150D with an Intel Celeron 1.2 GHz processor (a "Tualatin" Intel Celeron from the year 2001) and 512 MB RAM running Windows XP Home SP2. Supposedly, Norton 360 will run with a 300 MHz processor; no one should believe that for a second. Such a configuration would be practically unusable.

Norton 360 was unable to detect known viruses within a viruses.dbx file (from Outlook Express folders) placed in the desktop of my test computer. However, it did detect and block them after importing into Outlook Express and attempting to run infected attachments.

Norton 360 appears to be an overall improvement compared to Norton Internet Security, especially in general system response time. But it still causes system performance problems in middle-aged and old computers when running LiveUpdate.

After several days of use, I uninstalled Norton 360. Upon restart, I discovered that LiveUpdate Notification and Symantec LiveUpdate remained in the Add/Remove Programs list and that LiveUpdate was active. Because LiveUpdate continued to run in the backgound at startup with LuCallback Proxy(s), I found myself quite irritated over Symantec's sloppiness. There is absolutely no valid reason for the main program uninstaller to leave LiveUpdate on the system after other Symantec applications are uninstalled.

Norton 360 v2 may not work well with some Windows XP systems but it should run acceptably on a new dual core system with at least one gigabyte system RAM (2 GB recommended). Frankly, the free products listed further in this bulletin are better choices.

As with Norton Internet Security, Norton 360 is not recommended for dial-up users due to frequent program module updates.

Norton Internet Security 2009

Norton Internet Security 2009 will be released in September. So far, it looks like it will be a substantial improvement over previous versions, mainly in resource usage while updating itself. No longer is LiveUpdate the performance killing process that could bring a single core Pentium 4 system to its knees for the first five to ten minutes of computer operation. And the new interface is decent.

I'll have more information about Norton Internet Security 2009 during the next couple of weeks.

Microsoft Windows Live OneCare

Microsoft's own security package still lags behind competitors according to the March 2008 tests at http://www.av-comparatives.org. I continue to avoid Windows Live OneCare.

F-prot for Windows

F-Prot has not been recently tested by me.

Trend Micro Internet Security

Trend Micro is a Tokyo-based security company ranked #3 in global sales. After disappointment with their 2006 and 2007 products, I have not bothered to test their 2008 lineup.

Panda

Beginning with 2005 versions, Panda Software included its problematic TruePrevent Technology with Panda Titanium Antivirus. This otherwise excellent application immediately slowed down computers and introduced other difficulties, including interference with Windows Update. Though a patch is available, it was never incorporated in a program update.

I had planned to personally re-evaluate Panda products. But my brother, who is quite familiar with proper installation and removal of antivirus software, tried Panda on his test system, a Dell Dimension 4550. It nearly brought the computer to a complete halt.

I am so pleased using ESET and free antivirus products that I have no desire to jeopardize my computers' reliability.

Zone Alarm Security

Not recently reviewed.

Free Products

Alwil and AVG Technologies, both of the Czech Republic, have professional products they sell and support in addition to free products. Avira of Germany also offers products in a similar business model. The differences between the professional and home versions are mainly in features, not virus detection performance.

One might wonder why they give away their home products. Two reasons; to build good will, and to build a presence in the global security market dominated by Symantec.

Email Scanner and Anti-Spam Modules

Most antivirus programs now include some form of download and upload email scanning which is not required for protection. Older computers can improve system performance by disabling the email scanner modules or by doing a custom antivirus install and de-selecting Internet Mail (avast!) or IMON and EMON modules (NOD32) and unchecking email scanning in AVG, Norton, and McAfee products. Additionally, most anti-spam modules (in McAfee Internet Security Suite and in Norton Internet Security) should be disabled or not integrated; they generally cause more trouble than they are worth.

Recommendation:

While Postini provides excellent filtering for email, a resident antivirus / anti-trojan program is still needed for full system protection. The most economical option is to complement Postini with one of the following free anti-virus programs plus an active anti-spyware application:

Avira AntiVir PersonalEdition Classic

The best performing free anti-virus program is Avira AntiVir PersonalEdition Classic. However, it only auto-updates once every 24 hours and displays an ad that fills much of the screen during a manual update. Updates may also be slow at times because Avira uses a lower capacity server network for their free products. Other than those annoyances AntiVir PersonalEdition Classic is ideal but should be accompanied by an anti-spyware application such as Microsoft's free Windows Defender for overall best protection. AntiVir PE Classic and Windows Defender protect my Toshiba laptop computer.

The for-fee version of AntiVir ranks at the very top next to Kaspersky-based products in performance.

avast! 4 Home Edition and AVG 8.0 Free Edition

The other two free anti-virus products are Alwil's avast! 4 Home Edition and AVG Technologies' AVG 8.0 Free Edition. In terms of overall protective performance, avast! is the better choice, plus it has a superior updater that works great with dial-up. But AVG is easier to install and use, has lower system impact, does not require registration, and features an easy to use interface.

AVG Free updates automatically once a day if connected to the Internet and may be manually updated anytime. AVG and avast! run well on most computers. Both are Windows Vista compatible.

Windows Defender and Spy Sweeper Anti-Spyware:

Spy Sweeper and Windows Defender are examples of active anti-spyware applications that monitor for unauthorized browser setting changes. Most Windows XP users should use Microsoft's free Windows Defender. It is in my opinion a better choice than Spy Sweeper because it is simpler to use. While Spy Sweeper is thorough, it is known for its shields interfering with some functions of Internet Explorer 7 and for contributing to significant system slowdowns in older computers. Configuring the shields for optimum performance may be too daunting a task for many users.

Special Note for Windows 98 and Windows ME users

Microsoft no longer provides security updates for Windows 9x systems. Most security software companies such as Symantec (Norton) have withdrawn support. AVG Technologies have also discontinued Windows 9x support with the release of AVG 8.0. Stalwart Windows 9x users are advised to switch to avast! Home Edition and install in Standard Shield mode only.

Readers, it's time to give up Windows 98 and Windows Millennium Edition. I suggest cleaning the hard drive of all data with a product such as DBAN and taking the computer to the staffed recycling center at Simmonsville Road.

Conclusion

Whatever complementary application to Postini is chosen, remember to keep things simple and run one and only one resident anti-virus program plus only one active real-time anti-spyware program. Passive, on demand anti-spyware scanners such as Ad-Aware Free 2008 may be used concomitant with active real-time security products. SpywareBlaster from Javacool Software may also be used with any security application.

Finally, adding a firewall such as free ZoneAlarm will add an additional layer of protection by monitoring for and restricting outbound communications from computers. If not using an add-on firewall, Windows XP users should ensure the Windows Firewall is enabled.

Happy computing and please be careful out there!

home

08/11/2008

Bibliography;

malware. (n.d.). The American Heritage® Dictionary of the English Language, Fourth Edition. Retrieved December 22, 2006, from Dictionary.com website: http://dictionary.reference.com/browse/malware.