Avast Internet Security 6.0.1000
In the late 1980's two Czech researchers created a tool they called "anti-virus advanced set," or "avast!" Their company, ALWIL Software, grew over the years and eventually changed its name to AVAST software. The free avast! antivirus is popular around the world. For those wanting a completesecurity suite avast! Internet Security 6.0 ($69.99 direct for three licenses) adds firewall protection, spam filtering, and innovative virtualization tools for enhanced privacy and protection.
The suite's user interface looks just like that of the free standalone antivirus, with a few added tabs and options. Its main window is large, with plenty of room for the tabs, buttons, and other controls. If you're one of those rare holdouts running at 800x600, though, you'll find it doesn't quite fit on the screen.
Decent Antivirus
The free antivirus is AVAST Software's flagship; it's the product they submit to independent labs for testing. Avast! Internet Security offers exactly the same antivirus protection. For full details please read the review of avast! Free version 6.0 (Free, 3.5 stars).
The free antivirus is AVAST Software's flagship; it's the product they submit to independent labs for testing. Avast! Internet Security offers exactly the same antivirus protection. For full details please read the review of avast! Free version 6.0 (Free, 3.5 stars).
The independent labs give avast! high marks for malware detection. However, in recent certification tests by AV-Test.org, avast! barely achieved certification due to failures in cleaning up what it detected. My own tests yielded similar results.
If avast!'s full scan or preinstall scan detects any malware it requests a boot-time scan for complete cleanup. For testing I ran a boot-time scan on each infested system followed by a full scan. Avast! detected a decent 82 percent of the threats, but, because it left so many malware traces behind, it scored just 6.4 points. The chart below shows how it stacks up against the competition.
Eight "shields" help avast! keep new malware infestations out of your clean system. The AutoSandbox feature, discussed below, offers an additional layer of protection. Despite all these layers, avast!'s malware blocking performance in my tests was just average. The chart below shows its scores compared with competing products.
Intelligent Firewall
When you connect with a new network, avast!'s firewall asks which of three zones the network belongs to. The default Work zone is considered medium risk. In this mode the firewall hides your computer's ports so hackers can't even see them. When a program attempts Internet or network access, the firewall automatically creates a rule appropriate to that program.
When you connect with a new network, avast!'s firewall asks which of three zones the network belongs to. The default Work zone is considered medium risk. In this mode the firewall hides your computer's ports so hackers can't even see them. When a program attempts Internet or network access, the firewall automatically creates a rule appropriate to that program.
The program's decision-making module doesn't hand down a simple yes/no for each program. It defines separate rules for "friends" (IP addresses on the local network) and for Internet addresses and it separately decides whether outbound and inbound connections are permitted. Advanced users can modify these rules or configure the firewall to ask what to do with each new program.
An Internet café or other high-risk location calls for use of the Public zone. In this zone, the firewall blocks all unsolicited incoming connections and only allows programs to connect with the Internet and network if they've done so before and thereby created a rule. When I tested the firewall using the Public zone on a direct Internet connection, avast! correctly stealthed all the computer's ports.
Leak test utilities attempt to get around program control using techniques that malicious programs might also use. I turned off avast!'s antivirus component and launched a number of leak tests. I also set it to ask me what to do rather than decide automatically. Disappointingly, avast! did not detect any of the leak tests sneaking past its program control.
When I attacked the test system using exploits generated by the Core Impact penetration tool, however, avast! put on a spirited defense. It identified and blocked 60 percent of the attacks as exploits, identifying most by name. It identified and blocked another 25 percent as Trojans. The remaining exploits didn't succeed in penetrating security. Norton 360 Version 5.0 (Free, 4.5 stars) blocked every single exploit and Kaspersky PURE Total Security ($89.95 direct for three licenses, 4 stars) blocked all but one. Most other suites didn't come close to avast!'s excellent showing.
When I tried to kill the firewall's process using Task Manager I got "access denied." I couldn't make any changes to its Registry settings using REGEDIT. I tried to stop its antivirus service, but a warning message immediately popped up asking for confirmation. A malicious program couldn't get past that defense. Oddly, the firewall service had no similar protection.
This firewall avoids bombarding the user with questions by handling program control itself, though it doesn't do so quite as intelligently as Norton or Kaspersky. It does an unusually good job blocking and identifying attacks that try to exploit system vulnerabilities, and it resists most direct attacks.
Easy Spam Filtering
The suite's antispam component filters incoming POP3 and IMAP e-mail and prefixes "*** SPAM ***" to the subject line of spam messages. It automatically configures Microsoft Outlook to move such messages to the spam folder. If you use a different e-mail client you'll have to define your own message rule to divert those messages to a spam folder.
The suite's antispam component filters incoming POP3 and IMAP e-mail and prefixes "*** SPAM ***" to the subject line of spam messages. It automatically configures Microsoft Outlook to move such messages to the spam folder. If you use a different e-mail client you'll have to define your own message rule to divert those messages to a spam folder.
The spam filter doesn't require any training, and settings are minimal. You can change its sensitivity from the default Medium to Low if it misfiles too many valid messages or to High if it lets too much spam into the Inbox. For testing I left it at Medium. The antispam will never block mail from an address on the whitelist. It can optionally whitelist any address to which you send mail. I didn't use the whitelist or blacklist during testing but instead challenged avast! to identify spam solely based on content.
For testing, this spam filter processed over 8,000 messages from real-world e-mail addresses, none more than 60 days old. The e-mail download took about three times as long as downloading the same number of messages with no spam filter.
Avast! didn't mark any valid bulk mail (newsletters and such) as spam and only marked 0.2 percent of valid personal mail as spam. That's good, but F-Secure Internet Security 2011 ($59.99 direct for three licenses, 3 stars), Cloudmark DesktopOne(Free, 5 stars), and others didn't mis-mark any valid mail at all.
Worse, avast! let over 30 percent of undeniable spam into the Inbox. That's a lot of spam to wade through. Cloudmark DesktopOne missed just 2.4 percent of the spam. Last year's avast! suite missed just 7.1 percent of last year's spam. Apparently the spammers are getting smarter.
Sandbox and AutoSandbox
Sometimes it just isn't clear whether a program is good or bad. Maybe it doesn't match any known malware signatures, but some of its actions seem suspicious. Should the security suite let it run, or block it? Avast!'s AutoSandbox feature offers a third option.
Sometimes it just isn't clear whether a program is good or bad. Maybe it doesn't match any known malware signatures, but some of its actions seem suspicious. Should the security suite let it run, or block it? Avast!'s AutoSandbox feature offers a third option.
When avast! detects a suspicious process it offers to run that process within a virtual environment it calls the sandbox. As far as the process can tell it's running just as it always would, but any changes it makes to the file system or Registry only affect the virtual environment. The sandboxed program can't make any lasting changes to the actual system.
Avast!'s free antivirus also includes the AutoSandbox feature, so I got to see it in action during my testing. It correctly prevented one keylogger sample from permanently changing the test system, but while running the sample was fully capable of logging keystrokes and otherwise monitoring the system. Another sample, a rootkit, managed to escape the sandbox and take up permanent residence on the test system.
Note: By scrutinizing this article's slideshow AVAST's chief technology officer Ondej Vlcek correctly deduced which threat was involved. He duplicated the test and discovered that avast! had sandboxed a rootkit-based helper process, not the sample itself. Looking closely at the logs I can see that he is correct. So the sample did not "escape the sandbox" as I had thought.
The full suite also includes manual sandboxing. You can right-click any program and choose to run it in the sandbox or configure it to always run in the sandbox. Programs launched in this way get a colored border, to help you remember they're virtualized.
When you run a browser in the sandbox avast! automatically saves downloaded files, bookmarks, history, and cookies outside the sandbox. Any other kind of file system activity, perhaps caused by an exploit or drive-by download, gets virtualized.
Programs defined to run in the sandbox needn't have short-term memory loss. Virtualized items such as saved settings remain in the sandbox, so they're available on the next run. However, if malicious software does get loose, you can delete the sandbox's contents, wiping out all virtualized content.
Virtualization is a hot topic, and I like seeing it in avast!'s suite and free antivirus. My testing showed, though, that a virtualized threat can still steal information, and one threat actually escaped the sandbox.
SafeZone for Browsing
New in this version, SafeZone offers another kind of protection specifically aimed at sensitive online transactions. When you switch into SafeZone the only available application is a stripped-down browser based on Google Chrome. Even if a keylogger is active in your main work environment, it can't reach inside the SafeZone. This special browser can't be compromised by a malicious plug-in because it simply doesn't accept plug-ins.
New in this version, SafeZone offers another kind of protection specifically aimed at sensitive online transactions. When you switch into SafeZone the only available application is a stripped-down browser based on Google Chrome. Even if a keylogger is active in your main work environment, it can't reach inside the SafeZone. This special browser can't be compromised by a malicious plug-in because it simply doesn't accept plug-ins.
SafeZone is quite similar to the standalone product SafeCentral 2.6 ($39.95 direct, 4 stars), right down to its use of a dark metal grid as the desktop background. SafeCentral has some additional features, though. It automatically offers to open known financial sites in the safe browser. You can mark other pages as secure favorites, meaning they will open in the safe browser. And while SafeCentral bans most add-ons, it specifically allows password management by RoboForm Everywhere 7 ($19.95 direct, 4.5 stars). Still, avast!'s SafeZone offers much of the same protection as SafeCentral.
Web Reputation
The new WebRep (Web reputation) browser plug-in reports on the reputation of the current Web site and marks up links in search results and Facebook. It doesn't analyze pages in real time the way M86 SecureBrowsing (Free, 3 stars) does, nor does it crawl the web and analyzes sites like McAfee's SiteAdvisor. All of WebRep's reputation information comes from votes by millions of avast! users.
The new WebRep (Web reputation) browser plug-in reports on the reputation of the current Web site and marks up links in search results and Facebook. It doesn't analyze pages in real time the way M86 SecureBrowsing (Free, 3 stars) does, nor does it crawl the web and analyzes sites like McAfee's SiteAdvisor. All of WebRep's reputation information comes from votes by millions of avast! users.
Clicking the WebRep button opens a window showing the current site's reputation in detail. This includes whether its reputation is good or bad overall and roughly how many users have rated it. The detail window also matches the site against ten categories, five good and five bad. From this window you can also add your own vote.
Eventually WebRep may help protect against phishing sites and other dangerous sites, but at present it's too new. I won't challenge it with my standard antiphishing test until it's had time to accumulate many more votes.
Improved Performance
In my performance tests the current avast! suite had substantially less impact than last year's edition. avast! Internet Security 5.0 ($59.95 direct for three licenses, 3.5 stars) added over 60 percent to system boot time. My browsing test also took over 60 percent longer. The current avast! suite added 29 percent to the boot time and 30 percent to the browsing test.
In my performance tests the current avast! suite had substantially less impact than last year's edition. avast! Internet Security 5.0 ($59.95 direct for three licenses, 3.5 stars) added over 60 percent to system boot time. My browsing test also took over 60 percent longer. The current avast! suite added 29 percent to the boot time and 30 percent to the browsing test.
That's still more of an impact than many products. Under Norton 360 these two tests didn't take measurably longer than with no suite installed. AVG Internet Security 2011($68.99 direct for three licenses, 2.5 stars), PC Tools Internet Security 2011 ($49.95 direct for three licenses, 3 stars), and several others added just 3 percent to the boot time.
Another pair of tests measures the time it takes to move and copy a large collection of files and to zip and unzip that same collection. Like Norton 360 and Kaspersky PURE, avast! had no measurable effect on the time required for the zip/unzip test. Kaspersky PURE and avast! also had no measurable effect on the file move/copy test.
