Review: AVG Internet Security 8.0by Steve Ragan - Apr 30 2008, 15:04
Tech Herald reviews AVG Internet Security 8.0 (IMG: Grisoft)
AVG Internet Security 8.0 (AVG IS8) is a rounded security application that is designed for both home and small business. Version 8.0 of Internet Security offers protection for email, instant messenger, browsers, and as always, a solid AV engine to tie all of them together. Users often go for the free version, but Tech Herald recently reviewed the paid version. Here is what we found.
Overall, AVG IS8 competes well with other vendors with complete computer protection. The company behind AVG, AVG Technologies (formerly Grisoft), is a user favorite because of their free offerings. (Virus Scanning, Spyware, and Rootkit protection) Those who pay for the protection get not only better coverage, but also more options to use.
AVG IS8 installed simple enough, there were no complex questions during installation. Once installed, configuration begins with a simple menu to follow. Some of the options to configure deal with updating and scanning, Updates at every four hours is the default and daily is another option. Scanning is recommended daily, and the time (12PM) is configured for auto scans.
Two things stood out during configuration. AVG wanted to set Internet Explorer 7’s default search to Yahoo. (This is offered if you installed the toolbar, which contains LinkScanner. This is wise, as you want this protection when browsing the web.) You can prevent Yahoo from being the default search if you choose, but seeing this was odd. The next option was to allow AVG to collect data and send a report to AVG Technologies should you come across something malicious when surfing.
Tech Herald asked AVG exactly what was collected and reported if this option was allowed. “Basically, it's where the [threat] was, and what the [threat] was, and in the case of a query, the query that found the [threat]. We do not track who found it,” Roger Thompson AVG’s Chief Research Officer said.
“We often find new threats by looking at the malicious sites that our users report.... in other words, if they're doing something that we recognize as bad, they are frequently doing multiple things, and sometimes, there's something new there. NeoSploit, for example, is a popular WET (Web Exploit Toolkit), which is updated as often as monthly. We have found several new exploits from this kit alone over the last eighteen months by looking at the places reported by our users.”
For this test, reporting was allowed, and information sent back to AVG.
Once configuration is complete, AVG will run an update to ensure current coverage. After updates run, the Firewall setup is next. The options start by selecting how you connect to the Internet. Standalone Computer, Computer in a domain, Computer on the move, and Small home or office network are your available options. For this test, Standalone Computer was selected. (Default option)
The firewall will scan selected drives for Internet applications. After scanning, the network is detected and you are prompted to take action, giving it a name of Home and selecting Allow will clear the Standalone Computer for normal operation. (Those were the options set for this test; you can choose what ever is relevant for your needs.)
After all the setup and configuration is complete, the program is ready to go. Double clicking on the AVG logo in the icon tray brings up the AVG IS8 control panel (user interface).
As you can see, there are well laid out options for control of the program. Each one offers directions and help on how to best use their options. There are even links to advanced options for almost all of the Control Panel functions. The downside to all of this, which is common in many “All-in-One” offerings, is that the multitude of options can be overwhelming to some users.
During this test, AVG was subjected to various attacks, and the VM computer was intentionally infected with various Malware to see what AVG would catch. One of the major things that caused issues in the Norton 360 2.0 tests was MalwareCore. MalwareCore is malicious, despite its claims, and is a pain to get rid of. During the Norton 360 2.0 tests MalwareCore was the reason Spybot S&D had to be installed to remove various bits of the software Norton missed.
(Note: Despite the action of MalwareCore, Norton 360 2.0 is still a great AV solution. MalwareCore however was used in this test to see if the two products acted any differently with detections and removal.)
When attempting to download the Zeus Trojan that has made the news recently, AVG instantly flashed a warning. This block is expected, it matches with the promise of proactive coverage to new threats online, and at the time of the test, the Zeus family of threats was about two days old in the news.
After that block, the next step was to see if it would catch a brand new location for Zeus. (Searching for http://myscreensavers.info/zupa.exe) turned out to be an empty search as the site was closed, however it did trigger something unexpected. Since the site was unknown and closed, AVG opened a search page. The page is a search listing from Yahoo and contained links to the news about zupa.exe. The auto redirection had to be turned off following directions located on the results page.
Now for the MalwareCore test, as it has been coined in the Tech Herald lab. This is, as mentioned previously, the Malware that was hard to remove, and only partially flagged in other reviews. MalwareCore was located by simply typing its name into Google. The second the site was accessed AVG blocked it.
After forcing the warnings to allow site access, MalwareCore was again blocked when the download link was clicked, and after ignoring the warnings, blocked a third time when installing.
When Running a MalwareCore scan, MalwareCore made up problems when it couldn’t find any (this was a clean fully patched system), and will remove them for a small fee.
The removal option was ignored and MalwareCore uninstalled using the Add/Remove Program options in XP. The total time for MalwareCore on the system was about five minutes.
The first scan with AVG after the removal of MalwareCore was shocking, not only the speed of the scan but the issues it discovered.
Picking up 199 issues (Registry problems including Adware, Downloader files, Trojan files) and one instant of Zlob Trojan, the total scan took forty minutes to scan the whole VM machine.
After the first scan, the infections were left. The next morning the scheduled scan kicked off and the results were interesting. Within the span of a few hours, MalwareCore had added more files to the VM system, and AVG located and automatically removed twenty-two infections.
When Malware was downloaded and placed on the computer AVG removed the files instantly with only a warning when they were accessed. (When left alone on a removable drive, AVG detected the Malware’s movement to the main drive and removed them.) Getting Malware on to the C: Drive of the VM computer was a pain. Once placed on the main drive there was little chance of accessing it and infecting the system.
Email was tested as well, as AVG advertises strong mail protection. Out of all the email scanned (636 messages) there were twenty-nine items incorrectly allowed into the inbox.
(Interesting note with the email test is that of those incorrectly allowed in to the email box, many of them had the exact subject, and content as those correctly assigned as spam.)
The results of the email test suggest that training of the email box is needed, and that some of the scanning should be tweaked in the options. (Training the email client is supported on all popular email programs, for this test, Outlook Express was used.)
In the end, AVG Internet Security 8 delivers as promised. The coverage and detection of Malware, both online and on the desktop as well as in email, hit the mark as advertised. The positives that stand out are the solid scanning features, and low system footprint. While scanning the system, and running a full suite of applications, AVG did not degrade system performance. It should be noted with the Control Center open, and the rest of the system at rest, AVG takes about 100MB of RAM.
The negatives are few, but should be noted when researching AVG Internet Security 8. Asking to change the default search in Internet Explorer to Yahoo would be missed by most users, who will simply click yes and move forward. (It is enabled by default.) Likewise, the Control Center, while appealing to the eye and relatively simple to navigate, is bulky, and the massive choices of options will confuse some users.
AVG Internet Security 8.0 is recommended, and highly useful with an overall score of 8.5 out of 10.
Windows XP SP2 (Completely patched)
Intel Pentium D 3.4 GHz CPU
AVG Internet Security 8.0 (Full Paid Version w/ Toolbar add-on and reporting allowed)
Adobe PDF Reader 8.1
Spybot S&D 1.52
Outlook Express (email testing)
Internet Explorer 7.0
With AVG Internet Security 8 installed and with Windows XP SP2 (w/IE 7) completely patched, all the default settings were picked, and aside from email testing, no tweaks were performed.
The testing was as follows:
1. Infect system with Spyware and Malware:
A. Install known malicious software
B. Visit known malicious websites
C. Using the list from http://www.it-mate.co.uk/downloads/hosts.txt
2. Infect system with known Viruses:
A. Samples from offensivecomputing.net
B. Known samples from live websites (Zeus and MalwareCore)
3. Phishing and Online Fraud:
A. Visiting sites included in random email samples (8 out of 8 samples caught)
Malware Sample: Virus.DOS.I13.Kraken.1223
Malware Sample: IEKeyLogger-DOT-.dll
(AVG flagged as suspicious, but Vtotal shows no coverage.)
Malware Sample: Four variants of Zeus Malware
While not the most scientific of tests, the goal was to take a fully patched system and blast it with known Malware. The mentality behind this was to mimic the common user, one with little to no knowledge of Internet security or safety.
The test is rated on four parts each worth twenty-five points:
1. The ease of use to the end user and program settings
2. Ability to detect and remove Malware samples
3. Active defense when surfing known malicious websites
4. Active defense when visiting Phishing or other malicious links inside of email
In this test, AVG Internet Security 8.0 rated the following:
1. 10 pts (Yahoo settings, Redirect search, and Control Center)
2. 25 pts
3. 25 pts
4. 25 pts