Review: ESET Smart Security v3.0by Steve Ragan - Feb 23 2009, 12:03
The Tech Herald reviws ESET Smart Security v3.0 (IMG: ESET)
ESET is known for their NOD32 anti-Virus engine. With Smart Security ESET has taken that engine and added anti-Spyware, anti-Spam, and a software-based Firewall to the mix creating an all-in-one security package. The Tech Herald had a chance to take the software for a spin, and while there were some areas for improvement, overall ESET Smart Security lives up to its name with a high degree of intelligence.
Installing Smart Security
Installing the software was an easy process. The menu driven installation moves along rather fast, the only holdup during the install came when driver settings were being configured. The total install time was just under six minutes (5:55), and most of that was waiting for drivers. After the installation is complete, there is a simple configuration where you will need to pick sharing options, this is the advanced trusted zone setup, where you will either allow or deny the sharing of files and printers.
Using Smart Security
Once installed, using Smart Security is rather easy. The initial navigation is designed in a way that the end user can locate options in a snap. There are five options off to the side of the main home screen, including the top option, which is a status monitor.
As seen with some of the other security suites reviewed by The Tech Herald, the status monitor will alert you to issues with the ESET program. For example, if something needs updated or is disabled, the icon turns red. If things are working as is, then the icon will remain green.
Smart Security offers two levels of menu control, Standard and Advanced. The Standard view will allow just enough control for the end user, while Advanced offers more options, and potentially more confusion.
Standard mode, as seen below, will simply tell the user that protection is enabled and working. You’ll have to use the system try or dig within the program to disable protections when in Standard mode. Advanced mode offers a granular view and expanded access to the Setup menu, where protection modules can be disabled one by one.
The confusion from the levels of control can come from the Firewall module. While in the Advanced mode, if configured improperly, Smart Security will block all access to the Internet, and an end user will have a hard time figuring out what settings to revert to make things right again. There is extensive help in this area, but as with other security suites that offer this granular control, if you are not familiar with Firewall operations, let the software manage it for you.
Scanning with Smart Security
Scanning with Smart Security was thorough, and the active defense covered exactly what would be expected. The problem however, is that it was slower than expected.
On the lab computer, 5.80GBs of space were used on the disk. Of that space, 561MBs were used in a folder named 'content'. The content folder consisted of simple files to add bulk and give Smart Security something to work with.
The files used included fonts, images and icons, PHP, HTML, and CSS files, as well as ZIP and RAR archives for a total amount of 21,816 files. Once again, as seen in Norman’s review, Smart Security got bogged down in the content folder.
Full System Scan (ESET Smart Security)
Full Scan 1 - 01:22:00
Full Scan 2 - 01:26:00
Full Scan 3 - 01:26:00
Full Scan 4 - 01:25:00
Full Scan 5 - 01:26:00
Average Scan Time: 01:22:00
The initial scan time for the first run should be expected with an unknown. Yet, the subsequent scans should have checked to see if the file had been altered or if it needed to be scanned again after it was marked clean, as seen in other solutions. This scanning session only shows that no two security suites are created the same. Some users will not be bothered by the average scan time; however, considering the trend with security software, it is likely that ESET will change things soon on Smart Security.
The Malware testing consisted of 39 samples. The initial test placed all 39 samples in a single folder, each inside a password-protected ZIP archive. Smart Security was launched to scan the password-protected archive and see if it would detect any of the samples.
Smart Security, like several scanners before it, failed to flag the Malware within the archive.
The second part of this test called for Smart Security to scan all 39 samples outside of the archive. During this test Smart Security missed three samples, detecting 36 out of 39. The list of the missed samples is below.
VT Score 18 out of 39
VT Score 38 out of 39
ESET Smart Security flagged this as LdPinch. It reported it as a potential malicious file. However, it failed to prevent it from being accessed, and it was allowed to run on the system. It is because of this that the file is counted as missed.
The image below shows LdPinch running after it was flagged and marked by Smart Security.
VT Score 37 out of 39
Like LdPinch, Smart Security flagged this sample. However, this too was left on the system. Not only was it flagged and left on the system, it was allowed to execute, and this is where the fun starts.
After RAHack_2 was initiated, it appeared that nothing happened. Yet, after about ten minutes Smart Security threw a warning that it had discovered a threat, calling it NewHeur_PE. The warnings and discoveries of Malware on the computer in the lab continued for well over an hour. Each new item was flagged as either Allaple.Gen.worm or probably unknown NewHeur_PE virus.
The Malware detected was discovered in the content folder on the lab system. Comparing the Content folder on the lab system with the control version used as a base showed that RAHack_2 had cloned itself on the drive.
The samples on the drive were sent to Virus Total, and the results were clear. (36/38 detected)
It should be noted that, even while RAHack_2 moved about, Smart Security blocked the new payloads and fought them as best as it could, preventing them from doing more harm.
However, the lag of the infections and the continual popup warnings caused the Malware test to end and the system to be restored using the base image.
The third part to the Malware test centered on a self-extracting zip file, with several hundred KeyGens contained inside.
KeyGens are used to crack commercial software, and most of those downloaded online are malicious. This particular file is known to be malicious, as several of the KeyGens included in the package are Malware. Scanning the KeyGen archive showed nothing malicious. The second the archive was executed however, Smart Security flagged it by detecting Zlob.CIW.
[Note: The two samples, after being flagged as malicious, were run anyway against proper process. As an end user, if your security application flag’s a Zip file as malicious, you should be cautious and never execute the application. If you downloaded the program from a business or software website, contact the author and scan the file with a separate Malware scanning application, such as Malwarebytes' Anti-Malware. During this test, the files scanned and flagged were known Malware, so their detection wasn’t unexpected.]
Malicious URL Detection
The malicious URL detection test consists of five URLs, known to be malicious and picked at random from a current list of rogue Web sites. These sites contain Drive-By-Downloads, or malicious software, each with the goal of infecting the user who visits them.
To pass this test Smart Security had to block access to the malicious site by using the Firewall, or detect the Malware downloaded from the site.
This website succeeded in installing a rogue anti-Virus software package. Once installed, a nice popup will thank you for installing WinDefender 2009.
Another fake anti-Virus site was attempted. Unlike the first, Smart Security not only prevented the application, it stopped the page from even loading.
Both sites were blocked by Smart Security for attempting to pass the JS.Kryptik.B Trojan.
This site was prevented from infecting the system. Smart Security blocked a variant of Win32/Adware.IeDefender.NIC.
Spam Detection and Filtering
Smart Security comes with the ability to protect email as one of the layers within the suite. The email scanning is trainable, which is a good thing considering that like other security suites, Smart Security did not do as well as expected out of the box.
There were 839 sample emails downloaded to the test system. All of them were Spam. Out of the 839 emails downloaded, Smart Security correctly flagged 530 of them as Spam. This gives it an out of the box detection rating of 63.2 percent.
However, because this is a trainable anti-Spam system and it comes with simple navigation controls, Security was given, and one out of five points was awarded for this test.
Better than average is the term that comes to mind. ESET’s Smart Security suite is well-rounded, but clearly can use a speed boost with scanning. Yet, despite its flaws, it wasn’t that bad of an application to use.
The problems with detection, which honestly any security suite will face, are what stand out as issues. Slow scanning has been around for ages, but flagging a file as malicious, and then allowing it to run is bad. The two files in question were executed twice, just to confirm the results. In both cases the system was infected.
However, ThreatSense, which is a part of the scanning engine, is the likely reason that when RAHack_2 went crazy and overloaded the test system, there was any warning at all.
The good news is that ESET already has Smart Security v4.0 in testing. Currently it is in the Release Candidate phase, so a final product is expected soon. ESET says they plan several improvements to the new version, and odds are that scanning and detection are just two of them.
While Smart Security had some issues in testing where Malware removal was concerned, as well as Spam detection, it scored high when it comes to established help, ease of use, and system resource usage.
Again, better than average is the term that comes to mind. There are some flaws, but you hardly notice ESET running until it acts on your behalf. Updates are almost instant, there is little to go on when the system updates. Sometimes, you will never know it is current until you view the Update section of the control panel.
ESET Smart Security v3.0 is worth a try. However, with Smart Security v4.0 due soon, wait for an upgrade, or get the current version now, and once the new version is available make the switch for the latest code and protection.
The final score for ESET Smart Security v3.0 is 89.22 out of 100.
ESET Smart Security was installed on a Windows XP computer with Internet Explorer 7 and Service Pack 3.
The Microsoft updates were current and all additional software updated. The system used was an Intel Pentium D 3.4GHz CPU (Dual Core) with 1024MBs of RAM.
The following is a breakdown of the lab testing with point values.
Installation (10 points total)
This test covers how fast the software installs, and rates the configuration options. How simple is it to install?
ESET earned 10 points.
Navigation and Controls (10 points total)
This test rates how easy the software is to navigate and use. Are all the menus and controls easy to locate? Are the various functions and controls easy to understand? Is there help for the options? If help is available, how easy is it to locate?
ESET earned 10 points.
Scanning (15 points total)
Scanning covers the scanning speed, the various scanning options, and control. One aspect that is important in the control measurement was how easy it was to halt a scan in progress.
ESET earned 13 points.
Detection (15 points total)
This test centered on signature updates and controls, as well as monitoring and detection. One of the focal points was how accurate the detection was when locating Malware.
ESET earned 13 points.
Resources (15 points total)
Does the software drain system resources? Can the software be completely disabled? If there are help files available, how complete are they? Are the help documents easy to follow and are they relevant?
ESET earned 15 points.
Software Options (10 points total)
Does the software include other features that layer security? Are there other features that are added in that are non-security related? Are these features useful? Do they overlap one another or other features on the computer?
ESET earned 10 points.
Malware Testing (10 points total)
This test uses 39 samples of Malware, each worth .26 points (rounded up). The goal is to have each one discovered by the detection engine. The test is in two parts, where the samples are zipped in a password-protected archive and scanned, and then placed into an unprotected archive and scanned.
There is a loss of one point if there was no detection for password-protected archives. This is because some engines will flag password-protected files for inspection, which is a good protection point. As the bulk of the AV market allows exemptions for various files and file types, the legit password-protected files could later be exempted.
ESET earned 8.22 points.
The KeyGen Test (5 points total)
The KeyGen test is a simple test to pass for any vendor. As the self extracting executable launches, the first thing it does is write a temp file that links to a downloader. The downloader, as well as the various KeyGens in the archive, all link to Malware.
ESET earned 5 points.
Malicious URL Testing (5 points total)
The malicious URL test takes five random URLs, known to be malicious, and judges the software's reaction to what the user does. The software is judged based on its response to visiting the site and its reaction to any software downloaded. The software must react in order to pass this test.
Some of the URLs tested were discovered by the team at Malware Database (http://malwaredatabase.net) and shared with The Tech Herald.
ESET earned 4 points.
Spam Blocking Test (5 points total)
This test rates the Spam-blocking ability of the software. A full score means that the software blocked 95 percent of the Spam samples sent.
ESET earned 1 points.
TOTAL SCORE: 89.22 / 100