Review: Panda Internet Security 2009by Steve Ragan - Dec 18 2008, 10:40
The Tech Herald reviews Panda Internet Security 2009 (IMG: Panda / S.Ragan)
In its continuing series of security software reviews for 2009, The Tech Herald fired up its lab computer and gave Panda Internet Security 2009 a test drive.
Panda Security, the company behind the software, was started in 1990 by Mikel Urizarbarrena in Bilbao, Spain and the newest line of security software takes advantage of Collective Intelligence, according to company documentation. With the company claiming their security software to be faster than any previous version, we wanted to see how they measured up.
Installing Panda Internet Security 2009
The software was tested on an Intel Pentium D 3.4GHz (Dual Core) computer, with 1024MB RAM, running Windows XP SP3. Following installation, Panda scanned the system and was sensitive enough to pick up a single cookie on a "clean" system and mark it as Spyware. Though the finding of the cookie was expected, we placed it there as documentation said the system would be scanned, it was good to see something potentially harmful was nabbed instantly by the software.
The choice we used to install Panda was "Typical". Users have the option for a more granular installation but most users will prefer the "Typical" option, which installs all security modules. The whole process of installation clocked in at just over six minutes from start to finish and, as there are no configuration options, Panda is ready to use once you reboot and register the software.
Using Panda Internet Security 2009
Once rebooted and registered, you will be prompted to update the software. Updates on Panda Internet Security 2009 are quite fast and the only glitch occurred when Panda updates ran alongside Windows updates, causing the system to lag. There are two places to launch manual updates on the home screen; however Panda will enable automatic updates by default.
After the update, we launch a self assessment test. Right clicking the Panda icon in the system tray will allow this option. Anything less than HIGH means a module is disabled or another aspect of the system needs to be checked.
The home screen on Panda Internet Security 2009 is a sticky-sweet gob of eye candy as it is really easy on the eyes, and it also scores points for simplicity of navigation. Similar to Norton Internet Security 2009, Panda’s home screen has a large status area. This will alert the user to any problems the system has detected, or if one of the security modules is disabled. Another standout feature is that the menu itself is fast - during testing there was almost no delay when moving through various options.
There are five tabs on the home screen, Status, Scan, Report, Quarantine, and Services.
The Status tab shows three sections: Protection, Maintenance and Updates. These contain the bulk of the software controls, allowing fast one click access to all of the settings. While there are six links in the protection block, settings for each of them can be controlled by clicking any single item. Switching modules on or off was as simple as expected, and configuration options for each module are easy to locate.
Specifically, the settings and options for the Firewall module are wonderful for a novice user. The controls are simple to master, and while not as advanced as the other Firewalls, this one stands out because of its simplicity. You have Firewall access to applications, Windows Services, and Port controls; each of them managed by a dropdown control.
The Update block allows control over updates. While Automatic is default, there is also "on demand" updating, and a section where Update status can be viewed.
The other tabs are equally easy to manage. Scan uses large icons and text to outline what the scanning option will do. Users can access a Full System Scan, Disk Scan, Email Scan, or create a custom scan of your own.
There is also a Vulnerability Scanner, which is used to discover vulnerable applications installed on the computer. The Vulnerabilities detection will also offer a link to Windows Update.
The Report tab offers you a visual look at how Panda is working where users can track the various actions the software has taken over time. Quarantine grants access to the vault where some flagged items are sent. During testing, most Malware was completely removed. Finally, Services allows access to email support, panda service bulletins, suggestions, suspicious file submittal, and other options.
If you get stuck, help is easy to find in Panda Internet Security 2009. Help is a static link on the upper right of the Panda menu. It launches a file that is broken down into various subsections for each aspect of the application.
The main page of the help menu uses a quick links design, granting one-click access to various topics. The help is extensive and uses both images and step-by-step instructions. This is unique as the help offered by Panda is just as detailed as Norton or McAfee, but geared towards a novice.
There are 31 FAQ topics in the help file, outlining some of the more common issues one might face. There are also web links to online help though at the time of this review, the web help offered no information on Panda Internet Security 2009.
Scanning with Panda Internet Security 2009
While not as fast as some of the other anti-Virus engines, scanning the whole system with Panda was quick. Yet, there was no evidence that the software used any sort of whitelisting to prevent the re-scanning of recently scanned clean files. This is noted because the same feature was seen in other anti-Virus tests.
What Panda does offer though, is technology called Collective Intelligence which works as an online, real-time database that stores the majority of signature files. Collective Intelligence explains the fast updates, because before a scan starts you will notice that the coftware connects to something online.
While Collective Intelligence did not show any noticeable help to the scanner when it scanned the full system (whitelisting previous clean files), there was a noticeable improvement (albeit slight) with each consecutive scan.
On the lab computer, 5.80GB’s of space was used on the disk. Of that space 561MB was used in a folder named content.
The content folder consists of simple files to add bulk and give NIS 2009 something to scan. The files used included fonts, images and icons, PHP, HTML, and CSS files, as well as ZIP and RAR archives for a total amount of 21,816 files. It should be noted that none of these files were malicious.
Full System Scan (Panda Internet Security 2009)
Full Scan 1 - 00:22:31
Full Scan 2 - 00:29:34
Full Scan 3 - 00:23:20
Full Scan 4 - 00:22:39
Full Scan 5 - 00:20:38
Average Scan Time: 00:23:44.4
There is little doubt that if the test has lasted ten or twenty scans the total time would have gone down further. Yet, no user will scan their system repeatedly. Maybe Collective Intelligence has something to do with the steady decline, but there is no solid evidence that confirms this.
Malware testing for Panda Internet Security 2009 was the same as the other anti-Virus tests. There are 39 samples of Malware packed into a password protected archive. The first part of the Malware detection test is to see if the Malware samples are detected within the archive, as it is password protected.
During this part of the test, if the Malware is not detected, then the software loses one point. Panda failed this aspect of the test, as it did not detect any of the Malware samples while inside the archive.
Once the samples were unpacked and loaded as 39 single files, Panda did much better, detecting 38 of the 39 samples. The missed sample, Sality.K, was claimed to be disinfected by Panda. When tested and scanned by VirusTotal, the sample was still malicious, and when accessed on the system, infected it.
During the KeyGen Test, Panda did something no other security vendor tested by the Tech Herald has done. It failed.
KeyGens are used to crack commercial software, and most of the ones you download online are malicious. This file is known to be malicious, as several of the KeyGens included in the package are Malware.
Every other vendor during this test, has caught the Trojan, often detected as a member of the Zlob family instantly, and halted the KeyGen collection from unpacking. Panda however allowed the KeyGen to unpack and install. Once on the system, and completely unpacked, Panda then started to notice all the Malware collected within the various KeyGen’s.
It is because it flagged the secondary Malware, that it will earn three out of five points for this test.
Malicious URL Detection
Panda, with a solid Firewall and proactive Internet protections, scored really well in this section of the testing.
The first domain tested was a rogue anti-Virus application. The program, Antivirus Pro, instantly warns the user of several problems, and will gladly fix and remove these issues once registered. The nature of this URL, and the software downloaded, is a scam. The cost of $29.95 includes the offer of $9.95 for software updates, and $9.95 to get Anti-Spyware protection.
This test was the most impressive out of all the ones Panda took. The reason is that they are the first vendor to block this site outright with Panda giving the page no chance of loading.
Panda stopped this page from loading XP AntiVirus. It blocked it as the application was downloading. The Firewall acted by clocking the IP address the download originated from, and deleting any trace of the EXE.
Again, as it did with XP AntiVirus, Panda blocked an installation of WinDefender 2009 from its originating source.
At the time of this article going to print, this site was still active. It is one of the newer Malware sites, and it loads a fake AV scanner. Not only will this site load your computer with fake Virus warnings, it will attempt to install legit Malware on its own.
However when the page loaded it redirected itself to another domain when you access any link on the page. The domain, hxxp://files.proas2009-dl.com/load/(REMOVED), prompted a unique warning from Panda. (File name altered to prevent linking.)
The error in the image says, “Panda IS 2009 warning: The file (URL link) could contain viruses and has been deleted.”
This is the only site that gave Panda trouble. While Panda slaughtered the attack of fake AV software, fake codec’s are another matter. The codec was allowed to execute with no errors or prompting from Panda.
Spam Detection and Filtering
Panda Internet Security 2009 offers Spam protection, claiming a rate of 97 percent in their marketing and promotional materials. However, when Panda was given a sample of 600 Spam emails to block, it only tagged 295 of them. This is a detection rate of 49.1 percent. However, as with previous Spam filters, Panda’s filter is trainable. This means 97 percent is a very reachable goal.
For this test, 95 percent or better was needed for a full five points. Since Panda’s Spam protection is trainable, one point was awarded.
Extras and other features
Panda has a killer Parental Controls. As a father of two, my kids are drafted into being the unwilling test subjects for any testing of filter products. I was able to keep them out of scores of sites, in areas such as Games, Social Networking, Weapons, Medicine, and Investments using this software, but the most important ones, Sex and Violence, worked as expected.
I kept kids on either an employee setting or teen setting when testing the filters. The difference between the levels are the restrictions offered by default. There is also a solid white and black list for known URLs. If you want to alter the default settings on the various levels you can, or you can create new ones.
Despite the issues in the Malware testing, overall Panda Internet Security 2009 is a rather decent. It can improve on detection for some of the older Malware, but most of the new and common threats were instantly blocked and removed.
While it did not earn the top score, it is still worth a look if you are shopping for AV solutions.
I liked the ease of use in navigation; the look and feel of the product and it scored well in the total control users have over the various aspects of the software.
However, I still expected a higher score in the Spam testing and Malware testing. To be honest, I expected 100 percent as with any test. Panda started off with such a bang during the Malware testing a perfect score was almost certain.
The KeyGen testing, missed codec, and Spam filtering are what hurt it the most.
Despite this, Panda Internet Security 2009 is a well rounded product. There are some hitches, but that only means the company has room to grow.
The final score for Panda Internet Security 2009 is 86.74 out of 100.
Panda Internet Security 2009 was installed on a Windows XP computer with Internet Explorer 7 and Service Pack 3.
The Microsoft updates were current and all additional software updated. The system used was an Intel Pentium D 3.4GHz CPU (Dual Core) with 1024MBs of RAM.
The following is a breakdown of the lab testing with point values.
Installation (10 points total)
This test covers how fast the software installs, and rates the configuration options. How simple is it to install?
Panda earned 10 points.
Navigation and Controls (10 points total)
This rates how easy the software is to navigate and use. Are all the menus and controls easy to locate? Are the various functions and controls easy to understand? Is there help for the options? If help is available, how easy is it to locate?
Panda earned 9 points.
Scanning (15 points total)
Scanning covers the scanning speed, the various scanning options, and control. One aspect that is important in the control measurement was how easy it was to halt a scan in progress.
Panda earned 13 points.
Detection (15 points total)
This test centered on signature updates and controls, as well as monitoring and detection. One of the focal points was how accurate the detection was when locating Malware.
Panda earned 13 points.
Resources (15 points total)
Does the software drain system resources? Can the software be completely disabled? If there are help files available, how complete are they? Are the help documents easy to follow and are they relevant?
Panda earned 15 points.
Software Options (10 points total)
Does the software include other features that layer security? Are there other features that are added in that are non-security related? Are these features useful? Do they overlap one another or other features on the computer?
Panda earned 10 points.
Malware Testing (10 points total)
This test uses 39 samples of Malware, each worth .26 points (rounded up). The goal is to have each one discovered by the detection engine. The test is in two parts, where the samples are zipped in a password-protected archive and scanned, and then placed into an unprotected archive and scanned.
There is a loss of one point if there was no detection for password-protected archives. This is because some engines will flag password-protected files for inspection, which is a good protection point. As the bulk of the AV market allows exemptions for various files and file types, the legit password-protected files could later be exempted.
Panda earned 8.74 points.
The KeyGen Test (5 points total)
The KeyGen test is a simple test to pass for any vendor. As the self extracting executable launches, the first task it performs is write a temp file that links to a downloader. The downloader, as well as the various KeyGens in the archive, all link to Malware.
Panda earned 3 points.
Malicious URL Testing (5 points total)
The malicious URL test takes five random URLs, known to be malicious, and judges the software's reaction to what the user does. The software is judged based on its response to visiting the site and its reaction to any software downloaded. The software must react in order to pass this test.
Some of the URLs tested were discovered by the team at Malware Database (http://malwaredatabase.net) and shared with The Tech Herald.
Panda earned 4 points.
Spam Blocking Test (5 points total)
This test rates the Spam-blocking ability of the software. A full score means that the software blocked 95 percent of the Spam samples sent.
Panda earned 1 point.
TOTAL SCORE: 86.74 / 100