Review: Panda Internet Security 2010by Steve Ragan - Jun 25 2009, 21:30
Review: Panda Internet Security 2010
Panda Security recently introduced their 2010 line of security software, kicking off the 2010 product push that other vendors will be sure to follow throughout the summer and into the fall. Since The Tech Herald has previously reviewed Panda Internet Security 2009, we took a copy of 2010 and gave it a spin in the lab.
One of the first things we noticed is that Panda Internet Security 2010 (PIS 2010) looks and feels the same as the 2009 version. The menu placement, the color scheme, the layout of the options, and the detailed information are all exactly where they were one year ago. While that might seem like a bad thing, in reality it is a positive spin. Anyone who upgrades will forgo the need to learn new menus or features. They can just install it and go.
Overall, Panda Internet Security was faster when it came to usage and resources, and stronger detection-wise, in 2010 than it was in 2009. Most of the improvements come from Collective Intelligence, Panda’s cloud services that bolster detection performance, and tweaking in memory usage. When performing URL and Malware tests, as well as the scan tests, the engine reminded us of Panda’s Cloud Antivirus. At the same time, that does not mean that some minor annoyances didn’t catch our attention.
Installing Panda Internet Security 2010:
Installation, which was wizard based, ran quickly, and as was the case for the 2009 version, finished in just under six minutes. When you start the process, you have the option to select how the software is installed. For our testing, we went with the Typical Install, simply because for the most part this is what all of Panda’s consumers would select. After that, PIS 2010 will launch a quick scan of system, memory, and some of the C: drive. The scan was over almost as soon as it started, which is a good thing.
Last year, in PIS 2009, this pre-installation scan dominated the install process. This year, it was the opposite; it was the component installation that used most of the time. In either case, the installation still finished fast with little user interaction. Aside from the selection of the install method, the only real choice a user has to make is whether to allow Panda to collect anonymous information on detections and malicious file samples.
It’s interesting to note that the activation is wizard based. In addition, activation and registration will take place only after the system reboots once installation is complete. However, the process is easy. Once all of that is finished, you are ready to launch the program for the fist time.
Using Panda Internet Security 2010:
The first time you launch PSI 2010, you will need to update it. The update process takes a little time, but it isn’t too slow.
As you can see from the image above, we were serious when we said PIS 2010 looks and feels like 2009. In reality, this made the review even easier, as we didn’t need to dig around to see what options did what, only confirm they were where we expected them to be.
The five main tabs, Status, Scan, Report, Quarantine, and Services, are all there. As before, the focus of the control panel is the Status tab, which explains all of the coverage, as well as a brief overview of what PIS 2010 has done so far. The colors, Green for protected, Yellow for medium risk, and Red for immediate danger, are the same. Likewise, the Status tab allows for one-click access to each of the various modules and their options and settings.
One thing that stood out in PIS 2010, when compared to PIS 2009 is that the help section has had some improvements. When using the system help manual, the FAQ, the different categories, and the indexing were all easier to follow and explained in detail what each option and component is. Online, unlike when we reviewed PIS 2009, we were easily able to locate Web help for PIS 2010.
Also, as expected, when you are inside the settings of any given module, for example the firewall, there is a help link for that area linked on the lower left of the window. This will take you directly to the relevant section of the manual for easy guidance. If you still need help, the Service tab offers direct email contact to Panda’s tech support.
Another improvement to PIS 2010 over the 2009 version is the firewall controls. Before they were easy to use and work with, now they are still just as easy for manual control, but there is more focus on automatic “Smart Configuration”. What makes this nice is that when we tested PIS 2010, the only time the firewall prompted us for permissions was when Adobe updated. The newer version of Adobe led the firewall to ask us if we still wanted to allow the application access to the Internet. We also noticed during testing of malicious URLs that the firewall was more proactive.
As we said before, we didn’t expect a slew of new features, but considering the pattern most vendors have with interface enhancements in each new product version, it was nice to see Panda stick with an interface that worked.
Resource-wise, as you can tell below, Panda is using about 13MB of memory on the system. The image was taken as the system sat idle for a few minutes. For the most part, you don’t notice the application when attempting to work on the system, and even the alert notices are few and far between.
Scanning with Panda Internet Security 2010:
The scanning on PIS 2010 is the only thing that was frustrating during our testing.
Full System Scan (Panda Internet Security 2010)
Full Scan 1 - 00:20:48
Full Scan 2 - 00:27:43
Full Scan 3 - 00:25:30
Full Scan 4 - 00:24:29
Full Scan 5 - 00:22:36
Average Scan Time: 24:13.2
(AST PIS 2009: 00:23:44.4 – reviewed 12-2008)
On the lab computer, 7.08GB’s of space was used on the disk. Of that space, 1.32GB resides in a folder named content. The content folder consists of simple files to add bulk and give PIS 2010 something to scan. The files used included fonts, images and icons, PHP, HTML, and CSS files, as well as ZIP and RAR archives for a total amount of 21,806 files. It should be noted that none of these files were malicious.
As you can tell, the 2010 version was about the same when it comes to scanning speed, just over a minute slower. To be fair, there was more content this time on the drive. This comes from various things, including the increase in volume because of Windows Updates, application updates, etc.
Since this wasn’t an apples to apples scan comparison, you should in no way see the scan results from 2009 as better than those in 2010.
This was not what frustrated us during testing. What frustrated us was the lag, which was persistent no matter if you scanned a single file or a thousand of them, that causes a few seconds of delay while PIS 2010 connects to Panda’s global network.
For the average consumer, this might not matter at all. Yet, considering that during our tests we ran dozen of scans on single items, in addition to the scans during the drive scanning tests, this small lag added up. One positive note however, is that while Panda was scanning IM traffic, or while Collective Intelligence was passively scanning the system in real-time (it checks files and traffic as you surf, download files, and access new files), there wasn’t a single instance of lag. None.
When it comes to proactive scanning, during testing, Panda had an itchy trigger finger on samples that could be risky. In some cases, during Malware testing, simply placing the sample on the drive was enough to make Panda react, by alerting and removing the sample. That was great to watch and comical.
[Try to imagine testing Malware on a system with active AV monitoring. You unpack a sample, and as soon as the folder appears on the drive, it’s gone. Then repeat this process 200 times, and you can see how we started to feel like this was a game of hide-and-seek with Panda. Once thing is certain, the only way we could get the samples onto the system was to disable Panda completely.]
Malware testing on PIS 2010 was different than it was when we tested Panda’s 2009 product. This is due to a few things, mostly because new software means new tests and samples. It wouldn’t do any good to throw the same samples at Panda considering they have seen them once. So, instead of 39 samples of Malware, we used 400.
This part of the review is worth 50 points overall. Each of the Malware samples is worth 0.125 points. The samples come from various sources including Spam attachments, downloaded samples from malicious Web sites, Malware collections online, etc. The aim was to allow PIS 2010 to detect things that most Internet users will come across.
[Edited on 8-30-09 to correct point level and the number of samples tested. Panda was retested to align with new testing practice in the TTH lab. While the same samples were missed, oddly, the score was unchanged. 2010 security testing places more weight on Malware detection and removal, for those who are curious about the policy change. -Steve]
Each sample must be flagged or removed before it is considered a pass. In some cases, AV engines will simply disable the Malware, preventing it from functioning, or quarantine the item rendering it useless. If the tested software does this, even if the item isn’t deleted, then the sample is a pass.
Out of all of the samples, PIS 2010 missed two.
Rotator-B – (VT breakdown)
Panda flagged the sample of Rotator-B as suspicious, but it never removed it. In addition, the sample was allowed to function. Because the sample was flagged only and not removed, in addition to allowing it to function fully, we counted this as a miss.
Bagley (VT breakdown)
Panda simply missed this variant of the Bagley Worm. The sample was collected from an email attachment. As it was allowed to execute, it was counted as a miss.
Malicious URL Detection
Like most Internet Security suites, Panda offers proactive protection thanks to their firewall. In the 2009 tests, we sampled five active and malicious domains. For this year, we will double that sample size, using domains that were active within the last 24-48 hours.
There is no give to this test, which is worth ten points overall, as it is simply pass or fail. To pass, the vendor will need to prevent the malicious domain from loading, or if loaded, prevent the Malware from being executed on the system.
[Note: the following uncensored list of domains could be harmful if visited. They were each active during the testing period and could infect your system. Do not attempt to view them.]
The site was blocked with a warning from IE8, as it attempted to exploit ActiveX. However, Panda reported a “Virus was neutralized…”
PIS 2010’s firewall simply halted the site with the following message in the browser: “"Panda IS 2010 warning: The file hxxp://brandgoda.com/ was infected by the JS/Gumbler.A virus and has been deleted."
"Panda IS 2010 warning: The file hxxp://bbatzkvfha.net/ccsuper0.php could contain viruses and has been deleted."
"Panda IS 2010 warning: The file: hxxp://220.127.116.11/pay/enter.php?id=2 was adware and has been deleted. Adware name: Adware/Popuper. Adware is software that displays advertising on your PC."
Panda flagged Adware on this site, but the interesting thing was that it flagged it after it killed the download. At the same time IE8 issued a warning that the download was dangerous.
Panda acted by killing the download, but not before something was downloaded to the TEMP directory, which needed removed. After Panda removed the file from the TEMP directory, it needed a reboot. At the time this download was started, IE8 warned that it was dangerous.
This URL came via a recent email that offered The Tech Herald a special patch for Microsoft’s Outlook. The Malware, which has semi-low detection, is a part of a new round of Spam circulating online. [VT breakdown]
When the site loaded, as seen below, neither IE8 nor Panda attempted to warn or block the site. Once the “Outlook patch” was downloaded and executed, Panda took offense, called it “suspicious”, and refused to let it function.
This site attempts to load Rogue anti-Virus designed to steal information, take your money, and download Malware to the system. Once the installer was downloaded, and attempted to install the needed files, Panda blocked the download calling it a "potentially unwanted program" thus killing the operation.
This site also installs a Rogue anti-Virus application. The name of the fake AV, System Security 2009, is one of the dumbest looking knockoffs we’ve seen in a while. Yet, it was able to install and throw several popup warnings about system infections. At no time did IE8 or Panda warn against or block this software. This test failed because of that.
In the end, we needed Malwarebytes Anti-Malware to clean the system.
This site downloaded an EXE file that in all reality is nothing more than a Trojan. Something you seriously want to avoid finding on your system. While IE8 warned against downloading it, we were able to execute it without comment from PIS 2010.
Scanning the EXE on VirusTotal [results] showed us that we were right to be suspicious, as more than one vendor will flag this file. To confirm our results, we ran Malwarebytes Anti-Malware again and it discovered an infection.
The Anti-Spam in PIS 2010 is far superior to what was offered in 2009 hands down, and that is a good thing, because this test killed them last year. We downloaded 1,596 emails, all Spam, and PIS 2010 only missed 160, leaving 1,436 of them correctly marked, earning them a 90 percent overall detection rate rounded down. (90 percent is 1,436.4) In addition, it marked six of them with malicious attachments as Viruses, and eight of them as Phishing.
In addition, the Spam protection is trainable, and the software options allow for Black and White-listing. Taking all of that into consideration, we awarded 9 out of 10 points. While we would like to see 95 percent or better, this is a much higher showing than last year. In addition, in all of the anti-Spam solutions we have tested, no one has really hit higher than 90-95 percent, you can see this by looking at the 2009 reviews.
Final Score: 97.75 out of 100
Panda Internet Security 2010, while retaining the look and feel of the 2009 version, is a step up. There are some kinks, such as the frustrating stopgaps before a scan starts, but those are minor when you consider they happened on manual scanning, and not during passive scanning.
It didn’t take much to learn it the first time around in 2009, and this new version was no different. Anyone who is new to Panda’s security offerings will have no trouble using the clearly marked interface to control the software. Overall, there is just a rounded feel to the software. It offers solid protection, easy navigation, comprehensive help, and it is almost invisible until it needs to act on something.
In addition to the features listed here in this review, Panda Internet Security 2010 offers Parental Control features, as well as Panda’s USB vaccination that guards against Malware that is passed to the system via USB usage. The price of a 12-month license is $79.95 USD for up to three PCs and $59.95 USD for one PC.
It’s available to the public as of the day this review was posted. More information is here.
Panda Internet Security 2010 was installed on a Windows XP computer with Internet Explorer 8 and Service Pack 3. The Microsoft updates were current and all additional software updated. The system used was an Intel Pentium D 3.4GHz CPU (Dual Core) with 1024MBs of RAM. If you have questions about the scoring, please email firstname.lastname@example.org