Review: Panda Internet Security 2011by Steve Ragan - Oct 14 2010, 00:00
The TTH review of Panda Internet Security 2011
Panda recently released the 2011 versions of their security offerings, both in the business and consumer market. The Tech Herald obtained a copy of Panda Internet Security 2011 and took it for a test drive. There were some issues, but overall, it performed admirably.
Panda Internet Security 2011 (PIS 2011) centers on improvements to the CI (Collective Intelligence) engine and the behavioral engine, making them both lighter and quicker on the uptake when it comes to threat protection. Both engines are the heart of the technology that has driven PIS 2009 and PIS 2010, and you see the CI take on the majority of the workload when running Cloud AntiVirus, Panda’s free offering.
When you stop looking at what’s under the hood, the first dramatic change you notice about PIS 2011 is the control panel. It’s redesigned. The general placement of controls is similar to previous panels, but this one is darker, and just feels robotic in a way. That’s not to say it’s unusable, far from it, but we preferred the light blue on white scheme of old.
GUI aside, other changes include a license for BeAnywhere, offering remote management, as well as a virtual keyboard to escape the wrath of keyloggers. There is network management to monitor other systems covered with PIS 2011, improvements to the online backup, and a gaming mode that will keep PIS 2011 silent when you are playing.
For the first time since reviewing any Panda product, we had to remove something before installation would complete. When launching the PIS 2011 installation wizard, we were informed almost immediately that Malwarebytes AntiMalware would need to be removed.
After Malwarebytes was removed, we had to restart the PIS 2011 installation. Once restarted, we were told that a reboot was required, as the installation was canceled when we were forced to remove Malwarebytes.
Coming back from reboot, the installation moved along normally with a traditional wizard. The only real options that we had to work with were the EULA and the collaboration agreement. The collaboration agreement will allow anonymous information about the attacks and Malware detected to be sent to Panda. This is where Collective Intelligence comes into play. When one Panda customer encounters a problem, once it is remediated, every other customer is automatically protected. This can only happen when data is shared between the customer and Panda. We enabled it for our testing.
Once everything was said and done, we were told to reboot for a second time. In total, the installation process, with reboots, took about four minutes.
Post install, you will need to register the product and run an update. The update is a requirement, as the control panel displays a red warning message until this step is completed.
Once the update is launched, you are presented with the configuration wizard, as well as a popup alert, called a bulletin, which invites you to see the new support center. These bulletins can be disabled.
The update process took only a few minutes to complete, but at this point a third reboot was required. Later, we were able to install Malwarebytes again with no warnings or problems.
Moving around and controlling PIS 2011 is just as easy as it was in 2010. You could argue that the single click access to the various settings makes it easier this time around. For example, each of the protection levels in the Status tab can be accessed by clicking their name.
The virtual keyboard is here on this tab as well. It’s a handy little feature, which will prevent Malware from logging keystrokes when you log in to a website. The only downside to this is that you need to point and click with a mouse.
Network management, is where you can check the protection status of the other computers in your home running PIS 2011. It’s interesting to see this, as it has ties to Panda’s business offerings. At a glance you can see the security status, and basic information for a system (IP, MAC Address, and computer name), and you can access a network traffic report from this menu as well.
When setting options for the various functions, the explanation is easy to follow, and you have a decent level of control over things such as what programs can access the Web, as well as ports and protocols. The Firewall in PIS 2011 is solid, offering the basics, without the bloat or confusing submenus.
The Scan tab offers scanning for the system, mail, and vulnerabilities. You can opt for a selective on demand scan, as well as customize scans that are run on a schedule.
The vulnerability scan was of interest to us when testing, due to the fact that Microsoft had just pushed their monthly updates. When you use the vulnerability scan feature in PIS 2011, there is a listing of the vulnerability itself as well as what Malware will exploit it. Most are addressed automatically by PIS 2011 on its own. If they are attacked, they will be protected, however if needed there is a direct link to Windows Update.
The reports tab offers a detailed look at what PIS 2011 has done for you lately, visually or in a custom report that can be tailored with various filters.
The Quarantine tab is where you can add or remove applications. If an application is incorrectly flagged, it only takes a few clicks to resolve the problem. During testing, PIS 2011 had no false positives, so there was no need to remove things from the Quarantine list.
Lastly the Services tab is where you can access all of your Panda related items, such as support and file submission. The most important item here after support is the option to create a rescue disk. This will help should Malware ever prevent the system from booting, and the creation process is painless.
When it comes to documentation, the help offering that ships with PIS 2011 is easy to follow and detailed.
Scanning on PIS 2011 was consistent. While coming in at just over 20 minutes on average, a full system scan was relatively painless. There was no serious drain on system performance while scanning. Likewise, the lag we experienced when testing the 2010 version was missing entirely.
Note: The scanned system uses 12.3 GBs of space total.
Full System Scan (Panda Internet Security 2011)
Scan 1 - 0:00:31:11
Scan 2 - 0:00:20:18
Scan 3 - 0:00:20:27
Scan 4 - 0:00:20:14
Scan 5 - 0:00:20:03
Average Scan Time: 0:00:22:26.6
(AST PIS 2009: 0:00:23:44.4 - reviewed 12-2008)
(AST PIS 2010: 0:00:22:36 - reviewed 06-2009)
When it comes to Malware detection and removal, PIS 2011 uses Collective Intelligence and True Prevent together. While Panda missed samples during testing, the reaction time was faster in this version than it was in 2010.
It was interesting to note that two Adware samples were flagged on both passive scans and activation, however they were not removed. While the executable that installs the Adware remained, after it was detected on activation, we could no longer launch the application a second time. It was locked at the system level and the executable failed to initiate. We count these samples as passing because they were detected passively and when activated, as well as restricted from execution after detection. We’re not sure why PIS simply didn’t remove it, but it killed it nevertheless.
2010_malware_D [Virus Total]
This is a known malicious sample. While PIS 2011 notified us that the sample is a Virus, detecting it as Trojan CI.A, the container itself is still allowed to execute. In addition, the sample was able to create files on the system, three of which were not removed.
Zapchast [Virus Total]
This is an IRC Trojan. It’s used mostly for room flooding, but it can also compromise an IRC client. If that happens, then the compromised host is used in DDoS attacks.
Fortnight [Virus Total]
Trojan_Clicker.N [Virus Total]
This Trojan will create scheduled tasks, allowing a criminal to use the compromised system as a means to automate advertising clicks. It also has the potential to deliver malicious payloads. PIS 2011 missed this during a passive scan. Once executed, it was allowed to run freely and create tasks.
Malicious URL Detection:
When it came to using Collective Intelligence and Web protections to defend the system, PIS 2011 scored rather high. If the site wasn’t outright blocked with a Panda created message, then any payload delivered was flagged and denied access to the system. During testing, nine of the ten sites were subjected to these types of blocks.
Yet, one site made it past all the layers offered by PIS 2011. It was a Phishing site, which allowed us to test Web protections, as well as the Identity Protections offered by PIS 2011. For security reasons, we will not list the URL for the PayPal clone. The Phishing page is still active, more than 24 hours after it was published.
The page harvests PayPal login details and then presents a page looking for full personal details (first and last name, address, birth date, etc.), credit card data, including CVV and Secure Code if any, your SSN and mother's maiden name, and lastly, the Verified by Visa password.
The Identity Protection in PIS 2011, if enabled and used, will warn you that personal information is being transmitted. However, warnings can be ignored. The failure here wasn’t that there was no warning, it’s that an obvious Phishing site wasn’t blocked.
When you use Identity Protection in PIS 2011, you will need to anticipate the information that would be given to a website. However, while your passwords, bank account details, credit cards, name, PIN, email, and postal addresses can be added, what you cannot add are things like CVV numbers, and other miscellaneous information that criminals target in Phishing scams.
If you misuse the given fields in PIS 2011’s Identity Protection, then you could cover those gaps, such as entering a maiden name in the password option, but we think it would be easier if there was simply a proper field for each item.
When it came to anti-Spam protections, PIS 2011 earned a block rate of 99.37 percent, missing only 2 emails out of the 321 tested. PIS 2011 correctly marked 65 messages as legitimate, while 254 were correctly filtered as Spam. Of the missed emails, one was incorrectly marked as Phishing, and the other was Pharmacy-based image Spam.
[Note: Low test samples due to the testing accounts receiving low mail volume during the 48 hour test. Email volume is always in a state of flux, and we focus on current samples over bulk testing. Each email tested was received by the lab between October 10 and October 12 2010.]
PIS 2011 has added some new features this year, while improving performance to the backend. There were missed Malware samples, and a failure with anti-Phishing when a zero-day Phishing site was used, but when it comes to protection, it is near impossible to infect the system once Panda is up and running. Malware removal, including rootkits, worked flawlessly during our tests.
Overall, the 2011 version of PIS is a solid move forward from the 2010 version. Our only serious issue centered on the installation, but that was easily overcome, and since reinstalling Malwarebytes, we’ve had no performance loss or issues, even when running it side-by-side with Panda’s software.
Panda Internet Security 2011 is $81.95 USD for a one-year license on three PCs
Final Score: 96.7 out of 100