Review: VIPRE Antivirus Premium 4.0by Steve Ragan - Jun 12 2010, 00:30
Down and dirty with VIPRE Antivirus Premium 4.0. (IMG:Sunbelt Software)
For the last month, The Tech Herald has tested Sunbelt Software’s VIPRE Antivirus Premium, the newest VIPRE offering that adds improvements to detection and scanning as well as a Firewall. After putting it through a trial by fire, here’s our take on the security suite.
There is one key point to remember concerning the VIPRE (Virus Intrusion Protection Remediation Engine) product line, whether in a home office or enterprise operation. That point is that Sunbelt does everything they can to keep the software rock solid when it comes to defensive measures, while stripping out bloat and needless features. Their efforts have paid off, and you can see it in this new version.
Sunbelt’s latest offering in the VIPRE line, VIPRE Antivirus Premium 4.0, offers a revamped anti-Virus and anti-Spyware scanning engine, as well as a firewall. There is also Email protection, which does a decent job of catching malicious links in messages, as well as malicious attachments.
For the record, the system used in this review is an Intel Pentium D 3.4GHz CPU (Dual Core) system with 1024MBs of RAM. The operating system, Windows XP (SP3), had all the current Microsoft patches. In addition, Internet Explorer 8, Firefox (current release), and Google’s Chrome were used to test browsers. Other software included Malwarebytes Antimalware, Adobe Flash and Reader, WinRAR, and WinZip.
Installing VIPRE Premium 4.0 is quick when it comes to the download and basic installation process. However, the post install can cause a bit of a delay. The basic install will take about 90 seconds, and then you will reboot. The second part of installation, where you configure VIPRE itself, can take a while depending on how fast the newest signatures and software updates are installed.
The configuration process starts with a firewall alert prompting you to trust the network connection you are on. Next, you will need to select the options needed for Email protection, such as port assignments (under advanced options), and Email client (Outlook, Outlook Express, Thunderbird, etc.) From there you will select ThreatNet options, allowing or denying access to anonymous information collection, and move to the firewall options.
The firewall on VIPRE Antivirus Premium 4.0 offers two levels. The first level, Simple, which offers blocking of inbound connections to unknown programs, port stealth, and has no pop-ups, is bare bones.
The second level, Learning, does everything Simple does, but adds HIPS and IDS rules, and a popup for any action not covered by them. These popup warnings are designed to offer more control to the customer, and they do, but they can also become an annoyance. However, for most, that tradeoff of dealing with popup screens is worth the added IDS and HIPS protections.
Once the firewall process is done, you’ll register the product and download any of the needed software updates and signature files. This process took some time, and due to a software update, required a second reboot of the system. However, once the system was back online, all that was needed was a Quick Scan of the system to turn all of the control panel options green.
Overall, the installation process took about 15 minutes. However, this time will vary we’re told due to the length of time between downloading the installation files and actually installing them.
Overall, using VIPRE is straightforward. Accessing any of the given areas is only a single click movement, but some of the more advanced options might give a few users pause. We had no trouble with configuration options, or locating the proper place to block or allow sites, within the firewall.
There are some quirks to contend with, which to some will be a deal breaker, and to others only a minor annoyance. For example, when signatures are updated, we noticed that if Outlook was downloading Email, the system could freeze.
The same freezing was observed in IM conversations (lag in typing out messages), and Web surfing (pages would lock up for a second in Firefox and Internet Explorer). There was also some system lag while scanning. When a Deep Scan was running on the system, depending on the area being targeted at the time, the system would be notably slower.
If the firewall on VIPRE is set to learning mode, you’ll need to deal with prompts. Sometimes it’s just a random warning, and other times - unless you set a rule to allow or block – you will contend with several pop-ups at once. For some users, this will drive them crazy, so the option is there to disable them.
The interesting note about the aforementioned quirks is that they are situational, so not everyone will experience them to the same degree we did during testing. Also, when not scanning, updating signatures, or prompting you with a firewall alert, the impact to the system is negligible, VIPRE just sits in the background and observes. Sometimes, you can forget it’s there.
The lab computer used to test scanning included 1.32GB of random files for some bulk. The files used included fonts, images and icons, PHP, HTML, and CSS files, as well as ZIP and RAR archives for a total amount of 21,806 files. It should be noted that none of these files were malicious. Overall, the lab system was using 8.63GB of hard drive (out of 40GB) space.
VIPRE protects using a layered approach that includes signature-based protection mixed with heuristic and behavioral protection, alongside a type of whitelisting and blacklisting that is part of ThreatNet. It’s a rock-solid combination, and offers a stable base of protection.
However, VIPRE’s scanning engine itself could stand to be a bit faster. While Quick Scans are just that, lightning fast, Deep Scans really do crawl the system hunting for threats, and they can take sometime to complete. However, because Deep Scans can take so long to complete, they are recommended as scheduled actions.
We noticed that scan times, while working actively on the system, were much longer than those when the system was idle and scanned.
Full System Scan (VIPRE Antivirus Premium 4.0)
Scan One: 0:57:51
Scan Two: 1:02:23
Scan Three: 1:19:32
Scan Four: 1:27:44
Scan Five: 03:46:58
Average Scan Time: 0:1:42:53.6
Scan Five in this test is a mystery to us. There is no clear reason as to why it took so long, which killed the overall average. Up to that point, the scan was steady and on par with others. We checked for system errors in the event log, but found none. VIPRE reported no errors as well.
For comparison, the image below is a set of Deep Scans with VIPRE on a second system using about 32GB of space. The system specs are identical to that of the system in the lab.
What you see is the scan history from May 31 to June 10, presented in Min:Sec. So on June 7, it took 195 minutes and 58 seconds to run a Deep Scan. However, it is important to note that the larger the drive, the longer the scan in most cases. Each of the Deep Scans on the mirror system showed consistency for the most part.
Malware detection testing for VIPRE Antivirus Premium 4.0 included 400 samples, which are worth 0.125 points each, for 50 points in the test overall. The Malware samples included a mix of Rogue anti-Virus, malicious AutoRun scripts, Trojans, keyloggers, rootkits, Adware, and Spyware.
Overall, VIPRE did great on the detection. Either flagging Malware as it was accessed, or by catching it during a scan. However, it did miss some of the newer variants and some older samples as well. There were 30 missed samples in all. The list is below.
Malicious URL Detection:
VIPRE offers some impressive Web protection, from anti-Phishing to malicious URL blocking. To test this, we used ten URLs known to be malicious and active within the last twenty-four hours. These domains come from various HoneyNet projects, as well as Spam and other sources.
VIPRE blocked each one of the URLs given to it, ten for the official test, and five more just for fun. The domains used for official test are below; they were active as of 4:00 a.m. on June 11.
It is interesting to note that during the test, firtullfone.com was able to display all of the normal warnings you would expect to see from a Rogue anti-Virus site. However, while that test started bad, VIPRE crushed the EXE file as it attempted to download.
Earlier we mentioned that you needed to tell VIPRE what Email client you used. This is because while there is no Spam filtering, there is Email protection. What VIPER does is strip malicious URLs from Phishing Emails and other inbox-based attacks, and in some cases, quarantine the Email itself if needed. If quarantined, the Email likely had an attachment that was risky. If needed, you can get back a text copy of the message and whitelist the sender.
However, this is not true Spam filtering. So it would not be fair to grade VIPRE based on the Spam protection requirements we use for reviews. That section is worth 10 points. So for this review, we simply altered the final score, removing the point criteria entirely. The images below show the Email protection in action.
[Arrows added by TTH. The Email link to the malicious file has been removed. VIPRE blocks direct access to the file via the browser.]
VIPRE Antivirus Premium 4.0 is an impressive security suite. While there are some quirks, and we think it can use a bit of a facelift, when it comes to defense, VIPRE is a powerhouse. It covered various risks splendidly, and while there are hang-ups from time to time, the software has almost no impact on the system.
Again, in our opinion, the protection alone is worth a dozen annoying firewall pop-ups and occasional freeze during updates. However, there is a 30-day free trial of the full version, so you can test it on your own system and review it yourself. It is entirely possible you could have a completely different experience.
(If you do happen to use the trial, leave a comment and let us know how it went.)
In testing, the scores for protection were 56.25/60 pts. , due to the missed samples. The overall usage and application score was 25/30 pts., based on the quirks we experiences and the slow Deep Scanning.
The final overall score: 81.25 / 90*.
* As mentioned, we dropped the score by ten points. We debated, and in the end decided that being fair was the better option. We’ve done this in the past, and will do so again if needed. In VIPRE’s case, if we included the Spam protection and added the Email security as a substitute, then the volume of malicious Email vs. Spam would skew the test.
That said, grading on something that isn’t there, simply isn’t fair to neither the vendor nor you the reader.