January 04, 2011, 1:57 PM — It's no longer enough for antivirus software to scan files on your PC. You need someone looking over your shoulder and telling you whether it's safe to click that link; whether the popup for that software update is legitimate; and whether that download from your favorite social network is actually a tool created by organized criminals for stealing your personal information. You need an all-in-one Internet security suite capable of identifying, blocking, and cleaning up after a wide array of malware.
We examined 13 security suites for this story. To handle our expanded Internet security testing, PCWorld contracted for the services of AV-Test.org, a respected security testing company. We looked at traditional signature-based detection (which indicates how well products can block known malware) and at how well the suites cleaned infections and blocked brand-new, live malware attacks.
In many respects, the suites we looked at produced closely bunched results, but they did vary in the efficacy of their protection and in the extra features they offered. Ultimately, we picked Symantec's Norton Internet Security 2011--the most balanced of the suites--as our overall winner.
New Threats for a New Year
Malware has migrated to social networks, so this year's Internet security suites put more emphasis on stopping Web-based attacks. Norton Internet Security 2011, for example, has Norton Safe Web, a feature that hooks into your Facebook stream (with your permission) to scan your Facebook links and proactively block malicious ones. Other suites this year look for techniques that cyber-criminals use in attempts to poison SEO (search engine optimization), loading up on popular search keywords to make malware-compromised sites appear higher in search results. A suite may flag any such sites in search results as unsafe or questionable.
Another threat is the resurgence of banking-related malware. Though some suites protect against certain types of banking-specific malware--Kaspersky Internet Security 2011 offers a virtual, on-screen keyboard that lets you bypass traditional keyloggers, and in our tests, Panda, followed by G-Data, offered the best detection rates for known banking-specific malware-- no suite targets the relatively new "man-in-the-browser" attacks, in which the malware doesn't activate until you have successfully logged into your bank account.
Practically all suites offer some method to prevent malware from downloading through your browser without your consent. For example, a Website might pop up a fraudulent warning that your PC is infected and that you must buy a particular (but fake) antivirus program to remove it. Or it might trick you into downloading Trojan horses disguised as the latest version of Adobe Reader or Flash. Most security suites now monitor browser downloads and filter out this bogus software.
Comodo Internet Security 2011 Complete (which did not capture a spot in our Top 10 chart--click on the thumbnail at left) and the Kaspersky and Norton suites offered the best detection in our "real world" malicious downloads tests, which gauge how well the various suites block brand-new, as-yet unknown malware. And Norton Download Insight, which filters bad apps, now supports the Chrome, Opera, and Safari browsers (and AOL) as well as Internet Explorer and Firefox. Download managers from other companies typically work only with IE and Firefox.
Improved from last year is Norton Insight, which measures the relative trustworthiness of the files loaded on your desktop. The idea is that crowd-sourcing safe files (letting consumers around the world rate a file's safety) is better than white-listing them (depending on a static list of acceptable files).
Crowd-sourcing is also behind so-called cloud-based detection of new malware. Security software reports suspect new files from a PC to the cloud and creates antimalware signatures as needed. In 2011, BitDefender, Comodo, and others join cloud pioneers McAfee, Norton, Panda, and Trend Micro.
For detection and removal of "zoo malware" (a collection of known worms, bots, backdoors, and downloaders) using traditional methods built into the program, Panda had near-perfect scores in our tests, followed by Avira and G-Data.
All 13 of the security suites we reviewed offer at least antivirus, antispyware, and antispam components, plus a firewall. Some, such as Eset Smart Security 4 and PC Tools Internet Security 2011, had little more. The others provide additional capabilities--parental controls, gaming features (such as a "silent mode" that won't interrupt a game with alerts), and online backup (useful if malware ever nukes your PC).
