- Kaspersky Work Space Security
- McAfee Total Protection for Endpoint
- Trend Micro Worry-Free Business Security
- Symantec Endpoint Protection
- F-Secure Client Security
- Sophos Computer Security SBE 4.0
- Checkpoint ZoneAlarm Internet Security Professional
- ESET Smart Security Home Edition
- Alwil Avast! Professional Edition
- AVG Internet Security Network Edition
- Avira SmallBusiness Suite
Malicious software (malware) plays a central role in the continuing power struggle between the attackers and defenders of our computer systems. Therefore it is crucial to independently test the capabilities of the security products we trust to defend us.
There are many methods and techniques to test these products, various levels of configuration that can be applied, and multiple areas of potential focus. This report concentrates on two main security technology areas: out-of-the-box anti-malware detection (specifically virus and spyware detection) and default desktop firewall protection.
How we tested
System set-up: each test machine ran a fully updated and patched version of Microsoft Windows XP Professional (Service Pack 3). Security suites were then installed and updated to use the latest software versions. The solutions were tested using the default settings to ensure a fair and comparable test.
Anti-malware: all products were installed on separate identical hardware and software combinations using only default protection settings. All products were updated at the same date and time using a standard internet connection. The internet was disabled and physically disconnected following the update process to ensure that the products were frozen at a particular point. All products were completely isolated during testing.
Malware test sets were introduced to each product using standard inbound vectors, devices and protocols that included HTTP, SMTP/POP3, FTP, DVD and USB injection mechanisms to accurately represent real-world threats. Each test set also contained malware-free samples.
Firewall: solutions were tested in several areas, focusing on commonly used programs and services that require network access (internal and external). An external system was configured with various tools to identify potentially open ports on each endpoint. It is important to note that in a real-world deployment setting it is recommended that internal endpoints be protected by a separate corporate firewall at the network gateway, in line with good security practice. This testing, however, removed this layer of security in order to measure the effectiveness of the protection afforded by each desktop firewall. Ideally, it is expected that each firewall solution should deny ICMP requests and show all ports as closed or appropriately filtered. This helps protect against common network mapping techniques and automated probes during any pre-attack reconnaissance phase.