Wednesday, September 30, 2009

Microsoft Security Essentials

On Tuesday Microsoft launched a new anti-virus protection program labeled Microsoft Security Essentials. This free program provides the basic anti-virus protection necessary in an internet environment where threats are exponentially increasing. I recently installed the product with mixed results.

Installation was very straightforward and easy for a user at any level. It uses a typical wizard with no special or confusing options - just an installation.

After installation the programs runs an automatic update and quick scan of the system which took a very small amount of time. Real-time protection is turned on by default as well as a weekly scan and runs in the system tray similar to any other AV program.

Once installed there are very few settings to manipulate, making it easy for the novice user but somewhat lackluster for the advanced. Options include the ability to set the scan times and frequency, set excluded file types as well as turning off the real-time protection.

The downside is the amount of system resources the program uses. With real-time protection enabled it uses 40-60 MB of RAM. This is 5 times the memory of most other programs (Norton, Avast, etc.). Even with the real-time protection disabled the program still uses around 30 MB.

On the positive side, I loved the way it handled threats. As a test, I went to a site I knew would redirect me to rogue AV.

First, a pop-up appeared down by the system tray:

By clicking the Show Details link we can see what the actual detected threats are:

The user is then able to choose from a list of actions - quarantine, remove, ignore. By clicking the clean computer button the threats will be removed immediately.

What was unique about this was that it actually found the javascript in the redirect to the rogue AV site to be malicious and blocked it before even getting to the download...very impressive.

Overall, the program bogged down the machine too much for sustained usage. I feel this was a good first attempt and Microsoft will likely make revisions to correct the excessive resource problems.

Sunday, September 20, 2009

Avast! Anti-Virus

Avast Anti-Virus has quickly become one of my favorite AV programs. Since installing it a week ago, I've been pleasantly suprised at the effectiveness and the full set of capabilities of this program. 

The features listed by Avast include Anti-Spyware, Anti-Rootkit, IM/P2P Shield, Web Shield and more. Avast also comes with the ability to run a boot time scan...a great option.

In particular, I've been impressed with the web filtering capabilities. It's been able to catch a few different tests I've thrown at it, particularly fake AV programs which there is little AV detection for.

The user interface is relatively straight forward, although there are lots of different options which could cause confusion for an unsaavy user. Personally, I appreciate all of the available options.

Avast will run in the system tray by default. By double-clicking the icon the user will get an active view of what types of scanning is enabled and disabled. By clicking on more details the user can access a  more detailed view as below. This shows the option to set the agressiveness of the program when scanning each protocol, or "shield". Even more granular control over each of the shields can be accessed by going to the customize button.

By right clicking the system tray icon the user is presented with many more options, including the Program Settings option. This will open into the window below, giving you full control over any other options.

Resource utilization for the program is inline with expectations. To save on resources you can disable shields if necessary. The web shield seemed to be the most resource intensive on my system, which I suppose is expected as the majority of my traffic is web based.

I'm currently running the home edition, which is free. There is also a number of fee based options available from Avast, including a professional edition. Avast also has Mac and Linux versions which is a great idea. As these operating systems become more prevalent more viruses and malware will be written for them, as was recently proven with the latest Mac DNS exploits.

More information available at

Sunday, September 13, 2009

Snackr RSS Ticker

Snackr is a very neat RSS reader that scrolls your feeds at the bottom of your screen. One of the best, and worst, parts of Snackr is that it runs in Adobe Air. Because of this, it has the advantage of being able to run on any OS that Adobe Air can run on, the disadvantage is that it can take more system resources than you'd expect.

The install is exactly like any other application that runs in Adobe Air. As far as your subscriptions, you have the option of adding your feeds individually or importing an OPML feed list, which is a very nice feature if you already have your feeds setup in a RSS reader.

Another great feature, and something that adds a lot of value for me is the ability to not show feeds older than a certain number of days. So I can set this to 1 day and get the most recent information in my ticker at the bottom, and use my regular RSS reader to view older feeds or catch up on ones that I miss.

Other features include the ability to control the scroll speed, keep on top of other windows, and users can place the ticker anywhere you'd like (top, bottom, left, right). You also can minimize to the bottom of the page to get it out of the way while you work on other things.

If you want to view a summary of an article simply click the article and the scrolling will stop and show the preview as below. Click on the view post to view the article in a browser.

Snackr is a very slick program and one thing that I really like is the ability to run it under Windows and Ubuntu. I do find myself not running it quite often as it takes too much in terms of system resources that I need for other software. I think this may have to do with the couple of hundred RSS feeds I imported. If you need a RSS ticker and don't like Firefox add-on tickers, which I don't, this might be for you.

Monday, September 7, 2009

Immunet Protect Beta

Immunet Protect is a new type of AV program with a new concept - cloud based with collective intelligence. What this means for you is faster and more comprehensive protection against threats. From the Immunet website...

"Immunet Protect provides protection by harnessing the collective wisdom of the security products that you already run, as well as knowledge on the applications installed across our entire user population. Simply put, Immunet Protect collects security judgments on what is, and what is not safe from its community. These aggregated judgments are coalesced in the cloud, and, if they are sound, made available to the rest of the Immunet Community immediately."

Powerful quote and the potential for powerful software. Taking advantage of all security vendors and creating a collective intelligence offers a huge upside.

Going through the install was very painless and offered a "FlashScan" at the end of the wizard which scans running processes and registry keys.

This scan lasted a couple of minutes after which you are able to view the outcomes of the scan, and your scan history, adjust the scan settings and of course, initiate a scan. Under the Summary page you can see how many people are online participating in the community and how many threats you're protected against. 

Current Count: 9,282 people and 3,813,885 threats

On this page you can also click an invite button, which takes you to the Immunet home page. There I presume you enter your facebook credentials and invite your facebook friends to take part in the community, which I have not done at this point.

The settings page above gives several scan options. It will monitor application installs and starts, as well as an active protection mode which will check programs before they can be installed to ensure they are safe. Tray notifications seem to work well and alert me whenever a new application has started or been installed. Overall, the UI is very easy to use. 

One of the things I noticed was a very short scan time. Immunet Protect took just over 1 minute and 20 seconds to scan my system on average. This was due to Immunet scanning only 4000 files on my computer. A Norton scans will scan over 387,000 files and processes - and also takes over 45 minutes to complete. I am not sure the discrepancy here, whether it is scanning for only known threats in known locations, but it certainly left me with the question of what it actually is scanning. 

Also of note was really low resource utilization. I found it only using 12MB of RAM even during scans, so it did not slow my system at all. This seems to be a great add-on to existing virus coverage and serves as a proof-of-concept that this type of cloud based system can work. Keep in mind that this is still in beta and has only been available to the general public for a few weeks now. 

For more information or download go to