avast! Internet Security Review
7.0.1426by Coenraad de Beer
(Webmaster & Founder of
Cyber Top Cops)
Posted on 16-06-2012
Test
Machine
avast! Internet Security Version 7.0.1426 was reviewed
on an Intel Pentium 4, 2.8GHz with 2GB of RAM, running Windows 7
Professional.
Installation
avast!
Internet Security has two methods of installing, Express Install &
Compatibility Install. The Compatibility Install is a way of
installing avast! alongside your current security software or perhaps
it may come in handy if you have to install it on a heavily infected
machine. Like any security suite, it creates a restore point before
installing, in case something goes wrong. A quick scan is initiated
immediately when the setup finishes and it did not take too long to
finish. Once that was done a restart was required to finish the setup
process. When the computer finished rebooting, avast! automatically
downloaded the latest updates via the Internet. So installing avast!
Internet Security is reasonably quick and easy.
A lot of users are upset because Google Chrome came bundled with the free and trial versions of avast! So for a heads up, remember to remove the two tick boxes on the very first screen of the setup program if you don't want Google Chrome to be installed. I already had Google Chrome on my test machine, so I did not get these options during the setup process and did not notice any changes to Google Chrome once the installation was complete. To be honest I'm not too bothered by this because I use Google Chrome as a secondary browser anyway, but I completely understand why users are upset, because when a reputable company use deceptive methods to get 3rd party software installed on your PC, users tend to loose confidence in that company.
I am also a great supporter of the idea that people have to explicitly choose to install 3rd party software, plug-ins and tool bars, instead of opting out from a preselected option during the installation, because the average user just clicks on next to get the software installed, without really reading the “fine print”. On the other hand, I guess that's the price you have to pay for not paying attention to the options on the screen before clicking on the “Next” button.
Automatic
Updating
Like
already mentioned the suite automatically updates itself after the
installation, ensuring that you have the latest version of the
anti-virus engine and the latest virus definitions. The suite is
configured to download updates every 240 minutes (4 hours) but you
can change this interval in the settings screen. Other updates
include streaming updates via the cloud services feature.
Real-time
Protection
avast!
Internet Security brags with 8 different real-time shields:
-
File System Shield – Main component of the avast! real-time scanner. It monitors all files and programs stored on your computer.
-
Mail Shield – Monitors all your e-mail traffic and scans all messages before they reach your computer and have the chance to do any harm.
-
Web Shield – Scrutinises all your web browsing activities, eliminating any threats before your browser sees them.
-
P2P Shield – Monitors downloads from P2P applications, vastly eliminating the security risks associated with these types of programs.
-
IM Shield – Intercepts all downloads from instant messaging applications and makes sure they are clean.
-
Network Shield – Monitors all network activity and stops viruses that try to infect your system via the network. It also blocks access to known malicious websites.
-
Script Shield – Intercepts all scripts executed on your system (both local and remote)
-
Behaviour Shield – Monitors your system for suspicious behaviour, alerting you if any unusual behaviour is detected.
Apart from these shields, it also does a good job at protecting itself against forced terminations or uninstalls. So malware will have a hard time getting rid of avast! Internet Security.
Resource
Usage &
Performance
avast!
Internet Security performs extremely well without affecting the
performance of your computer too much. As a matter of fact, this is
one of the best performing security suites I've seen in a long time.
I could hardly notice an increase in the Windows start-up time and
applications open on demand with only a slight delay, probably caused
by the File System Shield scanning files when they are opened for
being written to.
In idle state, avast! Internet Security only utilised round about 2% of our 2.8 GHz processor. This is really not bad if you take into account the large number of real-time shields running in the background. However, this is also a good sign of proper workload balancing, in other words, some shields will only operate when needed, thus not wasting valuable system resources. But still, some shields like the File System Shield and the Network Shield has to scan your system constantly, so no matter how you look at it, avast! Internet Security has a very small footprint and its resource usage is pretty impressive.
Isolation
of Threats
Trying
to move virus samples over the network to our test machine was
impossible. avast! caught the viruses, without any user interaction,
before they even entered the system. A helpful alert pop-up appears
in the right-bottom corner of your screen, informing the user about
the alert and the action taken by avast!, without interrupting the
user's work. So the user is always aware of what avast! is doing,
without being interrupted with annoying alerts requiring user
interaction like a click on an OK button or choosing a way of dealing
with the threat. Having an intelligent security suite like avast! is
always a huge benefit when cleaning a heavily infected machine,
because you don't have to sit around and tell the security suite what
to do.
A little downside though, is avast!'s inability to isolate threats properly if they are embedded into another file like a setup package or compressed file, or a non-executable file like a text file containing harmful code. These files can be moved around and renamed, without avast! preventing these actions. This does not mean avast! does not know about these threats, it still detects the infection during a scan, but simply does not overkill in real-time with files that cannot do any harm on their own, thus sparing valuable system resources for more potent threats like executable files. Trying to extract the infected file from the zip file or setup package, will in fact fail, because avast! blocks it before it can be extracted. The same holds true when handling an executable threat. Trying to execute, rename or move the executable threat is a futile operation because avast! will stop any executable threat dead in its tracks, so the file is stuck where it is, completely unable to move or rename itself (or being renamed or moved by an external process).
Interface
The
user interface of avast! Internet Security is really a work of art.
It has a sleek and modern look, giving you the feeling that the
security suite is a well-oiled machine. But avast! Internet Security
does not only look like a well-oiled machine, it really is a
well-oiled machine. The buttons and screens are very responsive and
during the review I encountered very little pop-ups, making it a very
unobtrusive security suite. The interface is easy understand and I
had no problems finding what I needed. The settings screen is laid
out in a very logical way, making it a breeze to configure the
security suite. This is one area where security suites often fail, so
bonus points for avast! for making the user's life a little easier.
Pop-ups can be configured to disappear after a certain amount of
seconds. The default is 20 seconds, but you can increase or decrease
the duration if desired.
Scanning
and Healing
The
scanning component has a fast scan function, you can initiate a scan
by right-clicking on a file or create a custom scan (to scan a
specific folder or set of folders). During the fast and full system
scan the memory is scanned as well as the Windows System area. It is
not clear whether avast! scans the Windows Registry, because I did
not see any sections of the registry being scanned during the Full
System Scan. Other scanning options include Removable Media Scanning
and the scheduling of a Boot-time scan, where you can scan your
system before booting into Windows. This is a very handy feature
because it enables avast! to remove stubborn malware before it
attaches itself to the system during the Windows Startup.
Initiating a scan with avast! is not rocket science and the feedback provided by the scanner is very useful and easy to understand. One thing that's always important with a security suite is not to overload novice users with information, but at the same time provide enough information for power users. I believe avast! manages a healthy balance between the two. As mentioned already, avast! has a fast scan function, but this seems more like a critical or targeted area scan, because it is far from quick, however it is still much faster than a full system scan. During the scan I did not notice too much lag on the system, so you should be able to work comfortably in your word processor or spreadsheet program while running a scan in the background. Once a scan is complete you get a simple scan results screen indicating whether threats were found or not. If threats were found you can take action against these threats individually or one single action against all the threats at once. So as a user you have complete control over what is done to the infected files.
Firewall
The
firewall shield is a pretty standard firewall solution. It has 3
preconfigured modes namely, Home (for a low risk zone, that allows
unrestricted communications on the local network), Work (for a medium
risk zone, that follows application rules, which is the default mode)
and Public (for a high risk zone, that disallows any incoming
connections or new programs from making outbound connections). It
does a good job at blocking very basic stuff like Icmp ping Echo or
DNS requests, but the out-of-the-box settings is not optimal enough
for proper protection against more advanced threats like port scans
or outbound leaks. Changing the default behaviour of the firewall
from “Auto-decide” to “Ask” increases the effectiveness of
the firewall a little bit, because then the firewall will at least
warn you about outbound connections made by unknown applications,
making it possible to train the firewall more effective over time.
The only way I could find to block a port scan, was to put the firewall into public mode. You can also create a packet rule to prompt for inbound traffic and leaving it to the user to allow or block it, but the “Ask” action works for outbound connections only, because I could not get the firewall to prompt me for a single inbound connection that was made to the test machine. I could not find any inbound connections in the firewall logs, almost as if the inbound connections were never made. So this seems like a serious bug, because setting the action for all inbound connections to “Ask” behaves exactly like the “Block” action. At least it does not allow the connection to be made, but this can become extremely frustrating if you are trying to make a connection from a trustworthy machine. Another funny thing is that if you allow inbound Icmp Ping Echo requests in the Packet Rules, it will never be blocked in Public mode, which kind off beats the purpose of this heavy “paranoid” mode in extreme cases.
The default settings of auto creating application rules ensure a much less annoying firewall, but at the cost of a less secure firewall. I always believe a firewall should be in auto learn mode for a week or so and after that it should prompt the user for every unknown application making outbound connections or unknown inbound connections. Although the firewall can be improved by some tweaks under Expert Settings, I do not feel that this is the most ideal solution for any firewall. Users want a firewall to work out of the box and protect them adequately from the word go. I am afraid the firewall component of avast! Internet Security does not live up to this expectation.
Spam
Filter
I am glad to see that avast! rather opted for a proxy-type spam filter,
than relying on toolbar plug-in for your e-mail client, to make the spam filter work.
The great advantage of making your spam filter a proxy
between the e-mail client and the mail server, is that it is
compatible with nearly any e-mail client. Another great thing about
avast!'s spam filter is that it provides its own SSL functionality.
So you can scan your SSL protected e-mail accounts by disabling
encrypted connections in the e-mail client, since avast!'s Mail
Shield can provide this functionality on behalf of the e-mail client.
Rest assured that your PC will still make a secure connection with
your e-mail service provider, the only difference is that it is not
your e-mail client making the secure connection, but avast!'s Mail
Shield.
The spam filter is not perfect though, but at least I was able to test it with popular alternative e-mail clients like Mozilla Thunderbird, without jumping through a bunch of hoops to make it work. avast! Antispam modifies the subject line of junk e-mails by adding strings like *** SPAM *** or *** PHISHING ***. In order to filter these messages in an e-mail client like Mozilla Thunderbird, you will have to create a Message Filter to handle messages containing these strings. The spam filter is also compatible with Microsoft Outlook, Windows Live Mail, even Vista's Windows Mail. The filtering is pretty good, with zero false positives while testing it and a 75% success rate in detecting spam e-mails. The downside is that you can't train this spam filter, except in Microsoft Outlook, the only e-mail client that supports the avast! Antispam Toolbar, so I guess you are left relying on avast!'s criteria for identifying spam if you are not using Microsoft Outlook. I can't really confirm this so it is purely speculation, but I guess the spam filter also gets its criteria from the cloud services, more or less like GMail's spam filter, but not yet as effective as GMail though.
Other
Features
Other
features include the Sandbox component, allowing you to run programs
in an isolated environment, shielding the rest of the computer from
any potentially harmful changes the program may make.
Another feature is the Auto Sandbox that will sandbox a suspicious program automatically, the moment the program is executed.
An interesting feature is the SafeZone Desktop. It creates a virtual desktop with its own browser called the SafeZone Browser. This browser is based on the Chromium project, so it basically looks and feels like Google Chrome. I guess you can say it is Google Chrome re-branded as an avast! browser called the SafeZone Browser. Google Chrome is known for its Incognito mode, where all extensions are disabled temporarily until you leave Incognito mode. This mode makes it possible to browse safely and privately. I guess that's why the free versions of avast! comes bundled with Google Chrome.
avast! Internet Security also has a Browser Protection feature, allowing the user to run specific browsers in sandbox mode, as well as installing or uninstalling the WebRep browser plug-in, a tool that gives the users a reputation rating for visited websites. It works basically like AVG's Link Scanner plug-in.
Other features include Remote Assistance (which can be useful for technical support or general administrative purposes) and Site Blocking, where you can block specific URLs. However this feature can also be applied as a parental control tool by adding keyword masks like *porn*, which will block any URL containing the word “porn” (even Google Searches). If you decide to use this feature as a parental control tool, you need to protect avast!'s settings from being changed, by activating the password feature on the main settings screen.
Uninstallation
Removing
avast! Internet Security is easy and effortless. There was absolutely
no side effects after removing avast! from our system and components
like the network and the Windows Firewall operated normal without any
issues. There were a couple of orphan folders and a key in the
registry that was left behind, but these leftovers are so
insignificant that it is not enough to make any fuss about it.
Conclusion
avast!
Internet Security is a well rounded Internet security suite with a
lot of handy features. It has one of the best detection rates among
anti-malware scanners and does a good job at isolating threats. There
is still room for improvement though, especially the firewall shield.
The anti-spam shield can also be improved by expanding support for the
avast! Antispam Toolbar to other e-mail clients as well (not just Microsoft Outlook),
allowing users to train the spam filter and giving them more control over
the spam filtering process. Avast! Internet Security is very gentle on your
system resources, making it the best performing security suite I've
seen in a long time. Out of a cost point of view, a one year licence
for a single PC will go for $29.99 (at the time of publishing this
review). This makes avast! Internet Security also much more
affordable than it's competitors. However this price seems to be
exclusive for users of the trial version, who used the purchase
option from the Maintenance section of the main application screen. I
guess they give you a $20 discount for giving their security suite a
try, which in my humble opinion, is well worth the try.
