Outpost Security Suite Pro ReviewVersion 6.0.2293.253.0490
by Coenraad de Beer (Webmaster & Founder of Cyber Top Cops)
Posted on 05-06-2008
The installation process is very easy through a simple and straightforward installation wizard. The setup wizard detects third-party security products installed on your computer and confirms whether the user has installed these applications. This is done to provide a smooth coexistence of Outpost Security Suite Pro with incompatible security products. It is quite a refreshing change from the normal setup routine of most security products, forcing the user to uninstall almost every other security product installed on his/her PC. Agnitum should receive a pat on the shoulder for respecting the software installed on the computers of end users. It clearly shows that Agnitum is focussed on getting Outpost Security Suite Pro to work on your PC without disrupting your current system and security software setup.
A configuration wizard starts immediately after the installation of the security suite. The "Normal" security level is highly recommended and even though it has relaxed security settings it still provides adequate protection for most personal computer systems. Experienced users may want to try the "Advanced" security level for improved protection but it could be at the cost of more complicated tweaks on your system at a later stage. The latest malware definitions are downloaded during the configuration operations, ensuring that you have the most up to date version installed on your PC. A reboot is required once the Configuration Wizard is complete.
What impressed me the most of Outpost Security Suite Pro is the way it familiarises itself with your system. The Configuration Wizard collects data about the components and software installed on your PC, to get a feel of what you use and which programs could be trusted. Most of my programs continued to operate without any problems after installing Outpost Security Suite Pro and I only had a small SMTP configuration issue with Thunderbird and the firewall constantly complained when I used Google Talk. With most security suites, it normally takes weeks to sort out firewall configurations and compatibility issues with your current software, but Outpost Security Suite Pro adapted quite well to the software I used on my PC. I had so little to do after installing the security suite that I sometimes forgot that Outpost Security Suite Pro was running on my PC. Still, I feel that Agnitum can improve their database of trusted applications because there were a couple of well-known applications on my system that weren't detected as trustworthy, but I am sure the database will grow as time goes by. The creation of firewall rules can be avoided by enabling Auto-Learn Mode right after installation. You can put Outpost Security Pro into Auto-Learn mode for an hour, a day or a week, depending on the variety of programs that you use on your PC. Outpost Security Suite Pro will automatically create allowing-rules for all the applications that you use during this training period, so it is therefore of the utmost importance that you only use well-known and trustworthy applications during this period.
Outpost Security Suite Pro checks for updates on an hourly basis but the user may choose longer intervals if desired. Only 5399 malware signatures were added to the malware database within a 30-day period. This is quite a small number of new detections, so there is definitely some room for improvement in this department. Even with this small number of new signatures, Outpost Security Suite Pro still had an above average malware detection rate, which is promising to see.
Several forms of real-time protection exist in Outpost Security Suite Pro. The most common form of real-time protection is off course the protection against malware. Malware protection is provided in three different levels, Relaxed, Optimal (the default level) and Maximum. The "Maximum" security level scans embedded OLE objects and uses heuristic analysis during the scanning process. The Anti-Malware component includes an e-mail scanner that scans incoming and outgoing mail for malware. The mail scanner can also be used to enforce attachment policies on your computer, by renaming or quarantining specified types of attachments.
The Attack Detection module of the firewall provides yet another form of real-time protection. This component detects, prevents and reports all possible attacks from the Internet or the networks you are connected to. It analyses inbound traffic and compares it against a set of known attack patterns or it analyses the legitimacy of the behaviour of the inbound traffic, in other words, the Attack Detection component provides pattern based and behavioural based protection. The latter enables this component to protect you against future exploits as well. This real-time shield also has three levels of protection namely Low, Optimal (default) and Maximum.
A 3rd form of protection is provided by the Web Control component. This component protects you against dangerous active content on websites and contains an ad blocker that blocks ads based on a set of specific keywords, banner sizes and a comprehensive keyword list provided by Agnitum's ImproveNet program. Further protection is provided by a site blacklist of known phishing and malware sites, preventing the theft of private data (Identity Theft). The Web Control also blocks the transfer of private data over the Internet via a component called the ID Block. More details about this component later in this review. Three levels of protection is provided by the Web Control namely Relaxed, Optimal (default) and Maximum.
A 4th form of protection is present in Outpost Security Suite Pro, called Host Protection. Four levels of host protection exist namely Low, Optimal (default), Advanced and Maximum. The Host Protection module monitors your system for malicious process activity and prevents malicious software from injecting themselves into legitimate and trusted applications. This module protects your system from some of the most advanced hijacking techniques used by malware to infiltrate your system. It monitors network activity from modified executables and the launching of new or modified executables. The module is divided into three components namely the Anti-Leak Control, Component Control and Critical System Objects Control. The Anti-Leak Control basically controls penetration techniques (Windows hooking, DDE communication, DNS API calls, OLE automation, process memory injection, etc.) used by malware to bypass the security software installed on your PC. The Component Control monitors the different components of each application and prevents malicious components from gaining network access through legitimate applications. The Critical System Components Control protects strategic and critical parts of the Windows Registry and System Configuration Files from being modified by malicious programs.
Outpost Security Suite Pro contains an impressive self-protection feature that prevents malware from disabling it. I put this feature to the test by using the Windows Task Manager to do a simple task kill and was unable to disable any component of the security suite. The Process-List tool of SpyBot was not successful either and the critical modules of Outpost Security Suite Pro did not even show up in Advanced Process Terminator. So malware will have quite some difficulties disabling Outpost Security Suite Pro.
I did not notice any considerable impact on my system's performance after installing Outpost Security Suite Pro. Even with a full system scan running in the background, I was able to execute programs, copy and move files around without too much lag and delay. Outpost Security Suite is therefore very easy on your system resources.
Isolation of Threats
The Anti-Malware component prevents your from executing and copying infected files, but you are still able to rename them or move them around, provided that the file is moved to another folder on the same disk or partition. The most important is therefore done, namely the infected file cannot make copies of itself or spread to other disks on your system. This should be enough to contain a threat, but being able to rename an infected file or move it to another location on the disk, creates an opportunity for the malware to avoid detection. Trying to change the attributes of an infected file also fails, so malware cannot hide themselves or make themselves read-only.
The Outpost Security Suite Pro Firewall monitors your system for suspicious inbound and outbound network traffic and blocks anything suspicious dead in its tracks. The firewall will present the user with a dialog to allow or block the action or to edit the rule, automatically created for the specific action. When there is no doubt about the malicious intent of an application or specific network behaviour, it will block the threat automatically and inform the user about the intrusion or leak attempt.
Another great feature of Outpost Security Suite Pro is its user-friendliness. It constantly adapts to changes on your system with very little user interaction required, but only as far as the known application database goes. Firewall notifications can get quite annoying when it comes to applications not known by the security suite, but at least the Smart Advisor gives very useful and practical advice for inexperienced users. Changes, threats or actions already known to Outpost Security Suite Pro are handled automatically and the user is only informed via a pop-up notification. It is quite easy to navigate through the different sections of the program and I did not encounter any problems configuring the software and making changes to the settings. I do feel that certain sections could be challenging for inexperienced users, especially the firewall section.
Scanning & Healing
- Fast-scan function: Yes
- Scanning of Single objects: Yes
- Customisable scanning: Yes
- Boot sector scanning: No
- Memory scanning: Yes
- Registry scanning: Yes
- System Area scanning: Yes1
- Cookies scanning: Yes
1. No predefined scan exists for the System Area only, but the System Area is scanned during a Full System Scan.
The On-Demand Malware Scanner has a simplistic and easy to use interface. A malware scan should be a no-brainer and should not contain any elements that either confuse or annoy the user. This is exactly what Agnitum designed. The user can choose from a Quick, Full System or Custom scan (providing more flexibility to advanced users). It lists infections in the scan status window as the scanner finds them and actions are not taken against the threats immediately, the user gets the chance to take action against all the threats at once, as soon as the scan is completed. Outpost Security Suite Pro automatically chooses the best action to be taken against each threat, but the user still has the option to choose whether a threat should be cured, quarantined, removed, skipped or added to the Ignore list. A Details button is available for a short summary about the currently selected threat. You may leave your PC unattended during the scanning or healing process because there are no annoying pop-up alerts or warning screens that require user interaction during the execution of these processes. The malware scanner's performance can be improved dramatically by enabling the SmartScan technology. SmartScan technology creates scan status cache files in each scanned folder, making it possible for the scanner to determine which files have been altered since the last malware scan. Only the modified files are scanned, so the amount of time required to complete a full system scan can be dramatically reduced by enabling this feature. A word of warning though, the cache files hide themselves in ways similar to rootkits, so 3rd party anti-rootkit scanners may detect these cache files as malicious.
Support for Mozilla products is still not what it should be. Outpost Security Suite Pro is not able to delete only one cookie from cookies.txt or only one infected e-mail in a Thunderbird folder, it deletes the whole cookies.txt file (therefore all your cookies) and the whole folder containing an infected e-mail. Luckily it quarantines infected files by default, so if this accidentally happens, you can always restore the file from the Malware Quarantine.
I already discussed certain elements of the firewall component in previous sections of this review, but only briefly, so I will now provide an in-depth look into this impressive component of Outpost Security Suite Pro. Like any other firewall, it needs to be trained to function effectively on your system. One of my biggest issues with most firewalls is their inability to identify well-known and legitimate programs as trustworthy. Firewalls often involve complex configurations and tweaks to operate effectively on your system. The Outpost Security Suite Pro Firewall takes firewall training to the next level without frustrating advanced users with over-simplistic designs and at the same time making it easy enough for novice users to understand the basic principles of firewall training. A lot of configuration is already done during the installation of the security suite, by scanning your system for common applications and components and creating the necessary rules for these applications and components, so that you won't have to do this at a later stage. This means you can use a common program like Firefox without any additional configuration. The firewall expands the rules created during the initial setup, by guiding the user through the rule creation process for those communications that are not governed by the initial set of firewall rules, so in short, there are rules already created for the most common communications, but for every other communication you need to create new rules as you go.
Outpost Security Suite Pro automatically creates rules for applications signed by trusted vendors. Rules are automatically created for these applications, as they are required for the first time, even if the applications were installed after setting up the security suite. The user is only prompted when the rules are created so no interaction or decisions are required from the user. This is the type of rule creation that's missing from so many other firewall applications. I tested this feature with a well-known application like Firefox. I removed the rules created during the installation of Outpost Security Suite Pro (because Firefox was already installed at that time) and launched Firefox as if it was launched for the very first time, after installing the security suite. Outpost Security Suite Pro automatically created the network rules required for Firefox and informed me via a small pop-up in the bottom-right corner of my screen. I was able to use Firefox without any additional firewall customisations and new rules were automatically created as I browsed the web. As mentioned earlier in this review, the database for predefined firewall rules has its limitations and the rule creation wizard came up for a couple of applications I expected Outpost Security Suite to pick up automatically as trustworthy.
The firewall runs in stealth mode by default, making your computer invisible to hackers. It does not respond to port scans and silently blocks them. Independent leak tests have shown that Agnitum's firewall technology is among the best when it comes to intrusion detection and prevention. Apart from the Rules Wizard, you also have 4 other preset firewall policies to choose from namely, Block all (most restrictive), Block Most, Allow Most and Disabled (all communications have unrestricted Internet and network access). Outpost Security Suite Pro automatically detects full-screen applications and will prompt the user to go into Entertainment Mode to prevent distraction from prompts and warnings. This is useful for games and media players and you can tell the security suite to remember these applications so that it can enter Entertainment Mode automatically for these applications, without prompting the user each time.
Although I had a small configuration issue with Thunderbird and a couple of headaches with my local area network (lets face it there is no such thing as a perfect firewall, you will always need to do some form of customisation if you are a power user), I still regard the firewall of Outpost Security Suite Pro as one of the best firewall components I have ever seen.
Outpost Security Suite Pro uses a Bayesian spam filter, that only supports Outlook, Outlook Express and Windows Mail. I was told by Pavel Goryakin, PR Manager of Agnitum Ltd, that they are planning to add support for The Bat in Outpost 2009 (and there is even the possibility of support for Thunderbird in a later release). An Anti-Spam Training Wizard is used to train the spam filter. This wizard collects samples of spam and non-spam e-mails from specified folders in your e-mail client, you only need to show the wizard which folders contain spam messages and which ones don't. Since my direct e-mail address at cybertopcops.com has thousands of spam samples in its spam folder I decided to download a few hundred to train the spam filter. After training it with roughly 400 spam samples, it showed a 86% success rate at identifying spam e-mails. The problem came in when I started to download legitimate non-spam e-mails. It flagged every non-spam e-mail as spam and no matter how many times I clicked on the "Mark as Not Spam" button, it continued to filter my legitimate e-mails as spam. So I decided to overwrite the previous training data by re-training the spam filter with more than 500 spam samples and only a hand full of non-spam samples. This seemed to do the trick, most of my legitimate e-mails started to come through to my Inbox instead of landing in the Spam Folder.
The spam filter basically works just like any other Bayesian spam filter. It has a toolbar with a "Mark as Spam" button for e-mails missed by the spam filter and a "Mark as Not Spam" button to correct false positives, in other words good e-mails accidentally marked as spam. However, as explained above, these buttons do not have any effect on the training data, the only way to train the spam filter is through the Anti-Spam Training Wizard. This issue will hopefully be resolved with the next release of Outpost Security Suite Pro. The filter also has whitelisting and blacklisting capabilities with an additional option to train the filter on outgoing e-mails as well. The whitelist automatically allows e-mail from people you write to, as well as people on your Contacts list. A nice thing though, is the fact that whitelisting and blacklisting is not based on e-mail addresses alone, but also keywords, IP addresses, and domain names. The spam filter is simplistic and very basic, it is a bit rough around the edges and everything is not yet working exactly as it should, but the different spam filtering options makes it flexible and highly configurable to suit your own personal spam filtering needs.
Web Control (ID Block)
The Web Control module was briefly discussed in the Real-time protection section of this review. Here I want to provide more details about the ID Block component of the Web Control. The ID Block is a nifty little tool and very easy to use. You basically add the private data you wish to protect (passwords, credit card numbers, etc) by providing a description (for instance "Myspace Password"), entering only a portion of the private data (for instance characters 3 through 6 of your Myspace password) and choosing a category (for instance the Password category). In the Myspace Password scenario I just painted, each time when your Myspace password is transmitted over the Internet, the ID Block component will replace the 3rd, 4th, 5th and 6th character of your Myspace password with asterisks. A small pop-up will appear in the bottom-right corner of your screen to inform you that the private data has been blocked. Instead of replacing the private data with asterisks you can also choose to block the transfer of the private data completely. For effective and practical use of the ID Block component, you need to add the trustworthy sites, where you need to enter this private data, to the Exclusions list. (In the example I used, you will add Myspace.com to the Exclusions list, because this will be the only site where you will use your Myspace password). If you use the same password on several sites (which I highly recommend you never do) you need to add all these sites to the Exclusions list as well. I have tested this tool in several environments (e-mail, browsers, chat clients) and the only drawback is that it doesn't work with SSL (when the data is entered on a secure page or where the data is encrypted and transmitted over a secure connection). This isn't really a big issue because most identity theft incidents occur on insecure pages, after all, encrypted data is not supposed to be read by external applications, so this tool can also be used to check whether your private data is properly encrypted when using secure websites.
However, this tool is not without its flaws. Once you have added some private data, you can't change it on a later stage, you need to delete the old entry and enter a new set of private data. You may argue that this is purely for security reasons, but privacy protection tools like these should never be used to store complete sets of private and sensitive data, only portions of it (for instance only 5 consecutive digits of your credit card number, not the last 5, but 5 consecutive digits somewhere around the middle of your credit card number). Another limitation is the small number of categories to choose from, I would have liked to see categories for social security numbers, PINs and e-mail addresses. Finally if you are going to allow users to edit this data, then this section should have its own password to protect the private data, even if it only contains portions of your private data.
Outpost Security Suite Pro un-installs clean and easily with no side effects.
Agnitum Outpost Security Suite Pro certainly appeals to advanced users, but the easy to use iterface and impressive setup routine, makes it an attractive option for the novice user as well. It is built around an impressive firewall system and its malware capabilities are getting better by the day. There is certainly some room for improvement in certain departments, but it is my personal opinion that Outpost Security Suite Pro has the potential to become a leader in the Internet Security Suite market.
Outpost Security Suite Pro:
|Isolation of Threats:||7|
|Scanning & Healing:||7|
(Compatibility, Filtering & Effectiveness):
(Web Control / ID Block):
Did you like this review? Please send us your comments.