Outpost Security Suite Pro ReviewVersion 7.5.1
by Coenraad de Beer (Webmaster & Founder of Cyber Top Cops)
Posted on 09-01-2012
I had the privilege of taking a closer look at Agnitum's Internet Security Suite called Outpost Security Suite Pro. This security suite has quite a lot under the hood so there are plenty of things to discuss. Please note that version 7.5.2 will be released soon, so I will update my review where necessary when the latest version is released.
Outpost Security Suite Pro Version 7.5.1 was reviewed in Windows 7 on an Intel Pentium 4, 2.8GHz with 2GB of RAM.
The installer of Outpost Security Suite Pro has two installation modes, Simple Mode for novice users and Expert Mode for advanced, more experienced users. Simple Mode is recommended in most cases and is really easy and effortless. Even advanced users will benefit from Simple Mode if they wish to save time installing and setting up the software. The installer creates a restore point which can be used to restore your computer in case something goes wrong during the installation. The Windows Firewall is turned off automatically to prevent clashes, so you don't have to worry about that, but I also believe Agnitum should consider turning off the Real-time protection of Microsoft Security Essentials (or at least issue a warning during installation), since it prevents Outpost Security Suite Pro from removing infected objects already detected by Microsoft Security Essentials. To make things worse, the system comes to a halt when you try to remove the malicious objects with Microsoft Security Essentials (when Outpost Security Suite Pro detects them as well and tries to isolate them). I can tell you, from my experience, that these two don't get along too well.
Outpost Security Suite Pro uses ImproveNet cloud security to improve their software and users may choose to opt out from participation during the setup process. You can also opt out, if you missed this option during the setup process, by going to the General section of the settings screen. Personally, I prefer to opt in to services like these, instead of having the option already ticked for me, because I believe most users participate in this program without even knowing it. So rather ask your users explicitly if they want to participate in the program and what it is all about, but again this is only my personal opinion, other people may have a different view on this subject, after all the usage data is anonymous so there should not be any reason for concern. Right lets get back to the rest of the installation process.
Once the installation is finished it automatically connects to the Internet to download the very latest updates and malware definitions. The final step of the configuration is the SmartScan and it is quite a lengthy process compared to the other steps, but it depends on the amount of data stored on your hard drive. Once this is done, a restart is required. The final step is the registration process (after the first reboot).
Everything is set up automatically and quite neatly, but with a couple of exceptions here and there. For instance I had to allow a some of inbound connections after the restart, but it involved nothing more than a couple of clicks of an allow button and that was the end of the prompts. Outpost Security Suit Pro automatically created these rules perfectly and everything seemed to work fine without any further configuration prompts.
Outpost Security Suite Pro will operate in a mode called Auto-Learn mode for a while. During this time it will automatically learn your habits on the computer in order to create appropriate rules for each action performed on your computer, so that you are not bothered by annoying prompts when using the software discovered during this auto learn period. Do note that if you install a new application after this auto learn period, you might receive some prompts until Outpost Security Suite Pro created all the necessary rules for this new application. It is also recommended that you refrain from connecting to untrusted networks or use unknown software during this auto learn period, to prevent rules from being created that may allow malicious programs from operating on your system. However you can rest assured that Outpost Security Suite Pro will still assess the danger of an action and will prompt you for appropriate action in the event of an attack, even if it is still in Auto-Learn mode, so basically, Auto-Learn mode will not compromise your security in any way.
During the first boot after installing the security suite I noticed an increase in the time it took for Windows to start up. In my opinion the overall performance of the computer is not affected by Outpost Security Suite Pro too much, however, one thing I did notice was some lag when I launched applications. It is clear that the Application Guard and resident Anti-Malware component is doing their job, by scanning each application before it is allowed to launch, but sometimes the system hangs for a while until the application is successfully launched. Of all the improvements Agnitum needs to make to their security suite, this should be priority number one. I really hope they address this issue with the 7.5.2 release.
The minimum system requirements specified by Agnitum in their help file is a 450MHz Intel Pentium or compatible CPU, 256MB of RAM and 100MB of hard disk space. To be honest, operating systems like Windows Vista and Windows 7 will hardly operate on a low-spec system like that, so running Outpost Security Suite Pro on Windows 7, with only 256MB of RAM is not a wise choice, I recommend a stronger system with at least 1GB of RAM and an 1.7GHz Intel Pentium Processor. But even these specifications may leave you wanting in terms of processing power, depending on the version of Windows you are running.
I reviewed version 6 back in June 2008 and I am glad to see Agnitum has an “if it is not broken why fix it” approach towards their user interface. I still find the interface easy to use, yet flexible enough for power users. There are a lot of advanced features and reports that will leave novice users in the dark, but advanced users will love the sheer volume of information, reports and customization features available to them.
The user interface is not without its faults though. One major drawback about the user interface is that you are constantly wondering what the security suite is doing. The system tray icon does change depending on the type of action it is performing, but if you don't know what the icon means, it doesn't help you much. For instance it changes to a pair of rotating arrows when it is downloading updates from the Internet and it changes to a scanning radar when the malware scanner is running. When the program is idle it shows the blue Outpost shield icon and it turns red when some of the components are disabled or faulty. But I would like to get a proper indication of what the security suite is doing for instance when I hover with my mouse pointer over the system tray icon I want to see something like “downloading updates”, “scanning your system” or “updating SmartScan cache” and not the version number and my PC's local IP address. I would like to see the current activity in the main window as well, with an easy to access link or button to bring up the window showing the progress of the current activity. Currently, when it is running the auto update you cannot see the progress of the update, you can only choose to abort the update from the menu that appears when you right click on the system tray icon.
It would also be nice to see more information about the progress of the update procedure. In my opinion it should show the size of the update, download speed end estimated time for each download to complete. Lately a lot of users were complaining about the update process being extremely slow and in some cases the update even failed. I was one of those users who experienced very slow updates and “Performing operation 2 of 3” meant nothing to me if I had to wait 10 minutes for the update to complete, only to tell me that the scripts and configuration files could not be downloaded. But if the update screen showed the data transfer rate and the size of the update I could have easily predicted whether the update was going to take longer than normal and on top of that, it could have helped me troubleshoot the update problems a bit easier (instead of looking for the problem on my side).
Finally, the only other problem I had with the user interface was the prompts for removing infected objects. Every time when Outpost Security Suite Pro detected a threat, I received 2-3 prompts in succession before it actually removed the object (after choosing “Remove Object” each time).
The issues I have with the user interface do not really boil down to poor design, it is just that there are a couple of features I'm missing in Outpost Security Suite Pro, that's usually present in other security applications. The application is not unusable without these features, but will most definitely improve the user's experience and make things a little bit easier.
The security suite checks for updates on an hourly basis, but the user can adjust the update schedule to daily, weekly or even a specific time and day of the week. It is recommended though that you leave the updater on an hourly schedule. One feature I'm missing here is the ability to download updates to a specific folder in case you need to reinstall the security suite or for storing the updates in a central location (like on a server) if you have Outpost Security Suite Pro installed on several computers and would like to update each one, by downloading the updates from the server instead of using the Internet each time. This conserves Internet bandwidth and is a very handy feature in countries where bandwidth is still very expensive.
Outpost Security Suite Pro, like most Internet Security Suites, has several shields, providing comprehensive protection against several types of threats. It has a highly customizable firewall, a formidable Anti-Malware shield, Proactive Protection (your first line of defence against rogue software performing malicious activity on behalf of trusted applications). It also has a Web Control shield, protecting you on the Web as you browse and last but not least an Anti-Spam component. Most of these shields deserve more than just a mention and we will take a closer look at each one later in this review.
Right, this is the fun part of the review, trying to break the defences of the security suite and I must admit, Outpost Security Suite Pro stands its ground quite firmly. One impressive feature about this security suite is its self-protection module. It prevents you from illegally terminating the suite and its shields, whether you are using the Windows Task Manager or some 3rd party process terminator. The self-protection feature passed every test I threw at it with flying colours. It is interesting to note that the process op_mon.exe appears in the Windows Task Manager but it remains hidden to 3rd party task managers. Even if you do manage to terminate this process, the core protection service remains active and it keeps protecting the PC in the background. I also threw a couple of curve balls towards the security suite's critical registry entries and it intervened every time, either by prompting for action or by blocking the activity without any warning (but this only happens once you've trained Outpost Security Suite Pro to take the appropriate action). The long and short of it all, I could not catch Outpost Security Suite off guard in terms of self preservation.
The Anti-Malware shield is very effective, but not yet perfect. I executed a couple of dodgy files, not detected by Outpost Security Suite Pro, to see whether the components like the System and Application Guard and Anti-Leak were doing their jobs. Outpost's eXtended Heuristic Analyser (HAX) detected most malicious attempts and gave me the option to allow, block or block & terminate the suspicious application (where I believe that the latter is the safest option). In one instance I even got the option to submit the suspicious file for analysis to Agnitum. I also submitted a couple of other malicious files, not detected by Outpost, via the submission form on their website. It will be interesting to see how long it takes for these threats to be added to their malware database.
The Anti-Malware shield also detected a couple of false positives, for example certain registry changes made during the installation of the latest Nvidia GE Force drivers (downloaded directly form Nvidia's website), the latest installer of Thunderbird being detected as suspicious (downloaded directly from Mozilla's website) and Adobe Acrobat Reader's executable file detected as malware after being updated by its own updater. The first two were false positives made by the heuristic analyser and the last one, I believe, was due to an inaccuracy in the malware signature database.
So with all being said, the Anti-Malware component has improved a lot since my last review back in June 2008, but there is still plenty of room for improvement.
Outpost initially started out as a stand-alone firewall and that's why the firewall component is the most impressive feature of the security suite and in my humble opinion, perhaps one of the best software firewall solutions available on the market these days.
I did some leak testing and I have to say allowing and preventing data flow from your computer is child's play. A pop-up will appear when an untrusted application tries to make an outbound connection. Whatever you choose (allowing or denying) will automatically create a rule that will be applied each time that same application tries to make an outbound connection. Removing or changing the rule afterwards is very easy, you merely have to check for the program to appear in the network activity screen, under the Firewall section of the main screen, expand the connections grouped together under that application, right click the connection you wish to modify and you can either switch to the opposite action (i.e. from allowed to blocked or vice versa). You can also choose to edit or simply delete the rule. No more fiddling around in the settings screen, browsing trough endless lists of application rules, trying to guess which one will have the desired effect. Now you have direct access to each and every rule being applied in real time.
While we are on the topic of the network activity viewer. This is a very handy tool to see what kind of connections your computer is making and which sites your computer is connecting to. The ability to see the IP addresses or in most cases the resolved website addresses, allows you to see where all your information is going and even allows you to block only certain connections made by an application, instead of blocking the application completely. Lets say, for instance, you have an application developed by Company A, who is also affiliated with Company B and Company C. But you don't like Company C since they are known for spying on their customers. If the application, developed by Company A, makes a connection to a website, owned by Company C, you will be able to see that connection in the network activity screen and block this specific connection, without interfering with the connections made to other websites. This may affect certain functionality of the application, lets say the connection to Company C's website was made to serve ads inside the main screen of the application, so blocking the connection to that site, will prevent the ads from being displayed.
This might be a bit advanced for novice users, but this is the kind of flexibility of the software I was talking about earlier in my review and it will be a wonderful tool for control freaks and people concerned about their privacy.
Right, that's outbound connections, but what about inbound connections, in other words, hackers trying to gain unauthorized access to your computer. Well this is just as effective and easy to manage than the outbound connections. Adding your local network to the trusted zone is also much easier than before. You simply go to the LAN settings in the settings screen and tick the Trusted box next to your local IP address range (which should have be detected during the Auto Learn period mentioned earlier). This allows all traffic to and from your local network, so a word of caution, only add completely trusted networks to the Trusted zone. In order to test the effectiveness of the firewall, I removed my local network from the Trusted zone and did a port scan from another PC and the scanner reported that all ports were filtered (i.e. they were blocked). Pinging the target PC also failed and a remote service scan did reveal the make and MAC address of the PC and that the host was up, but that was about it, no further information about the ports, operating system or services running on the targeted PC, could be determined. So the firewall does its job thoroughly by virtually hiding your computer completely from network intruders. It was quite enlightening to observe from the network activity screen how Outpost Security Suite Pro blocked the port scans and ping requests and it was great to see the firewall in action.
The Web Control is yet a simplistic but very practical and useful component serving two main purposes: Protecting sensitive data from leaving your computer (ID Block) and blocking dangerous scripts and ads (Ads and Sites blocker). The ID Block component is a very useful tool to prevent your passwords or credit card info from being e-mailed or transferred via HTTP to a hacker. You simply add a portion of your password or credit card to the ID Block component and each time that information is transferred over an insecure connection (on other words not during an SSL connection where the data is encrypted) it will replace that portion of your password or credit card with asterisks and give you a warning so that you are aware that someone is trying to extract sensitive information from your computer, or that you are transferring this information over an insecure connection.
While this component is highly successful at blocking ads, it is very difficult to allow ads on specific sites. I've added some sites to the exclusion list and allowed all content to be displayed, but it kept on blocking ads on these sites. So basically, if you don't want ads to be blocked you need to turn ad blocking off completely, the exclusion list simply doesn't work (or I did something wrong). I believe the ad blocker should be disabled by default and leave it to the user to enable it if desired, because this could be the source of a lot of frustration for many users.
The malware scanner has three scan types, a Quick System Scan (checking the most vulnerable points in your system), a Full System Scan (doing a deep analysis of the registry and file system) and a Custom Scan (where you can customize exactly what should be scanned as well as the intensity of the scan). Scans can also be initiated via the context menu in Windows Explorer by right clicking on an object or file and selecting “Scan with Outpost” from the menu.
The very first Full System scan is going to take quite some time to complete, depending on the amount of data stored on your hard drive(s), but Outpost Security Suite Pro has an impressive caching system called SmartScan, making subsequent scans much faster because it will only scan modified files. A small percentage of our malware samples were not detected by Outpost Security Suite Pro, most of them being Adware and Spyware, so this is another area where the security suite can improve.
I have to mention though that a couple of these undetected samples were at least detected as suspicious and I submitted them to Agnitum for further analysis.
Outpost Security Suite Pro does a pretty good job at keeping active threats at bay. Once a malicious object or file has been detected it cannot enter your system or complete its operation before being allowed by Outpost. You are presented by a prompt to either remove, block or add it to the exclusions list, if you believe the file or object in question is not malicious. If you choose to block the file only, you can still rename it or move it around (only on the same hard drive), but it is completely sandboxed, meaning you cannot execute it or move it to another drive or make a copy of it, not even on the same hard drive.
Outpost Security Suite Pro has a spam filter called the Anti-Spam control. I had some problems enabling this control, for some reason it got disabled and I could not enable it again. I had to uninstall the suite completely and re-install it for this feature to work again. This was quite an interesting experience, but I will elaborate more on this in the Uninstall section of the review.
Unfortunately the Anti-Spam control does not work with Thunderbird or Windows Live Mail and although it claims to work with Windows Mail (in Windows Vista) it does not work with Windows Mail under Windows 7. So I was completely unable to test the spam filter. Hopefully I will get the chance to play with it once version 7.5.2 gets released.
Uninstalling Outpost Security Suite Pro was not an easy task (at first). I mentioned earlier that I had to re-install the suite to fix the broken anti-spam component. First of all it appeared that the uninstall was successful once I got a prompt to restart my computer to complete the uninstall process. After the restart, Outpost Security Suite was gone, so I thought mission accomplished, but my problems started once I tried to install it again. The installer reported that some of Outpost's drivers were still active and I had to remove them first, before re-installing. A closer look revealed that the uninstall entry was still present under the Windows Uninstall list and trying to delete it with a 3rd party application was a futile operation (even with Administrative privileges enabled).
Luckily Outpost Security Suite Pro has a clean utility that you can use to manually remove the suite completely. But to do that you need to reboot your computer into Safemode and run a file called clean.exe, located in the security suite's installation directory. You need to be patient while running this utility since there is no user interface or any prompts on the progress of the removal process. For several minutes it seemed like nothing was happening but after a while the hard drive led started blinking and things started to happen. It automatically rebooted my machine and after the reboot I was able to re-install the security suite.
But my problems did not end here, I could not find my registration key anywhere. Luckily Agnitum has a very easy to use request form on their website in case you lost your activation key, but you need to supply the e-mail address you used when you registered the suite and a starting date from which the server should search for your activation key. The form automatically enters a date exactly one year back from the current date, so you can just leave it at that and submit. Within a minute or two I received an e-mail with the activation key and I was able to register Outpost Security Suite Pro successfully. Now this is what I call customer service.
The second time around Outpost Security Suite Pro uninstalled perfectly without any problems. So the issues I had the first time around was most likely an anomaly.
This version of Outpost Security Suite Pro is a huge improvement over the one I reviewed back in 2008, but it is still not flawless. Key areas that need some improvement are performance, malware detection accuracy, the Anti-Spam component and certain user interface elements I mentioned in this review. From what I've read on Agnitum's blog, most of these issues will be addressed in version 7.5.2, so I'm looking forward to review the latest version of the security suite once it is released. Outpost Security Suite Pro provides adequate all-round protection, is good value for money and in terms of price, is still cheaper than most mainstream Internet Security Suites available today.
Did you like this review? Please send us your comments.