AVG's security software is popular worldwide, with 80 million users speaking 15 different languages in 165 countries. Most are using AVG Anti-Virus Free Edition software, but some opt for the more powerful malware protection in AVG Internet Security 9.0 ($54.99 direct). The latest edition of this suite boasts some significant improvements.
I timed the improved installation process at about 12 minutes, including the necessary malware signature update and a reboot. A new "optimization scan" identifies known good programs; anti-malware scans skip those programs to run faster. On my standard test system, a full scan without optimization took 50 minutes; optimization brought it down to 18 minutes.
The dozen-plus icons representing the security components got a minor facelift, but otherwise the suite looks the same. A red icon means problems with that component; double-click for details and high-level configuration. As before, the Advanced Settings dialog lists all configuration options in one huge tree-structured list.
AVG wouldn't install properly on a couple of malware-infested test systems; tech support eventually solved those problems. They also quickly diagnosed a system that lost connectivity after installation. And when malware interfered with scanning on a couple other systems, I simply ran a command-line scan in Safe Mode.
ICSA Labs and West Coast Labs both certify AVG for virus detection but not cleaning; last year West Coast certified it for cleaning too. The suite did pick a new checkmark certification specifically for malware detection. AVG received the VB100% award from Virus Bulletin for all of the 10 latest Windows-based tests.
Last time around AVG scored poorly with AV-Comparatives, which rated it Standard (the lowest passing grade) for both on-demand detection and proactive detection. This time the rating agency raised the suite's on-demand detection score to Advanced, but it still had many false positives. While its standing in some of the tests has changed, AVG doesn't get top marks overall.--Next: Enhanced Malware Removal
Enhanced Malware Removal
The Identity Protection module, not found in AVG Anti-Virus Free Edition 9.0, integrates behavior-based technology that AVG acquired with Sana Security. The suite also adds a separate advanced rootkit scanner. Not surprisingly, it scored better than its free counterpart.
AVG scored 7.4 of 10 possible points in a test of cleaning malware-infested systems, the same as Ad-Aware Pro 8.1. It detected 100 percent of the samples but lost points for incomplete cleanup. It left behind executable files for 30 percent of the threats and left almost all non-executable junk for another 45 percent. Still, it definitively beat AVG Free's score of 6.3. Spyware Doctor with AntiVirus 2010 is the current malware-removal leader, with 8.3 points.
In a separate test using commercial keyloggers, the suite scored 4.6 points, the same as AVG Free and slightly above average. It detected all of the rootkit samples but only scored 6.0 points. The advanced rootkit scan after the full scan didn't help--it found one threat and didn't actually remove it. Still, 6.0 is better than average for this test. With 7.9 points, Norton Internet Security 2010 is the rootkit removal king.
The scanner also detected all of the scareware samples but didn't fully remove them. Its score of 6.5 in this test is better than average and way above AVG Free's 5.2. Ad-Aware leads the crowd on this test with 8.8 points.
Multiple Malware Blocking Layers
AVG's multiple layers of malware protection interact with each other to enhance the suite's ability to detect threats. The suite checks Web pages for malicious code and for dangerous files and scripts. Its Resident Shield finds and removes active malware in memory. The Identity Protection module recognizes malware behavior to supplement standard signature-based protection. And, if necessary, AVG can get a boost by consulting databases in the cloud.
I didn't see any Web-based protection when I attempted to redownload my current collection of malware samples. All those whose URLs hadn't vanished downloaded just fine, though the on-access scan nabbed a couple of them after the download finished.
When confronted with my pre-downloaded collection of malware samples, AVG was more effective. It wiped out about 70 percent of the samples as soon as I clicked on them--the same ones that AVG Free caught on sight. Of the rest, AVG's suite detected all but one during installation. It scored 9.0 where AVG Free got 8.8. Spyware Doctor topped this test too, with 9.7 points; Norton was very close with 9.6.
The suite detected all of the rootkit samples and blocked most of them successfully, matching AVG Free's 8.1 points. AVG's suite's score of 7.3 against scareware is better than the free edition's 6.0, but so far eight products have aced the scareware test with a perfect 10.
AVG's malware protection is quite good. If it thoroughly cleaned the malware it detects it would be great.
For more information about my testing, read How We Test Anti-malware.--Next: Simple, Effective Antispam
AVG Internet Security 9.0 Anti-Malware Chart
Simple, Effective Antispam
AVG's spam filter analyzes the incoming POP3 e-mail stream and marks spam messages with 'SPAM' in the subject. There's no integration with e-mail clients, so you'll have to define a rule to divert those messages into the spam folder. It's that simple.
Or is it simple? The advanced settings for the antispam are more extensive than for any other module. You can adjust the filter's sensitivity and block mail from specific countries or using specific languages. You can configure it to use Realtime Blackhole lists, if you know how, and more. But the average user shouldn't touch these settings except the one that imports your address book into the spam filter's whitelist.
Using out-of-box settings AVG missed just 1.9 percent of the spam and mis-marked 1.7 percent of valid mail as spam. It did mark nearly half the valid bulk mail as spam; whitelisting would have helped there. Downloading a thousand messages took about 70 percent longer with the spam filter active, which is not bad.
Last year's suite missed 10 percent of spam, marked almost 5 percent of valid mail as spam, and seriously slowed the download process, but hardly marked any newsletters as spam. Overall this latest edition is an improvement.
For more information about my testing, read How We Test Antispam.
AVG Internet Security 9.0 Antispam Chart
AVG says the current edition improves boot time impact by 10-15 percent. I don't have data for the previous edition but the current edition added nearly 140 percent to the boot time, the biggest impact since I revised my test in May. CA Internet Security Suite Plus 2010 and ZoneAlarm Extreme Security 2010 also more than doubled the boot time.
AVG also had a noticeable negative effect on the file move and copy test, adding 33 percent to the time required. That's more than twice the average for this test and the second-highest impact in the current crop of suites. AVG added 21 percent to the similar zip/unzip test, less than the average suite.
In a test using lengthy Windows Installer scripts it added 28 percent to the time required, better than average. And the browsing test didn't take longer at all with AVG installed. Also on the plus side, the spam filter doesn't slow downloading much, the new optimization scan speeds malware scanning, and the product installs quickly. These virtues can't entirely outweigh the boot-time slowdown, but they bring AVG's performance score above Fair.
For more information about my testing, read How We Test Security Suites for Performance.--Next: Improved Firewall
AVG Internet Security 9.0 Performance Chart
I expect every firewall to put all ports in invisible stealth mode. The previous AVG firewall failed; the current one works fine. Program control has also improved. To cut down on firewall queries AVG's suite now consults several databases and automatically configures access for known good programs. You'll still get a pop-up query the first time an unknown program attempts Internet access but you won't see nearly as many of these.
I tried attacking the firewall using techniques that a malicious program could use, with mixed results. I couldn't kill off AVG's processes using Task Manager--I got "access denied" for some while others respawned immediately. And I couldn't use the Registry to trick it into turning off. I couldn't stop the firewall's services, but setting their status to disabled and forcing a reboot had the same effect. The firewall needs to toughen up just a little more.
When it comes to blocking leak tests (programs that demonstrate techniques for evading program control) the firewall gets a little help from its friends. Resident Shield blocked some as known malware, and Identity Protection blocked one based on behavior. The firewall itself penetrated one tool's trickery, but several others breached AVG's protection. One can argue, though, that if they actually had a malicious payload, Identity Protection would have detected their behavior.
Protecting against threats that exploit system vulnerabilities was likewise a team effort. When I attacked the test system using the Core IMPACT penetration tool, several modules joined the fray. Resident Shield blasted the file component of some exploits, LinkScanner blocked access to others, and Web Shield disabled still others (more about LinkScanner and Web Shield shortly). The few that weren't actively blocked didn't succeed in penetrating the system.
The firewall is much improved since last year and well supported by the suite's other modules.
The AVG toolbar, installed in Internet Explorer and Firefox, uses AVG's LinkScanner technology to analyze Web pages in real time. It looks for exploits, drive-by downloads, or other malicious code. Since AVG analyzes the actual page, it's never fooled by the shortened URLs popular in Twitter. If a good site gets hacked with malicious code, LinkScanner will catch it immediately.
AVG marks up search results in Google, Yahoo!, Bing and other popular search engines with color-coded icons: green for safe, yellow for suspicious, orange for risky, and red for definitely dangerous. It won't even let you visit a red site. Pointing the mouse at an icon gets a floating detail window. Web Shield complements LinkScanner by checking for dangerous scripts or other dangerous files. Neither prevented me from downloading malware samples, but both contributed to the suite's protection against exploits.
The toolbar also tries to block phishing sites, but antiphishing isn't complete on the server. AVG says it will improve over the next couple months; I hope so. In testing, AVG scored 58 percentage points lower than Norton and 44 points lower than Internet Explorer alone. Interestingly, LinkScanner combined with IE scored just three points below Norton.
Check out How We Test Antiphishing for more information about my testing.
AVG Internet Security 9.0 Antiphishing Chart
Identity Guard and Tools
AVG doesn't include the private data protection common in many suites, but it does offer free identity theft recovery. AVG partner Identity Guard will help with notifying creditors, send a "Fraud First Aid" kit and monitor your credit for three months. This limited service is fine for AVG Free, but in the paid product I'd hope to see something like the active credit monitoring that ZoneAlarm users get.
The suite's system tools are strictly for experts. A process viewer includes behavior information from Identity Protection. You can view and delete start-up items and browser extensions but can't undo these actions. It lists active network connections and Layered Service Providers (LSPs). The only time most users will touch these is under instruction from AVG tech support.
AVG Internet Security has definitely improved with this new edition. The formerly weak firewall is fixed and the various layers of protection work well together. As long as you don't require parental control it's now a good choice. But if you want three licenses, AVG Internet Security actually costs more than our Editors' Choice, Norton Internet Security 2010.
More Security Suite Reviews:
"AVG Internet Security 9.0." PC Magazine Online 30 Oct. 2009. Computer Database. Web. 2 Dec. 2009.
Gale Document Number:A210913436
(Album / Profile) http://www.facebook.com/album.php?aid=5745&l=970be&id=1661531726