McAfee Internet Security Suite pulls together the SpamKiller, VirusScan, Privacy Service, and Personal Firewall Plus products. Its Security Center integrates and tracks the status of these modules and of most retail antivirus products (but not corporate versions). In Microsoft Windows XP, it verifies Windows Update status, making it a full replacement for the Windows XP SP2 Security Center. Though all the components performed adequately, it was the VirusScan module that really excelled on our Labs tests.
VirusScan 2006 passed ICSA's tests for virus detection and cleaning; related products received certification from West Coast Labs and Virus Bulletin. We also tested it against a variety of spyware, which McAfee calls PUPs (Potentially Unwanted Programs), with impressive results. It detected all 12 virulent spyware samples and removed all but 2, and it prevented installation of all 12. It did not, however, take any action against the commercial keyloggers we used in testing, and it appears to detect PUPs only by signature, not by behavior. VirusScan checks files on access, on command, or on schedule, and it specifically scans e-mail in both directions, as well as files received by instant message. Its WormStopper and ScriptStopper modules block suspicious behavior in e-mail or scripts respectively. While the user can view quarantined malware items, there's no easily accessible log of viruses repaired or deleted.
Although SpamKiller filters any POP3 account without regard for the e-mail client, those using Microsoft Outlook and Outlook Express will find the toolbar integration convenient. Under Outlook it can filter Exchange and IMAP accounts, and it will filter MSN/Hotmail accounts directly. The user can choose whether to hold spam in a quarantine area within SpamKiller or mark its subject with "[SPAM]" and pass it to the client. Those choosing the former can peruse blocked mail in the Messages view and rescue any that were blocked in error.
We tested it using a real-time collection of spam and valid messages. In our fairly small sample, it let about one-sixth of the spam into the Inbox and marked about one-twelfth of the valid mail as spam, a better performance than that of last year's product. On installation it offers to copy your address book into its "Friends" list; mail from these addresses will never be blocked. You can also add individual addresses, domains, or mailing lists. There is no corresponding "Enemies" list, though you could define a personal filter to block mail from any specific individual or domain. SpamKiller's e-mail filter runs as a separate process and can measurably slow downloading e-mail if the inbox is particularly full. In testing, it announced several times that it was unable to block a specific message; these messages proved to have invalid headers.
The firewall module prevents unauthorized programs from accessing the network or Internet and can be configured to handle inbound and outbound connections separately. An internal database lists known good programs that will be allowed access without asking for confirmation—this list has grown to more than 4,000 items. Also, the new gaming-suspend mode will suspend confirmation pop-ups during full-screen gaming sessions. As expected, the firewall blocked all significant port attacks; it will also trace the source and route of any attack on a world map and identify the source using Whois data, if available. We weren't able to kill it using Task Manager or disable it by tweaking the Registry. When we turned off its essential service (as malware might do), it remained disabled until we responded to a warning message.
0 comments:
Post a Comment