Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
More…
Facebook
Twitter
Digg
PrintAnd the Winners Are...
In the end, the reviewer's favorite products were Prevx and Sandboxie. Prevx provided the best identification of malware and prevented most of the exploits thrown at it, though by no means all. It's nice to be told what was trying to infect your system instead of having to make trust decisions on the fly. Plus, Prevx was the only product able to detect previously installed malware, and its interface was elegant. Sandboxie was a surprise. It provided fairly accurate infection prevention and, in most cases, excellent cleanup. It requires a bit more technical knowledge when picking which changes should and shouldn't be kept, but it's free price tag makes it a winner.
Now on to the Individual Reviews...
Prevx 2.0
I've been a big fan of Prevx for years. It was one of the first players in the Web security space and tends to be on the cutting edge of browser defense. The product's maturity shows in the end-user interface, operational aspects, and availability in 64-bit and business versions.
Prevx provides a multipronged defense, with heavy reliance on heuristic host-intrusion detection techniques. It provides distinct protection to Internet browsers, e-mail programs, critical file and memory areas, and startup program areas, and it supplies additional defenses against keyloggers, buffer overflow programs, and network connecting malware. Although real-time monitoring and heuristics are certainly its sweet spot, Prevx contains multiple signature-based mechanisms and relies heavily on its community-based malware reporting database, which requires an active Internet connection to utilize.
After the initial licensed-based install, Prevx did a scan of some of the critical system components and checked for program updates. Prevx has the best user interface in this roundup review (see Figure 1). There wasn't a part of it I did not like. It looks good, displays what the user needs when required to make a decision, and hides when it is not in play. There are three operation modes: ABC, which is the default for beginners, and two expert modes.
When the user surfs to a malicious Web site, Prevx notes any system modifications it detects while the related files are identified and compared to a local database or sent to the larger community-based database. If identified as malware (see Figure 2), the malicious programs and system modifications are removed and the system rebooted. Suspicious programs are placed in "jail" (see Figure 3), where the user can restore or tell Prevx to quarantine or delete. Cleaning always results in a mandatory reboot, followed by an additional rescanning of critical areas and an uploading of any found changes to the community database. I especially liked this feature because it can find modifications missed on the first pass. Nice touch.
Sadly, Prevx didn't always keep my system clean. On just the fifth malware Web site, a password-stealing Trojan was able to infect the test system. Prevx had noted system changes and uploaded multiple files to the community database, but it completely missed one of the Trojan files, even after the reboot and second scan (see the program called SSUUDL in Figure 4, Figure 5, and Figure 6). In further testing on the same site, Prevx removed every infectious file nearly all of the time, but not every time. And although it detected and prevented the XP Antivirus malware program, it did not stop the Adobe Flash clipboard hijack. If Prevx could improve its accuracy, it would easily be the best product in this review.
SafeCentral 4.0
Although Authentium's SafeCentral attempts to prevent keyloggers, screenscraping software, and malware from silently exploiting systems from Firefox browser sessions, it is most proud of its ability to prevent DNS and Web site spoofing for its 15,000 registered partner Web sites. The SafeCentral Portal site list includes thousands of commonly used banking, financial, and other popular Web sites and will prevent many phishing attacks. This is an opt-in feature, forcing the user to access sites from the SafeCentral Portal in order to ensure site authenticity. If your Web site is not listed or if you are socially engineered into visiting a bogus Web site without going through the portal, you will not get the protection of SafeCentral's redirection.
After you install SafeCentral, which requires a multistep process more complicated than its competitors, it loads a custom version of Firefox and modifies the toolbar in Internet Explorer, if it finds Internet Explorer on your system. Various "elements" are installed to secure and protect the desktop from the custom version of the Firefox browser and vice-versa.
When the user is in a secure Firefox browser session, the rest of the system is dimmed and interaction is restricted in significant ways. If you click any program or desktop area outside of the browser, the secure browser session is paused and dimmed. Every switch between the protected browser session and the desktop took an extra click and often caused slightly uncomfortable latency. It reminded me of Microsoft Windows Vista's "secure desktop" feature that accompanies User Account Control (UAC) protection, except that Microsoft's secure desktop provides significantly more separation and security.
In extensive testing, SafeCentral did not allow a single silent install in Firefox, except for the Adobe Flash clipboard hijack, which every other product missed as well. That's about the only good point I could give this product, and one that would be matched by a fully patched browser as well. In my testing, SafeCentral permitted hundreds of malware downloads, if the site "fooled" the user into downloading and running the program. At no time did SafeCentral stop any malware download initiated by the user, or prevent the subsequent system modification, or ever warn the user of the impending potential damage.
Protection was worse for Internet Explorer. Even though SafeCentral modified the toolbar and offered an indication of alert messages, it allowed nearly every silent malware install I threw at it, without so much as a peep. Clicking the SafeCentral toolbar icon (with Internet Explorer) simply launches the further secured version of the Firefox browser, which doesn't help when visiting the millions of Web sites that require Internet Explorer. Overall, I saw no advantage to using SafeCentral with Internet Explorer and questionable value with Firefox. The strength of this product lies with its DNS and anti-phishing protection. Those who want protection against browser threats should look elsewhere.
