Thursday, October 16, 2008

Anti-Trojan Software Review - A (Squared)

Rated: 3.5 / 5


A Squared is the successor to the well known products "Anti-Trojan 5.5" and "Ants 2.1" that were discontinued in 2003.  A² is a product of Emsi Software GmbH, an Austrian company that was founded in 2003.

A²  is available in two versions: a2 Free and a2 Personal. The $29.95 personal version is identical to the free version but includes a background monitor, a number of analytic tools plus automatic signature file updates. This is the version that we reviewed.

Design

Most anti-trojan programs have two components: a file scanner for detecting trojans before they are executed and a background monitor that operates as a last resort of defense in the event that a trojan is executed.

A fits this pattern though the web site does make reference to some additional modules that provide extra layers of protection ; an Intrusion Detection System (IDS) which actively limits the behavior of  trojans and  a "System Firewall"  that claims to control program rights.

Both of these features look impressive but at the time of writing neither had actually been implemented in the current version of a2 so we ignored them for the purposes of this comparative review. We note however that purchasers of the current version are being offered a free upgrade to the proposed version 2 that will have these features. The new version has been promised "real soon now" for some months.

The current version of a2 does however include a couple of analytical tools: a process viewer and a program start-up viewer. These are useful tools for hunting down problems.

When first started, the a scanner checks running processes and services for possible infection. It then scans selected files using its extensive malware signature database.  If an infected file is found a2  gives the user the option of removing the infection.

Note that the current version of a scanner does not check inside archives. This functionality is planned for version 2 of the product.  This is a real weakness in an otherwise solid product.

The  a2  background monitor checks all programs when they are started and periodically scans running processes as well. Like the scanner it offers a removal option if an infection is detected.

Access to all of a2's functions is through a control panel called "The a2 Start Center."   It offers clear five choices to the user each of which carries a clear explanation.  We liked it a lot; it really simplifies the use of the product for the average user.    

The aweb site makes quite a point about the fact that a detects spyware and  worms as well as trojans. However this claim should not be taken too seriously as only 48 spyware products were in asignature database at the time we did our testing.  A month later this was up to 381, even so it is still a very small number.

Quite frankly to detect spyware products you need a specialist spyware detector such as SpyBot or Ad-Aware. For virus's and worms, you need a full fledged anti-virus scanner.  Additional protection from ais a bonus but it should not form your first line of defense.

Usage

Installing ais a little unusual.  First, the 30 day trial download version of the Personal edition is not full featured; it only has the features of the free version with the additional features only enabled when you enter an activation code that is emailed on completion of purchase or specially arranged trial.

Second,  even using the limited features of the trial version requires activation. In this case the code is sent after you register at the aweb site 

Registration quirks aside, installation was simple enough and presented no problems on any of our test machines.

Once installed and registered a2  displays it's well designed control panel (Start Center) that allows you to manage the program's operations. 

Clicking the scan button brings up a simple but well implemented scan control panel. The only scan options offered are disk and folder selection though this does include the ability to scan network drives. The lack of scan options is a concern. For example,  the user cannot control what file types are scanned nor can they control the depth of the scan.

The second option is configuring the Background Guard. Clicking this only brings up only one option; whether the Guard should be loaded at Windows start-up or not.  There are numerous other options relating to features planned for future releases but at the time of testing these options were all "grayed out."   

The Update button is clearly marked and the online update works well.  A2 offers incremental signature file updates rather than large cumulative files.  This reduces the time taken to download and will be appreciated by users with slow modems.  The only downside is that the first update after installation requires downloading quite a few  small incremental update files - over 20 in our case. Each file carries the date of release and from these we were able to surmise that that database is updated on average, every five days or so.

No program updates were offered during our test period.

Other Start Center functions include access to the analysis tools and the a2 on-line Control Centre.

The analysis tools include a process viewer and a program start-up program viewer. Both work well enough but there are a number of generally available free utilities that do much the same thing and offer greater functionality.

The on-line Control Center allows users to manage their account and also gives access support facilities.

Overall  a2 is a very easy product to use, amongst the easiest of the products tested in this series of reviews. However this ease of use comes at the cost of functionality. Few configuration options are offered and even some of those offered are yet to be implemented. 

Performance

A2  was the second fastest scanner we tested. It was only bettered by PestPatrol, a  product that may be quick but not noted for the thoroughness of its scans.  A2 was in fact nearly twice as fast as TDS-3 and The Cleaner, a creditable performance given the size of its signature database.

A2 may scan quickly but its trojan detection performance was more modest. It detected  6 out of the 16 test trojans, a performance that places it in the middle of the products tested in this series of reviews. You could argue that this modest performance could be explained by the fact that the product does not scan within archives and several of the test trojans were contained within archives. We don't agree;  the monitor would had a chance to detect the trojans when executed and it didn't. In fact the monitor only detected one trojan that was not detected by the file scanner.

The monitor occupies 4960KB of memory and ran inconspicuously in the background. It eats up quite a few CPU cycles when first loaded presumably as it checks running processes but as you can see from the following graph of system CPU and memory usage that a2 (green trace) consumed few resources indeed. In fact it only seems to consume resources when a new program is loaded (the hump in the blue graph) suggesting limited real time memory monitoring is taking place.  On a 3.2GHz P4 we could just notice a slight sluggishness when loading programs whole the a2 monitor was loaded. At other times we could detect no effect on performance at all.

The monitor is not protected from attack by hostile trojans and can easily be terminated. Monitor protection is planned for version 2.

Other Reviews

A is a relatively new product and we were unable to locate any independent reviews of the product. There are some user comments on the free version but not much else.

Support

The a2 web site offers a variety of support services which are accessible to customers through the on-line Control Center.

First there is a FAQ. With only ten entries it's rather limited but it does cover some of the most common support issues.

Second there is a knowledgebase offering trojan news, resource articles and a list of TCP ports. 

To be honest, the term "knowledgebase" is something of an overstatement.  The news section is scanty and the resource articles number only six in total.  However the port list is quite useful covering common application ports as well as ports frequently used by trojans.

The  third support resource offered on the a2 web site is a user forum. It's quite active with users' questions answered quickly by the asupport team and sometimes other users.

The final support resource offered is an on-line support ticket. We posted three questions and received answers to each within 24 hours - an excellent performance.

Summary

A came across as a good product but one that has yet to realize its full potential.  For that, we  will have to wait to the release of version 2.   At the moment it's a competent anti-trojan but its detection ability is not yet in the top league. That said, it impressed us with its ease of use and good support. These features alone will make it an attractive option for many users.


Version tested: 1.1

Price: $29.95

Download: Click here for 30 day trial version

Buy: Click here for purchase details

Trojans in database: 26674  trojans + 1616 other malware products as at the 28th August 2004

Website: http://www.emsisoft.com/en/

Signature File Update frequency: Claimed to be daily but averaged every 5 days during our test period.

 


Sourced

Tuesday, October 7, 2008

Cloudmark Desktop 5.3.3 for Microsoft Outlook Review

Rated: 4.5 / 5


Cloudmark pioneered the concept of community-based spam filtering, and its community is now over a million strong. Cloudmark Desktop 5.3.3 for Microsoft Outlook keeps most spam out of your Outlook inbox while marking virtually no valid mail as spam—and that's what I look for in a spam filter. Separate versions of the program support Outlook Express and Thunderbird, and a version for Vista's Windows Mail is in the works.

Where many antispam products filter only standard POP3 e-mail, Cloudmark Desktop strips out spam from any e-mail account that your e-mail client supports. That includes POP3 and IMAP accounts, webmail accounts accessed via POP3, and (for Outlook only) Exchange-based mail accounts. About the only kind of e-mail it can't filter is a Web-based account that doesn't offer POP3 access.

Community Intelligence

Spammers spew their useless or harmful messages to millions of victims, and that fact is part of what makes community-based filtering work. When any community member marks a message as spam, Cloudmark Desktop boils down the message content to a unique fingerprint and sends that fingerprint to a central database. If the database receives enough reports for the exact same message (based on the fingerprint), it concludes that the message really is spam and blocks it for all other members.

If it were as simple as that, a determined spammer could undermine the system by joining the community and marking messages as not spam. To keep people from gaming the system, Cloudmark maintains a trust rating for every user. If the community as a whole agrees that a message you've blocked is spam, your trust rating goes up just a bit. If the community doesn't agree with your assessment, your trust goes down. The higher your trust rating, the more weight your opinion carries.

You can add specific domains or addresses to a whitelist and also automatically whitelist any address that's in your Contacts list. Mail from whitelisted addresses will always get through. But I can't think of a situation where this would be necessary. In order to get misfiled as spam, the identical message would have to be reported as spam by multiple community members. Thus Cloudmark should never identify a unique message from an individual as spam. Most users can ignore the whitelist and leave the other settings at their default values.


Featured In PCMag