McAfee Ups the Ante With Internet Security Suite 2005

by Joseph Moran

Enhancements and improvements abound in the 2005 edition of McAfee's all-in-one Internet Security Suite. But is the sum of the parts greater than the individual components?

McAfee's Internet Security Suite consists of four separate components, each with its own specific function. They are VirusScan, Personal Firewall Plus, Privacy Service, and Spam Killer. The components can be accessed individually or manipulated via the McAfee SecurityCenter, which ties them all together into the same interface.

Before getting into the actual software, we'd be remiss not to discuss our experience on the McAfee.com Web site, which was maddening, to put it mildly. For example, although McAfee offers 30-day trial downloads of its utilities, it doesn't offer the complete Internet Security Suite 2005 on a trial basis. Rather, you must sign up for and download each of the four components individually, which is a hassle since most people would likely be interested in evaluating the entire suite.

But obtaining the trial software from McAfee.com wasn't simply a matter of mere inconvenience. After successfully installing one of the four utilities, VirusScan and returning to the site to download the others (the software must be installed directly from the site, so you can't download the entire application and install it later), we were greeted by a message saying that we were not eligible to download any of the other components. We tried leaving and returning to the site, deleting cookies and a variety of other methods to resolve this problem, but all to no avail.

To add insult to injury, while on McAfee.com we were subjected to periodic pop-up windows warning us about possible infestation by spyware and other nasty stuff. We expect this kind of "marketing" from unscrupulous or unknown Web sites, but we certainly didn't expect it from McAfee. A check of the pop-ups' source address (ads.mcafee.com) confirmed the site — rather than some other application previously residing on our system — generated them.

One can only speculate as to the motivation behind the McAfee site behavior, but from our perspective it seems that the site is clearly designed to emphasize "buy" over "try" by making the latter option difficult if not impossible. If that was in fact the goal, it ultimately worked, as we resorted to purchasing a copy of the product in a local store in order to perform this evaluation. Whether other people would succumb as we did is an open question, and despite real and legitimate concerns about piracy, McAfee should overhaul its site to make evaluating its software less irritating for prospective buyers.

Security Center
The locus of McAfee Internet Security Suite 2005 (MISS 2005) is the SecurityCenter, where you can receive threat advisories, view your protection status, launch individual components and collect both program and definition updates (if you're not configured to download them automatically).

For each component of MISS 2005, SecurityCenter presents a series of common tasks in plain English, making it a good place to interact with the software if you don't want to deal with a lot of menu and configuration complexity — the individual component interfaces tend to be a bit busy.

SecurityCenter also has the potential to oversimplify things a bit. A good example is the Security Index feature, which purports to rate the vulnerability of your system in a number of areas based on various factors, including what components you have loaded, how they are configured and what threats are currently prevalent on the Internet. Ratings are based on a scale of one to 10 for each component and for the system as a whole. However, these ratings can be misleading — after shutting down the firewall completely, you'd expect this to be reflected in a lower index, but it still registered a perfect 10 on all counts.

On Windows XP with SP2 installed, McAfee SecurityCenter is supposed to take over the responsibilities of Microsoft's Security Center, and while it did so on our test system (removing the Microsoft icon from the system tray), it also annoyingly prompted us again upon each system reboot asking to do the same thing. It did this on multiple systems and there was no apparent way to rectify the problem.

VirusScan 9.0 and Personal Firewall Plus 6.0

McAfee's VirusScan component integrates into Windows Explorer and Microsoft Outlook/Outlook Express (as well as other less-common e-mail clients like Eudora and Pegasus), allowing you to easily perform scans on individual files or messages. For real-time protection, VirusScan's ActiveShield feature automatically monitors files (including e-mails, attachments and files incoming from instant messaging software) for virus infection. Once the software locates an infection, you have several options. You can attempt to clean the file, quarantine it or delete it if the infection can't be removed.

Besides watching out for known viruses, VirusScan also monitors your system for suspicious and virus-like activity, including those perpetrated by scripts and worms. Examples of this include surreptitious accessing of the Windows Registry, sending an e-mail to a large group of people from the address book, or the rapid queuing of lots of individual messages in your outbox.

As is the case with F-Secure's Internet Security product, McAfee's anti-spyware software is not a standalone utility but instead integrated with the anti-virus component. It successfully identified a number of stowaway applications on our test computer, and was able to summarily delete them rather than simply rename them like F-Secure's anti-spyware system does.

The anti-malware software purports to detect and remove a variety of potentially unwanted programs (PUPs), including key-loggers, Web dialers, pop-ups, and ad ware that can secretly track personally identifiable information as well as slow your Web surfing. In addition to the integrated malware detection and removal capabilities, the 2005 edition of VirusScan (v9.0) also features improved e-mail scanning, with more effective handling of larger file sizes and better integration with most popular e-mail clients.

Personal Firewall Plus
A big part of any software firewall's job is to monitor for attempts to access the Internet and then prompt the user regarding whether to permit or deny that access to an application. McAfee's Personal Firewall Plus provides five security levels ranging from Open, which offers no protection, to lockdown, which allows no network traffic flow. The median (and default) setting is Standard, which prompts you for confirmation before allowing applications Internet access.

But as is typically the case when prompted by a firewall to confirm an application's access attempt, it's not always clear what the program is or what its intentions are, which can lead users to blithely choose yes for every prompt or unintentionally disable features of legitimate applications by denying access to legitimate applications.

Personal Firewall Plus 2005 tries to take some of the guesswork out of this decision with a new feature called Smart Recommendations. When enabled — as it is by default — the firewall automatically checks a database at Hackerwatch.org to determine the identity and nature of the application and then automatically grant access if the program is kosher. (Alternatively, it can simply inform you of its finding and still give you the final decision.)

The Smart Recommendations feature worked well most of the time, but it needs a more comprehensive database. It enabled access to Windows OS components and integrated applications without any prompting, but was unable to identify many third-party applications we tried.

One attention-grabbing feature of Personal Firewall Plus is its ability to trace the origin of a suspected attack and, in some cases, perform a WHOIS lookup of the offending IP address. This capability may not have tremendous value to the average user, but it is cool for technophiles, and you also have the option to report dubious activity (again, to HackerWatch.org).

Some advanced users will likely be frustrated with the limited customization capability in Personal Firewall Plus. For example, you can grant an application full access, no access, or outbound access only, but there's no way to tailor the access privileges of a particular program to allow access on some ports while denying others.

Keeping Things Private with the Privacy Service

Privacy Service
The McAfee's Privacy Service really has two purposes, one of which is to monitor and control access to the Internet — what people can see and when — for all users of the computer.

After installing the Privacy Service, you can create individual access accounts for each person (in addition to the default Administrator account). User accounts can be defined as one of five different age groups — young child, child, young teenager, older teenager, and finally, adult. The age group you select determines the level of allowable content access. You can't view or modify the broad access criteria for the different age groups, but you can add individual allowed or blocked sites within each group. You can also restrict access to the Internet entirely based on time of day.

The user accounts in Privacy Service aren't tied to different user profiles, which is good if multiple people in a business log into the same profile. If multiple profiles are in use, a user will have to log into the operating system and then again into their account in the Privacy Service in order to access the Internet, which can be a hassle. A way around this, at least for one person, is to define one account as the Startup User, which will be automatically signed in when the system first starts. Of note, if no startup user is chosen, Internet access is not possible until someone signs into an account.

One missing feature we'd like to see is a timeout setting so that if a privileged user leaves the computer unattended, the account would sign off and thus make it less likely that another individual could come along and have inappropriate access. But during our use of the program, the Privacy Killer was adept at blocking access to possibly harmful content based on the age group specified. For example, an account defined as belonging to a young child was denied access to AOL Instant Messenger and the Yahoo! home page.

Keeping Things Private
The other function of the Privacy Service is to keep data of a personal nature from being sent to the Internet from your computer, either with or without your knowledge. The idea is to identify bits of sensitive data like your name, address, and various important numbers like phone, SSN and credit card or bank account numbers. (The information identified as sensitive isn't user-specific and is blocked for all users of the system.)

If any of the aforementioned data appears outbound to the Internet, the Privacy Service intercepts and blocks the transfer until it receives confirmation, assuming the administrator is logged on. For users other than the administrator, the program replaces the sensitive information with a standard string of characters.

This feature worked well for the most part but was not flawless. Although it blocked specified personal information from being sent in most cases, we were able to sign on to our online banking account unchallenged even though both our user ID and PIN had been flagged as personal.

Killing Spam Faster and More Effectively

McAfee's SpamKiller offers a very high level of customization for trying to weed out unwanted e-mails. The utility can accommodate multiple e-mail accounts per person and also supports multiple users on Windows 2000 and XP when user profiles are enabled. It will support any POP e-mail client but integrates with Outlook Express 6.0 or higher and Outlook 98 or higher, placing a toolbar in the application that can conveniently be used to block messages (but only one at a time) or add legitimate senders to your white list without launching the separate utility.

The utility's own interface provides a good degree of control over spam filters, allowed e-mail addresses and the messages themselves. In addition to defining a white list of authorized e-mail addresses — you can't similarly define a blacklist, however — you can also expand the list to include mailing lists or entire domains, making it less likely that non-personal e-mail you want will be unintentionally filtered.

You can peruse blocked messages either from SpamKiller's interface or directly from Outlook or Outlook Express. If you're so inclined, you can easily report spam to McAfee or even send predefined complaint e-mail to the originator of the spam. Of course, reporting spam to its authors is an excellent way to ensure the receipt of more spam, but in certain cases it may be useful.

On the other hand, reporting spam to McAfee would be useful as it presumably helps the company develop better e-mail filters, which are already extensive (although still far from perfect). In addition to letting you create your own, SpamKiller provides scores of global filters that scrutinize the header, subject and body of incoming messages for telltale signs of spam, such as certain words, phrases or combinations of each. These filters are editable so that in the unlikely event you're looking for someone to refinance your mortgage (or perform other, um, services), for example, you can allow those messages to pass through.

SpamKiller also offers special filters that automatically block mail that contains other potential indications of spam, such as invisible text, invalid formatting or heavily image-laden messages. And if you're the curious sort, the SpamKiller summary page will display a graph indicating the percentage of spam of various types (adult, financial, etc.) received in the last month.

SpamKiller seemed to do a much better job than F-Secure Internet Security 2005 in correctly distinguishing spam from good e-mail, although our testers reported mixed results — for some it didn't misidentify a single message (out of almost a hundred received) while for others it occasionally misidentified spam as good e-mail and also falsely identified numerous important messages as spam.

Overal, McAfee Internet Security Suite 2005 is a comprehensive and competent product that will probably serve most people well. The program costs $69.99 when purchased online from McAfee.com (you'll unfortunately have to pay extra to get a CD or for the right to download it again during your subscription term), and a $20 mail-in competitive/upgrade rebate is also available. (We got our copies from Target, however, for a mere $46.99 each.)

It's unfortunate that McAfee lacks the confidence in its product, despite its merits, to allow users to sample the McAfee Internet Security Suite 2005 easily and in its entirety, a drawback that may be all that's needed to push prospective customers to alternative (and equally powerful) suites like Norton Internet Security or F-Secure Internet Security.

Adapted from winplanet.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!
This article was originally published on Wednesday Feb 9th 2005
Mobile Site | Full Site