McAfee Internet Security Suite 2005
Upping the Ante for Security Suites Enhancements and Improvements Abound for 2K5
The 2005 edition of McAfee's all-in-one Internet security suite features a solid collection of security components, each of which sports a variety of improvements and enhancements over previous releases, but the immediate question for most users remains whether the sum of the parts is really greater than the individual components themselves.
The security suite is made up of four separate components, each with its own specific function. They are VirusScan, Personal Firewall Plus, Privacy Service, and Spam Killer. The components can be accessed individually or manipulated via the McAfee SecurityCenter, which ties them all together into the same interface.
Before getting into the actual software, we'd be remiss not to discuss our experience on the McAfee.com web site, which was maddening, to put it mildly. For example, although McAfee offers 30-day trial downloads of its utilities, it doesn't offer the complete Internet Security Suite 2005 on a trial basis. Rather, you must sign up for and download each of the four components individually, which is a needless hassle considering that many users would likely be interested in evaluating the entire suite.
But obtaining the trial software from McAfee.com wasn't simply a matter of mere inconvenience. After successfully installing one of the four utilities, VirusScan, and returning to the site to download the others (the software must be installed directly from the site, so you can't download the entire application and install it later), we were greeted by a message saying that we were not eligible to download any of the other components. We tried leaving and returning to the site, deleting cookies, and a variety of other methods to resolve this problem, but all to no avail.
To add insult to injury, while on McAfee.com we were subjected to periodic pop-up windows warning us about possible infestation by spyware and other nasty stuff. We expect this kind of "marketing" from unscrupulous or unknown web sites, but we certainly didn't expect it from McAfee's Web site. A check of the pop-ups' source address (ads.mcafee.com) confirmed they were generated by the site rather than some other application previously residing on our system.
One can only speculate as to the motivation behind the McAfee site behavior, but from our perspective it seems that the site is clearly designed to emphasize "buy" over "try" by making the latter option difficult if not impossible. If that was in fact the goal, it ultimately worked, as we resorted to purchasing a copy of the product in a local store in order to perform this evaluation. Whether others would succumb as we did is an open question, and despite real and legitimate concerns about piracy, McAfee should overhaul its site to make evaluating its software less of a hassle for prospective purchasers.
Security Center
The locus of McAfee Internet Security Suite 2005 is the SecurityCenter, where you can get threat advisories, view your protection status, launch individual components, and collect both program and definition updates (if you're not configured to download them automatically).
For each component of MISS 2005, SecurityCenter presents a series of common tasks in plain English, making it a good place to interact with the software if you don't want to deal with a lot of menu and configuration complexity the individual component interfaces tend to be a bit busy.
SecurityCenter also has the potential to oversimplify things a bit. A good case in point is the Security Index feature, which purports to rate the vulnerability of your system in a number of areas based on various factors, including what components you have loaded, how they are configured, and what threats are currently prevalent on the Internet. Ratings are based on a scale of 1 to 10 for each component and for the system as a whole. However, these ratings can be misleading after shutting down the firewall completely, you'd expect this to be reflected in a lower index, but it still registered a perfect 10 on all counts.
On Windows XP with SP2 installed, McAfee SecurityCenter is supposed to take over the responsibilities of Microsoft's Security Center, and while it did so on our test system (removing the Microsoft icon from the system tray), it also annoyingly prompted us again upon each system reboot asking to do the same thing. It did this on multiple systems and there was no apparent way available to rectify the problem.
VirusScan
McAfee's VirusScan component integrates into Windows Explorer and Microsoft Outlook/Outlook Express (as well as some less common e-mail clients like Eudora and Pegasus), allowing you to easily perform scans on individual files or messages. For real-time protection, VirusScan's ActiveShield feature automatically monitors files (including e-mails, attachments, and files incoming from instant messaging software) for virus infection. Once an infection is located, you have the option of attempting to clean the file or quarantining or deleting it if the infection can't be removed.
Besides watching out for known viruses, VirusScan also monitors your system for suspicious and virus-like activity, including those perpetrated by scripts and worms. Examples of this include surreptitious accessing of the Windows Registry, sending an e-mail to a large group of people from the address book, or the rapid queuing of lots of individual messages in your outbox.
As is the case with F-Secure's Internet Security product, McAfee's anti-spyware software is not a standalone utility but is rather integrated with the anti-virus component. It successfully identified a number of stowaway applications on our test computer, and was able to summarily delete them rather than simply rename them like F-Secure's anti-spyware system does.
The anti-malware software purports to detect and remove a variety of potentially unwanted applications (PUPs), including key-loggers, Web dialers, pop-ups, and adware that can secretly track personally identifiable information as well as slow your Web surfing. In addition to the integrated malware detection and removal capabilities, the 2005 edition of VirusScan (v9.0) also features improved email scanning, with more effective handling of larger file sizes and better integration with most popular email clients.
Personal Firewall Plus
A big part of any software firewall's job is to monitor for attempts to access the Internet and then prompt the user regarding whether to permit or deny that access to an application. McAfee's Personal Firewall Plus provides five security levels ranging from Open, which offers no protection, to lockdown, which allows no network traffic flow. The median (and default) setting is Standard, which prompts you for confirmation before allowing applications Internet access.
But as is typically the case when prompted by a firewall to confirm an application's access attempt, it's not always clear what the program is or what its intentions are, which can lead users to blithely choose yes for every prompt or unintentionally disable features of legitimate applications by denying access to legitimate applications.
Personal Firewall Plus 2005 tries to take some of the guesswork out of this decision with a new feature called Smart Recommendations. When enabled as it is by default the firewall will automatically check a database at Hackerwatch.org to determine the identity and nature of the application, and then automatically grant access if the program is kosher. (Alternatively, it can simply inform you of its finding and still give you the final decision.)
The Smart Recommendations feature worked well most of the time, but it needs a more comprehensive database. It enabled access to Windows OS components and integrated applications without any prompting, but was unable to identify many third-party applications we tried.
One attention-grabbing feature of Personal Firewall Plus is its ability to trace the origin of a suspected attack and in some cases perform a WHOIS lookup of the offending IP address. This capability may not have tremendous value to the average user, but it is cool for technophiles, and you also have the option to report dubious activity (again, to HackerWatch.org).
Some advanced users will likely be frustrated with the customizability (or lack thereof) of Personal Firewall Plus. For example, you can grant an application full access, no access, or outbound access only, but there's no way to tailor the access privileges of a particular program to allow access on some ports while denying others.
Privacy Service
The McAfee's Privacy Service really has two purposes, one of which is to monitor and control access to the Internet what users can see and when for all users of the computer.
After installing the Privacy Service, you can create individual access accounts for each user (in addition to the default Administrator account). User accounts can be defined as one of five different age groups young child, child, young teenager, older teenager, and finally, adult. The age group selected determines the content access that is allowed. You can't view or modify the broad access criteria for the different age groups, but you can add individual allowed or blocked sites within each group. You can also restrict access to the Internet entirely based on time of day.
The user accounts in Privacy Service aren't tied to different user profiles, which is good if multiple people in a household log into the same profile. If multiple profiles are in use, a user will have to log into the operating system and then again into their account in the Privacy Service in order to access the Internet, which can be a hassle. A way around this, at least for one user, is to define one account as the Startup User, which will be automatically signed in when the system first starts. Of note, if no startup user is chosen, Internet access is not possible until someone signs into an account.
One missing feature we'd like to see is a timeout setting so that if a privileged user leaves the computer unattended, the account would sign off and thus make it less likely a younger child could come along and have inappropriate access. But during our use of the program, the Privacy Killer was adept at blocking access to possibly harmful content based on the age group specified. For example, an account defined as belonging to a young child was denied access to AOL Instant Messenger and the Yahoo! home page.
Keeping Things Private
The other function of the Privacy Service is to keep data of a personal nature from being sent to the Internet from your computer, either with or without your knowledge. The idea is to identify bits of sensitive data like your name, address, and various important numbers like phone, SSN, and credit card or bank account numbers. (The information identified as sensitive isn't user specific and is blocked for all users of the system.)
If any of the aforementioned data appears outbound to the Internet, the Privacy Service intercepts and blocks the transfer until confirmation is provided, assuming the administrator is logged on. For users other than the administrator, the sensitive information is replaced with a standard string of characters.
This feature of Privacy Blocker worked well for the most part but was not flawless. Although it blocked specified personal information from being sent in most cases, we were able to sign on to our online banking account unchallenged even though both our user ID and PIN had been flagged as personal.
SpamKiller
McAfee's SpamKiller offers a very high level of customization for trying to weed out unwanted e-mails. The utility can accommodate multiple e-mail accounts per user and also supports multiple users on Windows 2000 and XP when user profiles are enabled. It will support any POP e-mail client but integrates with Outlook Express 6.0 or better and Outlook 98 or better, placing a toolbar in the application that can conveniently be used to block messages (but only one at a time) or add legitimate senders to your whitelist without launching the separate utility.
The utility's own interface provides a good degree of control over spam filters, allowed e-mail addresses, and the messages themselves. In addition to defining a whitelist of authorized e-mail addresses you can't similarly define a blacklist, however you can also expand the list to include mailing lists or entire domains, making it less likely that non-personal e-mail you want will be unintentionally filtered.
You can peruse blocked messages either from SpamKiller's interface or directly from Outlook or Outlook Express. If you're so inclined, you can easily report spam to McAfee or even send a predefined complaint e-mail to the originator of the spam. Of course, reporting spam to its authors is an excellent way to ensure the receipt of more spam, but in certain cases it may be useful.
On the other hand, reporting spam to McAfee would be useful as it presumably helps the company develop better e-mail filters, which are already extensive (although still far from perfect). In addition to letting you create your own, SpamKiller provides scores of global filters that scrutinize the header, subject, and body of incoming messages for telltale signs of spam like certain words, phrases, or combinations of each. These filters are editable so that in the unlikely event you're looking for someone to refinance your mortgage (or perform other, um, services), for example, you can allow those messages to pass through.
SpamKiller also offers special filters that will automatically block mail that contains other potential indications of spam, like invisible text, invalid formatting, or heavily image-laden messages. And if you're the curious sort, the SpamKiller summary page will display a graph indicating the percentage of spam of various types (adult, financial, etc.) received in the last month.
SpamKiller seemed to do a much better job than F-Secure Internet Security 2005 in correctly distinguishing spam from good e-mail, although our testers reported mixed results for some it didn't misidentify a single message (out of almost a hundred received) while for others it occasionally misidentified spam as good e-mail and also falsely identified numerous important messages as spam.
Conclusion
All in all, McAfee Internet Security Suite 2005 is a comprehensive and competent product that will probably serve most users well. The cost is $69.99 when purchased online from McAfee.com (you'll unfortunately have to pay extra to get a CD or for the right to download it again during your subscription term), and a $20 mail-in competitive/upgrade rebate is also available. (We got our copies from Target, however, for a mere $46.99 each.)
Our final impression? It's unfortunate that McAfee lacks the confidence in its product, despite its merits, to allow users to sample the McAfee Internet Security Suite 2005 easily and in its entirety, a drawback that may be all that's needed to push users to alternative (and equally powerful) suites like Norton Internet Security or F-Secure Internet Security.
Pros: Easy to use; effective anti-virus technology, firewall security, and spam control; Security Center ties the various components together
Cons: No evaluation release of the complete Internet security suite available; firewall lacks advanced customization features; spam client could be easier to use, especially with Outlook Express; McAfee.com makes if difficult (or even impossible) to try all the components before buying
