Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

Labs

Internet security suites

[PC Pro]
Introduction
How we tested
See the products

We perform all our Internet security suites tests using the same machine, an AMD Athlon 64 3400+ desktop PC with 1GB of RAM running Windows XP Service Pack 2. Following each test, the computer is returned to its initial state using the same original drive image. Here's how and what we test:

SPAM/ANTI-VIRUS

We direct the entire contents of our spam archive database at the control machine. This contains 40,000 individual spam emails representing a cross-section of spam that has arrived at our mail gateways during the past six months, plus 1,000 'genuine' messages to test for false-positives. This puts spam-filtering capability out-of-the-box under severe scrutiny, as most spam filters learn as they go. This test also applies pressure on the anti-virus engine by way of a myriad of virus, trojan and worm attachments thrown in.

FIREWALL

We run a barrage of tests to put pressure on the firewall component, including the stealth test at PC Flank (www.pcflank.com) to determine the visibility of the protected computer to others on the Internet when exposed to port-scanning activity. A stealth port gives no open/closed response, so cloaks the computer effectively. The PC Flank stealth test sends various packets to TCP:1 port including TCP ping, TCP NULL, TCP FIN, TCP XMAS and UDP representing the most common port-scanning techniques in use.

We also run an Internet vulnerability profiling screen of the first 1,056 ports, checking for the open status that acts as an invitation to script-kiddie hackers who use automated tools to inject trojans and malware onto your system. We scan only the first 1,056 ports, as these are used for acceptance of incoming connections and so are most vulnerable to attack. We use the ShieldsUP! Scanner (www.grc.com) to perform this part of the test routine.

Next we simulate a quick barrage of common exploits using malformed IP packets to attempt a Denial-of-Service (DoS) attack, and then send ICMP messages with a server unreachable message - otherwise known as 'nuking' - to cause a server connection failure.

SPYWARE, PRIVACY AND PARENTAL CONTROL

We first 'infect' our test PC with a set of common spyware components and then run the scanner component (if present) to check on accuracy of discovery and effectiveness of disinfection. Then we attempt to send credit card details to a non-secure server to test the privacy component. Finally, we try to access inappropriate sites (both web and newsgroups, covering adult, gambling and violent themes) with the parental controls turned on.

WHAT DO POINTS MEAN?

You can see a summary of each program's performance in these tests in the reviews themselves, including a points-out-of-ten rating.

A program scores one if it traps more than 90 per cent of spam, another one if the false-positive rate is under 2.5 per cent. We award a point for trapping all virus/worm threats and another for every firewall test passed. One point is given for detecting the spyware we installed, and another for getting rid of it. If no effort is made to stop us handing out financial information on non-secure servers then that point isn't awarded, and if our dedicated team of children aged between four and 16 are able to access any of our 'banned' sites then the final point is lost. Obviously any suites without a full set of component parts will lose points along the way.


Back to top
› See more Latest Labs
› See more Latest Reviews
Bookstore Top 5