Security for Everyone - Introducing the Series

Nowadays, security solutions are mandatory on every Windows computer. Even though there are plenty of available solutions, home computer security is far from being perfect. One of the main reasons is that, in the feature rush, many developers forget about the most important piece in the puzzle: the user. They design extremely complicated security solutions with lots of features which normal users don't understand and have no clue about how to use them.

Our team has set on a mission to find those security solutions which are easy to learn and use for most (if not all) people. This is why we intend to find out who has not failed to remember who they are writing software for. In this article I will be introducing the series so that you better understand our mission and how we plan to get there. If you are curious about what's next, click on read more.

A Bit of History

In the beginning, the Universe was created. This was widely regarded as a bad move and made a lot of people very angry. Shortly thereafter, the first computer networks were created, which suddenly made a lot of system administrators very happy. Until the creation of the first worm somewhere in the 1980s, that is. One of the reasons why system administrators were so upset is that, unlike your average virus of the 1980s, which would switch computers by way of disks only, worms had the ability to exploit network vulnerabilities. In other words, any unsecured computer in a network was suddenly vulnerable, even if its user would not transfer any content that could infect it in some way. Since then, worms and viruses have come a long way and are very advanced. In the meantime, people have tried to find methods to reliably secure networked computers, some with more success than others.

Why Are We Unhappy?

If good security software is common, then why do we still have so many problems? In a world where a security problem is patched within hours, you would think a hacker's job is hopeless. Yet it is not, so there must be something we are doing wrong. One thing many security programs do wrong is usability. To an extent, one can understand this: the people who develop security programs are developers with exceptional background in security, helped by experts in this very field. These are people who read a 64 MB core dump the way you and me read the morning paper, and it is really hard for them to understand how people with a lot less knowledge of computers use security software. Furthermore, it is sometimes difficult to translate everything into layman's terms. So how do they manage?

The answer is easy: the security requirements of an average home computer user are simple. Make it easy to configure security software correctly and you have a secure computer. Make it difficult to configure it correctly and you have your way for anything that can be nasty.

What Is 7 Tutorials Doing?

Traditionally, reviewers have been focusing on the features and capabilities of security software. We want to do it differently this time:

We know that a correctly configured program will be able to cope with the security requirements of an average user. You probably don't need intelligent packet filters, tunneling features, logging features and fancy activity monitors. You probably just want to block suspicious programs and make sure your computer is safe from other types of attacks. This is what we will be focusing here: how practical a program is in securing your computer? Not what its potential is, but how useful to someone who does not want to put much effort into using it or learning anything about it. We want to find the perfect security program for your grandmother who thinks browser tabs are hard to cope with.

There is a logical reason behind this. Years of experience have shown that an incorrectly configured system is vulnerable, but the requirements of most users are not very strict. In other words, most users are unlikely to need most of the advanced features security programs have. Furthermore, most users are unlikely to invest too much of their time actively securing their systems and even when they do invest enough time, they do not like it. As a consequence, it is only fair to assume that most users require accessible software with robust basic features that are easy to configure.

This requirement is not only relevant for individual users: it is relevant for all the users of the Internet. Infected computers can be used to launch sites for large network attacks, and can serve as a channel for further infection. As a consequence, incorrectly configured security software is not only threatening to the bored or computer illiterate user, but to anyone who uses the same network.

How & What Are We Testing?

We will be testing security software recommended by Microsoft for Windows 7. This is software that has been examined and tested by professionals, and is guaranteed to work correctly with Windows 7.

Some of these programs are still in development stages. In order to be fair, we will not be mixing reviews of test versions with those of final versions, and we will update our impressions as soon as final versions come out. We are reviewing integrated security solutions: programs that offer antivirus, antispyware and firewall solutions in a single package. We believe that it is a lot easier to manage a single, integrated set of tools rather than an incoherent set of two or three, not to mention the former being a lot cheaper.

We will be testing each program for simple, common tasks such as scanning for malware or adding a security exception for a program. We will also assess the intrusiveness of each solution: intrusive alerts, huge resource requirements and constant false alerts from the firewall are unlikely to make a friendly program.

The firewalls will also go through some special testing. First, we will test a firewall's reaction to scanning. Crackers frequently use special software tools called scanners in order to assess a computer's potential vulnerability. A correctly-configured firewall will not leak any information about potential vulnerabilities. We will also try a number of usual Denial-of-Service techniques. These attacks exploit various bugs in the software of the target computer, attempting to crash it or otherwise make it unusable.

We will be looking for the program that is most familiar, least intrusive and most efficient, while asking for as little input as possible. In once sentence, we will look for the security program you would buy for your grandmother.

Addendum: How & What Are We Testing? - Geek Mode On

If you really intend to buy a program for your grandmother (and are the kind of person who will enthusiastically explain your grandmother what packet filtering is), some further details about how we have tested each program are likely to interest you:

For every program, we will test two basic functions: anti-malware and firewall. While some programs have additional modules such as spam filtering and online backup, we decided to stick to the two basic options everyone is looking for. However, the focus of our test is not on the breadth of the features, but on the program's usability and ease in accessing the most important functions.

The first thing we will evaluate is the program's installation and first run. What we want to see is that these tools do not install additional, unwanted software (offering to do so but allowing you to skip it, while making clear that it will not impact the software's functions is also acceptable), they do not ask for too much cryptic input at installation and offer a friendly first run. A wizard or an outline of the steps required to secure the computer upon first run would be perfect, but allowing immediate access to all important functions is also fine for us and, most likely, for your grandmother as well.

We will also evaluate the default state of the program: the basic idea is that a home user is unlikely to spend too much time tuning his security program and, in most cases, will not even know what to tune. Therefore, we will look at the default options, which should offer the best degree of security that does not have a significant impact over the user's work. For example, firewalls which, by default, will ask the users to allow network access to a program are perfect: they will let the user know they are working, will actively secure the computer and, as long as there is a 'Remember this option' button, will only ask once for each program. Firewalls that default to blocking are a bad idea, especially if they do so without any visual feedback: not only will the user have to learn how to add a firewall exception (and do so for each program), or how to change the firewall's mode of operation, but he will also have to somehow realize that it's the firewall blocking his program, which is not immediately obvious even with some discrete visual feedback.

The second set of aspects we will test is related to the program's usability and configuration. We want to see how easy a program is to set up at first. We will perform simple tasks: change the frequency of the automatic updates, if and how advanced options are separated from those that are of immediate interest to anyone and evaluate the overall aspect and usability of the interface. The idea is that options of immediate interest should be readily available and separated from others, in order to speed up the configuration process.

Evaluating the firewall feature has two main points: integration and protection. First, we want to see how well the firewall integrates with the environment. We like tools that present useful and concise feedback, without bothering the user unless his input is required. We also like firewalls that do not turn the computer into a paranoid's dream: it should be easy to block or allow program access to network resources.

Second, we want to see how good the protection is. We will test the firewall's reaction to a network scan with Nmap. Blocking the scan and discretely informing the user is acceptable; calling the scan an attack is also acceptable, since most users don't really need to learn what port scanning is. Once this is over, we will test the firewall's reaction to a couple of basic script kiddies tools such as ping floods and some other widespread DoS techniques.

When testing the anti-malware module, we will look for three main qualities: low resource usage in active protection, strong active protection and a fast, comprehensive scanning. The way of reasoning here is that users don't like to spend a lot of time scanning and disinfecting their computer, so a tool that can work in the background without being a resource hog is the best way to go. A comprehensive scanning feature for those who don't mind letting their computers work on it on Friday evening was also appreciated, but only as long as it is fast enough not to end on Saturday morning for a reasonably-filled 250 GB hard-drive. The impression here is purely subjective: we will not try to actually time the scans, since there's not really much of a difference between a 15-minute scan and a 16-minute scan unless you are a timer geek; anything that doesn't take longer than 15 minutes is acceptable. The ease of scheduling a scan is also important here.

Conclusion

We hope that this series will be very useful to normal computer users, who don't want to end-up buying annoying security tools which they do not understand. We will do our best to find security solutions which shine from a usability perspective, the ones you can install even on your grandmother's computer. We will be starting this series very soon so don't forget to pay us a visit in a few days from now.
Also, if you have some suggestions on what security software to review or any additional tests we could do, don't hesitate to leave a comment.

Related articles: