Welcome to the latest installment of Security for Everyone. Avast! has been creating security software since 1988. Today, twenty-two years later, they continue to offer a free product and two more advanced products. In this review I will be looking at Avast! Internet Security version 5.0 the most feature rich of the Avast! offerings.
Downloading a trial of Avast! Internet Security couldn't be any simpler. There are no registration hoops to jump through and the download weighs in just below 60 MB. The installation does display an UAC prompt and completes quickly with very few options. A single reboot is required.
Upon restart Avast! immediately downloaded the most current update. An initial scan was never prompted for, nor was one done automatically. I left the system idle for several hours to see if some application timer might kick off to prompt for a scan but none occurred. Another disappointment was that Avast! did not end the native Windows Firewall or Windows Defender services. As the image below states, two or more firewall or antispyware utilities running at the same time can cause problems around stability and performance. The remainder of this review will be done with these Windows services stopped.
Avast! immediately asks for classification of the type of network you are connecting to. Your choices include: Home/Low Risk, Work/Medium Risk and Public/High Risk. Your answer to this question determines the default settings that are put into motion. Once answered you are met with the main Avast! interface and specifically the summary screen which indicates your current status and provides a second panel for statistics. I found the statistics panel especially interesting. Here you will find a good array of reports/graphs for several metrics including firewall activity, network monitoring, file activity and more. Each metric coincides with the real-time shields panel accessible from the navigation buttons on the main interface.
The navigation tabs are well labeled providing clear access to the areas one might want to configure immediately such as the firewall and scan settings. While I quickly acquainted myself with the scan settings I discovered there was no default scan scheduled. This surprised me a bit so I went hunting, convinced I had missed something. I had not. None of the predefined scan types (quick, full) are set to run on a schedule. To schedule a scan you have to edit a predefined scan or create a custom scan. This was another early disappointment.
My initial impression is not good and I'm not particularly happy about this. I fully expected Avast! to better rival the other big names in desktop security considering the active community of users and the number of years they have been developing security products. The thought that one could actually install Avast! and never have a scan performed without manually starting it baffles me. I hope a bit of redeeming can be done as a more detailed review is done in the following sections.
Ease of Use and Configuration
Let's get a bit of housekeeping out of the way as we look into the use and configuration of Avast! and set a default scan schedule. Getting this done does not require much, you simply select 'Scan Computer' and then select the settings for the full or quick scan. From the scan settings you select the schedule link and apply your desired schedule interval. Avast! does include the option to wake your computer to perform a scan. This is a nice feature and not one found in all security suites.
You will also find an option for scheduling a boot scan. This is another feature you won't find in all security suites and is an excellent way to clean viruses or malware before Windows loads, which, depending on how infected a system may be, could be the only way to effectively clean a system.
The various real-time protection features are referred to as shields. Each shield, with the exception of Network, Behavior and Script, have advanced settings. Among the settings is the ability for you to define shields sensitivity and other behaviors.
The advanced settings for the File System shield are especially thorough. Here you set the basics around where to scan and the default action to take if a threat is identified. Avast! also has several options to preserve performance when scanning the file system. These include Persistent caching, Transient caching and the option to not scan verified system DLLs. Transient caching ensures that a clean file will not be scanned again unless the system is restarted or the virus definitions are updated. If a file is found to be clean and has a valid certificate the Persistent caching kicks in and keeps the file from being scanned again even if a reboot or update has occurred. If a threat is identified in a packed or compressed file there is an option for Avast! to try and remove the specific file within the compressed file rather than taking action on the whole compressed file.
The Process Virtualization shield is new in this latest version of Avast! and marks their entry into the area of sandboxing. Sandboxing involves running an application in an isolated space. This is much like the recently reviewed Safe Run for applications and Safe Run for Websites in the Kaspersky security suite, with at least one major difference. Avast! gives you the opportunity to choose any application to run in the virtualized state. The result should be a virtualized experience that is lighter on system resources. You also have the option to define processes that should always run virtualized. This is an excellent feature that goes a long way toward helping protect us from ourselves.
The virtualized process can be identified by the red application border or by reviewing the list of processes currently running virtualized.
The firewall settings provide more depth than is apparent at first glance. Within these settings you can define which applications have network access and which ports they should be traversing. This is all accomplished via the packet and application rules. For those applications that do not have a rule defined the default action it to allow Avast! to auto-decide the appropriate action to take. You can easily change this default behavior to Allow, Block or Ask.
Avast! continues to shine in the area of reporting with a great display of active network connections and a very attractive interface for performing a domain lookup or graphical trace route (the number of connections/hops required to get from your computer to a specific website or IP address).
You will also find easy access to your firewall logs detailing application connections and activity.
Within the maintenance section you'll find the expected items, Virus Chest (quarantine), subscription status and so on. The Virus Chest allows you to easily release and delete items. You can also submit the virus to the Avast! labs.
There are additional program settings accessed from the link in the top left of the main interface. A couple of interesting settings here allow you to enable a gamer mode which will keep any notifications from being displayed. You may also suppress notifications by enabling the Presentation mode which will take effect when a full screen application is running such as a PowerPoint presentation or video.
The Avast interface has proven to be easy to follow. All the options you would normally look for are well within reach and many advanced options exist as well. Aside from scheduling a scan, the default configuration seems to be sufficient; however, this will be better determined in the following sections.
Avast! has packed quite a few advanced setting into their firewall module. The question that remains is whether or not the default protection is sufficient.
My test system is currently set to the Home/Low Risk profile. The Home profile is, by default, a mostly trusted network. It would be safe to assume that a scan of a system using the Home profile would produce more details than one might be comfortable with.
The Nmap and Nessus scans each produced 9 or more open ports and were able to enumerate plenty of system information via NetBIOS calls. Nmap considers any system producing 9 or more open ports as one that may be vulnerable. Nessus identified 12 open ports; however each of them were given a low severity. The Nmap scan did not force any Avast! notifications while the Nessus scan did.
I changed the network profile to Public/High Risk and reran each scan. The results were very good with absolutely no information being extracted. Nmap and Nessus identified zero open ports.
Because curiosity got the best of me, I ran a third scan; this one while the system was set to the Work/Medium Risk profile. Here the results were a bit disappointing. Nmap actually identified more open ports and was also able to identify the operating system, something that was not accomplished while using the Home/Low Risk profile. Nessus produced marginally better results by identifying 11 open ports, only one less than the Home profile scan.
The results here certainly question the protection implied when choosing the Work/Medium Risk profile. With that said, I believe the Home and Public profiles do provide the level of protection one might expect. While the Public profile performed very well the Home profile could stand to be tightened up a bit more. The best course of action would be for you to be aware of which profile is applied and to make sure you are using the Public profile when accessing any unsecured or questionable network.
Antivirus and Antispyware features
AV-comparatives has awarded Avast! their highest rating for detection of existing threats as well as identification of new threats. Avast! has managed to hold onto this ranking through four different tests conducted since August 2009. A contributing factor in these tests is also the number of false positives, Avast! had very few.
My own testing took me to an undesirable site or two. Avast! managed these sites quite handily by blocking the connection even before it was fully established.
Further testing at the file level proved effective as well. I transferred an infected compressed file from a USB key. Upon extracting files the viruses were immediately identified and a prompt was displayed asking if I would like to take the default action of placing the files in the virus chest, other choices included: Repair, Delete or Do Nothing. The Avast! team has certainly put together effective antivirus protection that is easy to manage and provides the piece of mind one should expect from such an application.
Avast! Internet Security is doing many things right. The antivirus and antispyware protection is very good and the firewall seems more than adequate as long as you are diligently aware of which profile is being applied. Unfortunately, the shortcomings identified early on regarding the lack of an initial scan or even a scheduled scan, combined with its poor integration with Windows (which means users have to end the Windows Firewall and Windows Defender services manually) kept this suite from being one I can recommend for Grandma. Therefore the award shall be "Buy for Geeks!". If, in future upgrades, Avast! manages to improve the Windows integration shortcomings we mentioned, they will have a solution which is easy to recommend to anyone.