This week's guest on Security for Everyone is Avira Premium Security 9. Avira is a well-established player in the home security market, an area they entered back in early 1990s with a tool called Luke Filewalker. The name still pops up every once in a while in their tools, despite Luke Filewalker having become an entire suite of home security tools, and during the last few years, Avira Premium Security and its friends rose to international fame. The suite has been recently blessed with Windows 7 support. Read on to see if Avira managed to keep the pace with their fame & competitors.
In terms of a first impression, there are relatively few positive things to say about Avira Premium Security. Its idea of a streamlined, easy-to-use interface may have been top-notch five years ago, but numerous additions to the suite without enough integration efforts have had a serious impact over the ease of installation.
There are two versions for the installer: a small, networked installer (a less than 1 MB installer file which will download the installation files), and a 34MB offline installer, which is explicitly labeled "without Internet connection". Both of these actually require an Internet connection because you have to activate your product upon installation. You also provide a handful of personal information, including your name and e-mail address which are compulsory.
During the installation process, you also get the choice to select whether you want to start Avira Premium Security in "Guard mode" or not. In Guard mode, the antivirus modules will be loaded as soon as possible at system start-up, which will have a fairly sensible impact over boot time. Unfortunately, novice users who want to change their mind later will find that the procedure required to change this setting is rather complicated.
Some of the options that the user is required to input during the initial setup stage are rather unintuitive. For instance, you get the option to choose what kind of applications you would like Avira Premium Security to block, but with hardly any explanation given. For instance, one of the options is "Games". What exactly that means (Solitaire? Prey? Or just malicious programs disguised as games?) is left for the user to discover. The entire setup process is a usability mess and takes twice as long as anything else we have tested. I was not impressed.
Ease of use and configuration
After finishing the lengthy initial setup process, running a first scan and going through the compulsory reboot, you can finally enjoy your newly-enhanced protection. The main screen offers quick access to most functions, grouped under four main areas: Local protection, Online Protection, Administration and Tools.
The main interface is reasonably easy to use. It is clean and well-divided, making it easy to access most functions. Unfortunately, it suffers from an over-reliance on unmarked icons, which results in users having to stare at tooltips for a few seconds before finding the function they need. The distinction between functions is sometimes unclear, as well. For instance, the antivirus allows running a scan with or without administrative privileges. Novice users on their home computers are very likely to find this confusing.
Avira Premium Security's configuration interface comes in two flavors: a basic mode and an "Expert" mode. The basic mode allows for very little configuration. You can only customize some scanning-related options (such as what files to scan and when), define firewall rules and configure the Backup feature settings.
The Expert mode offers access to all the other useful configuration options, but at the cost of not providing much separation between basic and advanced settings. As a consequence, novice users are likely to find these configuration screens intimidating. This is particularly of concern because the real-time web protection module (WebGuard) cannot be configured unless the interface is set to Expert mode. Neither can be the default action upon detecting a threat which, as we will see immediately, has an unfortunate consequence when installing on an already infected system.
Some options are hidden in other places; for instance, the option to download an otherwise useful rescue CD is hidden in the Extras menu. This particular option should get more screen space in my opinion, because it can actually prove useful. Avira's installer requires completely unrestricted access, so installing Avira Premium Security on a heavily-crippled system is sometimes impossible. Using the rescue CD, one can alleviate the infection, allowing Avira Premium Security 9 to be installed.
The firewall used to be one of Avira's weak spots before, going to the point where you could actually kill its process without much fuss. Fortunately, this has been one of the major areas of improvement in the last version.
Avira Premium Security's firewall is above average in terms of strength. It leaked no useful information to scanners and correctly hidden the computer's ports. It also proved strong against threats from the inside. Killing its process, disabling its functions or altering its settings proved to be impossible, and already installed programs were prevented from causing any kind of remote threats.
While the current trend is based on automatically detecting the best firewall settings, Avira Premium Security 9 is still faithful to the usual manual, rules-based solution. The firewall is easy to configure: it has five security levels: Low, Medium, High, a Custom one for advanced users and 'Block all' which effectively blocks everything. These dictate the low-level behavior of firewall (e.g. whether or not sharing resources or allow remote connections). In addition to this, application-level rules can be selected through a very simple interface.
There are two weak spots in the firewall's usability. One of them is traditional and affects almost all security-level-based firewalls: there is no easy way to get "in-between" settings. For instance, if a user does not want his computer to be visible on the network, but does want to allow remote connections, the only way to go is to use the very tech-heavy "Adapter rules" configuration screen.
The second one is that when the user is prompted about how to deal with an application, there are not two, but three available options: Deny, Allow and Allow Privileged. There is no immediate and clear explanation about what Allowed Privileged means, but after some digging (which novice users are unlikely to care about enough to do) I found it. When selecting Allow (but not Allow privileged), application traffic will be allowed but still filtered through network adapter rules. These rules dictate low-level adapter behavior: what protocols to allow, what kind of connections to discard and so on. "Allow privileged" will completely allow all kinds of traffic, without filtering it through these per-adapter rules.
The final result is that, if you have your security level set on High and choose Allow (rather than "Allow privileged" for some applications), the traffic may eventually still be denied, without any obvious reason. Avira tries to alleviate this through a database of trusted vendors and recommends great care when choosing what applications to flag as privileged. Unfortunately, the list of trusted vendors has a little more than a dozen entries, and users are likely to simply flag all applications as privileged in the end.
Antivirus and antispyware features
After testing Avira Premium Security's firewall, I actually had high hopes for it, and while the firewall system was somewhat complicated, its usability was still decent. However, the antimalware module leaves very much to be desired on all fronts, from detection and protection to ease of use.
The detection rate is well above average. Avira Premium Security missed only a few of our usual samples and had a good detection rate even with rootkits and keyloggers, a traditional stepping stone for anti-malware applications. However, detection is just the first step.
In terms of removal, Avira Premium Security 9 fails miserably. With some combinations of settings, scanning for threats will detect most installed rootkits and signal that they have been detected but will not remove any of them. As if this was not enough, the program will not display any warning about this. The only mentions are somewhere in the log files, written in a severely crippled English. A quick search through the product's forums revealed that this is a known bug, but that it will only be solved in April. Tweaking some settings can make this problem go away, but this is seriously out of hand of novice users.
Avira Premium Security's antivirus engine also failed miserably when dealing with keyloggers. It is not uncommon for security suites to intentionally ignore some commercial keyloggers (in the idea that some companies use them for reasons of questionable morality but legitimate under internal regulations). Avira Premium Security 9 did detect most of the keyloggers I fed to it, but did not remove a single one of them.
The active protection feature works slightly better. It has a good detection rate: plugging in my infected USB stick I use for testing and opening the folder in My Computer resulted in most of the malware being promptly removed. The same applies to web protection, where most malware is caught before being intentionally or unintentionally downloaded. Those programs that are not caught on sight almost always get caught at install time, but Avira Premium Security 9 does not prevent them from being installed. As far as I am concerned, this comes as another failure regarding protection. In addition to this, the active protection module also has a very high rate of false positives, which is likely to result in novice users completely distrusting its alerts.
What is worst about all these problems is that they are completely invisible to novice users. The warning about some threats not being removed is hidden in the logs (unless the scan is run in Interactive mode, which is unlikely to be preferred by your grandmother). Not preventing malware programs from installing is also a questionable decision as far as inexperienced users are concerned.
Another problem the antivirus module has is its inflexible interface. The main screen is familiar enough: it displays a list of the hottest locations (My Documents, Windows System Directory, Local Hard Disks etc.) which you can quickly scan. Unfortunately, as I mentioned earlier, the first few uses will be painful because the interface relies heavily on unnamed icons with unfamiliar looks, so users will have to resort to tooltips.
Installing Avira Premium Security 9 on an already infected system reveals another weak spot of the interface. Less than a minute after installing it on a heavily crippled system, at least a dozen windows popped up with an extremely annoying beep, announcing that a threat has been detected and asking what to do with it. The list is very long (you can deny access to the file, move it to quarantine, disinfect it etc.), but if one of them does not work, the window will pop up again. You also have to move fast if you want the windows to go away because as threats continue to be detected, more of these windows will pop up. The only way to start disinfecting the system is to disable the active protection feature, run a scan and re-enable it. The many ways of dealing with a threat are also confusing for novice users, who really just want the threat gone, regardless of what way the antivirus chooses to do that.
These unfortunate decisions are very costly to the end user. This is particularly problematic because some features are actually quite admirably implemented. It is also worth noting that the performance impact is quite bearable. The boot time is not too heavily prolonged (unless you choose the aforementioned 'Guard mode') and the performance drag is acceptable.
Avira Premium Security 9 requires some interface overhaul, but the most important aspect is that of integration. The user interface is very inefficient in configuring the amount of available protection or even in accurately informing the user about it. The antivirus engine can provide sufficient security, but only in the hands of a user who has enough knowledge in order to diagnose and repair its numerous failures. Technologically, there is some potential, but fulfilling it requires serious improvements in terms of usability.
If you want to give it a try, the trial version of the product can be found on the Avira download page. If you are interested in buying this product, you can purchase it directly from the Avira Online Shop.