This week in the Security for Everyone Series we welcome Agnitum and their Outpost Security Suite Pro 7.0. Agnitum began their focus on desktop security in 1999 with their firewall product. In 2006 an alliance with VirusBuster was established which ushered in further opportunity in the area of virus and spyware detection and removal. In 2007 they added Antivirus scanning to their Firewall to form Outpost Security Suite Pro which has evolved into the product we will be looking at today. Together we'll see how effective this security solution is with its mix of established and relatively new components.
First Impressions
Downloading Outpost Security Suite Pro 7 is a relative non event. It does come in on the heavier side at slightly more than 100 MB yet the installation is painless and quick. You can choose between the Simple mode install or Expert mode. The latter allows you to choose which modules (Web Control, Anti-Malware Protection and Anti-Spam) will be installed, each module is selected by default. You may also choose your install directory, whether or not to download updates and finally how to handle the autocreation of rules. By default, rules are set to auto create and update. Another option regarding rules is whether or not you'd like Outpost to be in training for a week, therefore allowing all well known applications to make any necessary connections while the corresponding rules are created. Training is not enabled by default.
The most notable difference between Simple and Expert modes, where it pertains to the novice user, is the mode of the main interface. If you choose Expert mode the interface initially loads in the expert view. While this makes sense to some degree, this view will be more than most novice users will appreciate. In fact, the simple view itself lands dangerously close to being better suited for the more technical user. I'll share more on this in the following section.
The main interface displays the status of each component with links to enable or disable them. You'll also see how recent the malware database is and the status of the license. In the header section you'll find links for starting a scan, performing an update and accessing the settings.
I guess my initial impression is passive for the most part. The application does not offer very much in the way of innovation or design, at least at first glance, and offers minimal cues to the outward effectiveness of the suite. Let's take a deeper look at using Outpost in the following section.
Ease of Use and Configuration
Moving into the configuration of Outpost you'll find your focus on the left side navigation menu. This is where you will access settings for the various components, a step that is largely required since the main interface provides little as an entry point. Unfortunately the settings are pretty tech heavy even when navigating in Simple View.
Outpost doesn't pull any punches when it comes to the options available for each component. There are a lot of them and most of them are surrounded by nomenclature that may as well have been written in binary for the amount of usefulness they provide the novice user. The advanced user will appreciate them though, of this there is little question. It could be argued that a novice user shouldn't bother with the really advanced options and there may be some truth to that. Another truth is that most of us are naturally inquisitive and if we stumble upon a trail of breadcrumbs we are pretty likely to follow. With Outpost the breadcrumbs are everywhere.
If you are going to have an application filled with advanced level settings you should throw in controls that allow key settings to be easily defined. Outpost does just this by introducing slider controls for the main security components. Even the novices among us can recognize this control as one that will increase or decrease the associated level of protection. You'll find sliders for Firewall, Anti-Malware Real-time Protection, Proactive Protection Anti-Leak and Web Control. If you are in the position where you feel you need to adjust your security settings within Outpost you're best suited going right at these sliders and increasing or reducing the protection as you see fit.
All the standard settings you would expect are present in Outpost. You can schedule a scan, define a custom scan, approve and deny applications and many more. You'll also a find a couple of not so standard options in the Anti-Leak and Web Control modules.
The Anti-Leak feature was built to prevent malware from circumventing a PCs protection. Many malware applications will exploit advanced vulnerabilities thus piggy-backing their rogue activity with that of trusted applications. Anti-Leak protection blocks these penetration techniques. Unfortunately the interface for managing this feature requires pretty heavy lifting.
I find the Web control feature interesting because it has a large focus on blocking online ads and the threats they can introduce. I'm a fan of blocking ads. Many website owners may not appreciate this practice but the improved experience and protection is difficult to dispute. Site owners that rely on the revenue generated from ads can rest assured that most of the online population does not use ad-blockers nor are they aware of them. Of course this also means they may not be aware of the threats they can pose. The latter is where Outpost can help.
Despite the seemingly good intentions of Web Control, while looking at the Web Control settings I found a default setting to Allow Malware embedded in webpages. I cannot even fathom an explanation for this beyond my own possible misinterpretation.
Outpost provides a wealth of reporting options which are found in the Event Viewer menu. The reports available change based on the viewing mode. Outpost again leaves little to the imagination here. The level of logging and tracking data provided is extensive and fairly well organized for those who know what it is they are looking for.
I don't believe Outpost is difficult to use and configure if you are among their target audience which appears to lean heavily toward the technical user. There are plenty of opportunities for improvement that could go a long way toward making this suite one everyone could be comfortable with. The following sections will look at just how effective Outpost is at securing your system.
Firewall
When selecting the Firewall module you'll see a nice list of online applications and the associated network activity. You'll also find the number of network attacks that have been blocked with a link carrying you to the detail found in the Attack Detection log. There is also a link to the rules wizard which is at the core of how network communications are managed and processed.
When an application accesses the internet you will be prompted to allow or deny access or have Outpost invoke the auto-learn process. If you choose auto-learn the application will be granted access to the internet for the current session and subsequent sessions even if the application utilizes a different port or method of access. Choosing allow simply allows the current access. Subsequent actions, especially those on different ports, will require you to answer the prompt again.
Auto-learn seems to be a fine implementation and opportunity to reduce the number of prompts displayed. It is made even better when coupling the Anti-Leak protection which provides heavy monitoring of system activity and executable applications. The latter allows one to more fully trust the prior.
Outpost does a good job of identifying and locking out any hosts that might be executing an intrusive scan against the system. I found this out first hand as I scanned the test system to see just how much information could be collected. My scanners of choice include Nmap and Nessus, both of which reported very few open ports and even less information derived from those ports.
Outpost has put together an effective firewall solution. As I've mentioned several times, the settings are largely for the technical consumer; however, the novice user can trust the firewall to provide a good level of security without changing a thing.
Antivirus and Antispyware Features
Outpost added protection against those desktop nasties known as viruses and spyware in 2007. If firewall security is where Outpost displays their maturity, antivirus and antispyware protection is where they show their opportunity to gain some.
The settings related to scanning and real-time protection include the usual suspects. With Outpost you can choose between several predefined scan types or create your own custom scan. Any scan type can be scheduled and a quick scan is scheduled by default, unfortunately you have to poke around the setting to figure this out. You'll also find settings associated with how removable drives should be handled, the default is to prompt for scanning.
The Real-time protection settings allow you to set default actions and set the protection level via a convenient slider control. By default the system is set to Optimal protection yet you can customize the profile and change several settings such as heuristic analysis, file size limits and whether or not network drives should be included in the protection scope.
As with all security suite reviews, I performed my own bit of testing by planting several viruses throughout the operating system. I also introduced several more after install. Outpost detected all but one of the planted viruses on an initial scan. The remainder was picked up on a second complete scan. In one instance Outpost identified a particular piece of malware as cleaned yet reviewing the running processes showed a lingering executable known to be part of the malware.
I introduced several more threats from a USB key. Outpost prompted to scan the key shortly after it was inserted and found numerous threats, many of which were buried deep within a compressed file. Despite identifying most of the threats I was still able to copy and extract the files onto the test system. Upon extraction the threats were safely deleted or quarantined yet I remained less than impressed by the ability to get the threats onto the system at all.
I moved my testing online to see how well Outpost managed live threats executed from malicious sites and was disappointed by the results. In each instance I visited sites known to download fake antivirus programs or introduce a trojan. In every instance Outpost failed to block access, even when Google Chrome and Firefox were able to identify the site as malicious.
In at least one case I ignored the browser warning and continued to the site allowing the test system to become infected. Outpost identified the newly introduced trojan yet was unable to clean it successfully.
I like to seek more than one opinion when reviewing suites. Outpost is not tested by av-comparatives or avtest.org, a couple of independent testing organizations. Outpost has been tested by the folks behind virus bulletin since 2008 with mixed results, however the last several tests have been positive.
What Outpost has done in the area of antivirus and antimalware detection and removal is simply not enough. Identifying and protecting against real-time threats, specifically those encountered while browsing, has to be a top concern for any security suite today. There remains to be work to do when cleaning malware that does make it onto the system, regardless of the vehicle used to get it there.
Verdict
Outpost Internet Security Pro 7 was an interesting product to review. It seems clear they make no qualms about who their target audience is. They appear to be seeking the more technical user that may be able to bend the product to their will. This is evidenced in the settings and interface void of any of the visual cues that may make a novice feel more at ease with a product, particularly a security related product. The firewall performed very well and it is definitely one of the best on the market; however, results of my testing against virus threats at the desktop and browser level left much to be desired. The novice user is best served by seeking a different solution, one whose creators consider the novice part of their target audience. However, the technical users will be very pleased with the amount of control Agnitum's solution offers.