Our technique: To drag out three old warriors consisting of Windows XP SP2 computers with Outlook 2003 installed. They may be dated to some, but to others they are skilled operators.
The outcome: Over the coming week as the warriors do battle, I'll report how the battle unfolds.
Warrior 1: In the first corner we have AVG Free. Well known and mentioned in the inner geek circles.
Warrior 2: Avast Free version. Less well know, but still a very brave warrior.
Warrior 3: Microsoft Security Essentials. The new kid on the block. Will MSE get its block knocked off, or will MSE be the new David.
We don't know the outcome. No behind the scenes deals have been done. What you read is the combat as it unfolds.
Join me on this journey of evaluation. To see what we will see. Enjoy the ride because it will be over all too soon.
Let the journey begin......
The rules of engagement:
1. All combatants will pit their skills against the emails being received. These emails can hold nasties unimaginable. Those weak of heart should avoid reading further. The nasties the combatants have to beat are emails carrying malicious loads. Combatants do not have to pursue links outside of the arena (such as clicking on links), but only fight the fight brought to them.
2. At the end of each round a score card will be presented. It is expected each combatant will receive minor blows, but none are expected to be fatal.
3. A side event will be running in parallel. A little know outsider named OzEfilter, often seen working with a combatant, will be watched. OzEfilter is like a shield for a combatant. OzEfilter fends off the enemy before ever reaching the combatant. But should an enemy get past OzEfilter, the combatant needs to be able to slay the enemy. OzEfilter however has proven to be so effective in many cases, combatants often live a life unaware of enemies.
To the victor goes the spoils.
Round 1: 6 October 2009
The combatants trusty steeds were tended too. Each steed consisting of a Windows XP SP2 computer. Outlook 2003 installed. AVG free and Avast installed easily. MSE's steed was older than the rest and had to be upgraded to XP SP2. Only then could MSE mount and begin the battle. All the combatants prepared, the battle begins. In waiting, 150 plus recent emails, most friendly, but some containing enemies disguised to trick.
Avast was the first. As each email was received, enemies were loudly announced and lay to rest. Avast is not shy at letting the crowd know it is doing battle.
AVG was next. The emails were received silently. Nothing was said. The enemies were captured and put into a separate folder.
MSE welcomed all visitors into the inbox with no fanfare. One by one the emailed visitors were invited into the local computer. One by one MSE slay the enemies and partied with friends.
OzEfilter: The combatants shield. Not to be used without a fellow combatant, but providing extra protection to the combatant. A combatant generally end up doing little as OzEfilter, the trusty friend, deals with many enemies from afar, before they even approach.
CA: An employee of the kingdom, paid to do what others do for free. Is CA worth his weight in gold? We will see.
This test was going well. The first computer with CA received the emails and the result was the following:
Subject/Attachment
Test / mail.zipJessica would like to be your friend on hi5! / Invitation Card.zip
You have received A Hallmark E-Card! / Postcard.zip
You have received A Hallmark E-Card! / Postcard.zip
Your friend invited you to twitter! / Invitation Card.zip
You have received A Hallmark E-Card! / Postcard.zip
Jessica would like to be your friend on hi5! / Invitation Card.zip
Shipping update for your Amazon.com order 254-78546325-658742 / Shipping documents.zip
Jessica would like to be your friend on hi5! / Invitation Card.zip
Coca Cola is proud to accounce our new Christmas Promotion. / promotion.zip
Jessica would like to be your friend on hi5! / Invitation Card.zip
You have received A Hallmark E-Card! / Postcard.zip
You have received A Hallmark E-Card! / Postcard.zip
You have received A Hallmark E-Card! / Postcard.zip
excuse me / sexual.zip
Jessica would like to be your friend on hi5! / Invitation Card.zip
Re: Protected Mail System / msg.zip
Jessica would like to be your friend on hi5! / Invitation Card.zip
Jessica would like to be your friend on hi5! / Invitation Card.zip
Jessica would like to be your friend on hi5! / Invitation Card.zip
You have received A Hallmark E-Card! / Postcard.zip
Jessica would like to be your friend on hi5! / Invitation Card.zip
important / textfile_found.zip
Your friend invited you to twitter! / Invitation Card.zip
You have received A Hallmark E-Card! / Postcard.zip
Illegal Website / judge.zip
Mail System (
ALERT / IMPORTANT-INFO.zip
Undelivered Mail Returned to Sender / Message Part>scu.zip
believe me / important.zip
Your account has been suspended for over usage / SECURE-INFO.zip
illegal... / msg2.zip
Re: my product / product.zip
Re: Message Error / message_audictionary.zip
CA missed 5
Invitation Card.zip
Postcard.zip
Shipping documents.zip
IMPORTANT-INFO.zip
SECURE-INFO.zip
AVG missed 5
SECURE-INFO.zip
IMPORTANT-INFO.zip
Postcard.zip
Invitation Card.zip
Shipping documents.zip
Avast missed 3
Invitation Card.zip
Shipping documents.zip
Postcard.zip
MSE missed 0
Unfortunately something happened such that all the emails on the server were gone before I could perform the receive of emails. Instead I forwarded on all the files CA missed. MSE doesn't check at the time of receiving an email. It checks when you go to save the file to your computer. In the case of a zip file it doesn't check until you extract the files. At this point MSE identifies the file and then takes some time to remove the file. MSE correctly identified all the files as malware.
OzEfilter
Because the emails had been received and removed from the mail server, I could not test OzEfilter, so I had to desk check manually what would have happened. OzEfilter shows a list of emails from people you don't know. You can then review those emails and delete them at the mail server before they ever reach your computer. In this case all emails were from addresses we don't already know and accept. So all viruses would have been deleted before reaching the computer.
Outcome for round 1
1. MSE
2. Avast
3. AVG
4. CA
With round 1 over the combatants can earn a well deserved rest. Tomorrow is another day, another fight.
Until then.
- Kelvin Eldridge
This blog is available from the JustLocal site under the News heading.
No comments:
Post a Comment