Is the idea of having a product that does one thing very well lost in these 'suites'?

Speaking of "suites", what happened to Avira in the latest Matousec tests?

"...Today's worst result was achieved by Avira Premium Security Suite that did not pass the level 2 and finished with 10% score."

 

Lol wow 10% for avira .

 

Maybe Avira prefers to focus on real world security challenges, instead of playing Matousec's games.

 

Avira is a great av. Maybe they should just concentrate rather than aim at Matousecs tests!

 

Yeah no doubt Avira is one of the best but it detects my video adapter as a virus but besides that no problems (however its confusing as to which numbered .DLL files is part of the FP list).

 

Which is your video card? have you submitted a report to avira?

 

Quite awhile back I was interested in the concept of the security suite approach having everything in one, as it seemed over the years vendors producing such products were finally making strides in lower system resource usage for such products. Prior years I felt all products as suites were a joke at best. We used to joke saying the reason the all in suites are effective at preventing infections is due to the fact they make the system so unusable it doesn't get used therefore gets no infections.

Anyway, I have watched as well and learned that no matter what all in one product was chosen, there was always an inferior performing component, Whether it be the firewall part the detection part, the malware part, spam filter, basically no one product provided adequate protection in all areas.

I as alot of others here have done before me, started looking at best of breed for each aspect in seperate products to put together a multi layer, multi product security system. As we all know doing it this way is a much better approach in terms of overall security but the cons of this were high cost due to licensing so many different vendor products, system resource performance with incompatabilities between different apps and of course the always possible situation one of the product vendors would sell out or stop supporting their product which was basically another link in the security system chain.

We all know doing it this way would be preferred if the cons were minimized or eliminated and it didn't take tons of research and tweaking to get your final setup working. Because of this I can see why all in one suites became so popular. Despite the popularity of suites, in all my experiences with multiple vendors products, I have yet to come across any of them that did an adequate job despite the convenience. Another thing I noticed with some of the suites was the inter-compatibility within their own modules was many times no better than using separate products anyway. Basically the one real plus to me was the cost factor was usually cheaper.

So I find myself now with a steadfast belief (My Opinion Mind You) that there is no better approach to overall security on my systems that using seperate product in a layered approach. I have refined my approach in doing this by limiting my own curiousity desires to try ever product out myself, which is a pointless effort as doing so you will never finish your security because your always testing. So I decided using Wilders and other respected sites to play off other members experiences and create short lists of each products to test myself. This has been alot more effective for me and has resulted in a setup I feel is extremely powerful and yet very light in resources overall. On top of this, some negotiating with some of the product vendors, I was able to achieve reduced pricing that the total cost rivaled some of the all in one suite costs. I feel extremely satisfied with my approach now, more so than ever before.

Not to start any comparisons of individual product here in this thread, I will mention what I put together for the benefit of illustrating my approach. This is by no means a "Heres what you should use" statement in any way.

I settled on the following products:

Vipre AV/AS - (Active Protection Enable)
SuperAntispyware Pro - (Real Time Protection Enabled)
Sunbelt Personal Firewall
Malwarebytes' Anti-Malware - (On Demand Only)
Acronis True Image Echo Workstation With Universal Restore
Firefox 3.5

Now I can tell you without hesitation that the above setup on my Dell M1530 running Vista x32 has been without question the overall lightest system I ever tested on this machine. Every single thing works perfectly and in harmony beyond the results I ever experienced with any other all in one suite.

The overall cost was equivalent to most all in one suites and so far has been effective to the point I am not worried. And while no setup is perfect or 100% effective, I feel I have finally hit the right combo for my needs.

Bottom line is my lessons learned are stay away from suites and you can achieve a more secure, better running system capable of providing a multi layered approach beyond the capabilities of any single vendor's offering. This is my opinion and my experiences and what I will do from now on is stay with it.

Another factor I feel better about is simply not trusting any one vendor to be honest in not collecting or snooping personal info from my system. Which is harder for a vendor to do when you have different products watching each other.

Hope my experiences might be of value for some of you thinking about a multi layered approach and have yet to plunge into it.

 

I agree with Atomic Ed.
Suites in general seem to have a weak component.
I prefer to stick with stand-alone apps that do one thing very well.

 

Good insight
Nice Posting also, was able to read it straight through without any confusion

On topic: I prefer using the Suites, low maintenance with configuration options all in one place.
Whenever something goes array like making the wrong decision to an popup alert, or simply wanting to change an configuration option can
lead to some confusion as to what application and where in what application do I correct or make that change.

Besides, the best security is an Firewall Router, and blocking Cookies, Ads, Referrals, ActiveX, and keeping the Internet Cache clean.
The security suites and/or stand alone security applications only add an extra layer of protection of which I believe is still overkill.
The Internet has evolved into an Global Communication Network, people all over the World bank and shop online, if all of the Viruses,
Spywares, Trojans, Malwares, Worms, and so forth were as invasive and threatening as magnified to be, people would not bank or shop online.
People not banking and shopping online Worldwide would cause Businesses financial loss.....this is not going to happen!
Like anything else, Money is the bottom line. All of these Internet threats are regulated and controlled by higher authorities and powers
allowing an controlled degree of threats loose in the Wild to provide Revenue. We buy the security software, the security vender pays taxes,
the taxes improve our world. It's just the world we live in.

So for now, I will continue to use security suites, for their simplicity, easy access and configuration, and only one charge to my credit card.


HKEY1952

 

Re: Is the idea of having a product that does one thing very well lost in these 'suit

Even if the performance was equal, I'd stay with separate components. In a combined suite, the different parts share a lot of common components. If a vulnerability or coding flaw is found in one of those shared components, it could affect or crash the entire suite, leaving you quite vulnerable.

A long time ago, I was using Norton Internet Security, a bloated firewall, AV, popup blocker, privacy defender, kitchen sink combination. I was searching for something on Google, don't remember what specifically. Clicked on the first link it offered. Even with its popup blocker running, as soon as the site opened, so did about 50 popups. The NIS firewall crashed followed by the AV a few moments later. When I got everything running again, the AV detected an infection but couldn't remove it. I realize that this was a while ago, but security suites still share components and any vulnerabilities those components may have.

With separate applications, the only shared components are Windows own files, which makes it much more difficult to attack the security software. Integration can be both an asset and a liability. On my setup, SSM and Kerio can protect each other. If something terminates or crashes Kerio, SSM will restart it immediately. As long as Kerio is running, web based malicious code can't reach SSM to attack it. The rules in Kerio don't allow SSM any internet access in either direction which effectively isolates it from web based attacks. I've set up a very similar idea with Proxomitron which filters out malicious code. If something compromises Proxomitron, it won't do an attacker much good when SSM won't allow Proxomitron to parent any other process, modify the registry, or perform any other sensitive functions. SSM's rules effectively isolate both Proxomitron and Kerio from the rest of the system while simultaneously defending them.

That type of interlocking is only possible when all the involved apps can stand on their own. The downside is that setting up this type of interlocking layered defense is beyond the casual users abilities. Users who are capable of setting up such a package aren't numerous enough to keep a vendor in business, especially when there's so many different apps to choose from, many of which are free. I can't see paying for a firewall when the free one I'm using is ideally suited to my setup. The same applies to HIPS or process firewalls. DW has an excellent reputation, but so did SSM, and SSM is now free. You mentioned a firewall/router for instance. Instead of a router, I installed Smoothwall on an old PC. It makes for a very effective hardware firewall at very little cost.

The whole issue keeps coming back to the users. Today, the vast majority of computer users know almost nothing about how it works. Hobbyist, talented amateurs, and professionals make up a very small percentage of the user base. There's not enough of them to keep all the vendors of the really powerful security software in business, but there's lots of users who want security packages that will do everything for them. Those might as well be from two different planets as far as the security app vendors are concerned. Their needs are so different.

 

Re: Is the idea of having a product that does one thing very well lost in these 'suit

The above highlighted part of the Quote is not entirely true.....now I am not defending Suites nor am I defending Stand Alones.....Implementation of either is User preference.
What I am saying is that the above highlighted part of the Quote is not entirely true.
The above highlighted part of the Quote is not entirely true because of two reasons.

01)- Most stand alones have their own directory or folder of shared components, as most suites do, and are most often located in C:\Program Files\Common Files\
Others may install their shared components folder else ware, but the point is, some stand alones are not completely Windows Component dependant, just as some suites are not completely Windows Component dependant.

02)- The object of an attack is to compromise the Operating System, before this can happen, the attack must bypass or compromise the security gateway.
Now, should the security software, stand alone or suite, be entirely dependant on Windows Components, this security software can not self protect Windows Components and is weak, security wise, as the
security software is dependant on files or components outside of its own protective shield. Security software should be designed to protect Windows, the only way this can be achieved is by having
minimal dependency on Windows files and components and dependant only on its own files and components, with the ability to "Self Protect" its own protective shield.
Outpost, ZoneAlarm and Sunbelt do an excellent job achieving this type of architecture in their security software, the only difference between the three is one of them disallows disabling the "Self Protection"

So, whether it is stand alone or suite, the security software should have minimal dependency on Windows files and components and be self contained by being dependant only on its own files and components and have
the ability to toggle on/off "Self Protection"



HKEY1952

 

Re: Is the idea of having a product that does one thing very well lost in these 'suit

Good points and certainly reinforces my feelings on the subject.

I truly believe that eventually the whole all in one suites thing will end up being nothing more than a marketing fad. Some day people will get fedup with the performance and cost of these things and I believe a smaller number of well known focused apps will emerge as the thing to do for most people.
Lets face it, people don't have alot of disposable income anymore to perpetually update a high license cost all in one suite every year.

There are more than a few dedicated purpose security apps out there now with lifetime license options. There are also some companies selling home site licenses too. Not too mention alot of these products are high performing and much lighter than their suite counterparts.

There will eventually be a market change and I personally think the days of the all in one swiss army knife approach suite are numbered.

Of course these are just my opinions and I very well may be wrong. But its what I think will happen.

 

Re: Is the idea of having a product that does one thing very well lost in these 'suit

I'm not so sure I agree with what your saying on the 01) point. Shared componenets don't always necessarily mean shared Windows modules. I think what the poster was intending to point out is that most all in one suite products use shared components or modules within their suite components. This means shared files specifically to the security vendors product of their own design. Not standard windows shared files. With a stand alone product, it does not have shared components within itself. It may call on shared Windows components but thats all.

On your 02) point, I agree 100%.

 

Re: Is the idea of having a product that does one thing very well lost in these 'suit

I am just on the opposite road... good suite are generally cheaper then buying single separate components and they maximise strengths by better combining the different protection modules reinforcing the defense more consistently as compared to components assembled separately. They are less prone to conflicts because tested beforehand and can contain portion of diversification integrating technology from different security producers.

The suites and integrated tools, the way to go

Cheers,
Fax

 

Re: Is the idea of having a product that does one thing very well lost in these 'suit

Microsoft has already ignited and is enforcing this market change starting with the release of Microsoft Windows XP (introduced the Limited User Account),
and with the scaled down warning and prepare yourself release of Microsoft Windows Vista (introduced the two way Firewall),
and now with the upcoming release of the Microsoft Security Essentials (introduced free Antivirus and Antispyware),
and with the upcoming October 2009 release of Microsoft Windows 7 (the real Vista).

First there was the Limited User Account in Microsoft Windows XP, hardened in Microsoft Windows Vista, improved in Microsoft Windows 7.
Second there was the Microsoft Windows Vista two way firewall, improved in Microsoft Windows 7.
Third there is the Microsoft Security Essentials free Antivirus and Antispyware.
Fourth there will be Microsoft Windows 7 (the real Vista).

So, having the following, what more does one need for security, or what third party security software is really needed?

01)- Firewall Router
02)- Microsoft Windows 7 with Standard Limited User Account
03)- Microsoft Windows 7 two way Firewall
04)- Microsoft Security Essentials free Antivirus and Antispyware
05)- Optional Open DNS Account

Answer = None



HKEY1952

 

Re: Is the idea of having a product that does one thing very well lost in these 'suit

My sentiments exactely!


HKEY1952

 

Fax, I do agree. Consider, for example, that in Norton Internet Security 2010 the firewall leverages the same in-the-cloud Quorum database that the heuristic engine utilizes (see post #1 in this thread). Coordinated protection will not emerge from the use of an assembly of disconnected components.

Additionally, many (most?) of the standalone security components (e.g., VIPRE Antivirus + Antispyware, Sunbelt Personal Firewall) lack an in-the-cloud technology architecture and will thus likely fall further behind in protection performance, given the rapid rise of polymorphic malware.

 

Before this in-the-cloud technology can be securely reliable, communications between the Client and Vender must be on an separate secure encrypted Network


HKEY1952

 

HKEY1952, if the client/cloud communications are digitally signed to ensure authenticity and integrity, then the information interchange will work as advertised. Encryption shouldn’t be necessary, since there is no concern about protecting personally identifiable information (which is not exchanged in this context).

 

Pleonasm,
On installation, some of these in-the-cloud security applications take snapshots of the clients system and upload this information over the www.
There is too much private information on systems to be freely flowing over the www.
Also, in trialing one of these in-the-cloud applications, I sent an print job to the printer and the in-the-cloud application uploaded the document to the venders server to be scanned.
The application informed me that the document was being uploaded for an scan.
This is unacceptable.....digital verification has nothing to do with it.
In-the-cloud applications are uploading system snapshots, files and documents to be scanned that could and do contain sensitive information.


HKEY1952

 

HKEY1952, I absolutely share your concern about privacy when using in-the-cloud security tools -- which is why it’s important to inspect the privacy practices and policies of the company (e.g., see this thread).

Thus, if accurate, the behaviors that you describe are obviously unacceptable from a security application. So, more specifically, which vendors’ products are uploading what kinds of sensitive information under what conditions?

The larger point (and the one that is “on topic”) for this thread, however, is that the “writing is on the wall:” individual, standalone security applications that lack an in-the-cloud technology architecture appear destined to decline in effectiveness in the not too distant future. As a result, any assembly of such tools is unlikely to provide excellent protection against malware, given the changing threat landscape.

 

Pleonasm,

Whether it be an Suite or an Stand Alone, with or without Cloud Technology, Microsoft has sent out an warning to security venders that their market share time is limited and they better find an new source of income. Microsoft has an right to protect their Operating System and are going to do just that with the release of Microsoft Windows 7. The days of third party security software are nearing an end, with or without Cloud Technology, Stand Alone or Suite. Read my Post #41 on this Thread for more insight and thought.
https://www.wilderssecurity.com/showpost.php?p=1511417&postcount=41

And Post #35 of this Thread why security threats are magnified beyond reality.
https://www.wilderssecurity.com/showpost.php?p=1510847&postcount=35

Cloud Technology is in its birth and currently is an security breach, privacy policies can be changed without prior notice or written consent.


HKEY1952

 

I can see where cloud computing could improve security-ware that depends on threat identification. I don't see where it can make security software any more pro-active. I suppose it would be the next step in the evolution of that technology. Personally, I feel it's nothing more than another way to keep users dependent on "security by subscription". It may be the simpler option for the masses, but a knowledgeable user can do better. Security apps aside, there's no way I'd ever truust my data to cloud based software. Keeping your own system secure is one thing. Trusting the security of someone elses servers and applications is asking for problems.

Regardless of that they come up with to enhance default-permit based security-ware, it will never be as effective as a properly implemented default-deny system. A default-deny setup doesn't need a "cloud" to determine what shouldn't run. All it needs is a list of what you want allowed on your system.

 

Good insight noone_particular, the highlighted part is the best way for one to keep their head above the Clouds!
Besides, third party security vendors will start to be phased out with the release of Microsoft Windows 7. The skies will clear and there will be no more Clouding.


HKEY1952

 

HKEY1952, I believe that the rumors of the death of the security industry have been greatly exaggerated. Whatever measures Microsoft may initiate to protect users (and, they are indeed welcome), the authors of malware will cleverly work to circumvent them all. And the game continues. As a consequence, the $13 billion computer security market will not evaporate in the foreseeable future.

HKEY1952, in my opinion, the veracity of your statement is critically dependent upon the sophistication and the “safe surfing” habits of an individual user. For some users, the risk is overstated; for many others, it’s a very real concern.

Noone_particular, yes, I share the concern -- which is why I find it refreshing that Norton Internet Security allows a user to easily opt-out of the Norton Community Watch program. To the best of my knowledge, this is the only in-the-cloud based security tool which provides users with the option of including/excluding their threat information in the community database.