Home Tags Fragmentation

Tag: Fragmentation

ATMitch: remote administration of ATMs

In February 2017, we published research on fileless attacks against enterprise networks.

This second paper is about the methods and techniques that were used by the attackers in the second stage of their attacks against financial organizations – basically enabling remote administration of ATMs.

Cisco TelePresence control software had remote-exploitable bug

Cisco's collaborationware is a mess: that WebEx bug also hit Firefox and IE Cisco has turned up a packet fragmentation issue in its TelePresence Multipoint Control Unit software that opens up a denial-of-service and remote code execution vulnerability.…

TrustPort Internet Security Sphere (2017)

I try my best to review the latest security suite and antivirus releases from all the security companies, but occasionally I miss one. The 2016 product line from TrustPort slipped past me. I hoped that with two years of innovation rather than the usual one, I would see remarkable improvements in TrustPort Internet Security Sphere, which fared poorly in my last review. Sadly, it didn't score any better than when I last reviewed it in 2015.

At $37.95 per year for three licenses (or $29.95 for a single license), TrustPort is significantly less expensive than most competing products. Bitdefender, Kaspersky, and Norton all cost just a little more than twice as much. On the other hand, those three are much more effective than TrustPort. For the same price, McAfee Internet Security lets you install protection on every Windows, Mac, Android, and iOS device in your household.

The main window for Trustport's antivirus features a single row of five square buttons, while the full suite has two rows of five, to accommodate its additional features. The six green buttons turn components like the real-time scanner and parental control on and off. Blue buttons invoke actions such as running a scan or checking for updates. It's a different arrangement of square buttons from the version I reviewed previously, and a different color scheme, but not a lot else has changed, appearance-wise.

Shared Antivirus Features

This suite's antivirus protection includes everything found in TrustPort Antivirus Sphere, plus an additional Web scanner component. Please read that review for full details of features common to both. I'll summarize here and focus on the suite's additional antivirus abilities.

Several high ratings from the independent testing labs marks a highly effective antivirus. Alas, only one of the labs that I follow includes TrustPort. In its RAP (Reactive And Proactive) test, Virus Bulletin scored TrustPort at 85.34 percent, a little above the average score. But that's not enough data for me to come up with an aggregate lab rating. On a scale of 10 possible points, Kaspersky Internet Security earned an impressive aggregate score of 9.8, while Norton managed 9.7 points.

In my own hands-on malware-blocking test, TrustPort detected 87 percent of the samples and earned 8.5 of 10 possible points. That's one of the lower scores among products I've tested with this sample set. Webroot SecureAnywhere Internet Security Plus, Comodo, G Data, and a few others detected every single sample. Webroot, Comodo, and PC Matic earned a perfect 10 points in this test.

My malicious URL blocking test uses very new malware-hosting URLs. Products get equal credit for blocking all access to the URL and for eliminating the malicious executable during download. Handicapped by lack of any Web-based protection, TrustPort's antivirus managed to wipe out 70 percent of the samples during download. When I tested the suite, its Web scanner blocked access to 21 percent of the URLs, and the real-time antivirus took care of another 55 percent. The total protection rate of 76 percent is still pretty low. Tested in the same way, Symantec Norton Security Deluxe blocked 98 percent of the samples.

Other Shared Features

The antivirus includes a feature called Anti-Exploit, but it's not about blocking attacks that exploit unpatched vulnerabilities, as you might expect. Rather, it looks for suspicious activity, things like programs attempting to manipulate other programs. In its default silent state, it doesn't do anything at all. When I took it out of silent mode and tested it with some valid programs, it found 40 percent of them to be suspicious. To get those programs working, I had to add them to the trusted list.

Next I switched from Anti-Exploit to an alternate tool called Application Inspector and tested again with a collection of valid programs. The Application Inspector flagged 30 percent of them for a different set of suspicious behaviors than Anti-Exploit did. You're better off just leaving this feature in its silent, do-nothing mode.

Clicking the Extra Applications button doesn't actually get you any extra applications, at least not in the standalone antivirus. Rather, it offers access to two different but equally complicated techniques for creating a bootable antivirus. You can use a bootable antivirus to clear up malware infestations that resist normal disinfection. However, the options offered by TrustPort are just too complex for the average user. The full security suite does offer extra applications, which I'll describe below.

Poor Phishing Protection

Phishing is the practice of creating fake versions of sensitive websites and hoping some poor chump takes the bait. Victim who log in to a fake PayPal site, for example, have just given away their credentials to their real PayPal account. These fraudulent sites get blacklisted and taken down quickly, but the fraudsters just reopen with a new fake site.

To test phishing protection, I use the newest phishing URLs I can find, preferably ones that have been reported as fraudulent but not yet analyzed and blacklisted. I try to visit each in a browser protected by the product under test, and in another browser protected by Norton, which has a long history of effective phishing detection. I also launch each URL in Chrome, Firefox, and Internet Explorer, relying on each browser's built-in fraud detection.

The first time TrustPort blocked anything, it popped up the standard notification it uses when it detects malware in a file. I resolved to track such events separately from times when the Web scanner denied all access the fraudulent site. But I didn't need to do that. Not once did I see a page replaced by the Web scanner's warning window. In addition, I found that even when TrustPort reported that it found phishing, the fraudulent page was completely accessible, and I had no trouble entering my (fake) credentials.

Very few products can match Norton's detection rate in this test. Of all recent products, ZoneAlarm tied Norton, while Webroot, Kaspersky, and Bitdefender Internet Security 2017 did a little better. Every other product lagged Norton's detection rate, some by a little, some by a lot.

TrustPort falls in the "by a lot" category. Its detection rate came in 66 percentage points behind Norton's. Chrome and Internet Explorer also beat TrustPort by a wide margin. This is a poor showing.

Old-School Firewall

TrustPort's firewall handled the basic task of fending off outside attack just as well as Windows Firewall. It put the system's ports in stealth mode, making them invisible from the outside, and fended off my port scans and other Web-based attacks. In a recent test, G Data Internet Security 2017 went even further, presenting a notification that it blocked a port scan attack.

Of course, merely doing as well as Windows Firewall isn't a huge accomplishment. Most personal firewalls, TrustPort included, also take control of how programs connect to the Internet and network. Early personal firewalls foisted decision-making on the poor, uninformed user. Should I allow netwhatever.exe to connect with the computer at IP address over port 80? Who knows! Some products, ZoneAlarm among them, cut down on these popups by maintaining a huge database of known good programs and automatically configuring permissions for those.

Norton takes this concept to the next level. If a process isn't in the database, Norton doesn't ask the user what to do. Rather, it monitors that process extra-closely for any suspicious network activity. That's much better than relying on the untrained user for important security decisions.

TrustPort offers four levels of firewall protection, but if you read the text associated with each, it doesn't actually recommend any of them. The default level is called Use Firewall Rules, but the text states this is only recommended for experienced users. The description of the less-strict Enable Outgoing Connections level includes a warning that it can't defend against Trojans and spyware. And there's no point in the options that block or allow all network traffic. For testing, I stuck with the default, Use Firewall Rules.

In this mode, TrustPort is totally old-school. It did correctly pop up a query about my hand-coded browser's use of the network, and it managed to detect a couple leak test programs trying to evade its view. But it also popped up queries for numerous internal Windows components. A user who accepted the default action, blocking that process from Internet access now and forever, would wind up disabling parts of Windows.

Fixing a program blocked in error is also tough with this suite. You click Advanced Configuration, find the Firewall section, and open the Filter Definitions page. Scrolling past dozens and dozens of confusing default rules, you'll eventually find application-specific rules. You could jump in and edit the rule that's blocking the program, but you're better off just deleting the entry and choosing to allow access next time the firewall asks.

Protection against exploit attacks is often a firewall feature. I tested TrustPort's protection by hitting the test system with several dozen exploits generated by the CORE Impact penetration tool. Its Web protection component jumped in to block 30 percent of them, identifying all but one of the exploit attacks by name. Tested in the same way, G Data blocked 50 percent of the exploits. Norton has the best score in this test. It blocked 63 percent of them, all at the network level, before any portion of the exploit reached the test system.

I always investigate methods that a nefarious coder might use to disable firewall protection. TrustPort doesn't seem to store anything in the Registry, so there's no way I could flip the Off switch. I tried to kill its six processes using Task Manager, with no result beyond six Access Denied messages.

However, like G Data, F-Secure Internet Security, and a few others, TrustPort doesn't protect its essential Windows services. I set the Startup Type for all six to disabled and rebooted the system. On reboot, TrustPort didn't run at all. Comodo also didn't protect its services, but on reboot it reported the problem and offered to fix it automatically.

This firewall handles the same tasks that the built-in Windows Firewall does, which is no great feat. Its program control component pops up queries about Windows components; a hapless user who chooses the default block action may disable part of Windows. And the firewall isn't properly hardened against attack. It's not an impressive showing.

See How We Test Security Software

Extra Applications

Clicking the big Extra applications button on the main window lets you launch Portunes (rhymes with fortunes) and Skytale (rhymes with Italy). Portunes offers static storage for your passwords and other important data. Skytale encrypts messages. And neither is very useful.

Portunes stores passwords, credit cards, contacts, addresses, and more. You define what it calls a PIN to protect the collection. Last time I reviewed this product, it required a four-digit PIN; now you can enter a respectable master password. That's an improvement, albeit a minor one.

However, Portunes doesn't have any password management features other than including passwords among the things it stores. You can, if you wish, sync your data between multiple installations. To do so, you give Portunes access to your Dropbox account.

As for Skytale, it's easy enough to use. Type or paste in some text, click Encrypt, enter a password, and email or otherwise transmit the resulting gibberish to the recipient, sending the password separately. The catch is, the recipient must also be a TrustPort users. Quite a few encryption utilities don't have that kind of limitation. Some let you create a self-decrypting EXE file, while others offer a free decryption-only tool. Without any similar feature, Skytale isn't terribly useful.

Optimalize Your PC

"Optimalize" may not be precisely English, but it's what the button says. Clicking it launches TrustPort Optima, a simple tune-up utility that deletes temporary files, wipes out useless and erroneous Registry entries, and defragments your disk drives.

You start by clicking Analyze. On my test system, this step went quite quickly for the temporary files and Registry data, but it took quite a while to finish analyzing disk fragmentation. In a similar fashion, the actual cleanup of temp files and Registry went quickly, while defragmentation took quite a bit longer. You can click for a retro view that shows the defrag process as it happens.

Stripped-Down Antispam

If you rely on Web-based mail for your personal email account, you probably don't see much spam, as the major webmail providers filter it out. Likewise, your business email account probably gets filtered at the email server. Given that few people need a spam filter these days, and that my antispam testing was the most lengthy and laborious of all my tests, I dropped that hands-on test last year.

That's a good thing for TrustPort. The last time I reviewed this suite's spam filter, I found it to be quite dismal. It noticeably slowed the process of downloading email, and certain messages caused it to hang, cured only by quickly turning spam filtering off and on again. And its accuracy was terrible. We can hope that the designers have tuned this component since that time.

The spam filter supports Outlook, Outlook Express, Windows Mail, Thunderbird, and The Bat!, but not Windows Live Mail (the replacement for Outlook Express and Windows Mail). Even with these supported email clients, you still must define a message rule to put the spam in its own folder.

You can manually add email addresses or domains to the whitelist or blacklist. However, there's no option to automatically whitelist addresses to which you send mail, or import the address book to the whitelist, the way you can with ESET, Trend Micro Internet Security, and others.

Spam filtering in Check Point ZoneAlarm Extreme Security 2017 is extremely comprehensive and boasts pages and pages of configuration choices. I'm happier with a reduced set of choices, things users can actually understand. TrustPort's advanced spam filter settings are decidedly reduced—there are just four of them—but the average user will get no benefit from meddling with these.

Parental Lock

Not everyone has kids, and not every parent wants a parental control utility. For those who do want it, having parental control integrated with the security suite can be convenient. That is, if the parental control component does its job.

TrustPort's Parental Lock is a content filter, nothing more. If you turn it on by clicking its button on the main window, it immediately starts filtering access to websites in five categories: Violence, Porn, Warez, Hacking, and Spyware. You can tweak the configuration to also filter out seven more categories, among them Chat, Shopping, and Drugs.

By default, the filter applies to all users. It's possible to configure it one way for your teen and another way for your toddler, but it's far from easy. Doing so requires using the arcane Windows Select Users dialog. Guys, couldn't you just give Mom and Dad a simple list of user accounts?

In testing, I found that quite a few seriously raunchy sites got past the filter. It doesn't handle secure sites, so any HTTPS porn sites slipped right through. Logging in through a secure anonymizing proxy lifted any limitations by the content filter.

This so-called parental control system is worse than useless. If you want a suite that includes a full-functioning parental control system, look to Norton, Kaspersky, or ZoneAlarm.

More Drag Than Most

The days of resource-hogging security suites that bogged down performance are gone. Users wouldn't accept it, and security companies changed their ways. Few modern suites put a noticeable drag on performance. Even so, there's still a range, and in my hands-on testing TrustPort's performance drag came in on the high side.

Getting all the protective components of a security suite loaded can have an impact on the time it takes to boot up your PC. My boot time test waits for 10 seconds in a row with less than five percent CPU usage, defining that as the time the system is ready for use. Subtracting the start of the boot process, as reported by Windows, yields the boot time. I ran this test 20 times before installing TrustPort and 20 more times afterward, then compared the averages.

The result was so high that I tried again, this time watching the process closely. I found that at each reboot, the firewall was popping up queries about system processes. I manually rebooted the system over and over, responding to all the popups until they stopped coming. When I re-ran the test it still showed a 54 percent increase in boot time. That's one of the biggest impacts among current products. Fortunately, most of us don't reboot any more than we're forced to.

I also measure the suite's impact on simple file manipulation. One test times a script that moves and copies a mixed collection of files between drives. Averaging multiple runs with and without the suite, I found the script took 28 percent longer with TrustPort present. That's a little more than the current average of 23 percent. On the plus side, it didn't exhibit any measurable drag on another script that repeatedly zips and unzips those files.

The average of TrustPort's three performance scores is 27 percent, one of the largest among current products, but I didn't actively notice the test systems seeming slow. At the other end of the spectrum, Webroot had no measurable effect on any of the three tests. Norton averaged just five percent drag, which is quite good.

Look Elsewhere

Typically I'd conclude by summarizing the good and bad points of TrustPort Internet Security Sphere, but there's just not much I can say on the plus side. The independent labs don't rate it, and it fared poorly in our hands-on tests. Its firewall pops up warnings even for Windows internal processes, and it isn't defended against hacking. And the parental control system is worse than useless.

Forget about this suite. Look instead to one of our Editors' Choice security suite products. For a basic security suite, those are Bitdefender Internet Security and Kaspersky Internet Security.

Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.
Parental Control:

Back to top

PCMag may earn affiliate commissions from the shopping links included on this page. These commissions do not affect how we test, rate or review products. To find out more, read our complete terms of use.

LogMeOnce Password Management Suite Ultimate 5.2

When you can get a seriously full-featured, security-conscious password manager for free, what would entice you to pay? How about even more features, and no limits on existing features? LogMeOnce Password Management Suite Ultimate 5.2 pulls out all the stops, removing limits on the number of shares and beneficiaries, and adding advanced features that include anti-theft and an unusual selfie-based two-factor authentication system. A few quirks in its mobile editions are still being ironed out, but overall, it's a feature-packed password powerhouse.

At $39 per year, LogMeOnce Ultimate costs the same as Dashlane 4.0. Sticky Password goes for $29.99 per year, and LastPass for just $12. But this big, sprawling utility has a ton of features, including some I haven't seen in any competing product.

The free edition doesn't impose any limits on the number of saved passwords, or of synced devices. If you're interested in the product but not sure if you want to pay for it, go ahead and install the free edition, and familiarize yourself with its impressive capabilities. You can upgrade to Ultimate any time the free edition's limits begin to chafe.

Shared Features

The free LogMeOnce Password Management Suite Premium 5.2 is loaded with features, enough that it outperforms many competing products that aren't free. I'll summarize its capabilities here, or you can read my full review of the free edition for more details.

LogMeOnce runs strictly as a browser extension, so it's not limited to a specific platform. If your browser supports extensions, you can use it on Windows, macOS, or even Linux. There are also apps for Android and iOS.

Just about every password manager starts off by asking you to define a strong master password, something that you can remember but that nobody could guess. LogMeOnce now offers password-less authentication as its default. To set this up, you pair your smartphone or mobile device with your LogMeOnce account. Now when you log in on your desktop, you verify when prompted on the mobile device, using a PIN, a fingerprint, or what the company calls PhotoLogin.

Those who've upgraded to Ultimate get more information along with the request for PIN, fingerprint, or PhotoLogin. Swipe left to see the requester's email address, GPS location, IP address, and more, or swipe right to view the location on a map. If you get an unexpected login request, this data may help you figure out who's trolling you.

For PhotoLogin, LogMeOnce snaps a photo with the webcam and sends it to the device. You simply verify that the photo is what you expected. If the computer has no webcam, you can compare a visual one-time password that's sent along with the photo. It's also possible to use PhotoLogin on the mobile device itself, but this isn't quite as secure. It involves you verifying that you are seeing the photo you just snapped; it's a bit self-referential. When I mentioned this to the developers, they quickly modified on-device PhotoLogin to also require entering a PIN.

The free edition captures logins (which it calls applications) as you enter them, and offers to play back your saved credentials when you revisit the site. It also includes a catalog of almost 4,500 known websites. Choose one of these and you can be sure that LogMeOnce will handle it, even if it uses a non-standard login page. However, if you somehow manage to find an oddball login that's not in the catalog, you can't just capture all form fields the way you do with LastPass or Sticky Password Premium. Clicking the browser toolbar button displays all your saved websites. Clicking one of them navigates to the site and logs in.

The password generator defaults to creating 15-character passwords, using all character sets, which yields a very tough password. It also rates any password you type, estimating how long it would take to crack. By default, you must change your master password every three months, without re-using previous passwords. Those using Ultimate can change the password expiry time, in a range from one month to one year.

You can use Google Authenticator, or a workalike such as Duo Mobile or Twilio Authy, for two-factor authentication. Other options in the free edition include receiving a one-time passcode via email, SMS, or voice call. In an unusual move, LogMeOnce charges two credits for each SMS authentication and four credits for each voice call. Those using Ultimate get an allowance of 50 credits per month, with the option to purchase more, $10 for 1,000 credits. I'll cover the Ultimate edition's additional two-factor options below.

An interesting feature called Mugshot gives you a look at anyone who tries to log in on a lost or stolen phone. On any failed login attempt, it snaps photos with the front and rear cameras and sends them to your online dashboard, along with the device's GPS location and IP address. Using this information, you may be able to locate and recover the device. Upgrading to Ultimate gets you a more complete anti-theft system.

LogMeOnce stores personal, address, phone, and company data, for use in filling Web forms. You can save multiple instances of each data type. New since my last review, it also saves and fills credit card data. Like Dashlane, it helpfully displays the saved cards as images, using the color and bank name you specified. It doesn't have the flexibility of form-filling whiz RoboForm Everywhere 7, but it does the job.

Like LastPass and Dashlane, LogMeOnce can display a list of all your passwords, with a strength rating for each, and a flag for any duplicates. In addition, its report page offers several other views on your security, some of which aren't functional in the free edition. If you find you've got weak or duplicate passwords, just click the link next to each one to go change it. For many popular websites, LogMeOnce can even automate the password change process, something few competing products manage.

LogMeOnce includes the ability to securely share passwords with other users. You can choose whether the recipient gets to see the shared password, or just to use it for logging in. There's also an option to define a beneficiary who will receive either your whole account or a specific password in the event of your death. The free edition allows one whole-account beneficiary, five password beneficiaries, and five shared passwords. In the Ultimate edition, there are no such limits.

A productivity dock along the bottom of the screen displays a baker's dozen of live icons that expand when you mouse over them. You can use these icons to quickly reach important features like mugshot or security scorecard. That is, you can if you've paid for the product. Those using the free edition just get a reminder that the productivity dock is only for paid users.

Selfie Two-Factor Authentication

Upgrading to Ultimate unlocks several additional options for two-factor authentication, the most unusual of which is Selfie-2FA. It works like this. You log in to the browser extension, either with the default password-less authentication or a master password. LogMeOnce snaps a webcam photo and sends it to the mobile device you've specified for Selfie-2FA. If the received photo matches what you expected, you simply tap to authorize. MasterCard is exploring a similar type of selfie-based authentication.

What if you're using a desktop device with no webcam? In this case, LogMeOnce sends a generic image with a visual one-time password at the bottom. If the OTP on your mobile device matches the one on your browser, you simply tap to authorize. It's less tech-sexy than using a selfie, but it totally works.

My LogMeOnce contact pointed out that you can make it even harder for an attacker to beat this system by being unpredictable. Just keep changing which of your devices is the one authorized to respond to Selfie-2FA.

Those who've paid for the program can prepare a USB flash drive for use as a physical second authentication factor. There's also an option to add an X.509 Certificate as an authentication factor, but this is more logical in a business setting.

You can enable as many of the two-factor options as you wish, and log in using whichever is logical at the time. For example, if you logging in on a mobile device with no socket for your USB authentication key, you could opt to receive a code via SMS or email, or get a code from Google Authenticator. True Key by Intel Security also offers multiple authentication options, but goes further by letting you require more than just two of them for authentication.

Device Management and Anti-Theft

The free edition receives the GPS location of any failed login attempt, but the paid edition lets you check device location whenever you like. The Device Map page in the Security section displays the location of all your registered devices. Clicking on a device gets you more information, along with a button that remotely logs out of any active LogMeOnce session on the device.

The separate Device Management page lists all the devices you've configured for use with LogMeOnce. If you've lost or replaced a device, you can remove it from the list, thereby disconnecting it from your account. You can flip a switch to define whether each mobile device can accept password-less login requests.

When you select a device from the list, other actions become available. You can send a request to locate a mobile device. A Details tab displays a huge amount of information for iOS devices, quite a bit less for Android devices. However, for Android devices only, you can view a list of installed apps.

The Commands tab appears for both Android and iOS devices, but the available commands differ. You can remotely cause an Android smartphone to ring at top volume, handy in case you've simply misplaced it, and you can lock it remotely using the system lockscreen. You can even change the lockscreen password remotely before locking it down.

On both Android and iOS, you can send a message, perhaps something like, "I've seen your mugshot, phone thief, and I'm coming for you!" But don't get too excited about this feature. Unless you've enabled viewing notifications on the device's lockscreen, the only way a phone thief could read the message would be by logging in to LogMeOnce, which shouldn't be possible.

That brings me to the final command, available on iOS and Android, the Kill-Pill. This dramatically named feature simply wipes all personal LogMeOnce data. I sent the Kill-Pill command to my Apple iPad Air and watched as LogMeOnce reverted to the initial setup screen, with no sign of my email address or any other configuration data. Oddly, sending the same command to my Nexus 9 never worked; it timed out repeatedly in my testing. My company contact confirmed that while the feature works on most Android devices, it doesn't yet work on a Nexus 9. Gotta love Android fragmentation!

Using a trusted mobile device as part of the authentication process is becoming more and more common. Like LogMeOnce in password-less mode, oneID skips the master password in favor of device-based authentication. You can configure True Key to use other forms of authentication, including a trusted device, in place of a master password. But LogMeOnce is the only product I've seen that adds anti-theft features to protect the security of that trusted device. It's a smart move.

Enhanced Reporting

Even the free edition of LogMeOnce lists all your passwords ordered by strength, rates your total security status, and displays what it calls a hybrid identity score. If you've paid, you also get an overall password strength rating, with a breakdown of statistics such as the number of passwords of at least 15 characters, and the number that contain at least one of each character type.

The Live PasswordTracker chart is another paid-only feature. It takes two weeks to get a baseline for reporting, so I didn't see its full capabilities. For starters, it charts a solid line that's your overall password strength each day. If you're using the product correctly, that line should only go up. It also charts what the company calls a heartbeat line. Solid line segments represent days that you used LogMeOnce, dotted segments days that you did not. The line's height above the axis is based on the strength of the passwords you used on that day. The purpose of the chart is to encourage you in proper password hygiene, replacing weak passwords with strong ones and always relying on the password manager to keep track.

A Few Oddities

In testing the free edition, I glossed over the few little quirks I ran into, given the fantastic features that you get for free. Running into those same quirks—and a few new ones—in the paid edition, I'm slightly less forgiving.

LogMeOnce is a work in progress, in a good way. While working on this review, I confused the PhotoLogin feature with what was then called Photo-2FA. Overnight, the developers renamed it to Selfie-2FA, to avoid confusion. Because I mused about the possibility of an unauthorized person picking up a phone that was left unlocked, they changed the local-only PhotoLogin to also require PIN entry. This is an agile team, indeed.

On the other hand, I also ran into some oddities that aren't yet fixed. I couldn't make the Kill-Pill personal data erasure work on my Android device. To use Selfie-2FA from my all-in-one desktop PC, I had to crank the webcam brightness to the max, so high that Skype images appeared washed out. On an iPad, the iOS edition runs in the dated 2x mode, just a blown-up version of the iPhone edition. And even though a paid account should be ad-free, the "Go ad-free" link still appears, and I saw ads on some mobile screens. Pending updates for the Android and iOS apps should fix at least some of these oddities. Overall, though, this utility's breadth of features and its inclusion of innovative, security-focused features overshadows these few quirks.

Passwords Plus

LogMeOnce Password Management Suite Ultimate takes the vast feature set of the free LogMeOnce password manager and kicks it up to the next level. I haven't seen another product offering selfie-based two-factor authentication, or a built in anti-theft system. It lacks the ability to manage password for applications, but it checks just about every other box. On the flip side, you get almost all of these features in the free edition, and for some the vast array of features may prove off-putting.

LastPass Premium comes the closest to matching LogMeOnce's breadth of functionality, though with the latest edition LogMeOnce has taken a significant lead. For those who are more into simplicity and ease than a prodigious number of features, Dashlane 4 does everything you could want, with flair. LogMeOnce joins these two as an Editors' Choice for commercial password managers.

Back to top

PCMag may earn affiliate commissions from the shopping links included on this page. These commissions do not affect how we test, rate or review products. To find out more, read our complete terms of use.

Tor phone is antidote to Google “hostility” over Android, says developer

EnlargeMission Impossible reader comments 36 Share this story The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone—an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ars earlier this year. "The prototype is meant to show a possible direction for Tor on mobile," Perry wrote in a blog post. "We are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users." To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal. The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys." While strong Linux geekcraft is required to install and maintain the prototype, Perry stressed that the phone is also aimed at provoking discussion about what he described as "Google's increasing hostility towards Android as a fully Open Source platform." It’s about the software backdoors, stupid! Apple's iOS is famously more secure than the Android security garbage fire, right? But Android security will eventually improve, and when that happens, Perry told Ars in an e-mail, "then the next measure will be the ability of the platform to resist backdoors of various kinds." A closed source platform, such as Apple's mobile operating system, is at much greater risk of being compelled to deploy software backdoors, he added. Enlarge Tim Ellis "I think the best argument against backdoors is that they are technically impossible to deploy at all, due to the security properties of the system and people's ability to remove or avoid the backdoor.

That argument is stronger for open source than it is for closed source." Perry also worried aloud about targeted backdoors delivered to specific users. "The iOS App Store is at a significant disadvantage there even compared to Google Play," he told us. "Each iOS app is re-encrypted specifically for the user with Apple's DRM, making it technically impossible to verify that the package you installed matches the official one." He said that Apple has "created the perfect platform for delivering targeted backdoors to specific users.
I don't like banking on iOS for those reasons." Google hostile to freedom In order to solve the Android security mess, Google is taking steps that hurt user freedom, and make Android vulnerable to compelled backdoors, Perry argued. The fragmentation of the Android ecosystem into multiple OEMs, who distribute their own versions of the operating system, has resulted in rampant insecurity. Without financial incentives to push security updates to users' phones, OEMs by and large abandon users to their fate. Under pressure from many quarters to solve this problem, Google is working to improve Android security, but Perry criticised Google's release and development process as increasingly opaque. Android platform is effectively moving to a 'Look but don't touch' Shared Source model that Microsoft tried in the early 2000s," Perry wrote in his blog post. "However, instead of being explicit about this, Google appears to be doing it surreptitiously. "It is a very deeply disturbing trend." Copperhead to the rescue Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." Daniel Micay, Copperhead's lead developer, welcomed Perry's prototype. "It will be nice to have somewhere to direct technical users that cannot live without Google Play," he told Ars in an e-mail. By default, Copperhead eschews Google Play, and Micay himself refuses to use any Google Apps. Enlarge / A general outline of Copperhead's main features. "Mike Perry is interested in doing things properly which is why [the prototype] goes through the effort of not breaking verified boot or depending on leaving an insecure recovery image," Micay said. "The rough edges can be smoothed out over time." Mission Improbable, but useable today The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router. The prototype is the second of its kind.

Back in April, 2014, Perry proposed his first Android device optimised for privacy and security—then nicknamed Mission Impossible.

The earlier prototype consisted of a 2013 Google Nexus tablet running Cyanogenmod. Perry emphasised that the Tor Project has no plans to get into the hardware business, but hopes the prototype will provoke discussion and innovation. He pointed to the Neo900, which bills itself as "The truly open smartphone that cares about your privacy"—a project, he said, that came about in part due to the "Mission Impossible" blog post two years ago. "What I’ve found is that posts like this one energise the Android hobbyist/free software ecosystem, and make us aware of each other and common purpose," Perry told Ars. "It also shows Google and others what gaps there are in Android for Tor support, and raises awareness about the dangers the ecosystem faces." Ars readers looking for a weekend project will find the complete Mission Improbable installation instructions on GitHub. J.M. Porup is a freelance cybersecurity reporter who lives in Toronto. When he dies his epitaph will simply read "assume breach." You can find him on Twitter at @toholdaquill. This post originated on Ars Technica UK

Akamai warns: Look for IoT devices to attack during Thanksgiving, Christmas

The annual holiday uptick in denial of service attacks will likely continue this year only this time with a new devastating weapon: Internet of Things (IoT) devices, according to Akamai. In its quarterly State of the Internet/Security Report, the company says certain types of DDoS attacks are on the rise compared to the third quarter last year, both in size and number.

That doesn’t bode well for users of the internet starting next week. “Thanksgiving, Christmas, and the holiday season in general have long been characterized by a rise in the threat of DDoS attacks,” the report says. “Malicious actors have new tools—IoT botnets—that will almost certainly be used in the coming quarter.” That includes the infamous Mirai botnet whose code has been made public and that is responsible for some of the largest DDoS attacks ever – perhaps more than 1Tbps—including two that were mitigated by Akamai. In past years these attacks have been used to take down gamer sites at Christmas, just in time to frustrate people who have just received new gaming platforms.

Famously, both Xbox Live and Sony Playstation were disrupted by DDoS attacks in 2014. Mirai has kept a low profile since it knocked DNS service provider Dyn for a loop last month, but that doesn’t mean it won’t be back, Akamai says. The type of person who likely launched that attack is the type likely to use MIrai for a follow-up to the 2014 attacks.

The Dyn IoT DDoS flood was pinned on gamers who wanted to take down a gaming site, likely Playstation Network. According to Lance James, the chief scientist at Flashpoint, the attack was, “teenagers losing their emotions over videogames,” who “took down more than even the attackers hoped to take down.” DDoS attacks in general have been on the rise, the Akamai report says, up 71% over Q3 last year. The good news is that some forms of DDoS seem to be on the wane, network time protocol (NTP) attacks in particular. That’s because the open NTP servers used to reflect and amplify attack traffic are getting cleaned up, so there are few of them off of which to bounce traffic.

The number of attacks has grown over time but the amount of traffic generated by each has gotten less.

The average size of an NTP attack in June 2014 was greater than 40Gbps.

This June it was 700Mbps. When these attacks were on the rise, the vulnerable servers being used to carry them out became apparent, leading their owners or third party observers to take note and secure them. “It appears that June was the critical inflection point, when not only did available NTP reflection bandwidth shrink, but botnet owners pivoted to other protocols for their traffic,” Akamai says. Meanwhile, UDP fragmentation attacks accounted for nearly a quarter (24.56%) of all DDoS attacks observed by Akamai in the third quarter.

These attacks send fraudulent fragmented packets to the target server, but they are designed so they cannot be reassembled.

That chews up processor time on the server, eventually leading to it becoming overwhelmed. But Akamai says the recent success of IoT botnets means they will be used more until defenders find a way to defeat them. “It is very likely that malicious actors are now working diligently to understand how they can capture their own huge botnet of IoT devices to create the next largest DDoS ever,” Akamai says. This story, "Akamai warns: Look for IoT devices to attack during Thanksgiving, Christmas" was originally published by Network World.

Google responds in EU antitrust case: “Android hasn’t hurt competition”

Illustration by Aurich Lawsonreader comments 19 Share this story Google—as expected—has dismissed the European Commission's charge that the ad giant abused Android’s dominance to block its competitors in the market. The company is accused of using Android’s position as the dominant smartphone operating system in Europe to force manufacturers to pre-install Google services while locking out competitors. Competition commissioner Margrethe Vestager sent a so-called Statement of Objections to Google in April. On Thursday, the multinational corporation defended its position and spoke of the open source nature of the Android operating system.
It also compared a typical Android smartphone to rivals Apple and Microsoft.

According to Google, 39 out of 39 pre-installed apps are from Apple on iPhone 7, and 39 out of 47 pre-installed apps on the Microsoft Lumia 550 are from Microsoft. In a blog post on Thursday, Google general counsel Kent Walker said: "The response we filed today shows how the Android ecosystem carefully balances the interests of users, developers, hardware makers, and mobile network operators.

Android hasn’t hurt competition, it’s expanded it." The 100-plus page response to the commission focuses on metrics in an attempt to add weight to the claim that it hasn't abused any competitive advantage. Walker said: The commission’s case is based on the idea that Android doesn’t compete with Apple’s iOS. We don’t see it that way.
In fact, 89 percent of respondents to the commission’s own market survey confirmed that Android and Apple compete.

To ignore competition with Apple is to miss the defining feature of today’s competitive smartphone landscape. Walker claimed that possible remedies to resolve the case could create fragmentation in the mobile ecosystem. "The commission’s preliminary findings underestimate the importance of developers," he said. Walker continued: The commission argues that we shouldn’t offer some Google apps as part of a suite. No manufacturer is obliged to preload any Google apps on an Android phone.

But we do offer manufacturers a suite of apps so that when you buy a new phone, you can access a familiar set of basic services.

Android’s competitors, including Apple’s iPhone and Microsoft’s Windows phone, not only do the same, but they allow much less choice. Vestager can fine the search behemoth up to 10 percent of its global turnover—around $7.4 billion (£5.9 billion)—if she finds Google guilty of wrongdoing. Google is currently appealing against a similar case in Russia after authorities fined the company approximately 438 million rubles  ($6.8 million, £5.25 million) in an almost identical Android antitrust case earlier this year. Yandex, Russia's biggest search engine and the main complainant in that case, is also one of four complainants in the EU case.

Google rivals Microsoft, Nokia, and Oracle—under the Fairsearch umbrella organisation—lodged the first complaint against Android in 2013. Fairsearch said in a statement to Ars: Google says there's no problem because Android is 'open.' The truth is that Android is today a closed operating system, and any claim to the contrary is disingenuous.

Any manufacturer or network operator seeking to differentiate its devices or services is prevented from doing so by the web of Google's contractual restrictions. Google imposes severe sanctions on those who defy its insistence on conformity.

For example, a phone maker that offers even a few phones that do not comply with Google's straitjacket faces a cut-off from all of Google’s branded products. US ad-blocking firm Disconnect and Aptoide, a rival Portuguese Android app store, have also complained. None had responded to requests for comment from Ars at time of publication. Google separately faces antitrust charges on favouring its own search services and price comparison offerings over those of its rivals and for allegedly breaching competition rules with its mammoth ad business. Last week, Google rebuffed both of those charges. This post originated on Ars Technica UK

Symantec Norton Security Deluxe (2017)

Only a handful of brands have as much weight in the security suite as Symantec's Norton.

The 2017 edition of Symantec Norton Security Deluxe continues a long tradition of top-notch security, as confirmed by independent labs and my own hands-on testing and evaluation.
Installed in Windows, it's a top-tier security suite, and Mac users also get a suite, not just an antivirus.

As for the Android edition, it's an Editors' Choice.
Support for iOS is pretty limited, but that's typical. Overall, the suite is excellent, but it's just shy of an Editors' Choice award. A $79.99 per year Norton subscription lets you install Norton's security products on up to five Windows, Android, macOS, or iOS devices. Webroot charges the same for five licenses, while Trend Micro lists for $89.95.

For about the same as Trend Micro's price, you can install McAfee's top-level security software on all the devices in your household. Oh, and for that rare individual who just has one device, Norton Security Standard protects a single PC or Mac for $59.99 per year. You'll find that all of these prices are frequently discounted, sometimes deeply. As with many cross-platform multi-device suites, Norton's online console is central to managing and installing protection. You start by creating your account and entering your license key.

At that point you can download and install Norton Security for your Windows system. You can also extend protection for up to four other devices.
I'll go into detail about protection on other platforms later in this review. Appearance-wise, there's not much change since last year.

The main window still features four panels devoted to Security, Identity, Performance, and More Norton.

Clicking a panel slides down the whole panel row, revealing additional icons related to the panel you clicked.

For example, when you click Security, you get icons for Scans, LiveUpdate, History, and Advanced. Most of the new developments are invisible. New Protection LayersKeeping up with the very latest malware innovations requires expertise, study, and analysis. Having researchers perform that analysis can take too long, so a couple of years ago Symantec launched an initiative focusing on machine learning.

According to my Symantec contact, the team "consists of 10 PhDs and two research Engineers from top schools, with combined 100+ years of experience in applied machine learning." That's quite a brain trust. Symantec has always taken a layered approach to system protection.

At the network level, Norton fends off attacks and blocks contact with malicious websites.
If a malicious file makes it onto your disk, the antivirus scan may wipe it out. Other factors such as file prevalence and behavior-based blocking come into play. The current product line adds several new layers to the protection mix. Proactive Exploit Protection actively prevents exploit techniques such as heap spray and ROP (Return Oriented Programming).

Threat Emulation handles malware that has been encrypted, packed, or obfuscated by running it in a controlled environment and evaluating it after it self-decrypts, much like Check Point ZoneAlarm Extreme Security 2017's similar feature.

And a predictive machine-learning algorithm aims to catch even the freshest and most innovative malware. These new layers aren't visible to the user (or even the expert).

But they help Norton keep malware out of your system. Shared AntivirusAfter a brief hiatus, Symantec again offers antivirus product, Symantec Norton AntiVirus Basic.

Feature-wise, the suite's antivirus protection is identical. However, where users of the standalone antivirus must rely on FAQs and forums for support, the suite adds a full range of tech support, and a Virus Protection Promise—if Symantec's tech support agents can't rid your system of pesky malware, the company will refund your money.

But as far as features go, the suite's antivirus protection is identical. Read my review for all the juicy antivirus details. Norton doesn't participate with all of the independent testing labs that I follow, but those that do include it give it high marks.
In the three-part test performed by AV-Test Institute, it got top marks for malware protection and low false positives, though it slipped in performance, taking 5 of 6 possible points.
Its total of 17 points is good, but Trend Micro Maximum Security, Bitdefender, and Kaspersky managed 18 of 18 possible points in the latest test.

There's nothing second-rate about a perfect AAA rating from Simon Edwards Labs, though.

And Norton is one of a very few products to pass two tests performed by MRG-Effitas.
Its aggregate lab score, 9.7 points out of a possible 10, beats all others except Kaspersky Total Security. Norton also did very well in my own hands-on tests.
Its detection rate of 97 percent and malware-blocking score of 9.7 are among the best, though Webroot did manage a perfect 10 points. When I tested Norton with 100 very recent malware-hosting URLs, it blocked 98 percent of the malware downloads.
In some cases, its Web-based protection kept the browser from even visiting the malicious URL, but mostly the Download Insight feature eliminated the malware payload. Only Avira Antivirus Pro 2016 has done better in recent tests, with 99 percent protection. I use Norton as a touchstone for measuring antiphishing success, reporting the difference between the tested product's protection rate and Norton's. Webroot, Bitdefender Internet Security 2017, and Kaspersky are the only recent products that have done better than Norton.

And of course it's significantly more accurate than the phishing protection built into Chrome, Firefox, and Internet Explorer. Other Shared FeaturesDespite the word Basic in its name, Norton's standalone antivirus offers a lot more than just the basics.
It doesn't include full firewall functionality, but in testing, its Intrusion Prevention component did an impressive job blocking exploit attacks, stopping them at the network level and identifying many of them by name. You'll also find a complete antispam component that filters POP3 email accounts and integrates with Microsoft Outlook. A Norton Insight scan lists all the files on your computer, along with the trust level for each, prevalence among Norton users, and impact on system resources.

The antivirus scanner uses Norton Insight results to avoid scanning known and trusted files.

The Norton Safe Web browser extension uses red, yellow, and green icons to flag safe, iffy, and dangerous links in search results. You can click through for a full report on just why a given site got the rating it did. The Symantec Norton Identity Safe password manager is free for anyone to use, but having it integrated with your Norton protection is convenient.
It handles all basic password manager functions and syncs across all your devices, though it lacks advanced features like two-factor authentication and secure password sharing. Several of the shared features aim to improve your system's performance. Using the startup manager, you can reversibly disable programs from launching at startup, or set them to launch after a delay.

The File Cleanup tool wipes temporary files that waste space.

There's even a disk defragger, in case you don't have Windows optimizing disk fragmentation in the background. See How We Test Security Software Intelligent FirewallAs noted, the standalone antivirus includes a powerful Intrusion Prevention tool, a feature more commonly associated with firewall protection. With the suite, you get a complete two-way firewall. The built-in Windows firewall completely handles the task of stealthing your PC's ports and preventing outside attack.

Any firewall that aims to replace the built-in needs to do at least as well. Norton passed my port-scan and other Web-based tests with flying colors. What you don't get with the Windows firewall is control over how programs access the Internet and network.

Don't worry; Norton won't bombard you with confusing queries about what ports and IP addresses a given program should be allowed to access.
It handles such matters internally, automatically assigning network permissions to the vast number of known and trusted programs in its online database. When Norton encounters an unknown program attempting Internet access, it cranks up the sensitivity of its behavior-based malware detection for that program, and keeps an eye on its connections.
If the program misbehaves, Norton cuts its connection and eliminates it.

This isn't quite the same as the journal and rollback technology that McAfee and Webroot SecureAnywhere Internet Security Complete apply to unknown programs, but it's effective. I always do my best to disable firewall protection using techniques that would be available to a malware coder. Norton doesn't expose any significant settings in the Registry, so that route is out.

Both of its processes resist termination.

And its single Windows service can't be stopped or disabled.
It's worth noting that this isn't always the case.
I completely disabled all processes and services for ThreatTrack Vipre Internet Security Pro 2016, for example.

And while the majority of McAfee's 14 processes and 13 services resisted attack, quite a few succumbed. Excellent Android ProtectionNorton's standalone antivirus is PC-specific. With the suite, you can cover your Mac, Android, and iOS devices as well.

Click More Norton in the program's main window, then click the Show Me How button to get started.
Sign in to your Norton account and enter the email address used on the device you want to protect. Unlike the similar feature in McAfee LiveSafe, you don't have to choose the platform.

Clicking the emailed link on the device automatically selects the proper download. On an Android device, you get Norton Security and Antivirus (for Android).

Along with Bitdefender Mobile Security and Antivirus, this product is an Editors' Choice for Android security. Please read our review of that product for a deep dive into its features.
I'll summarize here. Note that the Android app has gotten a significant user interface redesign since our review, and more new features are due in the coming weeks. Immediately after installation, the antivirus runs an update and a scan. You also must activate the app for Device Administration in order to make use of its anti-theft features, and give it Accessibility permission so it can scan apps on Google Play. Norton scans for malicious and risky apps, as expected. More interestingly, its App Advisor works inside Google Play, checking every app you tap and reporting the risk level.

Tap the small notification at the bottom to see details of App Advisor's findings. Norton's extensive set of anti-theft features can be triggered either by logging in to the Web console or by sending coded SMS commands. Naturally you can use it to locate, lock, or wipe the device, and the scream feature helps find a misplaced device at home. When you lock the device, it displays a contact message of your choice, so someone who finds your lost device can arrange to return it. The Sneak Peek feature lets you remotely (and silently) snap a photo of whoever is holding the device. When you lock a lost or stolen device, it automatically snaps a photo every 10 minutes, and reports its location every five minutes. You can also remotely back up your contacts before resorting to the Wipe command, which performs a factory reset. There's a link to install the free separate App Lock app, and another to install a trial of the Norton WiFi Privacy VPN (Virtual Private Network).
It offers call blocking on Android smartphones.

And you can extend protection to another device directly from within the Android app. Suite for macOSIt's fairly common for multi-platform suites to give macOS short shrift, but Norton doesn't follow that trend. Norton Security on a Mac is a full security suite, not just antivirus. My Norton contacts say that the definition file size is down by two thirds in the current edition, which means faster scans and lower memory usage. As expected, the antivirus component scans files on access, on demand, and on schedule.
It can also scan inside ZIP files.

The full-scale firewall blocks dangerous network connections and controls how programs access the network.

The related Vulnerability Protection feature blocks port scan attacks and attacks attempting to exploit system vulnerabilities. Norton's Safe Web website reputation monitor installs in Chrome, Firefox, and Safari, marking up search results and optionally blocking access to dangerous sites, just as with the Windows edition. Phishing protection is likewise parallel to what you get with Windows. The File Guard feature aims to protect your most important files from unauthorized modification. You can set it to guard up to 250 specific files.
It doesn't protect an entire folder the way Trend Micro's Folder Shield or Bitdefender's Data Shield do.

Files under guard can't be opened, moved, copied, or deleted. You can optionally let system processes like Finder and Spotlight manage guarded files.
If you want to manipulate or modify a file that's under guard, you simply enter your password in the popup notification. Find Your iOS Devices You may want to think twice about using up one of your five licenses to protect an iOS device, as the feature set on iOS is seriously limited. Norton does offer to back up your contacts, just as it does under Android. You can use the Web portal to locate your iOS device.

And you can trigger a loud alarm to help find a nearby device.
Is it under the sofa? Or in that scruffy guy's backpack? But that's the extend of anti-theft. You can't lock or wipe the device, and you certainly can't snap a sneak peek photo. The iOS version does offer one unusual feature.

As long as you're using a device with microphone and speakers, say, a laptop or another mobile device, you can make an Internet call to the lost or stolen device. Note, though, that this won't work if the device is locked with a PIN or passcode. That's the extent of mobile security on iOS devices. No Performance WorriesAround 10 years ago, Norton had a reputation for being a resource hog, offering security at the expense of performance.

The developers quashed that reputation by spiffing up the suite's performance, and they continue to work toward less and less performance impact. I check performance using three tests that measure boot time, the time to move and copy a ton of files between drives, and the time to zip and unzip that same collection of files.
I average the results of multiple tests with no suite installed, then install the suite and average another round of testing. Norton's results were outstanding, quite a bit better than last year's.

They were so outstanding that, just to be sure, I uninstalled the product and repeated the whole process.

The results were the same within a few percent. Norton had no measurable effect on the boot time test or zip/unzip test.

The file move and copy test took 16 percent longer with Norton watching over the test system, well below the current average of 24 percent.
It's pretty clear that you don't have to worry about Norton dragging down your system's performance. Overshadowed by PremierAntivirus protection in Norton Internet Security Deluxe is excellent, with very high marks in my hands-on tests and in independent lab tests.
Its phishing protection is so good that I use it as a touchstone for evaluating other products.

Add a self-sufficient, tough firewall and a straightforward antispam tool and you've got a fine suite for your Windows devices. Norton's Android security product is an Editors' Choice, and it offers more under macOS than many.

Granted, it doesn't do a lot on iOS devices, but they do tend to need less protection. The main reason this product isn't an Editors' Choice for cross-platform multi-device suite is that its big brother, Norton Internet Security Premier, is significantly better.

For just $10 more, Premier gets you twice as many licenses, plus some significant added features.
It's a seriously better deal, well worth an Editors' Choice. Our other top pick in this category, McAfee LiveSafe, doesn't offer quite the stellar protection that Norton does, but a single subscription lets you install protection on every device in your household. Sub-Ratings:Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.Firewall: Antivirus: Performance: Privacy: Parental Control: n/a Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.

Microsoft Begins New Update Process for Windows 7 and 8.1

NEWS ANALYSIS: Beginning this week, all updates will be roll-ups, with complete cumulative updates to begin in 2017, eliminating the ability to choose individual patches. Starting this week (on Oct. 11), Microsoft will change its update method for Wind...

Internet of Things security? Start with who owns the data

Cambridge Wireless event chews the fat over key questions “Defence is only as strong as the weakest link,” said Tim Phipps of Solarflare at today’s Cambridge Wireless event on security within the Internet of Things. Today's Cambridge Wireless event was part of its Special Interest Group focusing on security and defence.
In particular, on securing and defending the Internet of Things. Speaking to an audience of about 50 network industry executives this afternoon, Phipps highlighted three security challenges for the IoT: data loss, particularly with last week’s Yahoo! hack of half a billion user accounts; hijacking, such as the controversial Jeep hack published a little while ago; and consumer products, particularly, with the latter, medical device hacks of items including pacemakers and insulin pumps. Phipps also highlighted how Ken Munro of PenTest Partners had “made children’s toys swear” by hacking them, which drew general laughs. Building on that point of how a trivial hack can lead to bigger things - in the case of Munro and an IoT kettle, the host Wi-Fi network's authentication keys - however, Phipps warned: “The attacker needs to overwhelm you in just one place to be successful.
If it delivers on the promises of the hype, IoT looks like something that will be integrated into our home life, transportation, cities, and … even improving our health." “I think this is a Wild West industry” thundered Paul Tindall of Sepura, following on from Phipps, opening a talk that focused on IoT security beyond the simple headlines. “It is fragmented and that makes security harder to apply." "If you consider the fragmentation of the standards as well," he continued, "you cannot trust security due to the fact that you’re using an unusual standard. We’ve got to apply proper governance around this.” Take the example of a body-worn sensor such as a Fitbit health monitor which generates data about you, he said. "I think I own that data.

At some point that data is aggregated and [the aggregating party] is going to fuse that data with data from other sources.
If you wrap context around those sources you turn that into valuable information.
I don’t know who owns that information.

Actually, I think that gets really complicated from a legal point of view.” The legal side of things was a point that was returned to later on. So what could possibly go wrong? Adrian Winkles of Anglia Ruskin University, an information security lecturer, said: “IoT security is not device security.
IoT is end-to-end.
It has many different facets, many different faces.

There’s a whole raft of things we have to think about.” The DDoSing of Things Referring to the recent DDoS of Brian Krebs, which was powered by an IoT botnet – “cameras, lightbulbs and thermostats” all generating 990Gbps of traffic, “which would take most government websites down” - he contrasted what people think they have, in terms of networked devices, with what they actually have in terms of traffic types.
In brief, your devices generate far more information about you than the ordinary punter ever realises. Winkles summed it up neatly: “Security is like a stack of Swiss cheese.

Each slices covers up holes in the slices below it.” “You could make a financial difference by building security in,” added Winkles, who quoted NIST: “The cost of fixing a bug in the field is $30k vs $5k during coding.” As for baking proper infosec practices into the Internet of Things, Winkles was forthright about taking a top-down approach: There’s an argument that says you start from the boardroom.

The pressure to be first to market doesn’t feature security.

The pressure to reduce costs? If you ignore security, you do so at your peril; it's going to cost you more in the long run.

Educate boardroom and senior management to build security in from the start.

Appoint a Chief Information Security Officer. What I’m touting is bottom up and top down.

The end message is to build security in. Finally, in the first half of the afternoon, Laurence Kalman, a lawyer from international law firm Olswang, spoke about the legal problems the Internet of Things throws up. “Privacy and security are what’s got everyone talking,” he said. Much of the data generated by IoT devices “is also personal data”, including a vast range of data about “an individual." This includes things such as “driving habits” in the case of smart satnavs and other sensitive data. As his slide deck put it, “the success of the IoT both from an individual device and application perspective, and more broadly as something we accept into our lives, will come down to users' confidence.” There is no law of the IoT as such, said Kalman. “Having said that, IOT has attracted significant focus from regulators,” he continued, highlighting how the EU has issued consultations and solicited other expressions of interest from the industry. “Europe could be a very productive place to do business on the IOT,” he concluded. What about the detail-slurpage? What about data ownership? “Who owns data in the IOT? The answer is, it’s complicated.

From a legal perspective, the question of ownership isn’t a simple one to answer.

There’s no property rights in it, as such.

There might be intellectual property in data if you do certain things to do it to take it beyond a certain piece of information.

Complications of data, databases, might attract copyright protection… you could see these IP rights arising at some point in the IOT value chain but its not the case that each part of IOT data will have ownership attached to it in the first place.” The Data Protection Act “has very broad application” to the IOT, he said. “In the IOT world, where there's thousands of devices and infrastructure at various stages of the chain, its very easy for infrastructure owners to fall within that domain.” In particular, it could be “the device manufacturer”, or “the social network that disseminates that data” or even “the health insurer who takes that data and offers a product from it”. “There’s no cyber security regulation as such that applies to IOT stakeholders as such,” concluded Kalman. He said the EU’s new GDPR would apply from 25 May 2016, noting that the E-Privacy Directive is currently under review and that the Network and Information Security Directive will also come into play for IoT manufacturers. One questioner from the floor touched on an area that drew great interest from the assembled audience. “Quite often I can see a conflict between business processes that need audit trails and the desire to delete data.” Kalman, answering, said: “The tendency up until now is that there’s been little focus on” what data do I need.

That sort of good housekeeping “have had less focus and that will have to change with the regulatory direction we’re receiving.

Businesses are going to have to work out where the balance lies.” ®

Symantec Norton AntiVirus Basic

A couple of years ago, Symantec rolled the entire Norton product line, including its standalone antivirus product, into a large-scale, multi-platform security suite.

That left me needing to repeatedly explain to software conspiracy theorists why Norton didn't show up in my roundup of the best antivirus products.

Apparently those commenters and I weren't the only ones who missed the antivirus, as Symantec has brought it back, very successfully. Norton AntiVirus Basic is a winner. With a list price of $39.99 per year to protect one computer against malware, Norton AntiVirus Basic is more expensive than some of the company's other products on a per-device basis, but it's completely in line with its standalone antivirus competition.
Symantec Norton Security Premium, on the other hand, protects up to 10 devices for $89.99 per year, and includes 25GB of hosted online backup. Note that AntiVirus Basic is currently on sale for half its list price. I asked my Symantec contact why the company decided to bring back a standalone antivirus tool. "We saw there was a need for a low-cost, robust, PC-focused solution," he answered. "This need is not adequately addressed by freeware.

This product is primarily aimed at the value-oriented, tech-minded user who may already have a firewall, backup system, and so on." He went on to point out that Norton AntiVirus Basic offers the same enterprise-grade protection found in the suite. The suite offers full-scale tech support, with a guarantee that support agents will do everything necessary to keep your system virus-free, or your money back.

That guarantee doesn't come with Norton AntiVirus Basic, however.
In fact, tech support for this product is limited to self-help and community forums.

That's probably fine for the value-oriented, tech-minded customer mentioned above, but it is one drawback to the product. Note that Norton AntiVirus Basic isn't yet available in all markets.
If you're in Australia, Canada, France, Germany the US, or the UK, you can get it.
If you're elsewhere, you may have to wait a bit. Quick Install, Intensive ScanWhen you launch the Norton installer, it downloads the very latest version of the software, including the latest antivirus definitions.
I like that. Why doesn't every antivirus install the latest definitions, rather than prompting the user to update after installation is finished? Once Norton is installed, it is totally ready to go. Well, almost.

A little while after the installation, you get a prompt to enable the Norton extensions in your browsers.
I'll talk more about the extensions themselves later on. Norton walks you through the process of installing the extensions, with explanatory panels and animated arrows. The main window itself is laid out much like the Norton suite, with four big buttons across the bottom and a panel above that reflects your security status.
If the green You Are Protected notification changes to You Are At Risk in red, just click the Fix Now button to set things right. A full scan of my standard clean test system took almost an hour and a quarter, whereas the average scan time for recent products is about 45 minutes.
It was thorough, for sure, checking more than 250,000 items.
I also ran a Norton Insight scan, which found 88 percent of the files on this system to be among those that should be trusted, not scanned.

A repeat of that full scan took just 10 minutes. This product includes Norton Power Eraser, a more aggressive scanner that aims to root out really persistent malware.
If you think the regular scan may have left something behind, a scan with Norton Power Eraser should fix it. Excellent Lab ResultsSymantec doesn't submit the Norton antivirus to all the labs I follow, but those that do include it in testing give it excellent marks. Like Kaspersky Anti-Virus (2017), Symantec doesn't participate in certification testing by ICSA Labs. Neither of these two have been rated in Virus Bulletin's RAP (reactive and protective) test lately, either. AV-Test Institute rates antivirus products on protection against malware attack, low performance impact, and minimal false positives, assigning up to six points in each of the three areas.
Symantec aced the protection and false positive components of the tests but lost a half-point in performance, for a total of 17.5. Kaspersky managed a perfect 18 in this test, while Bitdefender Antivirus Plus 2016 slipped to 17 in the latest report. I track five of the many tests regularly performed by AV-Comparatives.

Bitdefender and Kaspersky earned the top rating in all five of these tests.

Due to a long-standing disagreement over testing methodology, Symantec doesn't participate in this lab's testing. However, it received AAA certification, the best of five certification levels, from Simon Edwards Labs. Kaspersky also rated AAA, as did a few others. This year I've added a pair of tests by MRG-Effitas to my collection. One specifically focuses on banking malware, the other on the whole range of malware.

The majority of products simply fail these tests.
Symantec, Kaspersky, ESET, and Webroot SecureAnywhere AntiVirus (2016) are the only products that passed the banking malware test.
In the full-range test, products earn Level 1 certification if they completely prevent installation of every malware sample, or Level 2 certification if they remediate all malware infestations within a set time. Nobody got Level 1 certification in the latest round of testing. Kaspersky, Symantec, and Webroot were among the very few that managed Level 2 certification. Overall, Symantec's lab results beat out most competing products. With three labs reporting, my aggregate calculation yields a score of 9.7 points, out of a possible ten.
See the chart linked above for details. Kaspersky tops this chart, with 9.9 points for testing by four labs. Excellent Malware BlockingIn addition to closely following reports from the independent testing labs, I also run my own hands-on tests.
If my results don't jibe with the labs, I give the lab results more weight.
In this case, I didn't have to, as Norton performed equally well in my tests. For most products, my malware blocking test begins the moment I open the folder that contains my collection of malware samples.

The minor file access that occurs when Windows Explorer checks the file's details is enough to trigger on-access scanning.
Indeed, Norton eliminated 52 percent of the samples at this point.

That's actually on the low side. Kaspersky wiped out over 70 percent on sight, and Emsisoft Anti-Malware 11.0 caught over 80 percent. However, when I started launching the samples that survived that initial massacre, Norton proved its worth.
In almost every case, it either blocked the malware from launching or caught it based on behavior and completely reversed the malware's effects on the system. With 97 percent detection and 9.7 of 10 possible points, Norton scored very well. Webroot took the brass ring on this test, with a perfect 10 points. The samples in my malware-blocking test necessarily remain the same for many months, because it takes me weeks of work to prepare a new set.

For another view of each product's protective ability, I try to launch malware-hosting URLs from a feed supplied daily by MRG-Effitas.
I note whether the product diverted the browser away from the dangerous URL, wiped out the malware during or right after download, or sat idly without doing anything useful. I keep at this test until I accumulate data for 100 verified malicious URLs. Norton demonstrated excellent protective abilities, blocking fully 98 percent of the malicious downloads.
In most cases, the Download Insight component did the job, quite visibly.
It interrupted the download for known malware, but in many cases it performed on-the-fly analysis after the download, which identified the file as malicious. Only Avira Antivirus Pro 2016 has scored better here, with 99 percent protection, all by fending off the malware-hosting URL completely. Excellent Phishing ProtectionFor many years, Norton's browser extension has done a great job protecting users from phishing websites, fraudulent sites that try to steal login credentials by masquerading as PayPal, eBay, banks, and so on.
In fact, when I test antiphishing solutions, rather than give them a straight percentage rating I report on how their detection rate compares with Norton's. For this test, I set up five browsers, one protected by the product under test, one by Norton, and one by the built-in antiphishing components in Chrome, Firefox, and Internet Explorer.
I scrape the Web for the newest reported phishing sites, as much as possible using sites too new to have been blacklisted.
I do this because phishing sites are ephemeral.

By the time they're blacklisted, they may well be gone. Norton, like all the best phishing fighters, uses real time analysis to supplement its blacklist. I launch each one in all five browsers simultaneously.
If any of the browsers displays an error page, I discard that URL.

And of course, if the link is not actually a phishing attack, I discard it.

As with the malicious URL blocking test, I aim for at least 100 URLs. In this case, Norton itself is the product under test, which is a bit different.

To get its score against the three browsers, I averaged the difference from all of the other tests I've performed. Norton's detection rate came in 53 percent better than Firefox, 35 percent better than Internet Explorer, and 23 percent better than Chrome. Nearly a quarter of recent products fared worse than all three browsers in this test. Few products come close to Norton's accuracy, and even fewer do better. Webroot beat Norton's detection rate by 1 percentage point, and Bitdefender managed 2 percent better than Norton. Kaspersky came out at the top, with a detection rate 4 percentage points better than Norton's. Intrusion PreventionI typically think of intrusion prevention as a feature that goes with firewall protection, but it doesn't in any way require a firewall.
In fact this product, which has no firewall, has the same powerful intrusion prevention found in the Norton suite. My Symantec contact explained, "We couldn't imagine delivering a product under the Norton brand without including intrusion prevention." I tested this feature using about 30 exploits generated by the CORE Impact penetration tool.

An exploit attack attempts to gain control of the victim's operating system or of an important app by taking advantage of a security hole in its target. Norton aims to block these attacks at the network level, before even a trace reaches the protected PC. I found that after the first couple of exploits were caught, I started getting error messages for all the rest.
Sure enough, Norton's Intrusion AutoBlock noticed multiple exploits from the same IP address and set itself to block all traffic from that address for a half-hour.
I had to disable this feature in order to continue my test. Norton blocked 63 percent of the attacks overall.

For 37 percent, it identified the attack by name, and reported a generic name for another 26 percent. Norton's performance in this test is better than most competing products, and it catches the attacks at the network level where many competitors resort to eliminating the exploit's payload file. See How We Test Security Software Bonus FeaturesI've already mentioned the Norton Insight scan, which speeds up antivirus scanning by identifying known good files that don't require scanning. Norton Insight lists all of the files it checked, along with the trust level, the prevalence of that file in the network of Norton users, and the item's impact on system resources. Here's a surprising bonus feature—this antivirus includes the same antispam component found in the full Norton suite.
It filters POP3 email accounts and integrates with Microsoft Outlook, automatically tossing spam messages into their own folder.
If you're among the rare few who don't get spam filtered out by your email or webmail provider, this is a handy bonus. The Norton toolbar manages such things as keeping your browser from accessing malicious or fraudulent websites.
It also marks up search results with color-coded icons, green, yellow, and red for safe, iffy, and dangerous, as well as a special Norton Secured marker for verified shopping sites.
If you want to know just why Norton flags a site as red or yellow, you can click through for a detailed report. You can optionally install Norton Safe Search as your search provider, and make it your home page as well. Norton AntiVirus comes with the Symantec Norton Identity Safe password manager as a bonus.
It's true that you can get Identity Safe for free, but having it bundled with your antivirus is convenient.

There's also a link to Symantec's online password generator in the antivirus. Disk fragmentation isn't such a problem these days, now that modern Windows versions handle defragmenting in the background.
If you're using an old version, Norton's Disk Optimization component can help.
If your disk is only minimally fragmented, the tool doesn't waste time tweaking it. If your PC's pace is seriously dragging, you can put a spring back into its step with a tune-up utility. Norton's File Cleanup component doesn't come close to the abilities of those purpose-built tools, but it is a quick and easy way to wipe temporary files, both for Windows and for Internet Explorer. As time goes on, many of us tend to accumulate applications that launch at startup and then hang around using up memory and other system resources.

The more of these you have, the longer it takes to boot your system, too. Norton's Startup Manager lists all programs that launch at startup, identifying the resource usage of each as well as its prevalence in the community of Norton users. You can reversibly disable any of them that don't really need to launch at every boot, or delay launching some, to speed the process. Note that some standalone tune-up utilities also provide this feature. Great Antivirus and MoreI'm pleased with the return of Symantec Norton AntiVirus Basic.
It earned excellent test scores across the board, both with the independent testing labs and in all of our hands-on tests.

Bonus features like intrusion prevention, password management, and spam filtering make it even better.
It's an excellent addition to Symantec's security line, which for the last few years has consisted only of suites. Norton AntiVirus Basic joins the extensive pantheon of antivirus Editors' Choice products.
Its fellow honorees are Bitdefender Antivirus Plus, Kaspersky Anti-Virus, McAfee AntiVirus Plus, and Webroot SecureAnywhere Antivirus. Yes, there really are that many excellent choices when it comes to antivirus. Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.

PC Pitstop PC Matic With Super Shield

It's not at all uncommon for a small purveyor of antivirus software to license the actual antivirus engine from a bigger, more-established vendor. It's also fairly common for those small vendors to switch engines occasionally. But PC Pitstop PC Matic with Super Shield is the only recent product I can think of that has stopped licensing another company's engine and bring all development in house. It looks all but identical to the version product I reviewed in March, but under the hood it's quite different. It scored reasonably well in my tests, but not in a way that inspired confidence, as I'll explain. Previously, PC Pitstop licensed antivirus technology from ThreatTrack Vipre Antivirus 2016, running it in conjunction with the company's own Super Shield. With this update, Super Shield takes over the entire job of protecting your system from malware. PC Matic also contains numerous components that work to maintain and optimize your system's performance. This review focuses on the antivirus. With straight antivirus programs, the current trend is toward simplicity, displaying only what's important on the main window and using a limited range of calming, flat colors. PC Matic's main window doesn't follow that trend at all. Colorful images represent all of your protected computers—your $50 per year subscription lets you install the product on five PCs. And a large status area at the bottom is bursting with colorful icons representing past successes, such as patched vulnerabilities and Registry problems fixed. The buttons to launch a scan or check antivirus status don't dominate the screen the way they do with most antivirus products, though they're still prominent. Simple InstallationYou don't have to purchase PC Matic to try it out, so I started by installing the free edition. After a quick install it gave me a choice: log in with my PC Pitstop account or continue on a free trial. I chose to continue, which brought me to a page of scan options. Here I retained the defaults, meaning I allowed it to scan disks, run benchmarks, and check for malware. The scan included four parts: Internet Speed, Stability, Security, and Performance. On completion, the scan displayed a busy, colorful report of its findings, with a button to fix all the problems it found. When I clicked the button, it prompted me to purchase the full program; I did not do so. I did, however, reboot a few times to see if I'd get ransomware-like demands for payment, as described in one of the negative videos. I observed no such behavior. Of course, this review is about the full, commercial edition of the product. Before going any further, I discarded the free edition and reinstalled, attempting to create a PC Pitstop account and register my license key. Surprise! Apparently I already had an account, but I didn't know the password. I was slightly shocked to find that the password recovery email simply displayed my password in plain text. I notified the company about this back in March, and they said they were fixing this glaring security problem. However, it's not fixed as of this writing. Too Little From LabsI'm always pleased to get confirmation of an antivirus product's abilities (or lack of same) from the independent antivirus testing labs around the world. Alas, there's not a lot of lab test information about PC Matic, certainly not enough for me to come up with an aggregate lab score. Here's what I do know from the labs. PC Matic has received certification from ICSA Labs for malware detection. Certification is not a matter of percentages—if a product doesn't hit the goal, the lab reports what went wrong and gives the product another try. Achieving certification is clear confirmation that the product works. Since that earlier review, I've changed the way I track the independent labs slightly. I used to count up how many VB100 awards each product got from Virus Bulletin. To reach VB100, a product must detect all malware samples and refrain from flagging any valid programs as malicious. A single false positive means no award. In several of these tests, PC Matic threw hundreds of false positives, but that seems to have stopped in the most recent tests. For my current lab aggregate score, I look at Virus Bulletin's RAP (reactive and proactive) test, which assigns scores up to 100 percent. With 95.95 percent, TrustPort Antivirus 2015 currently has the best score in this test. PC Matic's 87.07 is very close to the average for programs that I track. My contact at PC Pitstop tells me that the company is submitting PC Matic for testing by at least one major lab, but the results won't be available for a while. Right now, I don't have enough info from the labs to declare an aggregate score. The labs reveal a lot more about programs like Bitdefender Antivirus Plus 2016 and Kaspersky Anti-Virus (2017), which get excellent marks in numerous lab tests that go into detail about actual antivirus capabilities. Good Malware Blocking, But…Given the dearth of lab results, my own hands-on tests take on more importance. Many products start real-time scanning the moment I open the folder containing my samples. Not PC Matic. It doesn't scan files on every access, unless you modify its default settings. Doing so can conceivably slow normal file manipulation actions, and this product is about speeding up your PC, not slowing it. When I tried to launch my samples, PC Matic prevented every single one of them from executing. It blocked some right away, but for others there was a noticeable delay before the blocking notification appeared. In a few cases, this delay ran to more than 20 seconds. My PC Pitstop contact explained that PC Matic checks each file's reputation with the company's servers, and the time required can vary depending on server load. After that initial check, known good or known bad programs don't need to be checked again. Note that PC Matic didn't delete or quarantine the samples; it just blocked execution. That's slightly worrisome to me. What happens if the antivirus crashes? I prefer to see known bad files locked away or deleted. Per my contact at the company, unknown files get uploaded for categorization, which typically takes less than six hours. Knowing that, I ran my test again a day later, checking the Super Shield log to see each file's disposition. The results were puzzling. Poring over the log, I found 55 percent of the samples marked as bad, and 22.5 percent still marked as unknown. Another 22.5 percent didn't appear in the log at all, although PC Matic actively blocked them from launching. Do I say that PC Matic detected 100 percent of the samples, because it blocked them all from loading? Or do I call its detection rate 55 percent, because it only identified that many as bad? I'm leaving the score at 100 percent, but with a mental reservation. Webroot SecureAnywhere AntiVirus (2016) also detected 100 percent of the samples, and also earned 10 of 10 possible points, but it did so in a very different way. Webroot wipes out known malware on sight and runs unknown programs in a special mode that prevents them from taking any irreversible actions, like sending your credit card number to Boris RipYouOff. It journals all activity by the suspect program and, if it proves to be malicious, rolls back everything the program did. For every sample, Webroot either eliminated it on sight or wiped out its changes after detecting malicious activity. PC Pitstop recommends that after a detection you should run a full scan. When I did so, the results were also puzzling. The scan actively identified three of my testing tools as viruses, which was just wrong. It only quarantined a couple of the actual malware samples. The final screen of the scan recommended rebooting and scanning again. That second scan caught a few more of the malware samples. Why didn't it catch them the first time? My PC Pitstop contact suggested a server load issue, and pointed out that in any case unknown programs wouldn't be allowed to execute. A third scan brought no more changes. PC Matic's scan only identified a quarter of the samples as malware, which is peculiar, given that Super Shield marked 55 percent of them as bad. I'm beginning to miss the licensed antivirus engine. PC Matic doesn't include a Web protection component, other than a simple ad blocker. You won't see it blocking access to malware-hosting websites or phishing sites. My malicious URL blocking test does give equal credit for wiping out downloads and for blocking all access to bad URLs, but it does not include launching downloaded files. In order to perform this test, I had to right-click PC Matic's icon and choose Protection Level > Monitor File Access. This triggered a warning that monitoring file access might slow file system activities. The URLs I use for this test, kindly supplied by MRG-Effitas, are no more than a day old, quite different from my relatively static malware collection. Their newness seems to have worked to PC Matic's advantage, as it flagged 98 percent of the malware payloads. However, a scan only quarantined two of the downloaded samples; the rest were merely unknown. I don't see that result as comparable to a product like Avira Antivirus 2016, which actively prevented the browser from even visiting 99 percent of the malware-hosting URLs. McAfee AntiVirus Plus (2016) and Symantec Norton Security Premium both blocked 91 percent of the malware downloads. McAfee's protection skewed strongly toward blocking URLs, while Norton mostly wiped out the downloaded malware. About Those False Positives…PC Matic did throw some false positives during my earlier testing. It permitted installation of the 20 PCMag utilities that I use for a false positive sanity check, but blocked three of the installed utilities from executing. This time around it let them all install and run, though I observed some lengthy pauses. In one case, PC Matic's examination caused a 25-second delay before the installer actually launched. See How We Test Security Software Of course, PC Matic did see all those files back in March, so they're probably in its database of known programs now. For another quick sanity check, I downloaded 20 of the countless free utilities available from Nirsoft. All of these ran without any complaints from PC Matic. And, as I noted earlier, in the four most recent tests by Virus Bulletin, PC Matic didn't display any false positives (though it also didn't receive the VB100 award). Malware Scanning with PC MaticGetting a precise handle on how long a PC Matic malware scan takes isn't easy. Even when I unchecked all scan choices except malware, the scanner still performed a number of optimizations such as searching for junk files. I found that it finished in about 30 minutes, well below the average of current products, but nothing like the speedy 10-minute scan I timed with the previous version. As noted, I also found that it only quarantined a quarter of the malware samples, though the real-time protection stopped them all from launching. It still quarantines files by appending the extension .pcpquar. My company contact told me back in March that the developers were working on a more robust quarantine system, but clearly it isn't here yet. For now, if a file is quarantined in error you can simply remove the added extension and run a new scan. When the scan finishes, dig into to the list of alleged malware and check off any that you want whitelisted. I did find that PC Matic also quarantined some of my hand-coded analysis tools. To be fair, those exist nowhere but on my virtual machines, so they're unlikely to show up in any whitelist. PC Matic didn't quarantine any other files beyond those tools and the actual malware samples. I also maintain a folder containing hand-modified versions of my malware collection. For each sample, I changed the filename, appended nulls to change the file size, and tweaked a few non-executable bytes. As before, PC Matic's scan didn't detect a single one of these, which suggests its malware definitions may be too rigid. Competing antivirus products typically detect almost all of the hand-tweaked samples just the same as they detect the originals. System OptimizationThis review focuses on the antivirus capabilities of PC Matic, but there's a lot more to the product than that. In fact, most of PC Matic is designed to keep your PC optimized and up-to-date. My concentration on the malware-blocking features got me a polite admonition from the program, saying, "We noticed that you have not run a scan and clean on this computer." The full scan runs through dozens of analyses, grouped into four parts: Internet Speed, Stability, Security, and Performance. Specific tasks include scanning for junk files, optimizing the Registry, and running system benchmarks, among many others. When the scan finishes, it displays a page loaded with color-coded result summaries. You can click on any of them for details, or just click the big Fix All button. The full scan and fix took a while, mostly because it includes the slow process of fixing disk fragmentation. Even so, it was all done in less than 40 minutes. After a scan, the program advises rebooting and re-scanning. This repeat scan didn't result in a perfect score; there were still a few minor problems. I find that result encouragingly realistic. A program that doesn't actually perform system optimizations (as some denigrators have claimed) would surely display utter perfection after completing its spurious activity. Once you've run a scan, you can click for details about the particular PC you're using, and optionally schedule regular scans. A trio of slightly confusing dials indicate something about the system's CPU, RAM, and disk usage. You can also click for details on specific performance trends. However, I didn't find the trend graphs terribly informative. They seemed to show wild swings in things like used hard drive space, memory speed, and processor speed. It Works Based on my hands-on testing, PC Pitstop's PC Matic does seem to block malware from launching, but I'm a bit concerned about its ability to actually identify and quarantine malicious programs. Yes, it blocked all of my samples, but only identified 55 percent of them as bad, and its scan only quarantined 25 percent. It's also worth noting that if you search for PC Matic online, you'll turn up a raft of negative reviews (along with a few testimonials). It doesn't help that the company's hype-happy website contains items that are patently false, like most of the page comparing PC Matic to other software. At $50 for five licenses, PC Matic is inexpensive, and it optimizes your system performance. However, it lacks the Web-level protection that allows many products to steer your browser away from malicious and fraudulent URLs, and it didn't detect any of my hand-modified malware samples in testing. You'll do better spending your money on one of our Editors' Choice antivirus products, Webroot SecureAnywhere Antivirus, McAfee AntiVirus Plus, Kaspersky Anti-Virus, or Bitdefender Antivirus Plus. Back to top PCMag may earn affiliate commissions from the shopping links included on this page. These commissions do not affect how we test, rate or review products. To find out more, read our complete terms of use.