Ensuring your personal details are kept secure is vitally important, writes Stephen Fenech WOULD you ever consider walking up to a complete stranger and handing over your credit cards, bank account details, passwords, important computer files, email address and all of your personal details? Of course not. But that's exactly what many computer users may be doing every time they go online with out-of-date internet security software or no security at all
When the internet population was quickly growing, the main concern was your computer being infected with a virus which had the potential to strip out all your data, corrupt your files and leave you with a worthless pile of hardware. While hackers have taken great delight in spreading harmful viruses and breaking into and defacing websites, their work has developed into one with a more sinister motive
Today they want to hit your wallet
Some of the methods employed include installing code in legitimate websites which exposes vulnerabilities in a visitor's system
Malicious programs, or malware, can then be installed to log keystrokes and even use the computer to distribute spam
There is a new piece of malware introduced somewhere on the internet every 30 seconds with 38 per cent of all malware created in 2007 alone. Of these, 80 per cent are financially motivated
Other scams involve "phishing", which is tricking the user to volunteer their credit card or bank account information
Many have fallen victim to this ruse after receiving emails that appear to be from reputable companies and being directed to sites which look legitimate, right down to the branding. A recent example was the site which was posing as an online ticket office for the Beijing Olympic Games
David Peterson, consumer segment director for internet security company Trend Micro, says today's hacker doesn't want to be noticed
"People used to do mass defacement and vandalised a thousand websites - now you don't hear about any of that because they don't make a big noise about it - they just pop something in there and wait for the identity information to flow in," he says
"It used to be that if you exercised a bit of commonsense, you'd be OK. If you see a Westpac website spelled with two Vs, don't go there." But Peterson says hackers have turned their attention away from individuals and have started targetting sites that attract lots of people
"The way it happens isn't through someone hacking your computer. It's someone hacking a website and taking out tens of thousands of people at once," he says
"The prime targets are the big, legit websites that appear on Google and the sites with brands attached to them." "It's called a drive-by download. You go to the site and everything looks fine. There's a little bit of code on the page but you don't notice anything wrong until one day ..
"You can go to an online banking website or online shopping and you key in your credit card number. Even though it is a secure website with a padlock down the bottom of the browser - the website may be secure but your computer isn't." Recent examples of well-known sites which were compromised by hackers and serving up malicious code without the owner's knowledge include whitepages.com.au and the official Sydney Opera House web page
Webmasters of these sites swung into action quickly but not before potentially thousands of visitors were exposed
But perhaps the most startling aspect is the fact an underground economy exists to buy and sell stolen information and connections to compromised computers
Peterson says this black economy is thriving
"It's scary big business," he says
"There's a big market for the information that gets grabbed
"If they can get into your computer so that it can be used to serve spam - your computer's worth 10 cents when it's sold en masse as part of a batch of 1000
"If they collect good bank account information, that's worth about $50 on the open market. Some even come with a moneyback guarantee if this stuff gets detected." The challenge for internet security companies such as Trend Micro, Symantec which make the Norton products - Kaspersky Labs, F-Secure and McAfee, is trying to stay a step ahead of the hackers
"Among online criminals there is a notion of time-based competition," Peterson says
"They know that if they put a virus or anything out there, it will be detected eventually, so they have a certain window of time while they can get away with stuff while the security researchers catch up with them
"The average life cycle of a online threat now is about six hours - they'll put it out for six hours and then they'll put out the next one." Trend Micro's labs employ people around the world to constantly check websites
"We're pulling in information and looking at things using advanced forensic techniques to spot not only what's already out but also the dodgy people who are likely to be doing something," Peterson says
One of the main motivations for online fraud is money laundering. But one would think that if money was siphoned from a user's account it would leave a trail
Not so, says Peterson
"That's where the money laundering skills come in. It gets transferred to another account and sprayed out to other accounts through countries which have got some strict banking privacy rules
"Another popular use for credit card fraud is buying stuff and converting it to cash
"If someone wants to register a dodgy domain name or set up a new phishing website - they have to pay for it by credit card but they're not going to use theirs - they'll use your stolen credit card
"Then the police will be knocking on your door and not theirs." The latest versions of internet security suites incorporate many new features designed to provide the user with the best possible protection
Trend Micro's products include features where it encrypts everything that is typed into a browser, so if a key-logger is installed, it would only pick up rubbish
Parental control features have also been enhanced in the latest bundles, with the ability to create age-appropriate web settings
It is also possible to prevent data leakage, especially from a computer that has multiple users which may include children
This can be set to prevent anyone from giving out any personal information without the consent of the computer's administrator
But while having protection is good, what many users complain about is the strain the software puts on their system
McAfee Australia consumer director Monica Kelly says it's important the security suite knows the right time to do a scan and doesn't bring the computer to a standstill
"People don't want to be interrupted because it defeats the whole purpose of having a high-end PC," she says
McAfee's security software has a "do not disturb" facility that will delay running scans when the PC is being used in fullscreen mode during a presentation or watching a movie
"The scans will also sit back when there are CPU intensive applications," Kelly says
A common thread through most of the new packages is hosting the majority of the backup information and research for the security in the "cloud" - on the web and not locally on the PC. This means the computer doesn't need to scan through extensive material locally on the PC to detect any danger but instead receives its instructions from the company's servers across the internet
Norton Internet Security 2009 Price: $99.99 From: symantec.com.au SYMANTEC has really been listening to its customers in the past year and, with Internet Security 2009, it shows
Considerable effort has been made to make NIS 2009 faster, smarter and lighter on system resources
Installation is so quick, you won't even have time to make a cup of coffee. Full installation takes less than a minute
Unlike most security applications, Norton has bypassed Microsoft's clunky (and slow) installer, instead using its own. This in itself is a security feature, as some malware actually targets Microsoft installer files and can even prevent the installation of security software on an infected system
NIS 2009 has a number of new features
There are continuous updates - every five to 15 minutes - to keep virus definitions up to date, an improved, user-customisable interface and improvements to the firewall and identity theft protection. The software also now offers whitelisting - placing trusted files on a whitelist, which then do not require as frequent scanning as non-whitelisted files
For the remaining trustworthy files that do not make it on to the whitelist, NIS uses an Insight feature to determine whether a file is likely to be safe or not. The two features combine to keep scanning time to the minimum, saving both time and system resources
Norton Internet Security's only shortcoming is poor free support. Once the online forums are fully operational, this should no longer be an issue
Kaspersky Internet Security 2009 Price: $82.50 From: kaspersky.com.au AS WITH most security software these days, Kaspersky's Internet Security 2009 default operation is fully automatic. The new version features a much faster, redesigned antivirus engine that can take advantage of multiprocessors to boost speed even further
Kaspersky has made some curious decisions in default settings of its newest internet security software. The more cautious users may want to get "under the hood" and dive into the settings to feel totally secure
One of KIS's best features is its Security Analyser, which checks the system and all the applications that are installed and checks to see if they are vulnerable and require updating
For those who don't have time to keep all their software up-to-date, it's almost worth the price of the software for this feature alone
Although KIS 2009 offers very good malware protection, it can't be recommended for either its spam filtering or antiphishing controls
Both function poorly and the spam filter was fiddly to set up
BitDefender Total Security 2009 Price: $87.44 From: bitdefender.com.au BITDEFENDER started making an effort to become more user-friendly last year. Even so, those familiar with its products may be surprised by Total Security 2009's new look
Not that BTS 2009 has abandoned its roots
It still offers the ability to provide detailed information about the system's status if the user wants it
The newly streamlined dashboard interface provides buttons to fix any detected security issues and gives access to the program's main control panel tabs
This definitely isn't one of the fastest security programs on offer, although it's better than its predecessor
This doesn't just apply to scanning time. Frequently there was an extended lag between clicking on a link and the corresponding window appearing
One of BTS 2009's new features is the automatic scanning of any connected drives, including networked drives. This could prove a lifesaver for businesses that frequently receive disks from potentially unsecured sources
Total Security's spam filter was better than most, although it significantly increased mail download time, but its parental controls were the best of the group. While Total Security 2009 performs fairly well at keeping out new malware, it does not do as well at eliminating malware on an already infected system
Trend Micro PC-cillin Internet Security Pro 2009 Price: $129.95 From: trendmicro.com.au TREND Micro offers two levels of internet security: basic and pro. In addition to the essential range of services offered in its entry-level software, the professional package includes some features that may appeal to those with additional security requirements
Like most of the reviewed internet security programs, the newest version of TMISP is faster and uses fewer system resources. The revised interface is clean and easy to navigate
TMISP has a few features that distinguish it from its competitors. Rather than relying on preventing key-loggers from recording keystrokes, there is keystroke encryption to scramble passwords, account numbers and other personal details
To protect sensitive files, if a computer is stolen or lost, there is a remote file lock. The files will only be unlocked once TMISP checks the computer's status on Trend Micro's database. While it won't deter the most determined hacker, it is sufficient to provide some protection
Finally, there is a generous 60GB of remote online backup that is made available once the software is purchased
However, internet security software is only as good as its ability to protect the system from malware. Although there is real improvement over last year's release, Trend Micro is still not quite in the same league as the top players
McAfee Total Protection 2009 Price: $129.95 From: mcafee.com/au IT WOULD be fair to say that when McAfee says total protection, they meant it
MTP 2009 has every security feature you could possibly imagine and not to mention a few that probably never occurred to you
The redesigned interface offers a choice between standard and advanced menus, for use depending on the user's preference and level of expertise
Installation was less straightforward than any of the previously reviewed security applications and it was considerably slower
Although there are cosmetic changes, much of MTP remains the same. The firewall and parental controls are unchanged, as is the personal information protection
The only real change that McAfee has made to Total Protection 2009 doesn't actually ship with the software, but resides on the company's online servers
Codenamed Artemis, it is designed to reduce the time between the detection of a threat and the release of a solution. When it detects a suspect file, it queries an online database of known good and bad files
McAfee Total Protection 2009 has the potential to be a great product, but it fails on execution. Although its malware protection is good, other packages deliver more, faster
F-Secure Internet Security 2009 Price: $135 From: f-secure.com.au F-SECURE doesn't just rely on its own technology to protect your computer from malware. It uses engines from other antivirus software, such as Kaspersky, and then combines it with F-Secure's DeepGuard 2.0 - a network-based solution that recognises safe and malicious software
With the potential of protecting the user just 60 seconds after a threat is recognised, it gives a new meaning to keeping virus definitions up to date
Since F-Secure licenses anti-virus technology to more than one competitor, it should do very well at protecting the user from malware
However, third-party testers have reported conflicting results
This may be due to the security software's performance. It is erratic, slow and confusing, although it ultimately got the job done
For example, when detecting a malware file being selected in Windows Explorer, most security software immediately steps in to prevent the software from being launched and would immediately delete the file
Not FSIS. It offers the user a choice of actions. Selecting one of these, such as "disinfect" causes a scan to be launched that lasts anywhere from five to 25 minutes
At the end of that, a confusing message is delivered that does nothing to reassure the user that the threat has been removed
Users will also find F-Secure's firewall annoying as it constantly sends up a barrage of intrusive pop-ups
Although F-Secure Internet Security 2009 offers good threat protection, its performance and feature set fail to deliver, at a price that is considerably above the competition
AAA = Product BBB = Ease of Installation CCC = Malware protection DDD = Anti phishing EEE = Firewall FFF = Antispam GGG = Identity protection HHH = Parental controls III = Speed (boot and scan) AAA ............. BBB ......... CCC ........ DDD ....... EEE ..... FFF ......... GGG ....... HHH .... III BitDefender ... Average .... Average ... Average ... Good .... Average ... Good ....... Poor .... Average Kaspersky ..... Average ... Good ....... Average ... Good .... Poor ........ Good ....... Poor .... Fast McAfee ......... Poor ........ Poor ........ Good ....... Poor ..... Good ....... Average ... Poor .... Slow Norton ........... Good ....... Good ....... Good ....... Good ... Poor ........ Good ....... Good ... Fast Trend Micro ... Average .... Poor ........ Good ...... Good .... Poor ........ Good ....... Good ... Average F-Secure ....... Good ....... Average ... Average ... Poor ..... Poor ........ Average ... Poor .... Slow
