2011-05-01
Abstract
Free anti-virus continues to be all the rage, with more and more firms jumping on the bandwagon. John Hawes takes a look at one of the latest offerings: the free version of Agnitum’s Outpost Security Suite, and finds that you can get quite a lot for nothing these days.
Copyright © 2011 Virus Bulletin
Free anti-virus continues to be all the rage, with more and more firms joining in the free-for-all (or at least, free for all non-commercial purposes). The days when the choice of free solutions was limited to the big As, Avast and AVG, are long gone, and the open market is now crowded with competing solutions. The business model is generally based on persuading home users that a product is so good it’s worth using at work too – or else hooking people on a basic model and getting them to upgrade to a more complete suite. Depending on who you ask, this approach is either seen to be a great way of reaching out to a wider audience and generating interest in a brand, or as a desperate scrabble for space in a field full to bursting with highly competitive solutions.
The latest company to offer its protection free of charge is Agnitum, originally best known for its highly regarded firewall solution (which has been available as a free offering for a while), and now also producing a solid and fairly complete suite solution which has built up a very decent reputation in our regular tests. While in many cases free offerings are pared-down, AV-only solutions, Agnitum is making the full suite available free to home users, with just a few modifications and the usual provisos about commercial use etc. We took the product into the lab to have a look at the user experience and see just how much you can get for nothing these days.
Agnitum was set up in 1999, so has a fair bit of history behind it. The St Petersburg-based company launched the Outpost firewall brand in 2002, and expanded into anti-spam in 2007, with the full suite product – integrating anti-virus detection courtesy of the ever-popular VirusBuster engine – emerging later the same year. Throughout this period at least some part of the company’s product line seems to have been given away free.
The company’s website has recently had a bit of a face lift and looks clean and efficient without overdoing the glitter and glitz. The ‘About’ section boasts an impressive list of technology partners making use of Agnitum’s developments (mainly the firewall); the roster includes the likes of AVG, BullGuard, Lavasoft, Novell, Quick Heal and Sophos.
The rest of the website is fairly unexceptional; the home page features sizeable advertisements for the company’s headline products (gratifyingly adorned with the VB100 logo the company has earned fairly reliably for the last few years). The bulk of the site is given over to product-related content, with sales and downloads taking centre stage; the company has a number of innovative licensing deals, including multi-system, multi-year deals, and even lifetime offerings.
Unlike many rival firms seeking to combine education with news presence, little attention is paid to information on specific threats or threat-related news stories. The ‘news’ and blog sections focus almost exclusively on upcoming release schedules, product features, awards and so on – the awards page features a lengthy roster of badges and accolades from a variety of download sites, magazine reviews and testing organizations, with high scores from firewall leak tester Matousec prominent throughout.
Of most interest for the majority of users (those who are not die-hard Outpost fans that is), will be the support area. The landing page of this section leads in with a good list of major FAQs, all answered lucidly and in ample depth. This is backed up by an even more extensive knowledgebase section, again with each question covered with impressive detail and clarity. Our only quibble would be that we would prefer to see the newest and most widely used products listed at the top of the dropdown list, rather than at the bottom.
The documentation section is properly sorted, and unlike many security vendor sites where manuals are hidden away like some embarrassing aged relative, here they are given a prominent position and made easy to find and access. A quick skim through some of these showed them to be well designed, clear and thorough. Agnitum should be congratulated for paying the right degree of attention to its documentation, clearly realising the importance of complete, detailed and usable information about its products.
The free version of Agnitum’s suite is not as easy to get hold of as one might expect, with minimal reference made to it on the company’s website – a link can be found quietly displayed halfway down a list on the ‘Products’ page. The link leads to a mini-site at free.agnitum.com, and from here, download links lead to CNET’s download.com. The mini-site is fairly rudimentary, but does host a nice screenshot of the product, and some information on awards received and comparison with other free solutions. The company boasts that this is the first fully featured Internet security suite to be given away in this manner – its closest rival, from Comodo, lacking the anti-spam feature which is a fairly standard component of any full suite. The site also makes clear what we are missing out on by not going for the full ‘Pro’ version of the product – including the fact that the free version features only limited support for multiple languages, less than complete ‘Safe web surfing’, an absent ‘Unique ID protection’ module, and no ‘priority updates’. Both 32-bit and 64-bit versions are available, and supported systems include XP, Vista and Windows 7 with a minimum of 256MB of RAM and 400MB of disk space.
The downloaded package is an executable of 85–90MB, which runs through the installation process in pretty standard manner, starting as always with the choice of languages. The selection of languages is limited (as the website warned) to English or German. The opening salvo of the installer proper offers the option to upgrade to the full ‘Pro’ product (offering a free 30-day trial), and once again displays a table showing the differences between the two. This time there are more areas in which the free edition is shown to be inferior, with the fact that the product cannot be used in a corporate environment added to the mix. A EULA comes next, and includes a warning that the company’s support staff may not respond to problems reported by non-paying users (they will do so only if they have time), and there is an option to join a community feedback system labelled ‘ImproveNet’. The installation process itself then commences, completing in just a minute or two, including setting up network filters and running a ‘smart scan’ to collect information on the machine and its environment. A reboot is required to round things off, which is fairly standard in products offering such in-depth protection, although steadily going out of favour with anti-malware only solutions.
On restart, it was something of a surprise to find a prompt insisting that the product be registered. Once again, we were reminded of the benefits of upgrading to the paid version, and told that the free edition must be registered online (or by phone or email) within two days. This process is fairly simple, requiring only a username and email address, to which a (lengthy) activation code key is sent. With this all done, we finally got a look at the interface itself.
The interface was pretty similar to the ‘Pro’ product we have looked at in many VB100 tests in recent years, and which we have always found to be clearly laid out and fairly simple to operate. The most striking difference is a sizeable advert dominating the bottom half of the GUI, promoting a discounted version of the ‘Pro’ edition. It also warns, by circling the main information area in red and highlighting one of the entries, that complete security is not applied. The entry in question refers to the updates, which report being several weeks old, and an accompanying button offers to ‘fix it now’. Rather than initiating an update as one might expect, though, the result of clicking this button is that a web page is opened which once again promotes the value of the paid-for edition over the free one, referring to the possible inadequacy of the free version’s ‘no-guarantee update schedule’. Something of a pattern was beginning to emerge.
We quickly found that updating itself can easily be initiated using the update button on the toolbar at the top of the interface, and this time no complaints were made about using the free version. The update itself took around five minutes the first time it was run; later retries were much quicker. As the company repeatedly points out, relying on the user to remember to update is less than ideal, with most full products updating automatically multiple times per day at least, and some performing tiny updates every few minutes, or even relying on online databases to protect from the latest threats. It seems like quite some window of vulnerability may well be left open here.
The remainder of the product is much like the full version. The firewall section, which is Agnitum’s speciality, is given pride of place, and the control system is admirably clear and simple to operate. It does require some degree of understanding to operate properly in-depth, but seems accessible to most users at its basic level. A simple slider allows a selection of standard approaches, with the default being to offer a rule-creation wizard each time an unknown process or activity is observed. There is perhaps a little less explanation built in than we have seen in some products, but the simplicity is aided by a lack of clutter and wordiness, and many sections are accompanied by links to the online knowledgebase, where clear and detailed explanations of some of the more complex areas of firewall configuration are provided.
The controls for the firewall are actually part of a generic settings section, also accessible via a link on the main toolbar and from various other places. Each section here is given similar treatment, with simplicity and clarity the order of the day. The anti-malware section provides a decent level of configuration, without going into the depth that some products offer. Coverage of the standard areas, such as areas to scan and exclusions, limits to scanning and actions on detection, are provided for the various types of detection on offer, including the real-time and web scanners as well as a selection of on-demand scan types.
Also included in the controls are sections covering application control and leak prevention. Along with the firewall, these interact and overlap to form a complete set of rules for what applications can do across the network, along with some basic control of what can be performed locally. The anti-spam controls also have their own section – which, again, is laid out simply and clearly – and finally some logging controls are provided, covering both the size of logs and the type of data that is recorded.
The main anti-malware part of the product is based on the VirusBuster engine. The control system, described above, is very well designed and simple to operate, and as we have found in many comparative tests in recent years, the product is well implemented and runs with great stability and ruggedness under extreme pressure. Putting the free edition through some extra heavy tests showed it to be just as resilient, with none of the system slowdowns, GUI freak-outs or other bad behaviours we have seen recently in many lesser products. We have also been impressed with the speed and resource consumption of the Agnitum products we have tested in comparisons lately, with the caching of previous activities making for lightning fast speeds and minimal overheads once the product has settled into its environment; the free edition showed itself to be similarly efficient and smartly designed.
Detection rates for the VirusBuster engine have been increasing steadily over recent years. While not quite up there with the leaders in terms of pure static detection rates, the engine is clearly solid and reliable, with a dependable record of VB100 passes too. Running the product through some additional tests, figures seemed comparable with our expectations. With the default settings, detection of malware brings up a very simple dialog offering to remove or simply block the offending item. Somewhat oddly, in some cases we saw detected items prevented from writing to disk, while others were warned about but written happily; those which were written could not then be moved elsewhere or executed, so they remained fairly safe.
When those items which were not spotted by the standard detection mechanism were allowed to execute on a system, we saw some good protection provided by the application control and leak prevention systems – either preventing changes to core system components or stopping items from connecting outwards to perform malicious activities. In some cases items were allowed to copy themselves to system folders, set themselves to auto-start on boot etc., but for the most part at least some action was taken to mitigate the impact of an infection.
The anti-leak system has been rigorously analysed by other specialist labs and awarded repeated high ratings, and in our brief and unscientific look at its reliability we saw no reason to disagree with these conclusions. We hope to initiate some more formal testing of dynamic protective measures in the near future, and it will be interesting to see how the limited updating of the standard anti-malware component balances out with this solution’s higher level of additional protection compared to most other free offerings.
We’ve already had a quick look at the control systems for the various components, and briefly mentioned some of the capabilities of the application control and anti-leak layers. The main area remaining is the anti-spam component – the portion which marks this suite out from other freebies. This supports Outlook, Outlook Express (Windows Mail in newer versions) and The Bat!, a popular mail client in Russia and eastern Europe.
The controls here are fairly basic, with few difficult technical questions being asked. The user has the option to set detection levels to high, standard or low, or can fine-tune the exact levels at which messages will be adjudged to be spam or suspicious. An additional set of controls, accessible from within the mail client, allow tweaking of blacklists and whitelists, and the marking and removal of items thought to be spam. Existing classified mail can also be scanned and added to the self-training data used to adjust the detection to the needs of the specific user. Our anti-spam testing system is geared mainly towards server-level solutions, but we hope to be able to measure the performance of desktop products in the near future, and to take a closer look at how well the anti-spam component of this suite operates.
That covers most of what the suite has to offer. As a free solution, we cannot really complain at the absence of any additional components above and beyond the standard set of items expected in a suite. While some paid-for products may include system monitoring tools, parental controls and other odds and ends, this product focuses on covering the standard bases of anti-malware, spam filtering, firewalling and application control.
The only remaining section of the product interface is the event viewer, which corresponds roughly to the ‘Logs’ section of the configuration system, and here the user can monitor all events recorded by the firewall, anti-malware and anti-leak components in real time, as well as viewing some information about the product in general. This is as clear and pleasant as any such system, and may repay some attention from more scrupulous users.
Overall, it is pretty hard to find fault with this product – especially as a free solution. It is almost identical in most respects to the full ‘Pro’ edition, which we have been testing for a long time. The main difference is in the updating, which is somewhat less effective for being performed once a day rather than more regularly. This approach to free solutions is not entirely unusual though, with some making it clear that users of the free product are given a lower priority than paying users when updates are provided. Many paid-for products also default to daily updates unless specifically set to be more rigorous by the user.
In this case the vendor has taken the idea of reminding the user that paid-for versions are superior to the free one somewhat to extremes – repeatedly insisting that users are putting themselves at risk if they stick to an incomplete and inferior product. Only time will tell whether this ‘nagging’ will result in the user upgrading to the full product (as intended), or whether the user will instead be so irritated that they resort to removing the product and implementing an alternative offering. Having said that, the ‘nagging’ here is considerably less intrusive than we have seen in some other free solutions.
Besides our minor quibbles, this is a pretty complete suite solution with only small issues separating it from paid-for products. On top of being a remarkable bargain, it is well designed, pleasantly laid out and intuitive to operate, and has consistently demonstrated excellent stability and reliability, solid detection levels and light performance impact, over several years of testing.
Along with a few close competitors, this seems to be a strong indication of the way the free sector is moving – away from intrusive nagging and crippled, basic products, towards a future of complete, fully functioning, multi-component suite solutions, given away free of charge to a grateful populace. This is a firm challenge to the other vendors to take the next step along the road to complete freedom.
Agnitum Outpost Security Suite 7.1 Free Edition was variously tested on:
AMD Phenom, 4GB RAM, running Microsoft Windows XP Professional SP3 (x32) and Windows 7 Professional (x64). Intel Atom 1.6GHz netbook, 2GB RAM, running Microsoft Windows XP Professional SP3 and Windows 7 Professional.