(Page 2 of 3)
The results: Which antivirus product is best?
Ultimately, all three cloud-based antivirus products were disappointing, and I recommend none of them for enterprise use.
Moving your antivirus services to the cloud means giving up certain features that are in traditional server/client products. For example, with cloud-based products, you can't push security policies to desktops to ensure that users are running active firewalls or updated virus signatures. Symantec's software can start scans on particular desktops from its console, and once it collects this information, the exploits listed are hot-linked to its database that specifies what harm they can cause.
Of the three cloud services reviewed, McAfee's is the most thorough in its detection of potential problems, but it doesn't automatically scan your drive. Only Panda's service comes close to Symantec's level of sophistication. It's the only service that could kick off scheduled scans of its managed desktops, and it provides links to its own exploit database from the reports.
McAfee Total Protection Service v5.0.0
After you sign up for the Total Protection Service, you'll receive an email with a custom URL to download the agent. Once it's installed, few options can be changed. They include whether to trust the PCs on your LAN (such as to allow for file sharing) and enabling or disabling the three broad protective features in the product -- antivirus/antispyware, firewall and browser protection -- as shown in Figure 1.
You can also perform a scan of your PC. The test machine with Metasploit triggered more than 2,000 alarms with this scanner. There was no way to ignore these alarms or to tell the scanner that we were aware of the service. In comparison, Symantec's Endpoint Protection found 37 alarms on the same collection of files, and Panda's cloud-based service reported even fewer.
Furthermore, scans have to be performed manually -- they can't automatically be timed like in most antivirus products. In our test, it took an hour to go through 18 GB of files. Once a scan is complete, the results are sent to your email address and are available on the Web console, as shown in Figure 2.
The product's Web administrative console -- shown in the figure below -- shows you which modules are installed on which PCs and other summary statistics, such as their IP addresses and the number of infections found. For some odd reason, we had to install the software a second time because the console showed that not all modules had been activated on our test desktop.
The version name is not indicated in any of the reports or consoles, which is unfortunate because many different versions are available. I recommend starting with the Extended version, which installs three different software agents that consume about 70 MB of RAM.
McAfee Total Protection Service is recognized by Windows Security Center for both firewall and antivirus protection.
Trend Micro TRVProtect v8.0 SP1
In addition to antivirus and antispyware scanning, Trend Micro includes a desktop firewall and a mail scanner. It's the only one of the antivirus trio tested that has a host intrusion-detection module -- a feature in the Symantec client/server version and in many other traditional client products.
When you register for this service, you receive an activation key that needs to be applied to each desktop to be linked to your account. TRVProtect can schedule scans from within the desktop interface, but not from the Web console.
Overall, the Web dashboard doesn't have a lot of information outside of the links to download the client agent -- a shown in Figure 4 -- and the console only works in Internet Explorer.
The manual scan took 30 minutes, and it found two spyware items related to the test Metasploit installation, as shown in Figure 5.
TRVProtect installs several processes on the desktop that take up 50 MB of RAM, making it the most parsimonious of the three products. We had to explicitly turn on both the firewall and virus protection elements in Windows Security Center.
In addition, TRVProtect comes with its own plug-in manager to add extensions, but none of these extensions were available at the time of testing.
Panda Cloud Office Protection v5.04.01
Panda offers a free basic antivirus service and a paid line of three products, each of which requires a complex series of downloads, confirming emails and activations before use. In addition, the company's website is a mess. A contact at Panda told me that the company is working on an update but that most of its customers didn't buy the product online.
The three paid products include one for endpoint protection with a desktop firewall and antivirus and antispyware features, one for hosted email protection, and a third that adds data loss prevention and browser-access controls. We tested the first version, Cloud Office Protection.
The Web console creates a Windows installer package that you download to each desktop. Once you run this program, you have to reboot and update the signature files before continuing.
Scan results are available on the desktop, and a brief summary can also be generated at the Web console. On the desktop, the report contains links to more information about the individual exploit on Panda's website. If you want to preserve this information, you have to export it to a file -- a feature that isn't available from the Web console.
The Panda software has at least eight different agents, which took up 60 MB of RAM on our test system.
Panda was the only one of the three cloud services that had any kind of scheduled scan control over its managed desktops. In fact, you have as much flexibility as the Symantec client/server product in terms of selecting particular file types and exploit types to examine, as shown in Figure 6.
A test scan found 16 exploits related to Metasploit, and it took about 45 minutes to complete.
Panda is recognized by the Windows Security Center for both firewall and antivirus features.