AVG Internet Security Business Edition 2011

Security software that doesn't slow down users

The latest version of AVG's business security package, AVG Internet Security Business Edition 2011 (ISBE 2011), adds several useful features and some neat touches that help staff responsible for managing the security infrastructure.

New features include the ability to configure the amount of system resources such as CPU power that the anti-malware scans use.

The package also adds URL scanning for social networking applications such as Facebook and MySpace. And it gives users the ability to share - anonymously - any threats they encounter with AVG's global security team for incorporation in its real-time threat updates for its anti-malware packages.

Install

AVG's client security package can be installed manually on business systems or deployed remotely via a Microsoft Installer through a remote administration console.

We downloaded the AVG ISBE 2011 executable and the remote administration console, which is available for 32- and 64-bit systems.

We installed the 32-bit client package manually on our Windows 7 Ultimate Intel 2.60GHz Core 2 Duo Labs test laptop, and the 64-bit administration console on a Windows 2008 Server R2 system.

Manually installing the client was easy and took less than five minutes. All Microsoft's current 32- and 64-bit operating systems are supported - Windows XP, Vista, Windows 7, Windows 2003 Server (plus R2 version), and Windows 2008 Server (plus R2 version).

Client user interface

The AVG ISBE 2011 GUI uses a dual tab interface with five tabs running across the top of the GUI, and five down the left-hand side of the main screen display.

Clicking the overview button on the side tabs shows the 14 components of ISBE 2011, including anti-virus, anti-spyware, anti-spam, anti-rootkit, URL link scanner, and an identity protection module.

The History tab allows access to previous scan results, event history logs, details of malware discovered and access to the malware stored in AVG's Virus Vault.

All the firewall logs and settings can be accessed through the Tools tab, as well as network traffic scan data and port scan logs.

Users can also quickly scan selected folders or files, and manually update malware definitions through the Tools tab, which also contains an Advanced Settings tab, allowing comprehensive customisation of just about any of ISBE 2011's settings.

Scanning for malware

AVG's ISBE 2011 client package was simple to navigate, and we could quickly configure settings to do an initial scan of our Windows OS partition, a separate data partition on the same disk, and a USB-attached Seagate 500GB hard disk.

One problem users inevitably have with anti-malware software is their systems slowing to a crawl when an anti-malware scan starts. This package includes AVG's Scan Process Priority, or Smart Scanning, which is a four-level option designed to prioritise how much system resources the software can use when scanning for malware.

Levels range from from user-sensitive, through low priority and medium priority to high priority, with high priority taking the largest amount of system resources.

With the setting on user-sensitive, we could detect some slowdown, especially if we were reading large chunks of data off a partition on the same hard disk as the operating system partition.

Although we had not installed an anti-malware package on our test system for more than a month, we did not expect to find anything on the OS partition, similarly for data partitions and our USB-attached data archive.

However, we turned up some malware on the USB-attached disk normally used for archiving content, old program executables and a variety of other data - including Trojans, worms and some "scareware" [see picture].

Scareware is malware designed to force users into buying non-existent security software for the sole purpose of getting credit card numbers and other personal information useful for perpetrating identity fraud.

Our test data set had more than 1,000 archived executables. AVG unearthed a FakeAlert virus, a W32/Nachi Internet worm, the adware bundler Trojan Beachhead and the W32/BHO.LFT Trojan. We had only one false positive, which turned out to be a component of version 6.2.76 of AppSense's Management suite.

Real-time protection - Link Scanner

For real-time protection, ISBE 2011 uses a URL scanning system called Link Scanner. Link Scanner is an HTTP scanner which looks at web site URLs before users click on the links.

It tags sites it trusts with a green tick. When users hover over the tick with the mouse, it triggers a pop-up. The pop-up contains a link to the AVG Labs threat web site so users can check the URL in question.

After setting up AVG ISBE 2011, we were bothered by AVG's firewall constantly requesting authorisation to block applications or web site access for various features. Users can opt to allow access and save that decision, so the package learns which applications to allow and these annoying pop-ups become less frequent.

Remote administration console

We installed the 64-bit administration console on a SuperMicro system running Windows 2008 Server R2.

There are two roles for the console - one for centrally managing AVG clients and pulling back malware scan results, and the other as an update proxy to provide a local file server for clients to upload the latest AVG security updates.

We used the multi-platform Firebird relational database to store scan results, although users can opt to store results in Microsoft SQL Server, Oracle 10g/11g and MySQL databases.

We used the remote admin console to deploy and set up clients on other desktop systems, although we had to reduce security on these systems temporarily for the install to complete.

First, a network scan picked up all the clients on our Labs subnet, and we could select on which one we wanted to install the package [see picture].

When end users run their own scans on their desktop systems, the admin console can be used to pull that scan data from all the desktops, for further analysis.

Third-party AV testing
AVG's system performed well in our tests. External results also back up our findings.

Virus Bulletin, a third-party organisation that specialises in throwing malware at anti-malware systems, also gives AVG's anti-malware systems a good rating in its graph of reactive versus proactive malware detection.

Conclusions
AVG's ISBE 2011 has a complex and comprehensive feature set. The user interface stands out as easier to navigate. Expert users will have no trouble getting the best out of the anti-malware system.

Similarly, firms using the remote administration console will find a wide-ranging set of features for setting up security infrastructure and also pulling back scan data off remote desktops.