Security Suite That Fights Rootkits - InformationWeek
09:13 AM

Security Suite That Fights Rootkits

F-Secure's Internet Security 2006 is a good all-around, inexpensive security package that also includes rootkit detection. Learn how to get it working.

For system builders frustrated with the high cost and limited functionality of security suites from the likes of Norton, McAfee and Trend Micro, I have found a terrific tool-kit alternative.

It's a security suite called Internet Security 2006. Offered by Finnish company F-Secure, this suite offers not only all the functionality of products from the Big Three, but also rootkit detection—and for $10 less than the Big Three Charge.

Like the Big Three, F-Secure offers anti-virus and anti-spyware capabilities, a firewall, mail screening, and content filtering. But F-Secure's rootkit detection is the most significant feature. According to our best guesstimate, this will be the only security suite on the market to offer rootkit detection for at least the next six months, possibly even for the next year.

For those living under a rock, rootkit detection is tremendously important these days, because this new breed of highly undetectable (or "stealth") malware is prevalent in the wild. A rootkit plays havoc with any system on which it takes up residence. (For more information on rootkit detection, see our recent TechBuilder Recipe, Rooting Out Rootkits.)

F-Secure's Internet Security 2006 retails for $59, roughly $10 cheaper than comparable security suites from other top players in the market. (Norton Internet Security, for example, lists for $69.) While $10 may not sound like a big deal, if you're installing a security suite onto dozens of machines—perhaps even hundreds—then your savings on a volume license will add up significantly.

The Many Benefits of F-Secure Internet Security 2006

Let's start off by taking a look at how F-Secure Internet Security stacks up against Norton Internet Security and Trend Micro Internet Security. For starters, here's what all three suites offer:

  • Anti-virus software: All incoming data is screened to block potential infiltration from viruses, worms, Trojans, and other forms of related malware.
  • Anti-spyware software: All incoming data and active Web content is screened to block potential infestation from spyware, adware and other forms of related malware.
  • Personal firewall: A layer of software interposes itself between the PC and all external network connections. It controls incoming and outgoing traffic on the basis of allowed applications or activities, while denying all other implicitly unauthorized access attempts, both incoming and outgoing.
  • E-mail screening software: All e-mail is screened for malware of all kinds. Also, spam filters and other techniques to block unwanted e-mail may be invoked, too.
  • Content filtering (aka "parental controls"): This permits users with higher levels of administrative authority to block access to specific sites and materials through explicit URL identification or use of wildcard characters. For example, the admin can set the filter so that the presence in a URL of "XXX," "sex," and other explicit strings makes the Web site inaccessible.
  • A single, automatic update setting: This delivers updates to the software and various signature files for viruses, spyware, and other malware without requiring much user effort or attention to their security situation. It also provides as-needed news and updates about potential dangers and immanent threats; user tutorials and security-awareness training materials; and shared information for content filtering. Many security experts consider this an important convenience.

Where F-Secure's Internet Security 2006 goes beyond the suite offerings from the major players in functionality is in rootkit detection. Using the company's rootkit-detection engine, called Blacklight, the software detects and even eliminates active rootkits on a computer. The tool also does a great job of cutting extraneous chatter out of its results, so system builders will no longer be confused by the kinds of false positives that most other tools routinely report.

Pros (and a Few Cons) of Using F-Secure Internet Security 2006

Security suites—like other kinds of "do-it-all" software packages—do their best to tackle everything users expect and want them to do. But they do some things better than others. F-Secure's suite is no exception.

On the plus side, F-Secure Internet Security 2006 gets top marks for its anti-virus software (and fast signature update), firewall, and rootkit detector. Its content-filtering capabilities are adequate for most SOHO situations.

But its anti-spyware and anti-spam capabilities lag behind those of the Big Three's products. This doesn't mean F-Secure isn't a terrific product at a great value. Nor does it mean you'll be exposing your customers to unnecessary risks. And this deficit is easy to address: Simply install the freeware version of Microsoft's Windows Defender, which consistently does well in ratings and rankings for this kind of software.

Further, recent comparison reviews note that F-Secure Internet Security 2006 does a fine job of protecting clean machines from new spyware, they give the product lower marks for its ability to clean up existing infestations and detecting the presence of certain insidious types of spyware, most notably keyloggers. (Keyloggers store all the keystrokes that users make in a file, then periodically ship it off to a presumably malicious third party for harvesting of account and password info, credit-card data, and other sensitive information.) But we won't jump down F-Secure's throat on this function: No suite-based spyware detection software currently matches best-of-breed standalone implementations when dealing with keyloggers.

Omnibus security packages also tend to have sizable system footprints; the smallest of the suites we know is BitDefender. This security suite comes in at a relatively svelte 50 MB. Most other suites consume up to 70 MB at runtime, and even more when actively scanning for malware. In the case of F-Secure Internet Security 2006, a complete install on our test system consumed an average of 92 MB while actively scanning for spyware and viruses, and about 56 MB otherwise. As such packages go, this makes it bit less resource-consumptive than most.

1 of 5
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll