FortiClient 5.0 review

Although it's designed to work with a network appliance, FortiClient 5.0 also functions as a standalone antivirus, with parental control and VPN client thrown in. And it's free!
Photo of FortiClient 5.0

Fortinet is best known for its FortiGate network security appliance and other enterprise-level network security products. A local client running on the company’s desktops communicates with the FortiGate device for fully managed security. It turns out that this client, FortiClient 5.0, can function on its own as an effective and free antivirus with some interesting bonus features.

In order to get full protection from FortiGate, users have to be connected to the corporate network. For remote workers, that means they must connect through a VPN. However, you can use the built-in VPN client to connect with other VPN servers. There’s also a Web content filtering system with a number of business-related categories in addition to typical parental control categories. Antivirus, parental control, and VPN each get a tab in the program’s main window.

 

Easy Installation
FortiClient’s installer is a tiny stub program that downloads and installs the appropriate security components on to the user’s desktop. In a business environment, the administrator would determine exactly what components those would be, and how they should be configured. Note that the firewall component isn’t installed for home users because it must be centrally managed.

Before attempting actual product installation, the installer runs a scan for active malware. That’s smart, given that some malware processes do their best to prevent installation of security software. If necessary, this pre-install scan can run in Safe Mode, but then return to normal Windows to complete the installation.

Impressive Phishing Protection
FortiClient’s web content filter is a component of many talents. It powers the parental control system, blocks access to dangerous URLs, and steers users away from fraudulent (phishing) websites. In testing, this component proved more accurate than most at identifying fraudulent websites.

To test antiphishing, I use a list of very recently reported (but not verified) phishing URLs. I work through the list, discarding any that are not actually fraudulent, and keep going until I’ve tested with 100 verified phishing sites. Several times during the course of the test, FortiClient’s detection rate matched that of Norton AntiVirus (2014), a consistent antiphishing champ.

In the end, FortiClient wound up just four percentage points below Norton. That’s a better showing than two thirds of the competition, some of which hardly seemed to detect any fraudulent sites. For a more thorough explanation of my antiphishing test, see How We Test Antiphishing.

FortiClient 5.0 antiphishing chart

Malicious URL Blocking
To test how well each antivirus protects users from dangerous URLs, I try to visit 100 recently-discovered malicious URLs. I start with a feed of the latest URLs graciously supplied by MRG-Effitas and skim out the URLs that point directly to executable files.

Why just executable files? Because it’s very easy to define success. I note whether the antivirus blocks access to the URL, quarantines the download file, or just sits idly by and allows the download. As with my antiphishing test, many of the URLs from the feed are already defunct. I keep at it until I’ve challenged the antivirus with about 100 still-functional URLs.

The web filtering component blocked access to 39 of the URLs, and the antivirus component whacked one more, for a total of 40 percent blocked. ESET NOD32 Antivirus 7 scored about the same, 41 percent. The best blocking so far came from avast! Free Antivirus 2014, which blocked 79 percent.

FortiClient is only the sixth product I’ve put through this particular test, so I can’t say precisely what its score means. Still, having another product block nearly twice as many suggests that 40 percent isn’t great. Do note that of necessity the products aren’t tested using precisely the same samples. Rather they’re all tested with samples detected  no more than a day earlier—the newest samples I can get.

Blocking Malware Locally
When I opened a folder containing my current collection of malware samples, FortiClient got busy right away. However, unlike many antivirus products it didn’t immediately quarantine the samples it detected. Rather, it simply blocked file access. I’m not a fan of that behavior. If for some reason protection gets turned off at a later date, the no-longer-neutralized malware could become a danger. I strongly advise FortiClient users to click the “View recently detected virus(es)” button, right-click each found item, and send it to quarantine.

FortiClient detected and neutralized 94 percent of my samples on sight, a higher percentage than most antivirus products I’ve tested with this malware collection. However, it didn’t react at all when I launched those that weren’t immediately wiped out. That still gives it 9.4 points for malware blocking, putting it in a multi-way tie for top score with four others. Among those sharing the honor are AVG AntiVirus FREE 2014 and Avira Free AntiVirus (2014). For the lowdown on my malware blocking test, please read How We Test Malware Blocking.

FortiClient 5.0 malware blocking chart

Good Lab Results
The independent testing labs give Fortinet’s technology good marks, but in some cases the product under testing is the gateway appliance, not the standalone FortiClient. Overall the scores are quite good.

AV-Comparatives runs two different tests of malware detection. One is a typical file-detection test, the other forces the antivirus to use old definitions, thereby simulating detection of zero-day threats. Fortinet earned ADVANCED+, the top rating, in both. Virus Bulletin tested it in ten of the last 12 months, and it took VB100 certification every time. ICSA Labs and West Coast Labs both certify it for malware detection.

AV-Comparatives also runs a malware cleanup test. For this test, they specifically choose samples that are known to all of the products involved and then measure how thoroughly each product cleans up malware traces. In this test, Fortinet got an ADVANCED rating.

Possibly more important than detection and cleaning is an antivirus product’s ability to protect against new attacks. With help from the Austrian government and a nearby university, AV-Comparatives runs a months-long test that challenges antivirus products day after day with newly-discovered malicious URLs. Fortinet also got ADVANCED in this test; it would have been ADVANCED+ but a large number of false positives dragged down its score.

For a detailed discussion of how I boil down multiple independent tests into the categories shown in the chart below, see How We Interpret Antivirus Lab Tests.

FortiClient 5.0 lab tests chart

Possible Cleanup Problems
As I mentioned earlier, the FortiClient installer runs its own scan for active malware, aiming to defuse malicious processes that might attempt to block installation. However, if ransomware has taken over the system, or if malware renders booting Windows impossible, you’re pretty much out of luck. You’ll need to find a free rescue CD from some other vendor.

The product does come with a diagnostic utility, so if you run into trouble you could send the diagnostic report to tech support. The tech support agents will surely try to help, but their help doesn’t extend to remote-control diagnosis and remediation. That’s a service reserved for those with a Fortinet contract.

Quite a few other companies reserve remote-control repairs for their paying customers. You don’t get it with Avira or Comodo’s free products, for example. However, there are a surprising number of vendors who do promise that level of support for free products. Among these are avast! and Bitdefender Antivirus Free Edition (2014).

A full scan of my standard clean test system took almost 40 minutes; the current average is less than 30 minutes. However, a repeat scan finished in less than three minutes. I was pleased to see that the scanner wipes out found malware as it goes, rather than waiting until the end. That way even if tough malware manages to crash the system or abort the scan, anything found up to that point is already quarantined.

Web Content Filtering
Although it’s labeled “Parental Control” in FortiClient’s main window, this feature is more of a general-purpose web content filter. It has the ability to block websites matching 70 potentially problematic categories, grouped into seven major categories. In addition to the expected blocking of “Adult/Mature Content” it can block categories that over-consume bandwidth (streaming media, for example) and categories that could cause legal liability if accessed from the workplace.

There’s an option to force Safe Search in Yahoo, Bing, and Russian search engine Yandex. Google is listed, but Google’s switch to using a secure (HTTPS) connection means it’s no longer supported.

You won’t find per-user settings here, but the log of violations does identify the user account that committed each. There’s also an option to record every visited URL, which makes for a really big log.

If you intend to use this feature as an actual parental control system, you’ll need to lock the settings with a password. In testing, I verified that it’s completely browser independent, and that it can’t be disabled with a simple network command that works against some parental control tools. In addition, it can filter HTTPS sites, so a child (or employee) can’t subvert it using a secure anonymizing proxy website.

Whatever you do, don’t turn the parental control component off. By doing so, you’re also disabling protection against phishing and malicious websites. If you want to surf your naughty websites without interference, just disable blocking in the “Adult/Mature Content” group.

Simple VPN Client
If you need a VPN client for working from home, you clearly already have one. If you don’t have access to a VPN server at work, you may not have much use for a VPN client.

Supposing you do have access to a VPN server, you can configure FortiClient to connect with it, as long as it’s connects via SSL-VPN or IPsec VPN. PPTP (Point to Point Tunneling Protocol), another common VPN implementation, is not supported.

The PCMag VPN uses additional layers of authentication, which means I couldn’t connect to it using FortiClient. I tried some open VPN services in various countries from the VPN Gate website but never did manage to make a connection. You might well be better off with Shrew Soft VPN, our Editors’ Choice for free VPN.

At Least It’s Free!
FortiClient 5.0 is definitely designed to be used in conjunction with a FortiGate appliance. In that situation you’d have additional protections including a firewall, and the VPN client would be guaranteed to connect with your company network. Fortinet technology gets good scores from the labs, but those scores don’t necessarily reflect performance of the standalone antivirus.

The product did a good job in my malware-blocking test but wasn’t as effective blocking super-new malicious URLs. On the flip side, its web filtering component proved to be a very accurate detector of phishing sites.

The nice thing about free antivirus is that you can try as many as you want before you make a final selection. Feel free to try FortiClient! Just make sure your exploration also includes our Editors’ Choice for free antivirus, AVG AntiVirus FREE 2014.


Verdict
Although it's designed to work with a network appliance, FortiClient 5.0 also functions as a standalone antivirus, with parental control and VPN client thrown in. And it's free!
Published under license from Ziff Davis, Inc., New York, All rights reserved.
Copyright © 2012 Ziff Davis, Inc