We all agree that “antivirus” these days refers to a product that protects against all kinds of malicious software, not just viruses. But should it do even more than that? The folks at Trend Micro want to offer full-scale security protection even in their entry-level product, so Trend Micro Titanium Antivirus+ 2014 ($39.95 direct) adds spam filtering and a firewall booster, as well as an impressive antiphishing component.
The product’s sparse main window uses one extra-large icon to show current security status; if it’s anything but fully protected, you can click a button to fix the problem. From the mini-toolbar you can launch a scan, open the settings dialog, or check protection statistics. A second page titled “PC/Mobile” lets you create a rescue disk or launch a trial of Trend Micro’s mobile protection.
The main window features a button bar at top and status bar at bottom in bold black and red. In between, in the main body of the window, you can swap in one of eight supplied background images. Clouds, fields, flowers, psychedelic patterns—the choices are quite varied. Don’t like any of them? You can use your own picture!
Focus on Dynamic Testing
Trend Micro pulled out of Virus Bulletin’s VB100 testing some years ago, on the basis that testing against a static malware collection just isn’t relevant. They also don’t participate in testing by ICSA Labs or West Coast Labs. The reviewer’s guide for this product touts its ability to block zero-day threats, and indeed it received the top rating, ADVANCED+, in the grueling real-world protection test by AV-Comparatives.
AV-Comparatives does also run an on-demand detection test, but it’s not precisely a static test. Each antivirus product gets a chance to scan and wipe out known malware, true, but the researchers also launch any samples that survive, giving the antivirus a chance to use behavioral detection and other dynamic technologies. Trend Micro passed this test with a STANDARD rating. Note that my own malware blocking test works in a very similar fashion.
German lab AV-Test evaluates products using a combination of static and dynamic tests. Each product can earn up to six points for Protection, Performance, and Usability. Trend Micro averaged 14.8 of 18 possible points in the most recent two tests.
Trend Micro’s scores are good, but Bitdefender and Kaspersky participate in all of the lab tests that I follow and routinely earn top scores. For more about the labs and their testing methods, see How We Interpret Antivirus Lab Tests.
Trend Micro Titanium Antivirus+ 2014 lab tests chart
Mixed Installation Experience
Trend Micro installed without incident on nine of my twelve malware-infested test systems. To get past ransomware that blocks desktop access in another system, tech support recommended Trend’s advanced bootable USB solution. It proved incompatible with my virtual machine configuration, but their old-school text-only Rescue CD totally solved my ransomware problem.
The remaining two systems caused me a lot of grief. On advice from tech support, I used the Trend Micro Anti-Threat Toolkit and several other in-house tools. Eventually, though, I had to turn over these systems for remote diagnosis and cleaning by a tech support agent, which took hours but ended in success for both systems.
An antivirus that installs on all twelve systems with little or no hassle displays a five-star installation experience. If all problems can be solved by applying a rescue CD or other ancillary tool, that’s still good for four stars. When getting the product installed drags on into hours of remote control, that’s not a great installation experience. Like Norton AntiVirus (2014), AVG Anti-Virus FREE 2014, and quite a few others, Trend Micro gets two stars for installation experience.
Decent Malware Cleanup
With installation woes out of the way, I proceeded to run a full scan on all of the test systems and analyze just how well Trend Micro cleaned up. I noticed that on several of the test systems it automatically shifted into “Intensive Scan” mode after detecting some threats. It also requested a reboot for full cleanup in a few cases.
The full scan detected 75 percent of the samples, which is fairly low—only a quarter of the products tested with this same collection had a lower detection rate. Best detection among current products goes to the bootable cleanup-only Jumpshot, with 86 percent. Bitdefender Antivirus Plus (2014) and Ad-Aware Free Antivirus+ 10.5 are next up, with 83 percent.
Even so, with perfect cleanup of all detected threats a product that detected 75 percent of the samples could earn 7.5 points. Trend Micro’s 5.8 points reflects the fact that it missed a number of executable traces and in several cases left one or more components of the removed malware running. Ad-Aware, with a better detection percentage, also scored 5.8 points. Bitdefender’s 6.6 point score is the best among current products.
Looking at antivirus products tested using my previous malware collection, Webroot SecureAnywhere Antivirus 2013 matched Trend Micro’s 6.6 points, while Malwarebytes Anti-Malware 1.70 beat the pack with 7.1 points. For full details on my hands-on malware removal test, please see How We Test Malware Removal.
Trend Micro Titanium Antivirus+ 2014 malware removal chart
Excellent Malware Blocking
Trend Micro proved much more effective when challenged to prevent malware from gaining a foothold on a clean system. It works at many levels to keep malware out, so I started with a simple Web-based test. When I attempted to download my current sample set again, the Web-based protection blocked almost every download at the URL level. One malicious file got wiped out during the download process. Overall, it blocked 95 percent of those URLs. In recent tests only Norton, with 100 percent blocking, has done better.
Next I opened a folder containing previously-downloaded copies of the same samples. After a few minutes, the real-time protection component had wiped out three quarters of those. As always, I repeated this test using another folder containing hand-modified versions of the same samples. For each file, I changed the filename, appended zeroes to change the file size, and tweaked some non-executable text. I was somewhat surprised to find that Trend Micro missed fully half of the modified samples, but then, the company has made it clear that static scanning isn’t their focus.
When I launched the malware samples that didn’t get wiped out on sight, real-time protection caught most of them at some point during the install process. One way or another, Trend Micro detected 94 percent of the samples and earned 9.2 points for malware blocking. Ad-Aware also detected 94 percent but managed to eke out 9.4 points. Tops in this test was AVG, with 97 percent detection and 9.4 points.
For an explanation of my hands-on malware blocking test methods, see How We Test Malware Blocking.
Trend Micro Titanium Antivirus+ 2014 malware blocking chart
Trend Micro tries not to bother the user with irrelevant information. If it detects a malicious program, it wipes it out and pops up a simple notification. When it detects a file whose behavior suggests that it’s malicious, it asks the user for permission to block it. For example, it detected a keylogger trying inveigle its way into the Windows communication process.
The problem is, it also flagged a significant number of innocuous programs as suspicious. If I clicked OK, those programs didn’t install, or didn’t run. Out of twenty old PCMag utilities, it flagged nearly a third as suspicious. It even quarantined one of them as malicious.
As for my own hand-coded utilities, they all got the cold shoulder. A program that launches malware URLs for testing, a program that gathers phishing URLs from the Web, even a program that simply launches legitimate URLs for browser timing—all of these were quarantined as malware. I had to actively restore them and add them to the exclusions list before I could complete my testing.
You really need to pay attention when Trend Micro reports a suspicious or malicious program. If it’s something you downloaded from a legitimate source, you can probably let it run unhindered.
I’m not a fan of this kind of heavy-handed behavioral detection, and I’m definitely not a fan of calling legitimate programs malware. Norton has the right idea, with its SONAR analysis that accounts for all of a process’s activities. Kaspersky Anti-Virus (2014) does something similar by keeping suspicious programs from accessing sensitive areas.
Excellent Phishing Detection
Phishing websites imitate bank sites or other high-importance sites and try to trick users into entering their username and password. A phishing scammer may blast the fraudulent URL to millions of potential dupes via email or social networking. The scheme only needs a few hapless dupes to make money, and once those few have fallen for the trick, the scammer closes up shop and re-opens with a new fake URL.
That being the case, it’s super-important for an antiphishing tool to catch even the very newest frauds. A tool that simply waits for URLs to appear on a blacklist will always be behind the times. I’m happy to say that Trend Micro is clearly on top of the game. During a number of testing periods its detection rate closely matched that of consistent phishing champ Norton, sometimes a percent above, sometimes a percent below.
I stopped once I accumulated over 100 verified fraudsters, and at that point Trend was one percent behind Norton. That definitely puts it in the winners’ circle, as only a handful of products have scored higher than Norton. To learn more about my methods for locating brand-new phishing URLs and scoring this test, see How We Test Antiphishing.
Trend Micro Titanium Antivirus+ 2014 antiphishing chart
Accurate Spam Filtering
One way phishing scammers reach their victims is by broadcasting spam messages. Other spam messages may carry links to malware, or they may just gunk up your Inbox. If your email account doesn’t already get filtered at the server level, Trend Micro can help ditch the spam.
A handy anti-spam toolbar will integrate with Microsoft Outlook, Outlook Express, or Windows Live Mail. The toolbar gives quick access to settings. A whitelist lets you define known good addresses that will never be blocked; addresses on the blacklist will always be blocked. For testing purposes I left these lists empty and left all settings at their default values.
With Trend Micro scanning incoming messages for spam, downloading a thousand messages took about 40 percent longer than with no antispam. That’s nothing you’d notice in normal usage. It only comes up because I’m often downloading multiple thousands of messages for testing.
After downloading all the messages from a real-world spam-infested email account, I deleted all those over 30 days old. The spam filter missed less than six percent of undeniable spam, which is pretty good. It did flag 1.5 percent of valid personal mail as spam; using the whitelist could reduce or eliminate that problem.
Kaspersky Internet Security (2014) didn’t misfile any valid mail and missed just 2.5 percent of spam, the best among current products that aren’t antispam-only. Note, though, that Kaspersky is a full-scale suite. Trend Micro’s “stand-alone” antivirus is in good company! For an explanation of how I evaluate antispam accuracy, please read How We Test Antispam.
Trend Micro Titanium Antivirus+ 2014 antispam chart
Modern Windows versions include a built-in firewall that’s quite effective. For example, it puts all the computers ports in stealth mode, so an outside attacker can’t see them, much less open them to traffic. Rather than attempt to replace this insider tool, Trend Micro works to enhance it with a component they call Firewall Booster. Firewall Booster offers additional network vulnerability detection as well as protection against botnets and various network-based attacks.
The Firewall Booster will display a warning if you connect to a potentially unsafe wireless network. I couldn’t see this feature in action, as my test systems are all physical or virtual machines with a wired connection.
I did see this component’s protection in action when I attacked the test system using exploits generated by the Core IMPACT penetration tool. None of the exploits penetrated system security, and Trend Micro’s Web-side protection actively blocked just under half of them. For a handful of others, it wiped out the executable payload dropped by the exploit. One way or another, Trend Micro blocked 56 percent of the exploits.
That’s good, but Norton AntiVirus blocked every single exploit at the network level, so no files ever reached the test system. In addition, it identified almost 20 percent of the exploits by name.
The Firewall Booster doesn’t attempt to manage which programs can access the Internet, so I didn’t bother with any tests related to program control. I did try to disable the product’s protection using techniques available to malware coders; it resisted all my attempts.
Boosting the existing Windows Firewall is an interesting approach, and you’ll never get any confusing popup queries asking you to make important security decisions based on warnings you don’t understand.
A Definite Plus
While Micro Titanium Antivirus+ 2014 didn’t excel in my hands-on malware cleanup test, it beat most of the competition in malware blocking. It really is antivirus-plus, offering accurate antiphishing and antispam as well as a firewall booster that blocked many exploit attacks.
On the other hand, its overbearing behavioral protection lumped legitimate programs in with malware. Norton AntiVirus (2014) didn’t do that, and it includes even better exploit protection. Webroot SecureAnywhere Antivirus 2013 uses real-time analysis of process behavior and other traits as its primary means of identifying malware, and it outscored most of the competition.
Norton, Webroot, and Bitdefender Antivirus Plus (2014) are our Editors’ Choice products for full-scale antivirus protection. However, if you prefer Trend Micro you’ll get good antivirus protection and some unusual bonus goodies.
|Type||Business, Enterprise, Professional|
Copyright © 2012 Ziff Davis, Inc