A security suite can’t do any good in this world unless people actually install and use it, so a pleasant appearance is important. With yet another major change in user interface, TrustPort is clearly still seeking the sweet spot. The main window of TrustPort Internet Security 2014 ($43.95 per year direct; $59.95 for three licenses) is still dominated by big buttons that turn security components on and off, but they now have a Windows 8 tablet-style look. Based on my testing, the effort put into this makeover would have been better spent tuning up protection under the hood.
TrustPort does include all of the expected suite components, and adds a couple of unusual bonus features with the intriguing names “Portunes” and “Skytale.” While the bonus features run as separate processes, they’re installed along with the main suite. That’s certainly easier than Trend Micro Titanium Maximum Security 2014, which has numerous bonus features that each require separate installation.
Antivirus protection in this suite is exactly the same as what you get in TrustPort Antivirus 2014, with Web-based antivirus scanning added. Do read my review of the standalone antivirus for full details.
TrustPort and McAfee Internet Security 2014 both detected 92 percent of malware samples in my local malware blocking test. McAfee completely prevented installation of everything it detected, earning 9.2 points. TrustPort’s score of 8.7 points reflects the fact that a few of the samples it detected managed to place executable files on the test system.
To supplement my local malware blocking test, I’ve begun challenging antivirus programs to block malware downloads from recently-reported malicious URLs. Thanks to MRG-Effitas I have access to a feed of the very latest, so I’m always testing with URLs that are no more than a day old.
TrustPort’s standalone antivirus doesn’t check for malicious URLs at all, but it did manage to block 21 percent of the hundred-odd URLs I threw at it. That’s the lowest score of the seven products tested thus far; with 79 percent blocking avast! Internet Security 2014 has the highest score.
As it turns out, TrustPort’s ability to block malicious URLs didn’t help it all that much. It blocked just 27 percent of the malware downloads, all but two of them at the URL level, putting it just above last place. For full details about my malware blocking test, please see How We Test Malware Blocking.
TrustPort Internet Security 2014 malware blocking chart
Antivirus protection also includes a behavior-based application inspector. In testing, I found that it blocked more valid programs than malicious ones.
Minimal Lab Results
I’m relying more these days on test results from independent labs. I especially look for good scores in testing by AV-Test, AV-Comparatives, and Dennis Technology Labs. These labs in particular perform tests that closely emulate real-world user experience.
Alas, TrustPort doesn’t participate with any of those three. West Coast Labs does certify TrustPort’s technology for virus detection and disinfection. Of the last twelve tests by Virus Bulletin, TrustPort entered ten and received VB100 certification in eight. That’s not enough data for me to synthesize a lab results score. I wish more vendors would participate with labs performing dynamic, real-world testing.
The chart below summarizes recent lab results. For details on how I boil down multiple tests into the various categories, see How We Interpret Antivirus Lab Tests.
TrustPort Internet Security 2014 lab tests chart
Dreadful Phishing Detection
The same Web Browsing Protection component that blocks access to harmful URLs also serves to steer users away from fraudulent websites. TrustPort’s performance in my antiphishing test was truly dismal. Its detection rate lagged a full 84 percentage points behind that of Norton Internet Security (2014). Only two recent products, both free, have scored lower.
This weak phishing protection isn’t a big surprise; the previous edition came in 81 percentage points below Norton. Your browser will do a better job detecting frauds. To learn more about my technique for collecting the freshest phishing sites and scoring this test, see How We Test Antiphishing.
TrustPort Internet Security 2014 antiphishing chart
Barely Functional Spam Filter
TrustPort’s spam filter integrates with Microsoft’s email clients, Thunderbird, and The Bat!, marking spam messages with “*** SPAM ***” in the header. You can still use it with other email clients; you’ll just have to define a message rule to throw out the spam.
The spam filter spent noticeably slowed the process of downloading email. The time needed to download 1,000 messages with TrustPort watching was about 2.5 times as long as with no spam filter. However, that extra time didn’t translate into extra accuracy. Almost 88 percent of undeniable spam messages slipped past the filter and landed in the Inbox.
Worse, the filter discarded 6.7 percent of valid personal messages and 14.1 percent of valid bulk messages, for an aggregate overall score of 2.2 percent. The only product that’s scored lower on this test was V3 Secure Cloud, which blocked nothing at all, spam or otherwise.
If you’d like to know more about where my antispam accuracy scores come from, do please read How We Test Antispam.
TrustPort Internet Security 2014 antispam chart
Ineffective Parental Control
Parental control in this suite is both limited and ineffective. If you simply turn it on by clicking its button, it will block sites categorized as Violence, Porn, Warez, Hacking, and Spyware, for all users. By digging into Advanced Configuration you can add blocking for six other categories to the default profile.
If you want a different configuration for different users, you’ll have to add each user account to the list of profiles. Just about every parental control program I’ve seen simply presents a list of accounts. TrustPort instead brings up the Windows “Select Users” dialog. You can simply type a full account name here, but the prompt “Enter the object name to select” doesn’t make that fact clear. Clicking Advanced gets you another dialog that will list users, but at the expense of more confusion.
With parental control enabled, I tried surfing for likely porn websites. TrustPort does filter below the browser level, so it works in any browser. However, I found quite a few undeniably inappropriate sites that it failed to block. This filter is definitely porous.
TrustPort didn’t cave in to the simple three-word network command that disabled parental control in Ad-Aware Total Security 11 and BullGuard Internet Security (2014). However, it won’t filter HTTPS sites, and apparently doesn’t attempt to filter out anonymizing proxy sites. I had no trouble evading the content filter using an anonymizing proxy.
That’s the full extent of TrustPort’s parental control. It doesn’t offer advanced features like parental notification or remote management. It doesn’t even offer standard features like time-scheduling and logging of violations. Don’t rely on this product to keep your kids away from the seamy side of the Web.
The firewall component successfully fended off my port-scan tests and other Web-based tests. With all ports stealthed, the test PC became invisible to outside attackers. Note that passing this test is just a baseline, as Windows Firewall alone can do the same.
Early personal firewalls were famous (or infamous) for bombarding the user with confusing popup queries. Should this program be allowed to connect with the Internet? Will you allow that program to receive an incoming connection? Security vendors take different approaches to minimize popups. ESET Smart Security 7, for example, simply leaves this feature turned off by default, blocking only unsolicited inbound connections.
TrustPort’s firewall relies on digital signatures to limit popups. By default it will allow all connections for digitally signed programs when connected to a trusted network. For unsigned programs it defaults to asking for your decision; if you turn that feature off it will always block unsigned programs. You can set it to always trust signed programs, or to treat them the same as unsigned programs.
For some of my firewall testing, I use a non-virtual PC that effectively connects directly to the Internet. Naturally I mark this connection as untrusted. On that PC I suffered an amazing number of firewall popups as each network-aware Windows component tried to launch. Browsers, email clients, they all needed my permission to launch. I worry that this behavior might prompt users to mark unsafe networks as trusted, just to get rid of the popups.
I much prefer a firewall that handles these decisions internally. Norton, for one, doesn’t ask the (probably uninformed) user to make security decisions. Kaspersky Internet Security (2014) is another example.
Of course, the firewall can’t manage a connection that it doesn’t detect. Leak test programs aim to connect without detection. Of the dozen leak tests I tried, TrustPort blocked exactly one. I do turn off real-time antivirus protection for this test, since I’m looking specifically at the firewall. When I turned it back on and tried again, the application inspector component did manage to detect and block three of the leak test utilities.
I also attacked the test system using exploits generated by the Core IMPACT penetration-testing tool. TrustPort’s Web Browsing Protection fended off a little over 40 percent of the thirty-odd exploits I used, identifying a few using their precise names. BullGuard and avast! detected about three-quarters, and Norton detected and blocked every single one.
I experimented with directly attacking the firewall, to see if a malicious program could disable it. I couldn’t terminate its processes, or disable it using Registry settings, but I had no trouble setting the startup type of all its processes to “disabled.” At the next reboot, the suite’s protection was crippled.
This firewall is just so-so. It blocks attack from outside, but doesn’t handle exploits or apps that evade program control. And if a crooked coder managed to get a malicious app past the antivirus component, it could disable firewall protection.
Sensitive Data Protection
Named for the Roman god of keys, doors, and livestock, TrustPort Portunes stores a wide variety of sensitive information. You can record details of credit cards, bank accounts, and shopping sites, for example. Among other data types are addresses, contact info, even the make, model, and VIN for any cars you may own.
Portunes will also store website passwords, but it is by no means an actual password manager. It won’t capture credentials in your browser, and won’t fill login dialogs for you. Its data is strictly static.
If you have a DropBox account, you can use it to sync your Portunes data between multiple devices. Note, though, that DropBox isn’t exactly famous for security. A DropBox breach last year revealed users’ email addresses, though the company said the actual stored data was safe. And I don’t see how Portunes can take part in DropBox’s new two-factor authentication scheme.
Perhaps more useful is TrustPort Skytale (rhymes with Italy), a simple encryption tool. The name comes from a secret-message system used by the Greeks and Spartans. The sender wraps a strip of parchment around a cylinder and writes a message on it lengthwise. The recipient wraps the strip around an identical cylinder to decrypt it.
The TrustPort version is almost as simple. Just type or copy/paste your message into the app and click encrypt. You can send the encrypted messages as email, or copy it to the clipboard to paste anywhere. The recipient simply pastes the message into Skytale and enters the password for decryption. Of course, this only works if the recipient is also a TrustPort user.
Tiny Performance Hit
The one area in which TrustPort shines is performance. The only suite with a smaller impact in my performance tests is Webroot SecureAnywhere Internet Security Plus (2014). (I’m not counting Astaro Security Gateway Version 8 Home Edition because it runs on a separate gateway computer and hence has no local impact).
I check for signs of overactive on-access file scanning using a script that moves and copies many huge files between drives. An antivirus that checks every file on every access might slow this script, and indeed, on average current suites slow this test by 18 percent. With TrustPort, I couldn’t measure any slowdown at all. The same was true of another script that zips and unzips that same collection repeatedly. The suite average is 14 percent; TrustPort displayed zero impact.
Loading security at startup can sometimes slow the boot process. To measure boot time, I use a script that subtracts the start of the boot process from the time when the system is ready to use (defined as ten seconds in a row with CPU usage under five percent). Averaging 100 runs with no suite and 100 runs with TrustPort installed, I found the boot time slowed by just 9 percent. The suite average is nearly three times that.
Very few security suites have an impact on performance that you’d actually notice. Even so, TrustPort’s performance in this test is most impressive. For more details on my testing scripts, see How We Test Security Suites for Performance.
TrustPort Internet Security 2014 performance chart
Just a Pretty Face
Alas, TrustPort’s new interface and excellent performance score aren’t enough to offset some very weak features. It scored near the bottom in both phishing and spam detection, and its parental control system isn’t effective. Even the bonus features have limitations. Skytale encryption is only useful if the recipient also uses TrustPort, and Portunes’s saved passwords are strictly static.
Most other suites would make a better choice, but I’d suggest going with our Editors’ Choice, Norton Internet Security (2014). Yes, it costs a bit more, but you get a lot more. If you don’t need spam filtering or parental control, consider Comodo Internet Security Complete 2013, also an Editors’ Choice. It actually costs less than TrustPort.
Copyright © 2012 Ziff Davis, Inc