The additional features that distinguish TrustPort Total Protection 2014 ($55.95 per year direct; $71.95 for three licenses) from TrustPort’s entry-level security suite aren’t immediately visible. You won’t notice them at all until you pull down the Tools menu or open the advanced configuration dialog. When you do, you’ll discover two kinds of encryption to keep your files safe, a secure deletion utility, and an expert-level device access control system.
This mega-suite not only looks almost identical to TrustPort Internet Security 2014, it also includes all of the same security features. That being the case I’ll refer you to my earlier review for full details and just summarize here.
In my hands-on local malware blocking test, TrustPort detected 92 percent of the samples and scored 8.7 points. Most products tested with this same malware collection scored higher. In my real-world malicious URL blocking test it prevented 28 percent of the malware downloads. The only product to score lower was TrustPort Antivirus 2014. With no URL blocking, the antivirus managed to detect and quarantine 21 percent of the threats after download. Top score in the malicious URL test so far, 79 percent, goes to avast! Premier 2014.
To learn more about the way I run these malware blocking tests, see How We Test Malware Blocking.
TrustPort Total Protection 2014 malware blocking chart
Normally I would look to the independent testing labs for more information, but TrustPort barely participates in testing. TrustPort did receive certification from West Coast Labs, both for virus detection and removal. Of the last 12 tests by Virus Bulletin, TrustPort entered ten and passed eight. I can’t synthesize a lab results score from so little data. The chart below does summarize recent results for current products. To learn where the stars come from, please read How We Interpret Antivirus Lab Tests.
TrustPort Total Protection 2014 lab tests chart
Antispam, Antiphishing, Parental Control, All Bad
TrustPort didn’t show much spunk in my malicious URL detection test, but it was even worse at detection fraudulent (phishing) websites. Its detection rate lagged 84 percentage points behind that of Norton 360 (2014). That’s among the very lowest scores for this test. For details on how I test phishing protection, see How We Test Antiphishing.
TrustPort Total Protection 2014 antiphishing chart
The spam filter was likewise ineffective. Despite slowing the email download process by about 2.5 times, it let almost 88 percent of undeniable spam messages into the Inbox. It also discarded appreciable numbers of valid personal messages and valid bulk messages. This, too, is among the very lowest scores I’ve recorded. To learn where these numbers come from, see How We Test Antispam.
TrustPort Total Protection 2014 antispam chart
As for parental control, it starts with an awkward system for selecting user accounts. It’s browser-independent, but its blocking of porn sites was quite sketchy compared to most. It can’t prevent a smart teen from evading control using a secure anonymizing proxy, and it doesn’t even log violations. Just turn it off.
TrustPort’s firewall relies on digital signatures to cut down the number of annoying popup queries. When you’re connected to a trusted network, it automatically configures network permissions for any signed program. Note, though, that if you admit that you’re on a public network it defaults to asking you what to do every time a new program attempts network access. After a Windows Update on a non-trusted network, I got bombarded with popups.
The best firewalls handle these security decisions internally. They’re better equipped to get it right than the average user. Norton, avast!, and Kaspersky PURE 3.0 Total Security are among those that take care of their own decisions.
With help from the antivirus component, the firewall identified and blocked a bit over 40 percent of the exploits I used in a penetration test. BullGuard Premium Protection (2014) and avast! caught about three quarters; Norton got ‘em all.
Worse, a malicious programmer could write code that would totally disable TrustPort’s protection by preventing its services from launching at startup. This isn’t a top-notch firewall.
TrustPort includes a couple of unusual tools with unusual names. Portunes, named for the Roman god of doors, keys, and livestock, securely stores a wide variety of sensitive personal information. It does store passwords, but it is by no means a password manager. And the only way to sync your details between multiple devices is to use DropBox.
Skytale (rhymes with Italy) offers very simple encryption for secure message sharing. The encrypted message uses plain text, no weird characters, so you can send it by email, post it on a forum, or do just about anything you’d do with a non-encrypted message. Of course, the recipient must also be a TrustPort user.
Virtual Encrypted Disks
Now we get to the features that you don’t find in the entry-level suite. When you click the Tools button in the main window, the resulting menu has a lot of new entries. Click “Create New Encrypted Drive” to start the process of making a secure home for your sensitive files.
When not mounted, the encrypted drive is just a file, and the first thing you’ll do is specify the name and location for that file. By default it gets a boring name like “image001.” You may want to change that, as it will become the name of the virtual drive. You also specify a maximum size and choose between two encryption methods. Most users don’t have the knowledge to make that choice; just go with the default.
In addition to the password you choose, TrustPort uses random data based on mouse movements in the encryption process. When you’re done, TrustPort mounts the file as a virtual drive, using the first available letter. (You can optionally configure the virtual drive to always use a particular drive letter.) Open My Computer and you’ll see it listed as a removable disk.
From the tools menu, you can choose to unmount any virtual disk or unmount them all. This completely hides their contents; the drive is effectively gone. Note that just as with a physical removal drive you must be sure to save and close any files before unmounting. It’s really quite simple.
Of course, it doesn’t do much good to copy a sensitive file into the encrypted drive while leaving the original unprotected. Even if you delete the original, a forensic expert could very likely recreate it, because deleting a file simply marks the disk space it was using as available.
For double-barreled security, you should copy that sensitive file into encrypted storage and then use TrustPort’s secure deletion shredder on the original. Just right-click any file or folder and choose TrustPort DataShredder. After you confirm that you want the file(s) gone for good, it gets to work, overwriting the data area with different bit patterns before final deletion.
By default, TrustPort uses a proprietary three-pass shredding algorithm. You can dig into advanced configuration to select many other choices, from a one-pass quick wipe to 35 passes using the Gutmann algorithm. Of course, the more passes, the longer it takes.
This is a nice feature, but not quite as advanced as what you get in avast! or Ad-Aware Total Security 11. Both of these suites can also securely delete all free space on disk, effectively shredding all files that were already deleted, or completely wipe a drive.
TrustPort offers a feature called Panic Shredding that seems ready-made for illegal activities. If you have files or folders that might need to be destroyed PDQ, you list them in the Panic Shredding configuration page. You can define a hotkey to initiate the process, and you can choose whether or not to require confirmation. If you’re lucky, those files will be obliterated before the police can break down your door.
For a quick cleanup of your computer and browser traces, choose Wipe Now from the Tools menu. This applies your selected shredding algorithm to temporary files, browser cache, the recycle bin, Internet history, and more. Note that until you click “Yes to All” you’ll have to confirm wiping every file.
Proprietary Encrypted Archives
Just about everyone uses the ZIP format to archive, compress, and optionally encrypt files. The components of Android APK files are packed together using the ZIP algorithm. Even modern Word and Excel documents use it. Marching to a different drummer, TrustPort creates encrypted archives using its in-house CAR format.
A right-click menu option lets you quickly encrypt any file or folder using the password of your choice. You can check a box to move the data into the archive, meaning the original will be deleted. More importantly, you can opt to create a self-extracting executable file. Unless you do that, you won’t be able to share the archive with anyone who’s not a TrustPort user.
Advanced Access Controls
Enterprises and large businesses often implement access control systems to prevent employees from compromising security. These systems can, for example, disallow mounting any removable drive that hasn’t been pre-approved, or block use of optical drives. TrustPort brings that functionality to the average consumer. Well, perhaps to the expert consumer.
To enable and configure access control, you must use the advanced configuration dialog. One part of this component is what’s called volume security—controlling which users can access which folders. You start by adding existing users to the profile list, just as with parental control. Then you specify each user’s access to specific folders: full access, read-only, or no access.
I found, though, that you have to choose your folders carefully. The system wouldn’t let me protect My Documents because doing so may “lead to instability.” The same held true for any folders on the desktop. In the end, I created brand new folders, outside of the standard Windows data folders, and enabled access controls for those.
Device security lets you block the use of a dozen device types, among them removable devices, smart card readers, and tape drives. If you choose Block, the device simply won’t be allowed to connect. There’s also an option to ask the user. This only makes sense if you’ve protected the settings with a password, of course.
You can block specific technologies as well: USB, Firewire, serial bus, Bluetooth, and Infrared. And you can list specific devices that should be allowed or blocked regardless of other rules. The most likely scenario here is that you block USB devices in general but allow specific ones that you’ve vetted for safety. No more USB-in-the-parking-lot attacks!
A smart IT person in a small business would likely find this feature truly useful. The average consumer, not so much.
Tiny Performance Impact
One thing’s for sure, TrustPort doesn’t drag down your system performance (except for email downloading mentioned earlier). In my hands-on tests, its impact was less than any other product except the ridiculously lightweight Webroot SecureAnywhere Internet Security Complete (2014). For an explanation of the figures in the chart below, see How We Test Security Suites for Performance.
TrustPort Total Protection 2014 performance chart
An Improvement, But…
TrustPort Total Protection 2014 definitely adds security and privacy protection not found in the entry-level TrustPort suite. You can encrypt your files two ways, securely delete sensitive files, and (if you’ve got the skills) enable powerful access controls. However, dismal antispam, antiphishing, and parental control components still drag down the overall value of the suite.
If you’re after a mega-suite that includes powerful backup and tuneup features while remaining light on resources, consider Webroot SecureAnywhere Internet Security Complete (2014). For a suite with all the expected components, all working well, Norton 360 (2014). And Bitdefender Total Security (2014) includes just about every security component imaginable. One of these Editors’ Choice suites will do a better job for you.
Copyright © 2012 Ziff Davis, Inc