Home What is a Trojan Horse? How we reviewed anti-trojans About us |
||
|
Since the time I created this site the problem of malware infection has both escalated and changed in character. At the same time anti-virus products have become much better at detecting trojans. As a result of these developments I no longer recommend for most users the routine use of a separate anti-trojan program such as those listed below. I've left these now dated reviews on this site for reference purposes only. Indeed those faced with removing an existing trojan infection will find the trojan removal capabilities of some of these products useful, particularly the free version of Ewido (now known as AVG anti-spyware). For my latest security recommendations check out the editorial column in the most recent issues of my newsletter - Gizmo, May 2007. Ewido Security Suite is a relative newcomer to the anti-trojan field but has quickly established a reputation in the computer security community as a hot product. Part of this reputation is based on its technically advanced design and part on it's effectiveness. It is a reputation that is for the most part well deserved. Ewido Networks was founded in 2002 in Germany by Andreas Rudyk, Tobias Graf and Peter Klapprodt. With the success of Ewido they have now grown to a team of 11 members. USA customers should not in any way be put off by the German origin. Some of the best computer security products in the world come out of Europe. Besides, the Ewido Suite is offered as an English language product with 70% of its customers in the United States. Like aČ, Ewido is available in two versions, a free version and a $29.95 Plus version. The latter includes a real-time monitor, memory scanning of processes, the ability to scan inside archives and some generic browser hijacker protection. This is the version that we reviewed. Design Although Ewido follows the traditional file scanner plus real-time monitor approach used by most other anti-trojans there's much to like about the way the product has been executed. First up we were impressed the fact that the real-time monitor operates as a kernel driver. That means that it's well protected from the increasing number of hostile trojans that routinely pull down any running anti-trojan monitors. If a trojan does manage to damage on of Ewido's components then Ewido will attempt to fix the problem by automatically downloading new versions of the corrupted modules. A very nice feature! Secondly Ewido unpacks compressed executables and scans them in a protected virtual environment. This allows it to detect trojans whose signatures would otherwise be hidden by the encoding. It also gives Ewido a chance to detect polymorphic trojans. Ewido also scans files inside conventional archives though unfortunately the documentation does not state what archive file types are supported. Finally Ewido detects trojans that attempt to hide by attaching themselves to other programs, so called binded executables. These features put Ewido into a small elite group of technically advanced anti-trojans. For a new product it is an impressive effort. However most of these advanced features are missing from the free version. The free version has value as an on-demand scanner but If you are interested in comprehensive protection then you will need the Ewido Plus version. Usage Installation is relatively straight-forward, the only odd feature being that the installed product does not include any signature database. That must be downloaded by initiating an update after installation. Thankfully the signature file is small at about 1MB, amazingly small when you take into account the claimed 50,000+ signatures in the database All Ewido's functions including scanning, background monitor settings and analysis tools are available from the Security Suite main screen. The scanner control panel offers control over what disks, folders and files are to be scanned and includes options whether the scan is to include packed files and search for binded executables. The default for these latter options is "on" and they should be left that way. Scans can be initiated through the control panel or via a right click option from Windows Explorer. Compared to product's like TDS-3 and Trojan Hunter, there aren't a lot scanner options. That's pity from two points of view: first it limits the use's control over what is being scanned and secondly it obscures what is being scanned. We'd like to see more options offered in future versions. The background monitor can be set to monitor files, provide browser hijack protection and initiate automatic updates. The first two functions are not available in the free version. The automatic update function worked well. We can also confirm that Ewido does issue updates daily - an impressive performance for a small company. Three analytical tools are included; a utility that lists programs that start automatically with Windows, a list of running processes and a list of current internet connections. These are all useful but as with most of the other products tested in this review, nothing special. Indeed more powerful utilities that perform similar functions are readily available for free. I'd rate Ewido as relatively easy to setup provide you are an reasonably experienced PC user. Beginners and non-technical users however may find themselves at times not knowing what to do. This is made worse by the absence of any kind of in-built help file. The usability for average users would be greatly improved if a setup Wizard was included in the installation routine. Performance Ewido took just under two minutes to scan a test directory of around 6000 files, about the same as Trojan Hunter. This was somewhat faster than average for the products in this review, though by no means the fastest. The monitor takes more than 7.5MB of memory, the largest of any monitor tested. It's size actually increases considerably over time - suggesting some kind of hash table is being stored in memory or there is a memory leakage problem.
It not only takes a lot of memory it eats up a lot of CPU cycles. You can see from the graph above that the Ewido monitor consumes few resources while the system is idling but becomes very active when you open a new program. (the hump in the graph is when the program was loaded) As you would expect, this additional CPU load slows down the time it takes a program to load. With our test PC, a 3.2GH P4, it was noticeable as a slight sluggishness. It was nothing major, just a little less snappy. However on slower PCs this could be a serious issue. The kernel level monitor is very well protected from attack by hostile trojans. We tried all nine techniques available from the DCS Advanced Process Termination utility and none worked. Even if you shut down the monitor from within the Ewido control panel, a reboot is required to actually remove the monitor. The Ewido file scanner detected four infected products in our trojan test set and the monitor detected an additional four. With a total of 8 detections Ewido came in third in this set of reviews and was only marginally bettered by TDS-3 (9) and Trojan Hunter (9). For a new product, this is an impressive performance. Other Reviews Because Ewido is new product there are few reviews around. Here's a user opinion but we were unable to locate any other independent reviews of the product. Support The only support offered for Ewido is a web based form system. There is no FAQ, no knowledge base, no forum, not even a help file in the product itself. A saving grace is the web form system can be accessed directly from the Ewido Security Suite control panel. Furthermore Ewido are very responsive to Support requests. We anonymously tried out the web support system with three separate requests for assistance. All three of the requests were responded to within 24 hours, an impressive performance. Summary Ewido is the most impressive new anti-trojan we've seen. It offers advanced design with excellent detection. On the downside the real-time monitor is large and hungry and may well slow down older PCs. Additionally, the product's help functions needs enhancing That said Ewido is a top product that has the potential to be the class leader. Stop Press: Since completing this review,
version 3 of Ewido has been released. This features a new monitor which Ewido
claim uses " Version tested: Ewido Security Suite V2. Current Version V3 (see Stop Press above) Price: $29.95 Download: Click here for 14 day trial version Buy: Click here for purchase details Trojans in database: 58962 "threats" (August 2004) Website: http://www.ewido.net Signature File Update frequency: At least daily, sometimes several times daily
Advertisements: The Best Backup Software: 18 backup programs reviewed and rated but only one get "Editor's Choice" Inkjet Printer cartridges: The best places to buy cheap inkjet cartridges. We looked at 47 seven sites but could only recommend eleven.
|
