While the Mac community likes to paint the Windows world as an unsafe haven for spyware, spam, and other electronic attacks, the reality is that Windows users have to do very little to protect themselves. The problem, of course, is that some Windows users do absolutely nothing about security, either from a technical standpoint or by exercising some simple common sense: Seriously, do you really think it's wise to open an email attachment from a person you've never even heard of?
Security vendors have milked a decade of bad press, real and imagined security vulnerabilities, and Microsoft's all-too-conscious decision to only include baseline security tools in Windows to create a booming market. Security suites from companies like McAfee and Symantec are innovative only in that they've invented a way for these companies to charge customers year after year for the same services, many of which the typical PC user never needs or even uses. On the flipside, many new PCs come with time-limited security suites that bomb out after a short time, leaving PCs unprotected. Surely, we can do better at this.
The first place we might look to is, naturally, Microsoft. And in some ways, the company has really raised the bar with Windows Vista (see my review). This new OS is dramatically more secure than its predecessors, with a wealth of low-level security features as well as end-user oriented security tools, like User Account Control (UAC), Windows Firewall, Windows Defender, and the like. The real question, of course, is whether Vista even needs a security suite. With these built-in utilities, a wide range of low-level security technologies, and a free anti-virus solution like AVG Anti-Virus Free, which I use and recommend, it seems like Vista has all it needs.
This, of course, hasn't stopped security vendors from trying. Indeed, even Microsoft is getting into the act: In 2006, the company shipped Windows LiveOne Care, its first desktop PC security suite. As noted below, however, Microsoft really rethought what a security suite could be, and traditional security vendors followed suit, announcing products that were surprisingly OneCare-like. That is, they are less resource-intensive than traditional security suites, removing what is my primary complaint about these beasts. They also do more than just provide security. OneCare, for example, also includes an excellent backup tool and features that help keep your PC running at maximum performance, eliminating the all-to-real situation where Windows installs seem to degrade, from a performance perspective, over time. They are also licensed for numerous PCs, making them more relevant to customers with a household of machines.
But again. The question remains: Do we even these things? Are even these Nouveau security suites more than the typical Vista users requires? Are you paying for services you'll never use? To help arrive at an answer, I've examined two of these next generation security suites, OneCare and Norton 360, Symantec's OneCare rip-off. Let's take a look.
How could such a great idea be implemented so poorly? When Microsoft released its initial version of Windows Live OneCare (see my review) back in early 2006, I lauded the company for providing a resource-friendly security and PC health suite that thought outside the box and offered a compelling set of services, a sort of "Web services-based IT administrator for home users," if you will. Indeed, aside from some silly and incessant pop-up dialogs and a curious lack of anti-spam functionality, I thought OneCare was pretty darned good. Compared to the security suites of the day, of course.
I was pretty much alone in that opinion. Security researchers in particular have ripped OneCare to shreds over the past year, complaining that it falls short of the competition when it comes to detecting and removing known malware. That said, those competitors were also busy working on OneCare rip-offs, the most obvious of which is Norton 360, reviewed below. Credit Microsoft for at least creating a new kind of security suite: Companies like Symantec, with Norton 360, and McAfee are still busy tweaking their own products to be more OneCare-like.
In the months since the original release of OneCare, Microsoft has shipped a few updates to the product, one of which was a major release. OneCare 1.5 shipped around the same time as Windows Vista, adding compatibility with Microsoft's latest operating system and a more integrated experience with Microsoft's anti-spyware tool, Windows Defender. And last week, Microsoft shipped OneCare 1.6 (Figure), which includes a number of small changes, such as the ability to disable the firewall for short periods of time. OneCare 1.6 is, however, largely like its predecessor.
Because I've been using Vista full time since late 2006, and OneCare wasn't available in Vista-compatible form until earlier this year, I found myself in an odd situation last year where I needed to at least find some kind of Vista-compatible anti-virus solution so I could keep my day-to-day systems secure. I eventually settled on the aforementioned AVG Anti-Virus Free product, a lightweight and secure AV solution that's proven amazingly successful. So successful, in fact, that when OneCare 1.5 shipped, I never even bothered to check it out on my production machines.
However, after deciding to look at Norton 360, I knew I'd have to reinstall OneCare again so I could make a fair comparison. And now, after weeks of use, I'm ready to admit that my initial OneCare review was overly positive. Yes, OneCare 1.6 is lightweight by security suite standards, but it?s a bloated pig compared to AVG. And my God, those pop-ups (Figure). OneCare generates pop-up windows almost constantly, even after you tell it to stop notifying it every time the firewall blocks or allows programs. (And yes, that should be two separate options, Microsoft: I don't care when the firewall allows a program, personally. But I do care when it blocks one.)
I'll leave arguments about OneCare's effectiveness to security labs that can accurately measure such things. In my time using the product, both last year and this month, I've had no security issues at all. And Microsoft notes that OneCare was once again awarded the VB100 award from Virus Bulletin. It's also been certified, again, by both West Coast Labs and ICSA. So take your pick: Some say it's effective, some don't.
From a usability standpoint, OneCare is solid. Aside from the annoying and seemingly never-ending parade of pop-ups, the console itself is simpler than what you'll get in Norton 360, and it works with, rather than stomps all over, the security controls built-into Vista. I actually prefer that, but others may want to replace, and not augment, what Vista has to offer. OneCare doesn't appear to impact the overall performance of the system at all, which is frankly one of the things all security suite users should consider when weighing the pros and cons of any of these solutions.
Functionally, OneCare includes anti-virus and anti-spyware functionality, as well as its own two-way firewall that replaces Vista's Windows Firewall. Often, however, OneCare simply integrates with security controls that are already in Windows: Anti-spyware is provided through Vista's Windows Defender tool, for example, and anti-phishing is provided through IE 7's built-in anti-phishing feature (so there's no phishing protection in Firefox). OneCare also automates things like disk defragmentation (which is already automated in Vista), unnecessary file removal, and backups (the last of which can be automated in premium Vista versions). OneCare can only backup to CD, DVD, USB-attached storage, and network locations. Perhaps when and if Microsoft ships a Windows Live Storage service, or whatever, they'll add an online services component to that as well.
Overall, OneCare seems a bit more lackluster to me now than it did a year ago, perhaps because much of what it does is redundant in Vista. The pop-up situation is untenable, and I just don't see a huge advantage to this suite over free options like AVG combined with what you get in Vista. Yes, OneCare does a lot more than just a AV solution. But I find myself not needing the extra functionality, often because Vista does so much of it so well already.
Symantec's Norton Security suites have gotten so bloated over the years that the very thought of one of those products running on my PCs is enough to get me incensed. The first thing I do every time I purchase a new PC is uninstall all the Norton software that's inevitably preinstalled, from the already-out-of-date and time-limited security suite itself to the redundant Live Update baloney that sits, virus-like, in my Program Files folder. I've had such bad luck with Norton that it's just become synonymous with bloatware in my book.
Well, color me impressed: Norton 360 is like a public apology, a blatant rip-off of OneCare that brings Symantec's vaunted security tools into a much more lightweight and digestible package, while adding the kinds of useful non-security tools that most consumers will appreciate. It's like a bright orange version of OneCare (Figure).
As would any self-respecting security suite, Norton 360 includes anti-virus, anti-spyware, and anti-phishing features. (Unlike OneCare, it even includes optional anti-spam, though you have to install that separately with the Norton Add-on Pack; this also includes ad-blocking and parental control functionality.) It includes a two-way firewall that replaces Vista's Windows Firewall, and a simple new security console that replaces Vista's Security Center.
Like OneCare, Norton 360 features PC performance utilities and a backup utility. Norton 360 one-ups OneCare with 2 GB of secure online storage, which isn't much, frankly, but you can upgrade to more space. I had a lot of problems with Norton's backup utility when used with the online storage space, however.
And like OneCare, Norton 360 can be annoying. The little orange Norton tray icon seemed to have a red "X" in it more than I'd like, requiring my attention. More often than not, an online backup didn't complete, and wouldn't complete, and I never found out why. Norton's phishing filter, however, takes the cake: It adds a garish colored toolbar to Internet Explorer only (no Firefox support, sorry), noting in bright green that "Fraud monitoring is on" or "No fraud is detected" (Figure). Spare me.
Ultimately, Norton 360 seemed pretty decent: It never bogged down my system as do the bigger Norton suites, and it's reasonably non-intrusive, at least once you turn off that browser doo-hickey. The Norton Add-on Pack stuff should just be included in the base install, though I'm guessing that Symantec left it out to lessen the download impact. How about making it more obvious then?
While neither one of these security suites is as resource intensive and unfriendly as their bloated predecessors, I'm not particularly excited about either one of them. Windows Live OneCare, in particular, is among the most annoying software I've ever installed on my PC, and until Microsoft changes its appalling need to display a pop-up balloon window every time the wind blows, I cannot recommend this software to anyone. Norton, meanwhile, is slightly better, especially after you turn off the ridiculous browser protection stuff, and appears to offer a reasonable mix of functionality.
Indeed, the big benefit of each of these suites is that they do much more than toughen Vista's security controls. Both products provide tools that can backup files to CDs, DVDs, USB-attached storage, network locations, and, in the case of Norton, a limited online service. Both provide automated front-ends to Vista's built-in PC performance tools, helping your PC be all it can be.
These features are useful, yes. But neither of these suites seems particularly necessary on Windows Vista. Certainly, you should protect your PC, and at the very least, Vista needs a good anti-virus solution. For me, AVG is that solution, and I'll be returning to the quiet, secure world of AVG as soon as this review is posted.
Ultimately, I don't recommend either Norton 360 or OneCare unless you're worried that you could succumb to a carefully crafted Phishing attack or find the non-security features in either suite compelling. On that note, you've got a tough choice: OneCare is dramatically less expensive ($49.95 a year, but can be had at retail for as little as $15 if you look around and can find it on sale) than is Norton 360 ($69.99 for the electronic version), but is much more annoying overall. They say you get what you pay for. But I find it best, in this case, not to pay for anything at all.