Technology Exploration Project – M591
The Price of Protection
A look into AVG's Antivirus solutions
Anti-Virus: Safeguard Your System
Nowadays, most computer users have an understanding of how dangerous the Internet can be. Many take having a quality antivirus software package that is properly updated and maintained very seriously indeed, and those who do, like to browse and download in the safe knowledge that their data is secure from the threat of a virus. Data protection and safeguarding from viruses is full of solutions, many of which in the form of anti virus software packages. But which package is the best? In fact, there are so many commercial products and packages out on the market today that choosing one to suit your needs and desires is a complicated task in itself. There's also a big issue to deal with, price. With high flying packages such as Norton Anti-virus and Symantec costing in the £100 region, is your personal data really worth the payment to protect it? This may put many everyday Internet users off such an investment. But what if adequate protection was available to me
and you in an open source package costing nothing at all? This article looks at Grisoft's answer to this problem, and two of the antivirus software packages they produce. One is a commercialised product, entitled AVG Internet Security, and the other is open source, entitled AVG Free. So what is the difference between these two products, and why would anyone pay for one, when the other is free? The answer may well depend on what the users requirements are, and more than not, their piece of mind. This article aims to show that despite the ever growing availability and popularity of a commercialised solution, the everyday user can protect their data on free software alone, and those that are paying, are simply paying for piece of mind.
Scanning for Success
To be sure you are protected; AVG works behind the scenes in a number of ways. The heart of the AVG system is the checking engine - which can be imagined as a "black box" into which requests to check objects enter and the box returns information indicating if these objects are virus-free or infected. This may equate to the image of 'scanning' where each object is scanned in the system and then flagged to determine if is infected or clean. The engine communicates with other applications inside AVG (such as email scanner for example) and then correlates the results for the user. Although the applications may differ, the framework and engine used for AVG Free and AVG Internet Security is the same. The way it scans is the same, and the way it presents the results is the same. This may all sound good, but to be successful virus scanning software, as well as sweeping all files in the system, AVG must successfully determine what is an infected file, and what isn't. Efficiency in detecting these files is guaranteed by using a combination of three different detection levels. To keep the time restraints on extensive systems as low as possible, before the check itself takes place, the file is pre-processed, which involves removing any parts unnecessary for virus analysis. Every file on the system is then scanned one by one. AVG then determines what is infected by implementing the following techniques:
Known virus detection
This is the simplest technique in which files are checked for the presence of virus identifiers (a sequence of bytes characteristic for an exact virus). Based on this kind of detection, detailed analysis is performed to identify the exact infection.
Generic detection
This is a more common method for the detection of known viruses and is used to determine new variants of known viruses. If no known virus is identified, generic detection looks for sequences within the file typical for certain viruses. Such sequences usually don't change within the virus when it is modified, even if the behavior of the new variant is different. This method is effective especially in the detection of macro-viruses and script-viruses.
Heuristic analysis
The last method for detecting viruses (where previously mentioned methods were not successful) is Heuristic analysis. Its skillfulness lies in its capacity to (in some cases) detect a virus which is not included in the internal virus database. During Heuristic Analysis, two methods are used:
-Static Heuristic analysis - looking for suspicious data constructions
-Dynamic Heuristic analysis - code emulation: this means the file is started inside the protected environment of a virtual computer inside AVG. The file is analyzed for actions typical for viruses. An example being an application which when run looks for other executable files in order to modify them.
Working in the Background
AVG's system does not end with the scan alone however. Included within both the commercial and the open source version, are three more major components. The Resident Shield is an application that works while AVG is running (but not necessarily scanning) and checks all files and file types (including floppy disk, CD content etc.) for viruses. If a new file is loaded up, AVG will check it for integrity before running it. If the check reveals a virus, the software will warn the user. The Boot-up Scanner operates at start-up, and checks the most important areas of a PC before you begin to use it. The Rescue Disk, that allows a user when installing, an option to create a disk for use should any of your key system files become infected, similar to Windows' system of last known good configuration. All crucial areas and files on a PC are backed up, and can be restored from the disk.
Sounds like comprehensive and somewhat expensive technology. However, this is the basis behind both AVG Free and AVG Internet Security, and exactly the same detection methods are used within both. In fact, the technologies are identical. All that differs is what is being searched for. This stems from AVG's ability to scan any plug ins or applications in the same way. For example, with AVG Free, you get what you may expect, an anti-virus at its most primitive level. The software searches, detects and eliminates viruses, and viruses alone. It also includes any extra applications for dealing with viruses such as the three described above. AVG Internet security however, comes with a wider range of applications, which in essence is what you pay for. These applications include an anti-spyware scanner and a firewall for example. When scanning, not only software look for viruses as a threat to the system, but it will check for inclusions of spyware and malware (usually used to send information to web servers, but are not considered a threat). However, the scan is made in exactly the same way, and if a virus that is a threat to the computer is present, both AVG Free, and AVG Internet Security will find, display, and eliminate using exactly the same method.
What you pay for and why you don't need it.
To purchase AVG Internet Security will cost you $52.95 per year. Having discovered that the technology is the same between both software packages, it is important to show what you're actually paying for. Applications is the first difference, and a complete list of what you get with each system, is compiled below:
Table comparing applications found in AVG Free and AVG Internet Security
The obvious and possibly most extensive addition is the firewall. A firewall will help a user trace what packets are going to and from their network and what external programs are requesting them. If the firewall detects something suspicious it may alert the user, who can then allow or deny the operation. Firewalls in themselves can be marketed as a whole new software package, but is included within AVG's Internet Security package. This may sound like something for nothing, but actually the firewall does not have the greatest reputation and adds to the overhead produced by the program. Although AVG is generally unobtrusive, the firewall feature can definitely spoil this, and during research behaved as if every piece of software was a threat. However, if a firewall is a necessity, it is worth noting that firewall software is included on many Windows packages other free software such as Zone alarm Free is available online.
The second major application is the anti spam. This will trace and cut out any spam that is included with emails addressed to certain accounts. Sounds useful, and indeed it is, but this feature can also be found for free elsewhere. Examples of this even include common online email providers such as Hotmail or Gmail, who all offer spam filters with varying degrees of strictness. The major worry via email may be the possibility of receiving a virus, but the email scanner that protects the user from this, is included within AVG Free as well as the commercial package.
The third extra application is the Anti-Spyware filter. This, in brief, will search for malware and spyware as well as viruses and malicious code in order to further protect the user's identity (usually from third party software that sends data back about websites visited). Although this may seem harmless in comparison to a full blown virus, spyware and malware is notorious for slowing down a computer. Again, there is no denying then that anti-spyware software is useful, but once again, it is also available for free elsewhere. In fact, Grisoft themselves offer a free anti-spyware software, 'AVG Anti-Spyware' that is free to download. Software packages such as Ad aware and Spybot are also free to download and update.
When purchasing the full Internet Security package, you receive full 24/7 customer support for any queries you may have regarding the package. Although this is not present with the free version, it is not entirely necessary. The software is somewhat self explanatory and comes with a full help guide both in the free and full versions. Questions such as this are commonly answered on the forum that is available for both software packages. It is also very easy to use and it is unlikely that even a first time user will require support on how to use the software. This leaves room for when the software goes wrong. Having tested the software fully, for over 10 days, no glitches were found in the free or the full versions, and a reinstall is all it will take for a fresh start to the software. With this in mind, it is important that a potential customer should ask; how often is support even necessary and is 24/7 support even viable?
The final addition is the 'high speed updates'. Technically speaking this allows the user of the full version to update their software quicker than that of the free software. Despite this claim, evidence to back this up was hard to come by. During various tests of updating both software, the results seemed marginal. Using a broadband connection, the difference was barely noticeable, and when considering the fact that AVG pride themselves on keeping updates as small as possible, any time saved from a quicker update seemed somewhat negligible
Testing the Software Packages
During the writing of this article, both pieces of software were tested for a period of 4 days each. Several points and notes were made on each installation, and any hard facts were recorded. A summary of the results are shown below: (Further results are available in Appendix A).
Summary of results from testing of AVG Free and AVG Internet Security
Although the results are minimal in many areas, a few key issues arisen from the research. The Quicker scan from the free software could be explained by the fact it is simply a virus scanner and not scanning for malware as well. This may also account for the smaller memory usage with the free version, but as this is a top point of discussion these days, it is worth noting in the table. The Comprehensive Wizards in the full package mean setting up is easier, but on the other hand, setting up the free package is simpler altogether and therefore may not require extensive wizards. It might be worth noting that that average user may choose to simply follow the wizards and not explore the more advanced options themselves, and hence are in fact limiting the potential of the full version.
Conclusion: Paying for piece of mind
In conclusion, complete anti-virus security can be achieved by open source software. Not only that, but the extra applications provided by AVG Internet Security can all be replicated by a series of open source applications, and very adept open source applications at that, especially AVG Free anti-virus as described in this article. If we presume that other open source applications are as capable as AVG Free is at anti-virus, it is fair to say that those who buy commercial packages are throwing their money away.
Despite all this, people do still buy the full versions of security packages. What is interesting is why? One of the reasons lies with convenience. For a mere $52.95 a year, you can boot up, log on, and sit back while your Internet Security package protects your pc from every angle imaginable. For the cheaper, and perhaps more money wise individual, the free versions, although not particularly convenient, can still offer the necessary protection, just with a few more clicks of the mouse. Surely however, if people were made more aware that complete security can be achieved and not a penny spent, they might be willing to change their ways? Apparently, this is not the case.
In a questionnaire [Appendix B] that was completed by 15 individuals from all types of backgrounds, it came to light that more people feel more comfortable with their security if they have to pay for it. Many seem reluctant to believe that security can be achieved without paying some form of price. In actual fact, they are paying for piece of mind, and indeed, liability. The reality of the results show that not only does an individual feel more confident in a commercial products ability to protect, but if, for some unforeseeable reason, the software fails, and the individual is left unprotected, they have someone to blame. Considering you've paid for a service, its only fair that you receive a service. Perhaps longer tests with a variety of viruses will help decide once and for all if free software works in the long run, but without doubt, open source provides more than an adequate service.
Stay safe, and save your money.
References
[1] C, Florin (2006) AVG 7.5 Review Retrieved November 2007, from
http://news.helpero.com/article/Avg-7-5-Review_116.html
[2] Cei, Ugo (2005) Hackers, Open Source and Business Models Retrieved November 2007, from
http://agylen.com/2005/11/05/hackers-open-source-and-business-models/
[3] Goth, Greg (2005) Open Source Business Models: Ready For Prime Time Retrieved November 2007, from
http://www.computer.org/portal/cms_docs_software/software/content/promo/promo4.pdf
[4] Grisoft (2007) AVG Free Anti-Virus Retrieved November 2007, from
http://free.grisoft.com/doc/download-free-anti-virus/us/frt/0
[5] Grisoft (2007) AVG Technology Retrieved November 2007, from
http://www.grisoft.com/doc/72/us/crp/0
[6] Grisoft (2007) AVG Internet Security Retrieved November 2007, from
http://www3.grisoft.com/doc/products-avg-internet-security-freecnv/us/t5/0?lcpd=12m
[7] Groom, Ryan (2007) AVG 7.5 Anti Virus Review Update Retrieved November 2007, from
http://bizsecurity.about.com/od/securityproductreviews/a/avg75.htm
[8] Ou, George (2006) Proof that Antivirus software makes your PC crawl Retrieved November 2007, from
http://blogs.zdnet.com/Ou/?p=327
[9] Roy, Daniel (2007) Windows Anti Spyware Programs - What Makes A Good One Retrieved November 2007, from
http://ezinearticles.com/?Windows-Anti-Spyware-Programs---What-Makes-A-Good-One&id=803212
[10] Rubenking, Neil (2005) AVG Free Edition Retrieved November 2007, from
http://www.pcmag.com/article2/0,2704,1864599,00.asp
[11] Trahan, Brent (2006) Choosing The Best Antivirus Software Retrieved November 2007, from
http://www.maximumpcguides.com/choosing-the-best-antivirus-software/
[12] Vamosi, Rober (2006) CNET editors' review Retrieved November 2007, from
http://reviews.cnet.com/search-results/avg-anti-virus-7/4505-5_7-32153594.html
[13] Vines, Rose (2005) Which anti-virus program is the best? Retrieved November 2007, from
http://www.geekgirls.com/security_antivirus.htm
[14] Wiles, Chris (2007) Impressive & free antivirus package Retrieved November 2007, from
http://www.vnunet.com/vnunet/downloads/2129071/avg-antivirus-free-edition
Appendix A
System tested was an Athlon XP 2600+ with 1.5 gigabytes DDR1 RAM. Software scanned one hard drive with the capacity of 74.5 gigabytes with 1.96 gigabytes free.
Both versions of the installation were installed, and run for 4 days. They were both updated 4 times each. Notes taken from each software test:
AVG Free
Simple and Quick Installation
Auto boots - no warning
Download file size 819kb, 1112kb, 754kb, 876kb (average speed 128kb/s)
Approx 10 seconds to update once downloaded
Option to create rescue disk
Scan priority (allows for low or high)
Have to register to get forum, access (read only) - only support
16:30: scanned approx 32990 objects
26 minutes 37 seconds to complete scan
Auto healed? (Successfully)
Unable to configure test
Results very basic
AVG Internet Security
Firewall Included
Better Wizard/options in initial setup
Download file size 640kb, 852kb, 777kb, 457kb (average speed 347kb/s)
Reboot required during uninstall
Slower to scan
32900 objects to approx 18 minutes
FAQ online + 24/7 Support
Technical support via email
Auto heals
Many admin settings
Settings tweak able
Results more comprehensive
Further Applications
Appendix B
Questionnaire completed by 15 individuals.
Employment status: (7 students, 7 in full time employment,* and one retiree)
Nine Male, Six Female.
1) Would you feel more secure from a data security system that cost money in order to use it?
A) Yes (12)
B) No (2)
C) Unsure (1)
2) Do you currently use virus protection that you have to pay for?
A) Yes (4)
B) No(7)
C) I currently don’t have virus protection (3)
D) What’s virus protection anyway? (1)*'
3) Would you believe me if I told you that a secure computer can be achieved by a combination of free security products?
A) Yes (3)
B) No (12)
*One of which that works in I.T. data security
*'The retiree, and grandparent of this writer, does not have a computer. In fact, I doubt he has ever heard of the Internet or a virus.
