Anybody can download a 30-day trial of the program. The initial download is just a stub that downloads the latest version of the actual software, automatically choosing 32-bit or 64-bit as appropriate. To upgrade to a paid version, you enter your license key on the About page. Quick Heal wants to know quite a bit about you. In addition to an email address, it wants your full name, a phone number, and your country, state, and city. Picking your country and state from a drop down list is common, but I was surprised when choosing California caused the next entry to display a list of every city in California.
Immediately after installation, you're prompted to connect with Quick Heal Remote Device Management. You create an online account, with your email address and a password, and enter the product key again. Then you turn on the feature within Quick Heal, which gives you a one-time password that must be entered back in the online console. This complicated handshake might be a bit daunting for the neophyte user. In any case, the Remote Device Management account is only truly useful for mobile
The components of the program's main window haven't changed, but they're colored and arranged slightly differently. You still see a big banner reporting the system's security status above four panels representing Files & Folders, Emails, Internet & Network, and External Drives & Devices. A News panel now appears at the bottom, with links to educational articles on security.
Mixed Lab Results
When I reviewed the previous version of Quick Heal, it appeared in almost none of the lab tests I follow. Things have changed for the better since then. Quick Heal received certification for malware detection from ICSA Labs. This sort of certification is different from scored lab tests. If a vendor's product doesn't initially achieve certification, ICSA Labs helps the vendor remediate any problems and attain certification.
When I reviewed the previous version of Quick Heal, it appeared in almost none of the lab tests I follow. Things have changed for the better since then. Quick Heal received certification for malware detection from ICSA Labs. This sort of certification is different from scored lab tests. If a vendor's product doesn't initially achieve certification, ICSA Labs helps the vendor remediate any problems and attain certification.
Quick Heal is now also on the radar of the experts at AV-Test Institute, who evaluate antivirus products three different ways. Naturally they measure how effective the antivirus is at protecting against malware infestation. They rate its effect on system performance. And they calculate a usability score that's highest when the product exhibits the fewest false positives (valid programs or websites flagged as malicious). A product can earn 6 points in each category; Quick Heal got 5.5 in each, for a total of 16.5 points. That's decent, but in this same test Bitdefender Antivirus Plus 2017, Kaspersky, and Trend Micro Antivirus+ Security earned a perfect 18 points.
Quick Heal also now participates in four of the five tests by AV-Comparatives that I follow. A product that simply passes one of this lab's tests earns Standard certification. Those that go above and beyond the minimum needed to pass get certified at the Advanced or Advanced+ level. Quick Heal earned Advanced+ in the performance test and the static file detection test. In a test that measures how thoroughly products clean up malware that all of them detect, Quick Heal took an Advanced certification. And in the important whole-product dynamic test it was certified at the Standard level.
These aren't bad scores, but Avira Antivirus Pro 2016 took an Advanced+ rating in all four of the same tests. Bitdefender and Kaspersky Anti-Virus did the same in all five of the tests that I follow. Overall, though, Quick Heal made a much better showing than when I reviewed it last.
Scan Choices
A full scan of my standard clean system took Quick Heal just 36 minutes. That's pretty quick, given that the current average is 45 minutes. It finished a second scan in just 7 minutes, demonstrating some form of optimization during the first scan. Some products take that optimization even further. For example, a repeat scan with F-Secure Anti-Virus 2016 finished in just two minutes.
A full scan of my standard clean system took Quick Heal just 36 minutes. That's pretty quick, given that the current average is 45 minutes. It finished a second scan in just 7 minutes, demonstrating some form of optimization during the first scan. Some products take that optimization even further. For example, a repeat scan with F-Secure Anti-Virus 2016 finished in just two minutes.
You can choose to just scan for malware in memory, or to scan a specific drive or folder, if you prefer. For malware that manages to resist the normal scan, you can choose a Boot Time Scan instead, either a full scan or a quick scan of areas where malware commonly lurks. When you reboot the system, the text-only Boot Time Scan goes into action at the very beginning of the boot process, before rootkits and other persistent malware types have had a chance to load.
It's always possible that malware could render your PC unusable, either accidentally, due to bad coding, or on purpose, locking you out until you pay a ransom. Quick Heal does offer screen locker protection in the form of a special keystroke that can break you free from certain screen locking ransomware types. But sometimes you just can't run Windows, or can't run Quick Heal. That's where the Emergency Disk comes in. devices.
As soon as you install Quick Heal, you should click the Tools menu and click Create Emergency Disk. A wizard guides you to download the latest content for the disk, and then handles the task of creating a bootable USB or CD/DVD. I had some trouble booting my test system from the Emergency Disk, which is not surprising given that I test on a virtual machine. It did boot, but then rebooted over and over. I did see enough to know that it boots in to a portable Windows environment, not a Linux variant.
Also on the Tools page is a separate AntiMalware scanner that focuses on edge cases like spyware, adware, fake antivirus, and so on. When I ran this scan it finished in a trice, reporting no malware found.
Some Slipups in Malware Removal
I continued my testing by opening the folder that contains my current set of malware samples. Quick Heal started picking them off right away, eliminating 58 percent of the samples on sight. Others have done much better at this stage of testing. For example, Check Point ZoneAlarm PRO Antivirus + Firewall 2017 killed off 81 percent of the samples on sight, and Trend Micro whacked 94 percent of them.
I continued my testing by opening the folder that contains my current set of malware samples. Quick Heal started picking them off right away, eliminating 58 percent of the samples on sight. Others have done much better at this stage of testing. For example, Check Point ZoneAlarm PRO Antivirus + Firewall 2017 killed off 81 percent of the samples on sight, and Trend Micro whacked 94 percent of them.
Next, I launched each sample that survived the initial purge. Every single one of them launched and at least started to install. That's quite different from my experience with McAfee AntiVirus Plus, which so thoroughly quashed execution for most of the samples that it freaked Windows out, causing a "file not found" error. Quick Heal did detect almost all of the samples during installation, for a total detection rate of 94 percent. However, it allowed half of those it detected to plant one or more malware executables on the test system. Those executable files dragged its malware blocking score down to 8.5.
For a different look at Quick Heal's ability to protect against malware attack, I started with a feed of malware-hosting URLs from MRG-Effitas, URLs no more than a day old. I launched each and noted whether Quick Heal steered the browser away from the URL, eliminated the malware download, or sat idly doing nothing.
Out of 100 verified malware-hosting URLs, Quick Heal blocked 92 percent, almost all of them by keeping the browser from ever reaching the URL. That puts it among the top few contenders in this test. Symantec Norton AntiVirus Basic blocked 98 percent of its challenge URLs, and Avira blocked 99 percent.
So-So Phishing Protection
The same Web-level protection that fends off malicious URLs also serves to steer naïve users away from phishing sites, frauds that try to steal login credentials by imitating financial sites or other secure sites. In fact, the warning page that appears in the browser is precisely the same for a malicious URL as for a fraudulent one. However, Quick Heal wasn't quite as effective against the frauds.
The same Web-level protection that fends off malicious URLs also serves to steer naïve users away from phishing sites, frauds that try to steal login credentials by imitating financial sites or other secure sites. In fact, the warning page that appears in the browser is precisely the same for a malicious URL as for a fraudulent one. However, Quick Heal wasn't quite as effective against the frauds.
Phishing websites are ephemeral, because they quickly get blacklisted and shut down. That doesn't bother the fraudsters; they just open another fake site. But it does mean that I need the very newest phishing URLs for testing. I scrape phishing-oriented websites to capture URLs that have been reported as fraudulent but that haven't yet been analyzed.
The phishing URLs are different each time, and different fraud styles come and go. Rather than report hard detection-rate numbers, I report the difference between product's protection rate and Norton's. Why Norton? For ages it has consistently done a really good job detecting the very latest phishing frauds. It beats almost all the competition; Bitdefender, Kaspersky, and Webroot SecureAnywhere AntiVirus are the only recent products to outperform Norton.
Quick Heal didn't join those products in the top tier. In fact, it lagged 32 percentage points behind Norton, and 24 points behind the protection built into Chrome. It eked out a 5 percentage point advantage over Internet Explorer and handily drubbed Firefox. On the plus side, the previous edition of Quick Heal didn't even offer phishing protection, so this is a big step up.
Uneven Firewall
The first challenge for any third-party firewall is that it must protect the system at least as well as the built-in Windows Firewall. Quick Heal fell down at this step. While it stealthed almost all of my test system's ports, it left the all-important HTML port 80 wide open. In addition, one of my Web-based tests revealed that it let the system respond to what's called a ping echo, a technique used by malefactors to troll the Internet for victims. That's not a good start.
The first challenge for any third-party firewall is that it must protect the system at least as well as the built-in Windows Firewall. Quick Heal fell down at this step. While it stealthed almost all of my test system's ports, it left the all-important HTML port 80 wide open. In addition, one of my Web-based tests revealed that it let the system respond to what's called a ping echo, a technique used by malefactors to troll the Internet for victims. That's not a good start.
Program control is the other main feature of most third-party firewalls. In Quick Heal this feature is a bit simplistic. Some settings are extreme. At the Low level, the firewall just allows all traffic. At the Block level, it blocks all traffic, including Quick Heal's own. There's also a mode to only allow Internet access for known and trusted programs. When I turned on this mode, trying to go online using my hand-coded tiny browser didn't trigger any kind of warning. It just displayed an error message.
No comments:
Post a Comment