Dr.Web Anti-virus
Founded back in 1992, Dr.Web is a Russian developer with a vast range of security products for desktops and mobile devices.
Dr.Web Anti-virus offers real-time malware detection, behavioural monitoring, and a surprising bonus in a bundled firewall. This gets you packet layer filtering, real-time monitoring of applications, and the ability to customise what any application is allowed to do online.
Pricing is, well, complicated. It can be as low as €13 (£11.50, $15) for a one PC, one-year licence, if you opt for no technical support. If that's a step too far, the with-support price doubles to €26 (£23, $30). Both options offer deep discounting if you add more users and extend the term. For example, a three device, three-year licence with tech support costs €87 (£77, $100).
That's not all (we did say it was complicated). The company really wants you to buy its security suite, Dr.Web Security Space, which extends the package with a spam filter, parental controls, URL filtering, backup, device control, and a free service to try and recover files encrypted by ransomware. This is available from €14 (£12.30, $16) without tech support, €28 (£24.50, $32) with, and has the same level of discounting as the antivirus.
It doesn't even stop there, because Dr.Web offers some impressive discounts on renewal, starting at 40% off the regular price. Long-term customers could save a lot of cash.
Setup
Dr.Web Anti-virus isn't available in trial form, but the company does have a download for its big brother security suite, Dr.Web Security Space.
Trials come in two flavours. A generous three-month licence is available for free if you register, which essentially just means handing over your email address. If you'd prefer to keep your details private, a one-month trial won't ask you for anything at all.
Our download was a chunky 350MB, but once it arrived the setup process was relatively straightforward. After once again giving us the choice of trial options, the installer equipped our PC with its various components, downloaded and applied a few updates and prompted us to reboot.
We browsed the Dr.Web installation and found a compact set of files, neatly organised, and all digitally signed. Unusually, there was only one obvious third-party component, a spam filter from Vade Secure. This is a good sign, as it indicates a company that’s developing its own technologies in-house, which should ensure that the various components work well together.
Dr.Web uses multiple technologies to protect its files from interference by malware, apparently including a ‘Hypervisor component’. We're not quite sure what that involves, but it was more than enough to protect the program from our simple attacks. Whatever we did, processes stayed running, services refused to stop and files couldn't be deleted. Dr.Web wasn't going to be disabled easily.
Features
The Dr.Web interface is one of the most basic we've seen; it’s little more than a menu displayed from a system tray icon. For some reason, the Scanner option you'll use most often is right at the bottom of the list, but once you've spotted it, an Express, Full or Custom scan is just a couple of clicks away.
Dr.Web's Express scan isn't as speedy as its name suggests, indeed it took approaching nine minutes to examine our test system (most packages take around four or five minutes, some are much faster). Accuracy was good, with the program detecting everything we threw at it. But Dr.Web's focus on ‘potentially unwanted programs’ also generated many more questionable detections than usual, as well as highlighting our HOSTS file as infected just because it wasn't the Windows default.
Scanning our sample Program Files folder also took longer than most of the competition. But again, all our carefully positioned threats were picked up, and this time there were no false alarms.
Dr.Web Anti-virus doesn't have a URL filter, unfortunately – that's reserved for the Security Space suite. That means there's no protection from phishing, although malware should be picked up anyway via the regular file and download scanners.
The program is supposed to have a firewall, but at first we couldn't find a reference to it anywhere. We poked around, searched here and there – but found nothing. We browsed the local Help file, which proved disappointing: it told us about the firewall, but not how or where it could be launched.
Finally, we opened the Windows Programs and Features applet, clicked Dr.Web Security Space, hit Change, and found an option to install the firewall. For some reason it wasn't included on our system by default, but having found its hiding place, we were able to try it out.
We rebooted, and the firewall asked us if we wanted to allow a particular process to go online. And then it asked about another. And another, and another. This is a part of the training process and won't necessarily go on forever, but it's clearly going to be too technical for many users. Here, for example, is part of the Help file describing what to do with these alerts:
“In certain cases, Windows does not allow to explicitly identify a service that is run as a system process. When a connection attempt of a system service is detected, take notice of the port used for the connection. If the used application can address this port, allow the connection.”
There's no way the average user will be able to recognise a system service, and be sure that “the used application can address this port", and understand the possible consequences of refusing the connection to a particular process. The fact that this is in the Help file – this is what Dr.Web thinks is sufficient guidance for end users on setting up the firewall – tells us they're not thinking at all about typical home users.
There's a similar focus on technical features over usability elsewhere. We expected to be able to access logs of scan results directly from the Dr.Web interface. Instead we had to piece together details from a text file on our hard drive, the Windows Event Logs and some partial Dr.Web reports.
The program offers some compensations for experts. Digging into the settings reveals some interesting low-level ways to define what Dr.Web allows or blocks on your system. Do you want to prevent HOSTS file edits, low-level disk access, Safe Mode changes, stop programs setting themselves up to run with Windows, or maybe resetting executable file associations? It's all here, and a lot more.
If you're a security novice, or just don't want to get into the low-level details, none of that will matter very much. You'll still be able to use the basics of the program without much difficulty, but it's not as easy to use as it could be.
Protection
Dr.Web Anti-virus found and removed all our test threats without difficulty, but it wasn't all good news. The program also raised many alerts for software that was mostly or entirely harmless.
Our tests can highlight major issues about a package, but they're not comprehensive enough to accurately rank antivirus detection rates. Benchmarks like AV-Comparatives' Real-World Protection Test can show there's as little as 0.5% between the detection rates of the top 10 antivirus programs, and reliably placing those in order requires testing hundreds, even thousands of the very latest malware samples, on a regular basis.
The difficulty with Dr.Web is that the company hasn't been assessed by any of the big testing labs for a very long time (AV-Comparatives hasn’t looked at it since 2007). There simply isn't any data out there to help verify Dr.Web's abilities.
Given this, if you're a non-technical user looking for the best possible detection rates, Dr.Web is hard to recommend. It worked well for us, but we can't say with confidence whether it's the most accurate antivirus around, or the fifth, or the tenth best.
If you're an antivirus expert who will appreciate Dr.Web's abilities, and are happy to carry out your own tests, it's a different story. There's a lot to like here, and the company is much more transparent about the techniques and technologies it uses than some of the competition. Check out the ‘Anti-virus engine technologies’ and ‘Preventive protection’ pages to get a feel for what the package can do.
Final verdict
An interesting antivirus which combines multiple powerful low-level technologies to keep you safe. It's not for beginners and we'd like to see it assessed by the independent testing labs, but security experts should check out Dr.Web Antivirus anyway – there's a lot to like here.
0 comments:
Post a Comment