Its been a while since I last posted. Anyways most of people know how busy I was these days. These months are very important for my career so I was paying more attention to the job at hand. And now when I got some time, I decided to write this review. I got the invitation for beta testing Windows OneCare Live a while ago but I didnt get time to mess around system settings so decided against it. But when recently my system got screwed and I installed a fresh copy of WinXP, I decided to give it a go.
Windows OneCare Live: What is it ? :
Its the new security software from Microsoft. Its currently in beta testing stage, so you if you want to try it, you need to get an invite (available easily). The speculations of Microsoft entering the antivirus arena started when Microsoft bought antivirus firm Sybari early in 2005. With Windows XP Service Pack 2, the firewall was already built in the operating system and Microsoft testing an antispyware software, most people (including yours truly) were expecting Windows OneCare Live to have an integrated system of all these. So, when Microsoft started sending out invitations to beta test it, I also applied for it. And soon enough I got the invite.
Windows OneCare Live (WOCL from here onwards) is installed from a web based installer. So if you want to install it on a system which doesnt have an internet connection, you can’t. When I started the installation, the installer told me that it will take around 5 to 8 minutes on a broadband connection, but it took more than 25 minutes. I guess it installed Dotnet framework too and thats why it took more time.
The interface and features:
The installer needed a reboot (when will this thing change ?) so I restarted my system. The boot time increased by around 35 seconds on my humble (PIII 800 Mhz, 512 Mb Ram) system. After the system boot up and when nothing happened ( I was expecting a setup wizard like Norton Antivirus), I started the program from shortcut in the Start Menu. The interface is simple and clean and as soon as I started the program, I got a “Windows OneCare Live Action required” notification as Automatic Updates are disabled on my system. “No thanks, I dont want you to waste my capped bandwidth by downloading patches from Windows Update site” I thought and snubbed the alert message. This setting is absolutely not recommended though.
Anyways, I started exploring the features of the program. It started with a surprise. There is no built in antispyware in WOCL !!. I dont understand the logic behind this. The main components of WOCL are : Antivirus, Firewall, a “tune up system” which will perform scheduled maintenence on your sytem and a backup and restore system. I’ll review each component seperately now.
Earlier I had Norton Antivirus 2004 and I stopped using it after my subscription ended. So I was expecting atleast those features that were present in NAV 2004 in Window antivirus. You shouldnt say its not a fair match as Norton 2004 was released 2 years ago and Windows AV has just released. Anyway, I loaded the antivirus module and tried scanning some folders. Though it takes some time to initialize, the scanning is quite fast. As I didnt have any virus at hand, so I decided to test it with Eicar test file. I downloaded the test file and Windows AV didnt detect it in the archive. So I extracted the archive and this time Windows Av did catch it. It told me that this file cannot be cleaned so will be quarantined. There was no “More info about this virus” on the dialog box and neither could I find any virus database on WOCL website. Only two or three virus threats are there on the main page. The antivirus module of WOCL also didnt tell how many virus it is protecting me from. There was no option to configure email scanning though my system cleared all of the GFI email tests. Which I believe must be configured by WOCL.
To test the real time scanning module of Windows Antivirus, I tried patching a system file. The file was patched easily and no alert came from WOCL that an important system file is being patched. I expected this cauz I already saw WOCL doesnt automatically scan downloaded archives unless you extract them. Bad practise I must say.
So without a nice real time scanning module, the antivirus isnt going to be very effective. And many of the virus can be cleaned with Windows Malicious software Removal tool, so Windows AV will have to come up with some good features if it has to compete with the likes of Norton Antivirus and Kaspersky.
Windows OneCare Firewall:
With more users having access to always on internet connections, the firewall has become a vital point of system security. Microsoft realised this after Blaster virus and Windows firewall was enabled by default after service pack 2. That firewall was crippled though as it didnt provide any outbound security but it was much better than having no firewall at all. Before trying WOCL, I was using Jetico firewall and I must say it wont be a fair trial if I compare Jetico with Windows OneCare firewall. Although Jetico appears very complex to new users, it gives the optimum protection if configured right. Having used Window’s default firewall for sometime, I had no big expectations from WOCL’s firewall.
This firewall is more like Windows built in firewall with only addition that it provides outbound protection as well. And ironically it recognised and allowed KMeleon to have internet access, it blocked both Internet Explorer and Outlook Express. Good start I thought. So I decided to customize the firewall to my preference to find that the firewall interface is hidden in Options section. There is a slider which gives you the option if you manually want to configure each program that require internet access or use WOCL’s service which recognize known programs and grant them access automatically.
I tested the outbound protection with tests available at Firewall Leaktester and it failed miserably. It passed only 6 of 15 tests. I was nodding my head in despair after the tests as I couldnt feel myself secure now. And yeah .. Two of the tests were detected by Windows AV as virus or having malicious code and the information box did have a link to “Find more online” which was useless as I got “No more information is available about specified virus”. Look at the links that I got : CopyCat, Firehole.
Although the firewall does block programs whose signatures are changed, it doesnt tell why its blocking them. I upgraded the version of Yahoo Messenger and when I tried to run it, I got “This program is blocked by Windows Firewall”. As I knew the reason that the program signature is changed and thats why it is being blocked but think of users who arent as much tech savvy. So if a file is modified by a virus and when firewall blocks it, they will unblock it as they trust the program. So there must be a different alert for changed programs. And yeah .. The “Blocked program” dialog box isnt displayed in the status bar and once I found it after closing a program. There should be more accebility to these modal screens. Jetico firewall let me configure which network address a program can access but there is no such option here. You can however open ports for program easily. Only good thing about this firewall that I found it set up the file and print sharing settings to subnet only. So if install it on server, your network users can access file and print sharing while users from Internet cannot. Hmmm..
Earlier I had planned to try installing a rootkit to test whether WOCL detects it or not but after such results, I decided against it.
Windows OneCare Backup and Restore:
This time I had something like Norton Ghost in my mind. But no, WOCL Backup and restore just copies files from your hard drive to a writeable cd or an external drive. And the list of files it found for me to backup didnt contain Windows System files. And yeah .. The size of backup for me was 43 Gb ( 68 Cds ) and time taken to create that backup was around 2 hours. Whew .. What a help ..
Windows OneCare Performance Plus :
This is a scheduled maintenence tool for your system. It will occasionaly defragment your drive, remove unnecesary files from your system, scan your system for virus , check updates for your computer and create a backup. Thankyou very much .. all this can be done with Scheduled tasks easily.. And that backup .. forget it ..
After such a disheartening performance, I am tempted to write this software isnt of much use. And as it seems that Microsoft will sell this package .. I am not sure who will buy though. Anyways, this is just a beta and I believ much of this will be changed in the final version. The first letdown was lack of an antispyware which I am sure will be added soon. But the antivirus and firewall module needs hell lot of improvements. The memory usage isnt okay too .. There are five or six new process added to Taskmanager after this installation which together are using 62 mb of memory on my system (Whattt???? why didnt I check this earlier ????).
So while there are many negative points for this package, some good points may be .. Lemme think .. Okay .. WOCL is very nicely integrated with Windows Update. When that WMP vulnerability was exposed, it gave me a security advisory and told me that until Microsoft release a patch for the vulnerability, WOCL is protecting my system against any exploit. And if a system is update with all critical patches installed, it will be less prone to security fallouts. So I’ll give this software 3 out of 10 on its present status. I hope Microsoft will address the shortcomings in the final release. Till then .. I am going to install Norton Antivirus 2005 from Google Pack and my beloved Jetico firewall again.
And if any of your mortal want to use this software, You may contact me for an invite. Post your request with email address and I’ll send the invite. You can find the screenshots of Windows OneCare Live here