Up close and personal with GFI’s VIPRE Antivirus

You have probably heard the old saying “you get what you pay for.” For several years now, I have opted to use one of the many free antivirus packages for my personal laptop. I have tried them all, including Microsoft’s Security Essentials, AVG, Avast, and others, and while they have been “good enough” for most purposes, none of them have been great and on more than one occasion, they have let me down. MS Security Essentials completely failed to block a virus that was being served up by a compromised site, so I gave it up in favour of AVG. On my latest laptop rebuild* (necessitated by Security Essentials failure!) I installed AVG, set it up, and promptly forgot about it. Fast forward a month, and I found out that it was NOT updating or running the nightly scans I set it to run.

So it is out of here! Gone, done. Being a fan of other GFI products, and seeing several ads and mentions of their VIPRE Antivirus software, I decided that this was as good a time as any to take it for a spin, and to start taking my personal a/v as seriously as I do my corporate a/v. If you’d like to read more about my experiences with, and impressions of VIPRE, please read on.

VIPRE is GFI’s latest offering in a suite of protection products. It is an ICSA certified antivirus package for all current 32bit and 64bit Microsoft workstation products. There are two versions, a basic antivirus package, and a more advance package that offers additional protections.

Your RAM, I wants it all!The GFI website states that VIPRE is light on system resources. Since my personal laptop is a netbook with an Atom processor and only one gig of RAM, that is just what I need, and one of the reasons I wanted to look at this. Both Security Essentials and AVG have been resource pigs on my system, and don’t even get me started on how much memory and CPU things like Symantec or McAfee use. According to an independent study of antivirus programs conducted by Passmark Software, an older version of VIPRE rates very well against the other big players from the time. I would like to see this done again, and comparing VIPRE against Microsoft’s Security Essentials and AVG, but this is a nice comparison of the other big names.

vipre-chart

I will say that with AVG sitting on my system doing nothing, that there are nine services resident in memory related to AVG and that they take up about 22MB of RAM. Running a scan takes the total services to twelve, and RAM consumption up to an average of over 70MB. With that as a baseline, we’ll see how VIPRE looks after the install. Of course, I have to uninstall AVG and reboot before installing VIPRE. Be right back Smile.

The two versions of VIPRE available include standard and premium. As you can see from the chart below, both give you the essential antivirus protection, but premium includes several additional features that you will probably want.

vpc-vpp-features

And since here at RetroHack we do nothing half-way, we’re going to look at the Premium version. The biggest advantage I see to this is that instead of running three or four additional products or browser plug-ins (like Ad-Aware, the Windows or some other software firewall, NoScript, etc.) I can get it all in product, and that will protect me no matter which browser I am using. Less memory, less CPU, better coverage…makes sense to me.

The install is as simple as going to the website to download the software, and running the install. After agreeing to the EULA and accepting the default install directory, it’s a couple of click to install. VIPRE does require a reboot after installation. Once you log back on, you are presented with a wizard to configure VIPRE.

The first screen sets up protection for your email, offering choices for Outlook, Outlook Express/Windows Mail, or other programs including Thunderbird. There is an Advanced button, but that only allows you to set up ports for your email application if it is not listed, and specifies only POP3 and SMTP. I’d like to see a little more than ports here, and in my experience IMAP is more common than POP3 these days, but since I use Outlook, I am good to go.

The next screen by default opts you in to using ThreatNet, an anonymous information sharing system maintained by Sunbelt Software. Sunbelt, as you may know, was recently purchased by GFI, so this is probably just a little branding that needs to be updated. We’re geeks, not marketers, so Next it is.

Since I am installing VIPRE Premium, the next screen asks about the default firewall behaviour. You can opt for no firewall if you are using the Windows firewall, simple, or learning mode. Simple blocks pretty much everything, without notifying you, while learning mode will prompt you each time it encounters something new, remembering your answer and building out a policy of those things you wish to permit. Personally, I would not bother with simple, as the likelihood of breaking something seems pretty high there. I’m checking Learning mode, then clicking Next.

Finally you are prompted to either enter your key or to run it in evaluation mode. Clicking next after that choice lets you run a demonstration of VIPRE. Two things happened immediately after I clicked Finish. First, VIPRE started downloading updates, which is a very good thing.

VIPRE starts updating immediately

Second, it started blocking network connections, inbound and outbound, and asking me if I want to Allow or Block, and in each case, offering me the option to have the program remember my choice. This is the learning mode firewall, checking everything. While the program does list the source and destination ip.addr and protocols, and the executable trying to make the connection, it does NOT resolve the destination ip.addr to a hostname or provide a URL. If you are not sure what programs you are running, or why they are ‘phoning home,’ this may be a little more than the non-technical end user can handle. For the geeks who write and read this site, it is just a matter of rolling through those popups until you get the firewall trained.

One of a dozen or so prompts that hit me right after starting VIPRE. These will diminish to nothing once all your apps have run and you have taught VIPRE what to allow.

Check the box to create a rule, and you won’t be prompted for that particular connection again. The ‘demo’ of VIPRE is a video on the VIPRE website, which is as much a presales pitch as it is an actual demo. Whether or not you want to view that is up to you.

Once the update process completed, you should see that almost everything about VIPRE on your system looks good. Active protection, email protection, and the firewall are all on, updates are current, and a computer scan is at least scheduled for the next day at 0100.

The initial screen, showing settings, threat level, and usage statistics.

I was very pleased to see that a scan was scheduled, and that updates are automatically set to check every hour. Closing the console and then checking on processes and RAM shows that only three processes are resident in memory, and they take up a little of 7 MB of RAM. This is much better than what I saw with AVG, with its nine services and 22 MB of RAM. Running an actual scan, VIPRE kept its RAM usage down below 24 MB for almost the entire scan, peaking a little higher occasionally but dropping right back down within  a couple of seconds.

VIPRE’s management console offers a fairly complete set of configuration options for the anti-malware components, browser and mail protection, and host firewall. Let’s look at those options here. Updates let’s you schedule or trigger a check for new definitions, opt into or out of ThreatNet, and to see your current settings and definitions.

Interface for configuring updates.

Scan Options shows you the default behaviours for quick and deep system scans, and lets you customise a scan default to suit your needs. I always appreciate a “Restore Defaults” button for when I get a little click-happy.

Interface for configuring the scan options.

Active Protection settings include turning it on or off, configuring how to handle specific extensions, and what to do with unknown programs, which by default is to permit.

Active protection options.

The email protection tab has options for handling phishing emails, and lets you tag emails that they have been scanned (or not,) while the power tab just lets you wake the computer up for a schedule scan if you let your computer go to sleep. Nice to have those as options, but not so big a deal that I need to include screen shots of those tabs.

The Firewall tab is something you will probably spend a lot of time on if you are using the Premium edition. Here you can enable or disable the firewall, configure exceptions, define zones for trusted or untrusted networks, and configure web filtering.

Firewall and IDS options.

The software will block known malware sites, but you can also configure ad, script, and cookie blocking with the advanced settings. Since these will take place before your browser of choice starts to process information, it is like rolling the AdBlock and NoScript plugins into one package no matter which browser you use.

Web filtering.

As you can see, there is also a tab to ‘white-list’ applications, and another for sites.

VIPRE Premium also includes some tools for secure file erasing, history wiping, and a file explorer that can show you various downloaded files or other installed apps that you might not know about, including ActiveX apps, shell hooks, and even a HOSTS file viewer to see if anyone or anything is monkeying around with your name resolution. These are tools many users may never touch, but it is nice to see them included.

So how does VIPRE rate on the domo scale of 1 to 5, where 5 rocks socks, and 1 is no way to go through life?

Install: Five out of Five Domos
Five Domos, as installing could not have been easier.

Out of box functionality: Four out of Five Domos
Four Domos out of five. The product launched a wizard immediately after reboot that walks the user through configuration, but even if the user cancelled this wizard, or took the next-next-enter approach instead of reading, they are going to be protected. The only reason I hold one domo back is because the firewall’s default is to silently block…don’t block something without telling me.

Performance: Five out of Five Domos
I barely notice VIPRE is there, even when running a scan. Considering I am on an Acer Aspire One netbook (1.6GHz Atom CPU, 1 GB of RAM) that is saying something. Five Domos for not hogging my very limited resources.

Protection: Five out of Five Domos
I didn’t exactly go out of my way to surf the seedier corners of the tubes trying to get smacked, but I did pick up on an trojaned installer that has been sitting on my hard drive for months. Neither MS Security Essentials nor AVG ever flagged it, but VIPRE found it on the quick scan. It was indeed a RAT that I had kept around for security testing, but of course, not installed on my own machine. I had forgotten about it, until VIPRE picked it out first time running. I’d give six domos if that wouldn’t invalidate my scale, so five it will have to be.

Overall rating:
Four and three-quarters Domos out of five, which is saying something here.

No product is perfect however, and there are a couple of things the geek in me wishes VIPRE offered. One of the things I found missing is an option to configure exceptions, either by extension or path, for the antivirus scanning. While most users won’t need to provide exceptions for workstations, it is something I feel should be there just in case I need it. Every once in a while I run into a program that doesn’t play well with a/v, and the ability to exempt a path means I am less likely to turn a/v off.

Another thing I would like to see is for the more subtle bits to be updated to reflect the new GFI brand instead of Sunbelt, since that could lead to some confusion. As with any acquisition, there will always be a period where that sort of thing just happens, but having forgotten about the Sunbelt purchase, the first time I saw that name after installing the GFI product, I was caught off guard.

Finally, the firewall settings should be simplified, or at least given a little more on screen guidance for the non-technical user to work with. Many home users won’t know what a socket is, so instead of telling them that c:program filesdropboxdropbox.exe is trying to make a connection to 75.126.115.36:443, it could say “The Dropbox application is trying to make an HTTPS connection to dropbox.com.” That should make more sense to more end users.

In closing, I found VIPRE to be almost everything I wanted in an antivirus product. It’s lean, fast, covers all the bases, and does so in one complete package. On the whole, this is a package well worth the spend. *And for those of you who wonder why I rebuilt my laptop after Security Essentials failed me, remember these words of wisdom…

Gratuitous movie quote from Aliens.

Infected? Nuke the entire site from orbit. It’s the only way to be sure.

As much as I like the name, and recognise that the spelling is different, every time I hear the word ‘viper’ I can’t help but think of one of Tom Skerritt’s best performances, as Commander Mike Metcalf, call sign Viper, from the movie Top Gun. Say what you will about Tom Cruise, this was a great movie that holds its own even today. I hear there’s a sequel in the works, which is far preferable to a remake. It’s probably too much to hope that Skerritt will reprise his role, but we could get lucky. Here’s one of the best scenes, though it is unedited so the language is maybe a little much for work. Use discretion, or better still, headphones.

Originally Posted at Retro Hack

One Response to Up close and personal with GFI’s VIPRE Antivirus

  1. Vincent Senatore January 26, 2011 at 7:53 am #

    I have used Vipre before and was very happy with it.
    I am currently using Zone Alarm, no complaints execpt for the RAM hog when doing scans.
    After reading your review I will probably go back to Vipre after my current license is up.