It's no longer enough for antivirus software to scan files on your PC. You need someone looking over your shoulder and telling you whether it's safe to click that link; whether the popup for that software update is legitimate; and whether that download from your favorite social network is actually a tool created by organized criminals for stealing your personal information. You need an all-in-one Internet security suite capable of identifying, blocking, and cleaning up after a wide array of malware.

We examined 13 security suites for this story. To handle our expanded Internet security testing, PCWorld contracted for the services of AV-Test.org, a respected security testing company. We looked at traditional signature-based de­­tection (which indicates how well products can block known malware) and at how well the suites cleaned infections and blocked brand-new, live malware attacks.

In many respects, the suites we looked at produced closely bunched results, but they did vary in the efficacy of their protection and in the extra features they offered. Ultimately, we picked Symantec's Norton Internet Security 2011--the most balanced of the suites--as our overall winner.

New Threats for a New Year

Malware has migrated to social networks, so this year's Internet security suites put more emphasis on stopping Web-based attacks. Norton Internet Security 2011, for example, has Norton Safe Web, a feature that hooks into your Facebook stream (with your permission) to scan your Facebook links and proactively block malicious ones. Other suites this year look for techniques that cyber-criminals use in attempts to poison SEO (search en­­gine optimization), loading up on popular search keywords to make malware-compromised sites appear higher in search results. A suite may flag any such sites in search results as unsafe or questionable.

Another threat is the resurgence of banking-related malware. Though some suites protect against certain types of banking-specific malware--Kaspersky Internet Security 2011 offers a virtual, on-screen keyboard that lets you bypass traditional keyloggers, and in our tests, Panda, followed by G-Data, offered the best detection rates for known banking-specific malware-- no suite targets the relatively new "man-in-the-browser" attacks, in which the malware doesn't activate until you have successfully logged into your bank account.

Practically all suites offer some method to prevent malware from downloading through your browser without your consent. For example, a Website might pop up a fraudulent warning that your PC is infected and that you must buy a particular (but fake) antivirus program to remove it. Or it might trick you into downloading Trojan horses disguised as the latest version of Adobe Reader or Flash. Most security suites now monitor browser downloads and filter out this bogus software.

In the past two months, fake anti-virus scareware has morphed into variants pretending to be generic security products, disk utilities and the trusty defrag tool, according to researchers.

Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretends to find disk fragmentation or file system integrity problems.

“Fake AV authors have added a new branch to their rogueware business,” Desai said. He expects to see more variants of both fake anti-virus and utilities in the coming months.

The rogue products initially looked like a generic security product, addressing a range of system issues with names like HDDDDiagnostic, PCoptomizer and Privacy Corrector, according to GFI. Since then, there’ve been a series of “defragger clones” with names like UltraDefragger and ScanDisk that claim to find read/write errors on the hard disk drive, according to the blog.

The fake disk defrag and scanning utilities started showing up in mid-October, according to Deepen Desai, senior researcher from SonicWALL’s threats team. He noted that new variants are often “A/V resistant” because legitimate security products may not be able to immediately identify the files as fake. Rand Abrams, director of technical education at ESET said these variants are “not yet as popular as they will become.”

Scareware refers to software that displays legitimate looking pop-up windows and dialog boxes claiming serious problems with the user’s computer. Often posing as anti-virus or anti-spyware software, the messages list several malware infections and scare the user into purchasing anti-virus software immediately to fix the problem. Some known variants mimic Microsoft Security Essentials or McAfee, while others have real-sounding names such as Security Tools or Pest Detector.

Fake utilities are generally marketed differently from fake A/V, said Larsen. The potential victim is generally already searching for a disk utility or trying to resolve an issue when the scammer says, “’Here’s what you were searching for,’ and hand them a malware payload instead,” said Larsen.

Users should be wary of any error messages coming from software they didn’t install, and should not purchase or install any software that suggests downgrading the Web browser to an older version, according to GFI Software’s researchers.

There are even some variants that detect legitimate anti-virus software and prompt users to uninstall it, according to Sophos researcher Chester Wisniewski.