Liberty Tax has been in business since 1997, and currently has 4,000+ locations throughout the U.S. and Canada. Like H&R Block and Jackson Hewitt, it offers DIY online tax preparation with the option to obtain additional support and guidance from its financial professionals. We reviewed Liberty Tax Online Basic, which is designed for individuals with W-2 and interest/ordinary income who want to itemize deductions. You can also enter your health savings account information on the site. Liberty’s midrange offering performed well for us, though its user experience and help tools could be improved. Consider using Editors’ Choice TurboTax Deluxe instead for all your tax filing needs.
There are four versions of Liberty Tax Online. EZ ($14.95 federal, $29.99 state) supports the 1040EZ and the Schedule B (interest and ordinary income). Basic ($24.95 federal, $35.95 state), the version we reviewed, adds the Schedule A (itemized deductions) and Form 8853 (health savings accounts). Deluxe ($44.95 federal, $35.95 state) also supports the Schedule C (self-employment income) and depreciation. And Premium ($69.95 federal, $35.95 state) covers everything, including rental, real estate, and farm income, as well as capital gains/losses.
Personal tax preparation websites work much like their desktop predecessors, in that they break down the complicated IRS forms and schedules into much smaller chunks. You don’t see those official documents until you finish and print them out, though some sites provide you with sneak previews. Rather, these sites take on the digital persona of an in-office tax preparer and ask you a lengthy series of questions about your tax-related situations.
They do this in one—or both—of two ways. They all display lists of the income, deduction, and credit items that the IRS wants to know about, like your W-2, mortgage interest deduction, and child care credit. You select the topics that apply to you one at a time and work your way through multi-step wizards.
Some sites offer you another option; they provide one giant wizard that visits every possible topic. You provide answers in a variety of ways, such as by entering data in fields, choosing options from drop-down lists, or clicking buttons. The sites do all the necessary calculations and deposit your answers on the correct lines on the correct, official forms. Relevant data is moved over to any state returns you must file.
Along the way, you can access a variety of
There are tremendous differences among these sites in terms of the user experience they offer, the tax situations they support, and the quality, quantity, and accessibility of help they provide.
From start to finish, Liberty Tax Online Basic makes it clear what information it requires. It takes care of housekeeping tasks first, helping you create a username and password, setting up security questions, and importing your 2016 return from Liberty or a competitor.
Then, it’s on to personal contact details, standard pre-prep questions, and information about your 2017 income and residences. The final step is to provide your filing status and information about any dependents. In contrast to sites like TurboTax Deluxe that go out of their way to add a little friendliness, Liberty Tax takes a straightforward, facts-only approach.
Once you edit and/or approve your personal information summary, it’s on to the meat of the site: entering your tax-related information. Liberty Tax Online Basic does not offer a comprehensive, all-inclusive wizard like TurboTax Deluxe does; instead, you select the topics that apply to you from lists of options. It displays all possible tax topics no matter what version you use, but it does notify you if you stray into areas that require more premium versions.
In the Income section, for example, it presents you with a variety of income types, divided into categories: Employment, Investments, Retirement, Business and Rental, and Other Income. A column to the right displays the total of any data you entered for that item. To the right, you either see an Add or Edit button, depending on if you entered anything in the section. If you click the Add button next to Wages, salaries, and tips, for example, the next screen provides a list of options for your W-2. You can provide the data manually on a digital W-2, import it from ADP or Equifax, or indicate that you haven’t yet received the form.
When you finish the income section, you move on to deductions and credits, health insurance, and some miscellaneous (but important) tax-related topics. Liberty Tax Online Basic moves relevant information into any state return you must file and completes its review of your return before you pay your fees and get ready to file.
Liberty Tax offers an excellent review process that works better than most competitors. It found four errors on our return. When we clicked to see the first one, it took us directly to the offending page. After we fixed that first omission, we could either return to the full list of errors or proceed to the next one. We chose the latter and it neatly walked us through the rest. The site then displayed a pie chart illustrating our audit risk, with an explanation of the score. Bravo.
Liberty Tax Online Basic’s Credits section offers a unique feature that we’ve never seen on a personal tax preparation website. The home page for this section lists all IRS credits that are covered by the site and notably uses the data you already entered to tailor the experience. For example, the column to the right of Earned Income Credit on our return didn’t contain a dollar amount (or, $0), as usual. Instead, it said “Not Qualified,” with a hyperlinked “Why?”
When we clicked on the link, it explained that our investment income was too high to qualify for the EIC. And because we had indicated on an earlier screen that we had college-related expenses, the middle column read “Information Required” next to the Form 1098-T entry. Instead of saying “Add” or “Review,” the column to the right read, “Investigate,” with a big red hand pointing toward it.
There’s nothing difficult about following Liberty Tax Online Basic’s navigation structure. A tabbed toolbar at the top of the screen divides the site into four sections: Personal Information, Federal, State, and Finish. When you click on one, a menu opens below it with the relevant subsections. You can access these areas at will, but it’s safer to just follow the site’s sequential order. As you go through each section, you use the Back and Next buttons to advance or move to the previous screen. Unfortunately, there’s no comprehensive topic-and-form outline like TaxAct Online Plus offers, so you can’t see the site’s topics in their entirety.
TurboTax Deluxe sets the bar high for online tax preparation when it comes to the user experience. Liberty Tax Online Basic’s interface might have been leading edge several years ago, but now it looks a little dated. The site uses the entire screen and then some, yet there’s often a lot of white space, and the text and buttons on the screen are on the small side. There are very few graphics as well and the layout isn’t compelling.
A persistent pane on the right-hand side breaks up the monotony. It’s filled with colorful rectangular buttons that are used for both navigation and support resources. The top right has a Save & Quit button and one that alternates between Home and
Liberty Tax could take a page from when it comes to the on-site help it offers. You can chat with or send email questions to support specialists. The Common Questions button on the right often displays context-sensitive questions and answers (especially on section home pages), but sometimes it’s blank. Click on it, though, and you can enter a search word or phrase to get clearly-written explanations. In fact, it displays a list of possible matches as soon as you start typing.
But the interview pages themselves don’t contain any hyperlinked terms that open guidance windows. There are no deeper explanations within them that might keep someone from needing to visit the help
Liberty Tax Online Basic falls about in the middle of the sites we reviewed. It would rank higher with better-integrated help and a more aesthetically-pleasing user experience. If you’ve used it before and liked it, there’s no reason to change—unless your tax return is going to suddenly get more complex this year. Then, TurboTax Deluxe, with its more engaging user interface and skillfully-employed guidance system, is a better option. You pay more, but it can be risky to pinch pennies when dealing with forms that require the utmost accuracy.
Choosing to use Microsoft Project as your team’s dedicated project management app makes sense only when a number of stars align. First, you really must have a certified project manager on board to drive the software. Second,
If you’ve read this far and realized that Microsoft Project isn’t right for your team, I recommend three other options. For small businesses, Zoho Projects and Teamwork Projects are the PCMag Editors’ Choices. Both are reasonably priced and very easy to learn to use, even if you’re not a project management master yet. The other tool that earns the Editors’ Choice is LiquidPlanner, a high-end tool that’s ideal for larger teams managing not just projects but also people and other resources.
Microsoft Project takes a long time to learn to use and even longer to master. I am writing this review from the point of view of someone who has not mastered it (not even close) but who
Because Microsoft Project is something of a bear, I would recommend complementing my article with user reviews by people who have worked with the tool extensively and can provide different insights into how it holds up in the long term.
There are two ways to buy Microsoft Project. You can add it to an Office 365 subscription or you can buy a standalone version for on-premises deployment. The options get confusing, so let me go through them piece by piece.
Office add-on. When you add Microsoft Project to an Office subscription, you get the cloud-based version of the app. There are three pricing levels for this type of purchase: Project Online Professional, Premium, and Essentials.
Project Online Professional costs $30 per person per month. With this level of service, each person gets to use the Microsoft Project desktop app on up to five computers for project management only, not portfolio management. Even though it’s a desktop app, it still runs in the cloud (i.e., it requires an internet connection to use). Access via web browsers is also included.
Project Online Premium costs $55 per person per month. It offers everything in the Professional account, plus portfolio management tools. It comes with advanced analytics and resource management features that you don’t get in the Professional account.
The third level, Essentials, is not a tier of service so much as a role type you can choose for team members who have fairly limited responsibilities in the app. It costs $7 per person per month. You have to have a Professional or Premium membership first to utilize the Essential option. Essential users can only access Microsoft Project via a web browser or mobile device. They can only update task statuses, work with timesheets, share documents, and communicate with colleagues. They don’t get desktop apps or other functionality.
Standalone on-premises deployment. If you don’t want to use the cloud-hosted version of Microsoft Project, you can host it locally, and there are three options for how to do it.
One is Project Standard, which costs $589.99 charged
The next option is Project Professional for $1,159.99. Each license is good for only one computer. It has everything in Project Standard, plus the ability to collaborate via Skype for Business, resource-management tools, timesheets, and the option to sync with Project Online and Project Server.
Project Server, the last option, is a version of Microsoft Project that enterprises can get with SharePoint 2016. I could go into detail about how to get SharePoint 2016 and the three tiers of enterprise service for Office involved, but I’ll assume that if this option is of interest to you, you already have a support person at Microsoft you can ask for more information.
If we use the $30 or $55 per person per month price for Project Online Professional as our base for comparison, which are the tiers of service I imagine are in your wheelhouse if you’re reading this article, then Microsoft’s prices are on the high end for small to medium businesses.
TeamGantt is a good place to start for comparison. It offers service ranging from a Free account to an Advanced membership that costs $14.95 per person per month. It’s a web-based tool that includes collaboration and is much easier to learn to use than Project.
A comparable plan with Zoho Projects costs a flat rate of $50 per month, regardless of how many people use it. Teamwork Projects offers a similar flat monthly rate ($69 per month for as many team members as you need), as does Proofhub ($150 per month).
If we turn to more high-end tools, LiquidPlanner starts at $599.40 per year for a small business account of up to five people. That price is based on a rate of $9.99 per person per month, but this particular plan is only sold in a five-seat pack. LiquidPlanner’s most popular plan, Professional, is better for medium to large businesses. It works out to be $45 per person per month, with a ten person minimum. Like Microsoft Project, LiquidPlanner takes time to master in part because it offers so many tools for both project management and resources management.
Other project management platforms that are suitable for larger organizations include Clarizen (from $45 per person per month), Celoxis ($25 per person per month; five-person minimum), and Workfront (about $30, depending on setup).
I can’t stress enough the fact that Microsoft Project is meant to be used by experienced, or more precisely trained, project managers. It’s not designed for learning on the fly. It doesn’t come with clear tutorials for getting started. It assumes familiarity with both big concepts and fine details of project management. If you’re thinking you might use this software but you (or the lead person who will be using the app) don’t know what a burndown report is, I would seriously advise you to consider a different tool.
The app itself looks a lot like Excel. It has the same familiar tabbed ribbon interface seen in other Microsoft Office apps. The spreadsheet portion of the app holds all the data related to tasks or resources. To the right of the cells is a Gantt chart reflecting the schedule as you build it.
Microsoft Project supports all the typical things you’d want to do in a project management app. For every task, you can enter a lot of detail, such as a description, notes, start date, task duration, and so forth. Recurring events are supported, as are dependencies, custom fields, and baselines for tracking actual progress versus planned progress.
The bars in the Gantt chart are interactive, so as you adjust them, the information in the cells updates as well. When a task is in progress, you can indicate the percent that it’s done by sliding a smaller line inside its associated spanner bar toward the right.
In addition to having a Gantt chart view, Microsoft Project offers calendar and diagram views as well. The calendar view is self-explanatory, while the diagram view is similar to the Gantt view, only it contains additional details about the task. If you follow a timeline better when there’s some sense of a narrative behind it, the diagram view could be useful.
As mentioned, the first time you use the app, there isn’t much coaching on how to get started. Some apps provide interactive on-screen tutorials. Others start you out in a sample project.
“To be clear, Project Online is NOT a web-based version of Project Professional. Project Online is an entirely separate service that offers full portfolio and project management tools on the web. It includes Project Web App, and can, depending on your subscription, also include Project Online Desktop Client, which is a subscription version of Project Professional.”
Even after having gone through all the pricing and plan options in detail, those words still make my head spin.
Microsoft Project is powerful when it comes to the more detailed aspects of project management, such as resource management, reports, and timesheets. Powerful doesn’t mean easy or simple, of course.
In Microsoft Project, with the tiers of service that include resource management, you can manage work (which includes both generic people and specific people, as well as other “work” related resources), materials, and costs. You can do a lot with these elements if you have the time and the inclination.
For example, you can add detail to materials resources, such as a unit of measure, and if you want to get really detailed, you can enter costs for materials. What if the costs of a material
With work resources, I mentioned you can track specific people or
Reports are highly customizable, although, like the rest of the app, it takes time to learn how to use them. Some of the more rudimentary features are neat and surprisingly simple to use, however. You can generate a report by navigating to the report section and selecting what data you want to appear in different modules on the page. Using a field selection box on the right, you can make the topmost element the project, and below
All the elements you add to the report are stylized, and they don’t automatically adjust to accommodate one another. For example, if text from one element runs long, it can crash into another. Other minor visual elements often need finessing, too. You can end up wasting a lot of time resizing boxes and nudging elements left and right to make it look decent, which probably isn’t what you’re getting paid to do. That’s a designer’s job, really.
That said, styling the reports in this way has a purpose. Once you finish with all the adjustments, the final product looks ready to export to a presentation directly (in PowerPoint, no doubt), so you can go from generating reports to sharing them without
Within the timesheets section, for those versions of the app that include it, you can have team members fill out weekly time sheets for whatever duration you need, such as weekly or monthly. Team members can report not only time spent on tasks related to projects, but they can also indicate what time of work it was, such as research and development or fulfillment. Another option lets people add time to their time sheets for tasks aren’t specifically related to a project. For example, if Julia drives to meet with a client, the team might want to record that time and bill for it, even though the travel doesn’t appear as a task on a project.
I’ve already alluded to the fact that Microsoft Project could offer more assistance in helping people get started with it and learn to use it.
Additionally, Project is weak when it comes to in-app communication. The problem is that Microsoft is a kingdom, and within its
Indeed, traveling around the kingdom annoyed me to no end while I was testing Microsoft Project. A desire to share information might result in the app whisking me away to Outlook. A need to update something about a meeting scheduled
While Microsoft has plenty of its own apps that work with Project, many organizations rely on tools that come from somewhere else, Salesforce being a prime example.
While powerful and thorough in many respects, Microsoft Project fits only very specific companies. More and more, this is the case with many Microsoft apps. Your team needs to already be invested in Microsoft products for Project to make sense. It also works best for medium to large organizations, but not small ones. Plus, you need a qualified and experienced project manager on the team to be the person driving the app.
If Microsoft Project isn’t an ideal candidate for your project management needs, I suggest small outfits look into Zoho Projects and Teamwork Projects, whereas larger organizations managing many more projects and resources take a dive into LiquidPlanner. All three earned the PCMag Editors’ Choice.
The Baramundi Management Suite (which begins at $25.90 per device) is a relative newcomer to our mobile device management (MDM) review roundup. It’s also notable for the fact that the software comes in the form of a virtual machine (VM) intended for either local installation on a server in your data center or for use in the cloud as a server instance in either Amazon Web Services (AWS) or Microsoft Azure. While it might be a solid enough MDM competitor for many small to midsize businesses (SMBs), the Baramundi Management Suite suffers from some unneeded complexity as well as a dependence on Microsoft back-office platforms for full functionality. It’s these issues that keep it behind our Editors’ Choice winner VMware AirWatch for now.
On the plus side, the MDM function is just one part of the bigger picture in the Baramundi Management Suite. Similar to Microsoft Intune, the Baramundi Management Suite also handles some desktop management chores for Microsoft Windows and Apple OS X-based desktops, up to the installation of a new operating system (OS). The downside here is that full functionality requires integration with an external Microsoft Active Directory (AD) domain and a Microsoft Exchange Server for sending email notifications. The first is something we encounter often, but the second has become something of a limitation now that many SMBs are going with hosted email services such as Google G Suite instead of an in-house email server. Our trial system didn’t have access to either of these platforms so we were unable to test all of the features, including the sending of email messages for device enrollment. Additionally, on the MDM side, Windows-based devices also required AD support, which means that shops without AD and Microsoft Exchange will only be able to manage Android and Apple devices with the Baramundi Management Suite.
Installing the Baramundi Management Suite consists of provisioning a VM, which was accomplished by the company for our test instance in the Microsoft Azure public cloud. The same could be accomplished in AWS should you choose to go that route. Connecting to the system uses a remote desktop session to connect you into a Windows Server environment. The one advantage to a VM approach is the consistency of deployment for the management infrastructure across multiple cloud services and on-premises, which means you’ve got easy access to redundancy and scalability should you need it.
To enroll either an Android or iOS device, you simply download the Baramundi Mobile Agent application from the appropriate store and follow the in-app instructions. Baramundi provides a Quick Response Code (QR code) that contains the server and account information so you don’t have to type this in. The agent includes a QR scanning capability, which removes the need for any additional apps. On iOS, the app installs the appropriate certificates to get you securely connected to the server.
We were able to register an iOS phone, a Samsung Galaxy S8+ smartphone, and a Samsung Galaxy Tab S3 device. The Baramundi Management Suite does support the Samsung Knox platform and the ability to block (black list) or allow (white list) specific apps. Only those apps which have been white-listed will be allowed should a user choose to install them. We did find some limitations to this capability depending on the version of Knox you’re using but it shouldn’t be an issue with updated phones.
Opening the Baramundi Management Suite console presents a dashboard that shows the status of Windows devices. The dashboard for mobile devices shows compliance status and rules violations. The Compliance Overview block includes clickable links to take you to another section of the management interface with more detailed information. The graphics displayed are static, meaning you can’t click an image and drill down for further details like you can in other products like VMware AirWatch and SOTI MobiControl. You also can’t modify the dashboard screens.
Like most of the other products in this roundup, the Baramundi Management Suite uses the concept of device profiles to configure specific settings. One difference from products such as and SOTI MobiControl is that the Baramundi Management Suite uses the concept of a universal profile to apply the same basic settings to all platforms. Creating a profile consists of settings collected into groupings they call “building blocks.” For example, one building block addresses restrictions on hardware such as the camera. Other building blocks include settings for Wi-Fi access points and virtual private network (VPN) credentials.
Once a profile has been created, it must be deployed by using a job. Jobs perform a number of different actions, including installing or uninstalling an app or profile; locking, unlocking, or wiping a device; and compiling a hardware or software inventory. Performing an action such as a device lock or wipe requires several steps, including creating a job to accomplish the task and then deploying it to a specific device. This seems more cumbersome for mobile devices than simply right-clicking and choosing “Lock Device” as in other systems such as SOTI MobiControl.
Viewing individual devices lets you see pertinent information about the device and perform specific tasks such as assign a job or edit the owner details. A Device Actions menu item on the page only let you deactivate the device. To do anything else requires creating a job. Creating a new job happens under the Jobs section. The Baramundi Management Suite includes a number of standard jobs to do things such as take a hardware and software inventory or distribute an app. Initiating a device wipe requires a number of steps to first create the job and then assign it to a specific device. This amount of effort would become quite tedious for most administrators after the first few device wipe requests.
Reporting was one strong area for the Baramundi Management Suite. A long list of pre-defined reports gives you access to most of the pertinent information. Creating new reports requires a full version of Crystal Reports which is an additional cost but does offer a robust report building tool. On the downside, the Baramundi Management Suite interface was not as intuitive as other products, like and SOTI MobiControl. It’s also missing features such as geofencing, geolocation, or mobile expense management (MEM). The geolocation feature is a significant one when an employee loses his or her device.
The base price for a single Baramundi Management Suite device is $25.90 plus a yearly maintenance cost between $3.50 and $5.50 depending on contract length. While that sounds like a lot, it actually puts the Baramundi Management Suite among the cheapest of all the products we tested, along with AppTec360 Enterprise Mobility Management.
Overall, we liked the Baramundi Management Suite, though we did find that it offers only the basic functionality that we’d expect out of an MDM product. However, it does manage that at a very low cost. Still, it doesn’t fully compare with the capabilities found in the other products in this roundup, notably our Editors’ Choice winner VMware AirWatch. Simple administrative functions, such as wiping a device, require far too many steps when compared to all of the other products in our roundup. Plus, its reliance on Microsoft for full functionality makes life hard on companies that have opted for different cloud-based back-office platforms.
Read Full Review
Read Full Review
The myth that Macs can’t suffer viruses, Trojans, or other types of malware attack is busted. Oh, the situation isn’t nearly as bad as on Windows or Android, but Macs really do need antivirus protection. There are free options available, including Avast Security (for Mac), but commercial antivirus utilities offer more features and do better in testing. Looking at what this product adds beyond the features in the free edition, it’s really hard to justify the price.
This product’s main window looks exactly like that of the free edition, except for the absence of the upgrade offer. Plenty of white space surrounds a simple security status indicator. The left-rail menu is also the same as in the free edition. The difference is that clicking Ransomware Shield or Wi-Fi Inspector brings up the component, rather than displaying an upgrade invitation. The look is very different from that of Avast Pro Antivirus, which uses a dark gray background with occasional elements in purple and green.
Like Bitdefender and Kaspersky, Avast supports macOS versions back to 10.9 (Mavericks). If you have an antique Mac that for some reason can’t even run Mavericks, consider ESET,
The most common pricing plan for Mac antivirus runs $39.99 per year for one license or $59.99 for three. Bitdefender, ESET Cyber Security (for Mac), Kaspersky, and Malwarebytes all fit this profile. Price-wise, Avast is on the high end, at $59.99 per year or $69.99 for three licenses. That’s expensive, considering that the free edition has all the same features except for Ransomware Shield and Wi-Fi Inspector, which I’ll detail below.
This utility shares all the features of the free Avast Security (for Mac), and that’s saying a lot. I’ll briefly summarize those shared features here, and you can should read my review of the free product for more details.
AV-Comparatives certified Avast’s Mac malware protection as effective. In testing, it protected against 99.9 percent of Mac malware and 100 percent of Windows malware. AV-Test Institute, the other major lab that tests Mac antivirus, did not include Avast in testing. Note, though, that Bitdefender and Kaspersky earned 100 percent in both tests, and received certification from both labs.
I don’t have the same kind of resources for antivirus testing under macOS as I do for Windows. I did try scanning a folder containing my current collection of Windows malware. Avast detected and quarantined 85 percent of the samples, which is quite good. Only Webroot SecureAnywhere Antivirus (for Mac), with 86 percent, and Sophos, with 100 percent, have done better. At the low end, McAfee caught 25 percent and Intego just 18 percent.
Avast’s full scan finished in 14.5 minutes, which is quite a bit faster than the current average of 24 minutes. The impressive Home Network Security Scanner took less than three minutes to take note of all devices on my network. It found 36 devices and flagged legitimate security problems on two of them.
Phishing websites masquerade as secure sites in the hopes of fooling you into giving away your login credentials. It doesn’t matter which browser you use, or which operating system. Avast’s scores in my hands-on phishing protection test were extremely poor. The phishing protection systems built into Chrome, Firefox, and Internet Explorer all outperformed Avast, by a long shot.
The Online Security browser extension marks up search results to flag dangerous links. It also displays a list of all ad trackers and other trackers on the current page, with an option to actively block these. Kaspersky Internet Security for Mac includes a similar active Do Not Track feature.
Avast comes with a basic password manager that installs as a separate application. It handles basic functions like password capture and replay, saving secure notes, and generating strong passwords. The app stores
Everything I’ve described to this point is also available in the free edition. The premium-only Ransomware Shield component simply prevents unauthorized access to files in sensitive folders. By default, it protects the Documents and Pictures folders for the current user. Naturally, you can add other folders if needed. A similar feature in Bitdefender Antivirus for Mac also protects your Time Machine backups.
To test this kind of access control on Windows, I use a small text editor that I wrote myself, something that would never show up on a list of trusted applications. I don’t have such a program for macOS, so I had to disable the feature that automatically trusts Apple and App Store applications.
This type of access control is an effective tool for ransomware protection, one used by many security tools both on Windows and macOS. However, it does require vigilance on your part. When you see the Ransomware Shield popup, examine it carefully, and only click Allow if you’re absolutely sure the program is legitimate.
As noted, you get the Home Network Security Scan even in the free edition. The premium edition adds a component called Wi-Fi Inspector. Despite the name, the main function of this component is to alert you when new devices join the network. It maintains its own simple list of devices. If you click Deep Scan, it launches the Home Network Security Scan.
Wi-Fi Inspector’s device list doesn’t identify security issues the way the security scan does. On the plus side, it lists the MAC address and IP address for each device, along with the name. For many devices, the name is a clear identification, like
I did encounter a serious problem with the device list. It found 36 devices on my network, but I couldn’t scroll down to see more than the first bunch of devices. My Avast contact confirmed this as a bug. It’s not such a big problem, as you can see all your connected devices in network scanner.
The real point of Wi-Fi Inspector is to alert you when a new device connects. Just after installation, you’ll probably see quite a few of these, as devices that were turned off during the initial scan wake up. Once you get past that shakeout period, you should pay close attention to the new-device notifications. If you don’t recognize the device, it could be a neighbor mooching your Wi-Fi, or even a hack attempt.
If you determine that the new connection isn’t legitimate, there’s not a lot you can do about it. Wi-Fi Inspector offers notification, but no direct way to act on that information. Your best bet is to snap a screenshot of the notification and then find a friend who’s a network whiz. Your buddy can use the info from the screenshot to log into your router’s settings and ban the device from the network.
Avast Security Pro offers certified Mac malware protection, a network security scanner, and a password manager, but those features also come with the free Avast Security. The Pro edition adds ransomware protection that works by banning untrusted applications from modifying your files. It also adds real-time notification of new connections to your
Bitdefender Antivirus for Mac has certification from two labs, excellent phishing protection, an anti-ransomware feature much like Avast’s, and more. Kaspersky Internet Security for Mac also has two certifications, and it comes with a full parental control system, excellent anti-phishing, protection against webcam peepers, and more. These are our Editors’ Choice products for macOS antivirus, and they both costs $20 less than Avast.
Your antivirus or security suite really ought to protect you against ransomware, along with all other kinds of malware. There might be an occasional slipup with a never-before-seen attack, but those unknowns rapidly become known. Unfortunately, ex post facto removal of ransomware still leaves your files encrypted. That’s why you may want to add a ransomware protection utility to your arsenal. The free CyberSight RansomStopper stopped real-world ransomware in testing, but can have a problem with ransomware that only runs at boot time.
RansomStopper is quite similar to Cybereason RansomFree, Trend Micro RansomBuster, and Malwarebytes Anti-Ransomware Beta. All four are free, and all detect ransomware based on its behavior. Since they rely on behavior, it doesn’t matter whether the ransomware is an old, known quantity or a just-created zero-day attack. Like RansomFree, RansomStopper uses bait files as part of its detection methodology. However, RansomStopper hides its bait files from the user.
Installation went quickly in my testing. After the download, I completed the process by entering my first and last name and email address. Once I responded to the confirmation email, the product was up and running.
The product’s simple main window reports that “You are protected from ransomware.” Buttons across the bottom let you view security alerts, processes RansomStop has blocked, and processes you’ve chosen to allow. Another button lets you check for updates, if you didn’t select automatic updates during installation. Simple!
CyberSight also offers a business edition. Added features include email alerts, centralized administration, and detailed reports. The business edition costs $29.99 for a single license, though the price drops to as low as $10 per seat with volume licensing.
When RansomStopper detects a ransomware attack, it terminates the offending process and pops up a warning in the notification area. Clicking the warning lets you see what file caused the problem. There’s an option to remove programs from the blocked processes list—along with a warning that doing so is a bad idea.
Waiting to detect ransomware behavior can sometimes mean that the ransomware encrypts a few files before termination. When I tested Malwarebytes, it did lose a few files this way. Check Point ZoneAlarm Anti-Ransomware actively recovers any encrypted files. In my testing, it did so for every ransomware sample. ZoneAlarm’s only error was one instance of reporting failure when it had actually succeeded.
For a quick sanity check, I launched a simple fake ransomware program that I wrote myself. All it does is look for text files in and below the Documents folder and encrypt them. It uses a simple, reversible cipher, so a second run restores the files. RansomStopper caught it and prevented its chicanery. So far so good.
The only sure way to test behavior-based ransomware protection is by using live ransomware. I do this very cautiously, isolating my virtual machine test system from any shared folders and from the internet.
This test can be harrowing if the anti-ransomware product fails its detection, but my RansomStopper test went smoothly. Like ZoneAlarm and Malwarebytes, RansomStopper caught all the samples, and I didn’t find any files encrypted before behavioral detection kicked in. Cybereason RansomFree did pretty well, but it missed one.
I also test using KnowBe4’s RanSim, a utility that simulates 10 types of ransomware attack. Success in this test is useful information, but failure can simply mean that the behavior-based detection correctly determined that the simulations are not real ransomware. Like RansomFree, RansomStopper ignored the simulations.
Keeping under the radar is a big deal for ransomware. When possible, it does its dirty deeds silently, only coming forward with its ransom demand after encrypting your files. Having administrator privileges makes ransomware’s job easier, but getting to that point typically requires permission from the user. There are workarounds to get those privileges silently. These include arranging to piggyback on the Winlogon process at boot time, or set a scheduled task for boot time. Typically, the ransomware just arranges to launch at boot and then forces a reboot, without performing any encryption tasks.
I mention this because I discovered that ransomware can encrypt files at boot time before RansomStopper kicks in. My own fake encryption program managed that feat. It encrypted all text files in and below the Documents folder, including RansomStopper’s bait text file. (Yes, that file is in a folder that RansomStopper actively hides, but I have my methods…)
I reverted the virtual machine and tried again, this time setting a real-world ransomware sample to launch at startup. It encrypted my files and displayed its ransom note before RansomStopper loaded. From my CyberSight contact I learned that they’re “testing several solutions” for this problem, and that an update in the next few weeks should take care of it. I’ll update this review when a solution becomes available.
RansomFree runs as a service, so it’s active before any regular process. When I performed the same test, setting a real-world ransomware sample to launch at startup, RansomFree caught it. Malwarebytes also passed this test. RansomBuster detected the boot-time attack and recovered the affected files.
To further explore this problem, I obtained a sample of the Petya ransomware that caused trouble earlier this year. This particular strain crashes the system and then simulates boot-time repair by CHKDSK. What it’s actually doing is encrypting your hard drive. Malwarebytes, RansomFree, and RansomBuster all failed to prevent this attack. RansomStopper caught it before it could cause the system crash—impressive! To be fair to the others, this one is not a typical file encryptor ransomware. Rather, it locks the entire system by encrypting the hard drive.
Querying my contacts, I did learn that boot-time ransomware attacks, including Petya, are becoming less common. Even so, I’m adding this test to my repertoire.
Behavior-based detection, when implemented properly, is an excellent way to fight ransomware. However, it’s not the only way. Trend Micro RansomBuster and Bitdefender Antivirus Plus are among those that foil ransomware by controlling file access. They prevent untrusted programs from making any change to files in protected folders. If an untrusted program tries to modify your files, you get a notification. Typically, you get the option to add the unknown program to the trusted list. That can be handy if the blocked program was your new text or photo editor. Panda Internet Security goes even farther, preventing untrusted programs from even reading data from protected files.
Ransomware crooks need to take care that they’ll be able to decrypt files when the victim pays up. Encrypting files more than once could interfere with recovery, so most include a marker of some kind to prevent a second attack. Bitdefender Anti-Ransomware leverages that technique to fool specific ransomware families into thinking they’ve already attacked you. Note, though, that this technique can’t do a thing about brand-new ransomware types.
When Webroot SecureAnywhere AntiVirus encounters an unknown process, it starts journaling all activity by that process, and sending data to the cloud for analysis. If the process proves to be malware, Webroot rolls back everything it did, even rolling back ransomware activity. ZoneAlarm and RansomBuster have their own methods for recovering files. When the anti-ransomware component of Acronis True Image kills off a ransomware attack, it can restore encrypted files from its own secure backup if necessary.
CyberSight RansomStopper detected and blocked all my real-world ransomware samples without losing any files. It also detected my simple hand-coded ransomware simulator. And it blocked an attack by Petya, where several competing products failed.
RansomStopper did exhibit a vulnerability to ransomware that only runs at boot time, but my sources say this type of attack is becoming less common, and CyberSight is working on a solution. Other free products had their own problems. RansomFree missed one real-world sample, and Malwarebytes let another sample encrypt a few files before its detection kicked in. RansomBuster fared worse, missing half the samples completely (though its Folder Shield component protected most files).
Check Point ZoneAlarm Anti-Ransomware remains our Editors’ Choice for dedicate ransomware protection. It’s not free, but at $2.99 per month it’s also not terribly expensive. If that still seems too steep, give the three free utilities a try, and see which one you like best.