Category Archives: PCMag.com Software Product Guide

PCMag.com Software Product Guide

Microsoft Project

Choosing to use Microsoft Project as your team’s dedicated project management app makes sense only when a number of stars align. First, you really must have a certified project manager on board to drive the software. Second, time has to be on your side and your certified project manager can’t be rushed to learn to use the tool. Third, your team should already be a Microsoft house, or it should be willing to become one. Fourth, the number of projects your team manages and their level of complexity should be quite high. If your organization meets these criteria, Microsoft Project may prove to be an invaluable tool. If not, you’re better served by another option, and there are many.

Similar Products

If you’ve read this far and realized that Microsoft Project isn’t right for your team, I recommend three other options. For small businesses, Zoho Projects and Teamwork Projects are the PCMag Editors’ Choices. Both are reasonably priced and very easy to learn to use, even if you’re not a project management master yet. The other tool that earns the Editors’ Choice is LiquidPlanner, a high-end tool that’s ideal for larger teams managing not just projects but also people and other resources.

A Few Caveats

Microsoft Project takes a long time to learn to use and even longer to master. I am writing this review from the point of view of someone who has not mastered it (not even close) but who has experimented with it for some weeks and asked questions of Microsoft representatives to learn more. My point of view includes comparison testing with dozens of other project management apps, from lightweight ones designed for small businesses to enterprise-grade options.

Because Microsoft Project is something of a bear, I would recommend complementing my article with user reviews by people who have worked with the tool extensively and can provide different insights into how it holds up in the long term.

Pricing and Plans

There are two ways to buy Microsoft Project. You can add it to an Office 365 subscription or you can buy a standalone version for on-premises deployment. The options get confusing, so let me go through them piece by piece.

Office add-on. When you add Microsoft Project to an Office subscription, you get the cloud-based version of the app. There are three pricing levels for this type of purchase: Project Online Professional, Premium, and Essentials.

Project Online Professional costs $30 per person per month. With this level of service, each person gets to use the Microsoft Project desktop app on up to five computers for project management only, not portfolio management. Even though it’s a desktop app, it still runs in the cloud (i.e., it requires an internet connection to use). Access via web browsers is also included.

Project Online Premium costs $55 per person per month. It offers everything in the Professional account, plus portfolio management tools. It comes with advanced analytics and resource management features that you don’t get in the Professional account.

The third level, Essentials, is not a tier of service so much as a role type you can choose for team members who have fairly limited responsibilities in the app. It costs $7 per person per month. You have to have a Professional or Premium membership first to utilize the Essential option. Essential users can only access Microsoft Project via a web browser or mobile device. They can only update task statuses, work with timesheets, share documents, and communicate with colleagues. They don’t get desktop apps or other functionality.

Standalone on-premises deployment. If you don’t want to use the cloud-hosted version of Microsoft Project, you can host it locally, and there are three options for how to do it.

One is Project Standard, which costs $589.99 charged as a one-time flat fee. With this version, you get one piece of software installed locally on one computer, and only one person can use it. It’s old-school software in the sense that it doesn’t have any collaboration features. You get project management tools, but nothing for resource management.

The next option is Project Professional for $1,159.99. Each license is good for only one computer. It has everything in Project Standard, plus the ability to collaborate via Skype for Business, resource-management tools, timesheets, and the option to sync with Project Online and Project Server.

Project Server, the last option, is a version of Microsoft Project that enterprises can get with SharePoint 2016. I could go into detail about how to get SharePoint 2016 and the three tiers of enterprise service for Office involved, but I’ll assume that if this option is of interest to you, you already have a support person at Microsoft you can ask for more information.

Comparison Prices

If we use the $30 or $55 per person per month price for Project Online Professional as our base for comparison, which are the tiers of service I imagine are in your wheelhouse if you’re reading this article, then Microsoft’s prices are on the high end for small to medium businesses.

TeamGantt is a good place to start for comparison. It offers service ranging from a Free account to an Advanced membership that costs $14.95 per person per month. It’s a web-based tool that includes collaboration and is much easier to learn to use than Project.

A comparable plan with Zoho Projects costs a flat rate of $50 per month, regardless of how many people use it. Teamwork Projects offers a similar flat monthly rate ($69 per month for as many team members as you need), as does Proofhub ($150 per month).

If we turn to more high-end tools, LiquidPlanner starts at $599.40 per year for a small business account of up to five people. That price is based on a rate of $9.99 per person per month, but this particular plan is only sold in a five-seat pack. LiquidPlanner’s most popular plan, Professional, is better for medium to large businesses. It works out to be $45 per person per month, with a ten person minimum. Like Microsoft Project, LiquidPlanner takes time to master in part because it offers so many tools for both project management and resources management.

Other project management platforms that are suitable for larger organizations include Clarizen (from $45 per person per month), Celoxis ($25 per person per month; five-person minimum), and Workfront (about $30, depending on setup).

Getting Started

I can’t stress enough the fact that Microsoft Project is meant to be used by experienced, or more precisely trained, project managers. It’s not designed for learning on the fly. It doesn’t come with clear tutorials for getting started. It assumes familiarity with both big concepts and fine details of project management. If you’re thinking you might use this software but you (or the lead person who will be using the app) don’t know what a burndown report is, I would seriously advise you to consider a different tool.

The app itself looks a lot like Excel. It has the same familiar tabbed ribbon interface seen in other Microsoft Office apps. The spreadsheet portion of the app holds all the data related to tasks or resources. To the right of the cells is a Gantt chart reflecting the schedule as you build it.

Microsoft Project supports all the typical things you’d want to do in a project management app. For every task, you can enter a lot of detail, such as a description, notes, start date, task duration, and so forth. Recurring events are supported, as are dependencies, custom fields, and baselines for tracking actual progress versus planned progress.

The bars in the Gantt chart are interactive, so as you adjust them, the information in the cells updates as well. When a task is in progress, you can indicate the percent that it’s done by sliding a smaller line inside its associated spanner bar toward the right.

In addition to having a Gantt chart view, Microsoft Project offers calendar and diagram views as well. The calendar view is self-explanatory, while the diagram view is similar to the Gantt view, only it contains additional details about the task. If you follow a timeline better when there’s some sense of a narrative behind it, the diagram view could be useful.

As mentioned, the first time you use the app, there isn’t much coaching on how to get started. Some apps provide interactive on-screen tutorials. Others start you out in a sample project. Still others point you early to a channel of help videos for getting started. Microsoft Project has none of that. In fact, the little that Project does provide may merely add to your confusion, such as this little nugget of information that I saw on day one:

“To be clear, Project Online is NOT a web-based version of Project Professional. Project Online is an entirely separate service that offers full portfolio and project management tools on the web. It includes Project Web App, and can, depending on your subscription, also include Project Online Desktop Client, which is a subscription version of Project Professional.”

Even after having gone through all the pricing and plan options in detail, those words still make my head spin.

Features and Details

Microsoft Project is powerful when it comes to the more detailed aspects of project management, such as resource management, reports, and timesheets. Powerful doesn’t mean easy or simple, of course.

In Microsoft Project, with the tiers of service that include resource management, you can manage work (which includes both generic people and specific people, as well as other “work” related resources), materials, and costs. You can do a lot with these elements if you have the time and the inclination.

For example, you can add detail to materials resources, such as a unit of measure, and if you want to get really detailed, you can enter costs for materials. What if the costs of a material changes over time? In Microsoft Project, an additional detail panel allows you to track and account for changes in cost over time.

With work resources, I mentioned you can track specific people or generalized people. Depending on the work you’re tracking, you may need to assign general human resources, such as a “front-end programmer” or “QA tester,” rather than a specific person. It all depends on what you’re managing and how.

Reports are highly customizable, although, like the rest of the app, it takes time to learn how to use them. Some of the more rudimentary features are neat and surprisingly simple to use, however. You can generate a report by navigating to the report section and selecting what data you want to appear in different modules on the page. Using a field selection box on the right, you can make the topmost element the project, and below it you might add a table showing how much of each phase of the project is already complete, and so forth.

All the elements you add to the report are stylized, and they don’t automatically adjust to accommodate one another. For example, if text from one element runs long, it can crash into another. Other minor visual elements often need finessing, too. You can end up wasting a lot of time resizing boxes and nudging elements left and right to make it look decent, which probably isn’t what you’re getting paid to do. That’s a designer’s job, really.

That said, styling the reports in this way has a purpose. Once you finish with all the adjustments, the final product looks ready to export to a presentation directly (in PowerPoint, no doubt), so you can go from generating reports to sharing them without many additional steps.

Within the timesheets section, for those versions of the app that include it, you can have team members fill out weekly time sheets for whatever duration you need, such as weekly or monthly. Team members can report not only time spent on tasks related to projects, but they can also indicate what time of work it was, such as research and development or fulfillment. Another option lets people add time to their time sheets for tasks aren’t specifically related to a project. For example, if Julia drives to meet with a client, the team might want to record that time and bill for it, even though the travel doesn’t appear as a task on a project.

Room for Improvement

I’ve already alluded to the fact that Microsoft Project could offer more assistance in helping people get started with it and learn to use it.

Additionally, Project is weak when it comes to in-app communication. The problem is that Microsoft is a kingdom, and within its realm it already has plenty of tools for communicating. You can fire off an email with Outlook, or schedule a meeting in Calendar, or pop into Microsoft Teams for chat, or Yammer for conversations, or Skype for video calls, and so forth. But sometimes, when you’re working on a project, you just want to @ message someone or ping them in a chat and ask a question without breaking the context of your work by navigating to another app. Seeing as these tools already exist, why duplicate them in Project? (Some might refer to Microsoft as having an “ecosystem” rather than kingdom. An ecosystem can’t help but be what it is, but a kingdom chooses its boundaries.)

Indeed, traveling around the kingdom annoyed me to no end while I was testing Microsoft Project. A desire to share information might result in the app whisking me away to Outlook. A need to update something about a meeting scheduled in my project could leave my computer loading a new tab for Calendar without my consent. Many times, I wanted the ability to adjust all the details related to my project from within the project management app, not somewhere else.

While Microsoft has plenty of its own apps that work with Project, many organizations rely on tools that come from somewhere else, Salesforce being a prime example. Project does not integrate with many other tools. It’s not supported by Zapier either, which is an online tool that can sometimes connect apps and services that don’t natively talk to one another. If you’re hoping to loop your project management application into other online services that your team already uses, whether Slack or Trello or Salesforce, then Microsoft Project is not a good tool to choose.

A Powerful Tool Within Its Realm

While powerful and thorough in many respects, Microsoft Project fits only very specific companies. More and more, this is the case with many Microsoft apps. Your team needs to already be invested in Microsoft products for Project to make sense. It also works best for medium to large organizations, but not small ones. Plus, you need a qualified and experienced project manager on the team to be the person driving the app.

If Microsoft Project isn’t an ideal candidate for your project management needs, I suggest small outfits look into Zoho Projects and Teamwork Projects, whereas larger organizations managing many more projects and resources take a dive into LiquidPlanner. All three earned the PCMag Editors’ Choice.

Baramundi Management Suite

The Baramundi Management Suite (which begins at $25.90 per device) is a relative newcomer to our mobile device management (MDM) review roundup. It’s also notable for the fact that the software comes in the form of a virtual machine (VM) intended for either local installation on a server in your data center or for use in the cloud as a server instance in either Amazon Web Services (AWS) or Microsoft Azure. While it might be a solid enough MDM competitor for many small to midsize businesses (SMBs), the Baramundi Management Suite suffers from some unneeded complexity as well as a dependence on Microsoft back-office platforms for full functionality. It’s these issues that keep it behind our Editors’ Choice winner VMware AirWatch for now.

Similar Products

On the plus side, the MDM function is just one part of the bigger picture in the Baramundi Management Suite. Similar to Microsoft Intune, the Baramundi Management Suite also handles some desktop management chores for Microsoft Windows and Apple OS X-based desktops, up to the installation of a new operating system (OS). The downside here is that full functionality requires integration with an external Microsoft Active Directory (AD) domain and a Microsoft Exchange Server for sending email notifications. The first is something we encounter often, but the second has become something of a limitation now that many SMBs are going with hosted email services such as Google G Suite instead of an in-house email server. Our trial system didn’t have access to either of these platforms so we were unable to test all of the features, including the sending of email messages for device enrollment. Additionally, on the MDM side, Windows-based devices also required AD support, which means that shops without AD and Microsoft Exchange will only be able to manage Android and Apple devices with the Baramundi Management Suite.

Installation and Device Enrollment

Installing the Baramundi Management Suite consists of provisioning a VM, which was accomplished by the company for our test instance in the Microsoft Azure public cloud. The same could be accomplished in AWS should you choose to go that route. Connecting to the system uses a remote desktop session to connect you into a Windows Server environment. The one advantage to a VM approach is the consistency of deployment for the management infrastructure across multiple cloud services and on-premises, which means you’ve got easy access to redundancy and scalability should you need it.

To enroll either an Android or iOS device, you simply download the Baramundi Mobile Agent application from the appropriate store and follow the in-app instructions. Baramundi provides a Quick Response Code (QR code) that contains the server and account information so you don’t have to type this in. The agent includes a QR scanning capability, which removes the need for any additional apps. On iOS, the app installs the appropriate certificates to get you securely connected to the server.

We were able to register an iOS phone, a Samsung Galaxy S8+ smartphone, and a Samsung Galaxy Tab S3 device. The Baramundi Management Suite does support the Samsung Knox platform and the ability to block (black list) or allow (white list) specific apps. Only those apps which have been white-listed will be allowed should a user choose to install them. We did find some limitations to this capability depending on the version of Knox you’re using but it shouldn’t be an issue with updated phones.

Management Interface

Opening the Baramundi Management Suite console presents a dashboard that shows the status of Windows devices. The dashboard for mobile devices shows compliance status and rules violations. The Compliance Overview block includes clickable links to take you to another section of the management interface with more detailed information. The graphics displayed are static, meaning you can’t click an image and drill down for further details like you can in other products like VMware AirWatch and SOTI MobiControl. You also can’t modify the dashboard screens.

Like most of the other products in this roundup, the Baramundi Management Suite uses the concept of device profiles to configure specific settings. One difference from products such as and SOTI MobiControl is that the Baramundi Management Suite uses the concept of a universal profile to apply the same basic settings to all platforms. Creating a profile consists of settings collected into groupings they call “building blocks.” For example, one building block addresses restrictions on hardware such as the camera. Other building blocks include settings for Wi-Fi access points and virtual private network (VPN) credentials.

Once a profile has been created, it must be deployed by using a job. Jobs perform a number of different actions, including installing or uninstalling an app or profile; locking, unlocking, or wiping a device; and compiling a hardware or software inventory. Performing an action such as a device lock or wipe requires several steps, including creating a job to accomplish the task and then deploying it to a specific device. This seems more cumbersome for mobile devices than simply right-clicking and choosing “Lock Device” as in other systems such as SOTI MobiControl.

Viewing individual devices lets you see pertinent information about the device and perform specific tasks such as assign a job or edit the owner details. A Device Actions menu item on the page only let you deactivate the device. To do anything else requires creating a job. Creating a new job happens under the Jobs section. The Baramundi Management Suite includes a number of standard jobs to do things such as take a hardware and software inventory or distribute an app. Initiating a device wipe requires a number of steps to first create the job and then assign it to a specific device. This amount of effort would become quite tedious for most administrators after the first few device wipe requests.

Reporting was one strong area for the Baramundi Management Suite. A long list of pre-defined reports gives you access to most of the pertinent information. Creating new reports requires a full version of Crystal Reports which is an additional cost but does offer a robust report building tool. On the downside, the Baramundi Management Suite interface was not as intuitive as other products, like and SOTI MobiControl. It’s also missing features such as geofencing, geolocation, or mobile expense management (MEM). The geolocation feature is a significant one when an employee loses his or her device.

Pricing

The base price for a single Baramundi Management Suite device is $25.90 plus a yearly maintenance cost between $3.50 and $5.50 depending on contract length. While that sounds like a lot, it actually puts the Baramundi Management Suite among the cheapest of all the products we tested, along with AppTec360 Enterprise Mobility Management.

Overall, we liked the Baramundi Management Suite, though we did find that it offers only the basic functionality that we’d expect out of an MDM product. However, it does manage that at a very low cost. Still, it doesn’t fully compare with the capabilities found in the other products in this roundup, notably our Editors’ Choice winner VMware AirWatch. Simple administrative functions, such as wiping a device, require far too many steps when compared to all of the other products in our roundup. Plus, its reliance on Microsoft for full functionality makes life hard on companies that have opted for different cloud-based back-office platforms.

Software Reviews | Computer Software Review

MSRP: $150.00



at

Bottom Line: Against standard malware, Webroot SecureAnywhere Business Endpoint Protection is an excellent product. But we found it has trouble detecting more bleeding-edge attacks, such as the newer scripting attacks. Still, with an excellent overall set of tools, Webroot is definitely worth checking out after this problem is patched.

Read Full Review

Software Reviews | Computer Software Review

MSRP: $150.00



at

Bottom Line: Against standard malware, Webroot SecureAnywhere Business Endpoint Protection is an excellent product. But we found it has trouble detecting more bleeding-edge attacks, such as the newer scripting attacks. Still, with an excellent overall set of tools, Webroot is definitely worth checking out after this problem is patched.

Read Full Review

Avast Security Pro (for Mac)

The myth that Macs can’t suffer viruses, Trojans, or other types of malware attack is busted. Oh, the situation isn’t nearly as bad as on Windows or Android, but Macs really do need antivirus protection. There are free options available, including Avast Security (for Mac), but commercial antivirus utilities offer more features and do better in testing. Looking at what this product adds beyond the features in the free edition, it’s really hard to justify the price.

Similar Products

This product’s main window looks exactly like that of the free edition, except for the absence of the upgrade offer. Plenty of white space surrounds a simple security status indicator. The left-rail menu is also the same as in the free edition. The difference is that clicking Ransomware Shield or Wi-Fi Inspector brings up the component, rather than displaying an upgrade invitation. The look is very different from that of Avast Pro Antivirus, which uses a dark gray background with occasional elements in purple and green.

Pricing and OS Support

Like Bitdefender and Kaspersky, Avast supports macOS versions back to 10.9 (Mavericks). If you have an antique Mac that for some reason can’t even run Mavericks, consider ESET, ProtectWorks, or ClamXav—all of which support versions of macOS from 10.6 (Snow Leopard) on. At the other end of the spectrum, Avira, Trend Micro, and Symantec Norton Security Deluxe (for Mac) require macOS 10.11 (El Capitan) or better.

The most common pricing plan for Mac antivirus runs $39.99 per year for one license or $59.99 for three. Bitdefender, ESET Cyber Security (for Mac), Kaspersky, and Malwarebytes all fit this profile. Price-wise, Avast is on the high end, at $59.99 per year or $69.99 for three licenses. That’s expensive, considering that the free edition has all the same features except for Ransomware Shield and Wi-Fi Inspector, which I’ll detail below.

Shared Features

This utility shares all the features of the free Avast Security (for Mac), and that’s saying a lot. I’ll briefly summarize those shared features here, and you can should read my review of the free product for more details.

AV-Comparatives certified Avast’s Mac malware protection as effective. In testing, it protected against 99.9 percent of Mac malware and 100 percent of Windows malware. AV-Test Institute, the other major lab that tests Mac antivirus, did not include Avast in testing. Note, though, that Bitdefender and Kaspersky earned 100 percent in both tests, and received certification from both labs.

I don’t have the same kind of resources for antivirus testing under macOS as I do for Windows. I did try scanning a folder containing my current collection of Windows malware. Avast detected and quarantined 85 percent of the samples, which is quite good. Only Webroot SecureAnywhere Antivirus (for Mac), with 86 percent, and Sophos, with 100 percent, have done better. At the low end, McAfee caught 25 percent and Intego just 18 percent.

Avast’s full scan finished in 14.5 minutes, which is quite a bit faster than the current average of 24 minutes. The impressive Home Network Security Scanner took less than three minutes to take note of all devices on my network. It found 36 devices and flagged legitimate security problems on two of them.

Phishing websites masquerade as secure sites in the hopes of fooling you into giving away your login credentials. It doesn’t matter which browser you use, or which operating system. Avast’s scores in my hands-on phishing protection test were extremely poor. The phishing protection systems built into Chrome, Firefox, and Internet Explorer all outperformed Avast, by a long shot.

The Online Security browser extension marks up search results to flag dangerous links. It also displays a list of all ad trackers and other trackers on the current page, with an option to actively block these. Kaspersky Internet Security for Mac includes a similar active Do Not Track feature.

Avast comes with a basic password manager that installs as a separate application. It handles basic functions like password capture and replay, saving secure notes, and generating strong passwords. The app stores passwords locally, but you can set up syncing between all your macOS, iOS, Windows, and Android devices. However, you won’t find any advanced features like secure password sharing, two-factor authentication, or password inheritance.

Ransomware Shield

Everything I’ve described to this point is also available in the free edition. The premium-only Ransomware Shield component simply prevents unauthorized access to files in sensitive folders. By default, it protects the Documents and Pictures folders for the current user. Naturally, you can add other folders if needed. A similar feature in Bitdefender Antivirus for Mac also protects your Time Machine backups.

To test this kind of access control on Windows, I use a small text editor that I wrote myself, something that would never show up on a list of trusted applications. I don’t have such a program for macOS, so I had to disable the feature that automatically trusts Apple and App Store applications.

Operation is very simple. When an untrusted program tries to modify a protected app, Avast pops up a warning. If you’ve just installed and launched a new photo editor, click Allow. If you don’t recognize the program, click Block. Note that clicking Allow only makes the program trusted temporarily. To ensure that new photo editor doesn’t get blocked, you must manually add it to the list of Allowed Apps.

This type of access control is an effective tool for ransomware protection, one used by many security tools both on Windows and macOS. However, it does require vigilance on your part. When you see the Ransomware Shield popup, examine it carefully, and only click Allow if you’re absolutely sure the program is legitimate.

Wi-Fi Inspector

As noted, you get the Home Network Security Scan even in the free edition. The premium edition adds a component called Wi-Fi Inspector. Despite the name, the main function of this component is to alert you when new devices join the network. It maintains its own simple list of devices. If you click Deep Scan, it launches the Home Network Security Scan.

Wi-Fi Inspector’s device list doesn’t identify security issues the way the security scan does. On the plus side, it lists the MAC address and IP address for each device, along with the name. For many devices, the name is a clear identification, like neilsipad or all-in-one-pc, but some come out with names like unknown6542990b6483. If you have basic network skills, you can use those addresses to figure out which device corresponds to a weird name. Bitdefender Home Scanner (a Windows utility) lets you edit such entries to give them a friendly name, and even remembers the name on subsequent scans. With Avast, you’ll just have to keep a list of which device matches which weird name.

I did encounter a serious problem with the device list. It found 36 devices on my network, but I couldn’t scroll down to see more than the first bunch of devices. My Avast contact confirmed this as a bug. It’s not such a big problem, as you can see all your connected devices in network scanner.

The real point of Wi-Fi Inspector is to alert you when a new device connects. Just after installation, you’ll probably see quite a few of these, as devices that were turned off during the initial scan wake up. Once you get past that shakeout period, you should pay close attention to the new-device notifications. If you don’t recognize the device, it could be a neighbor mooching your Wi-Fi, or even a hack attempt.

If you determine that the new connection isn’t legitimate, there’s not a lot you can do about it. Wi-Fi Inspector offers notification, but no direct way to act on that information. Your best bet is to snap a screenshot of the notification and then find a friend who’s a network whiz. Your buddy can use the info from the screenshot to log into your router’s settings and ban the device from the network.

Doesn’t Add Enough

Avast Security Pro offers certified Mac malware protection, a network security scanner, and a password manager, but those features also come with the free Avast Security. The Pro edition adds ransomware protection that works by banning untrusted applications from modifying your files. It also adds real-time notification of new connections to your network, but offers no way to do anything if you determine the new connection is perfidious. That’s not much for $59.99 per year. The only reason to buy this product is if you want to protect your Macs in a business setting, but in that case, you can get better protection for less.

Bitdefender Antivirus for Mac has certification from two labs, excellent phishing protection, an anti-ransomware feature much like Avast’s, and more. Kaspersky Internet Security for Mac also has two certifications, and it comes with a full parental control system, excellent anti-phishing, protection against webcam peepers, and more. These are our Editors’ Choice products for macOS antivirus, and they both costs $20 less than Avast.

CyberSight RansomStopper

Your antivirus or security suite really ought to protect you against ransomware, along with all other kinds of malware. There might be an occasional slipup with a never-before-seen attack, but those unknowns rapidly become known. Unfortunately, ex post facto removal of ransomware still leaves your files encrypted. That’s why you may want to add a ransomware protection utility to your arsenal. The free CyberSight RansomStopper stopped real-world ransomware in testing, but can have a problem with ransomware that only runs at boot time.

Similar Products

RansomStopper is quite similar to Cybereason RansomFree, Trend Micro RansomBuster, and Malwarebytes Anti-Ransomware Beta. All four are free, and all detect ransomware based on its behavior. Since they rely on behavior, it doesn’t matter whether the ransomware is an old, known quantity or a just-created zero-day attack. Like RansomFree, RansomStopper uses bait files as part of its detection methodology. However, RansomStopper hides its bait files from the user.

Getting Started

Installation went quickly in my testing. After the download, I completed the process by entering my first and last name and email address. Once I responded to the confirmation email, the product was up and running.

The product’s simple main window reports that “You are protected from ransomware.” Buttons across the bottom let you view security alerts, processes RansomStop has blocked, and processes you’ve chosen to allow. Another button lets you check for updates, if you didn’t select automatic updates during installation. Simple!

CyberSight also offers a business edition. Added features include email alerts, centralized administration, and detailed reports. The business edition costs $29.99 for a single license, though the price drops to as low as $10 per seat with volume licensing.

Ransomware Protection

When RansomStopper detects a ransomware attack, it terminates the offending process and pops up a warning in the notification area. Clicking the warning lets you see what file caused the problem. There’s an option to remove programs from the blocked processes list—along with a warning that doing so is a bad idea.

Waiting to detect ransomware behavior can sometimes mean that the ransomware encrypts a few files before termination. When I tested Malwarebytes, it did lose a few files this way. Check Point ZoneAlarm Anti-Ransomware actively recovers any encrypted files. In my testing, it did so for every ransomware sample. ZoneAlarm’s only error was one instance of reporting failure when it had actually succeeded.

For a quick sanity check, I launched a simple fake ransomware program that I wrote myself. All it does is look for text files in and below the Documents folder and encrypt them. It uses a simple, reversible cipher, so a second run restores the files. RansomStopper caught it and prevented its chicanery. So far so good.

Caution, Live Ransomware

The only sure way to test behavior-based ransomware protection is by using live ransomware. I do this very cautiously, isolating my virtual machine test system from any shared folders and from the internet.

This test can be harrowing if the anti-ransomware product fails its detection, but my RansomStopper test went smoothly. Like ZoneAlarm and Malwarebytes, RansomStopper caught all the samples, and I didn’t find any files encrypted before behavioral detection kicked in. Cybereason RansomFree did pretty well, but it missed one.

I also test using KnowBe4’s RanSim, a utility that simulates 10 types of ransomware attack. Success in this test is useful information, but failure can simply mean that the behavior-based detection correctly determined that the simulations are not real ransomware. Like RansomFree, RansomStopper ignored the simulations.

Boot-Time Danger

Keeping under the radar is a big deal for ransomware. When possible, it does its dirty deeds silently, only coming forward with its ransom demand after encrypting your files. Having administrator privileges makes ransomware’s job easier, but getting to that point typically requires permission from the user. There are workarounds to get those privileges silently. These include arranging to piggyback on the Winlogon process at boot time, or set a scheduled task for boot time. Typically, the ransomware just arranges to launch at boot and then forces a reboot, without performing any encryption tasks.

I mention this because I discovered that ransomware can encrypt files at boot time before RansomStopper kicks in. My own fake encryption program managed that feat. It encrypted all text files in and below the Documents folder, including RansomStopper’s bait text file. (Yes, that file is in a folder that RansomStopper actively hides, but I have my methods…)

I reverted the virtual machine and tried again, this time setting a real-world ransomware sample to launch at startup. It encrypted my files and displayed its ransom note before RansomStopper loaded. From my CyberSight contact I learned that they’re “testing several solutions” for this problem, and that an update in the next few weeks should take care of it. I’ll update this review when a solution becomes available.

RansomFree runs as a service, so it’s active before any regular process. When I performed the same test, setting a real-world ransomware sample to launch at startup, RansomFree caught it. Malwarebytes also passed this test. RansomBuster detected the boot-time attack and recovered the affected files.

To further explore this problem, I obtained a sample of the Petya ransomware that caused trouble earlier this year. This particular strain crashes the system and then simulates boot-time repair by CHKDSK. What it’s actually doing is encrypting your hard drive. Malwarebytes, RansomFree, and RansomBuster all failed to prevent this attack. RansomStopper caught it before it could cause the system crash—impressive! To be fair to the others, this one is not a typical file encryptor ransomware. Rather, it locks the entire system by encrypting the hard drive.

Querying my contacts, I did learn that boot-time ransomware attacks, including Petya, are becoming less common. Even so, I’m adding this test to my repertoire.

Other Techniques

Behavior-based detection, when implemented properly, is an excellent way to fight ransomware. However, it’s not the only way. Trend Micro RansomBuster and Bitdefender Antivirus Plus are among those that foil ransomware by controlling file access. They prevent untrusted programs from making any change to files in protected folders. If an untrusted program tries to modify your files, you get a notification. Typically, you get the option to add the unknown program to the trusted list. That can be handy if the blocked program was your new text or photo editor. Panda Internet Security goes even farther, preventing untrusted programs from even reading data from protected files.

Ransomware crooks need to take care that they’ll be able to decrypt files when the victim pays up. Encrypting files more than once could interfere with recovery, so most include a marker of some kind to prevent a second attack. Bitdefender Anti-Ransomware leverages that technique to fool specific ransomware families into thinking they’ve already attacked you. Note, though, that this technique can’t do a thing about brand-new ransomware types.

When Webroot SecureAnywhere AntiVirus encounters an unknown process, it starts journaling all activity by that process, and sending data to the cloud for analysis. If the process proves to be malware, Webroot rolls back everything it did, even rolling back ransomware activity. ZoneAlarm and RansomBuster have their own methods for recovering files. When the anti-ransomware component of Acronis True Image kills off a ransomware attack, it can restore encrypted files from its own secure backup if necessary.

Give It a Try

CyberSight RansomStopper detected and blocked all my real-world ransomware samples without losing any files. It also detected my simple hand-coded ransomware simulator. And it blocked an attack by Petya, where several competing products failed.

RansomStopper did exhibit a vulnerability to ransomware that only runs at boot time, but my sources say this type of attack is becoming less common, and CyberSight is working on a solution. Other free products had their own problems. RansomFree missed one real-world sample, and Malwarebytes let another sample encrypt a few files before its detection kicked in. RansomBuster fared worse, missing half the samples completely (though its Folder Shield component protected most files).

Check Point ZoneAlarm Anti-Ransomware remains our Editors’ Choice for dedicate ransomware protection. It’s not free, but at $2.99 per month it’s also not terribly expensive. If that still seems too steep, give the three free utilities a try, and see which one you like best.

Software Reviews | Computer Software Review

MSRP: $7.00



at

Bottom Line: Human resources (HR) software and management system BambooHR is not the cheapest option but you get what you pay for, namely, well-organized, visually appealing tools that are simple to set up and run. An open API allows the software to be integrated with a company’s existing HR tech vendors, and the performance review function fits with the way more companies are working.

Read Full Review

Apple Pay Cash

Getting in a bit late on Facebook Messenger, Google Wallet, and PayPal’s action, Apple Pay Cash is the latest peer-to-peer payment system from a tech giant. Apple’s mobile operating system has long had a tie-in with your credit card, thanks to the Apple Wallet app. Starting with iOS 11.2, however, the new Apple Pay Cash service lets the company play an even greater role in your finances. For those who are passionately dedicated to the Apple ecosystem, it has an appeal. But if you want to pay someone who doesn’t have an Apple device, you’re better off with a competitor, like Venmo, that offers cross-platform options, as well as more advanced payment features.

Similar Products

What Is Apple Pay Cash?

Since iOS 8.1, Apple Wallet has let you pay participating stores and websites from your iPhone, touch-free, using a credit card that you connect with the service. It hasn’t, however, been able to let you pay friends directly, as you can with Facebook Messenger, Google Wallet, PayPal, Venmo, and some bank apps. Unlike the previous Apple Wallet functionality, with Apple Pay Cash, you can actually store money in an Apple account, rather than just using Apple Pay as a conduit for a credit or bank card.

Getting Started With Apple Pay Cash

If you haven’t already done so, you first need to download and install iOS 11, specifically 11.2. You can force the update by visiting Settings > General > Software Update. If not, a slider switch in the Wallet & Apple Pay section of Settings lets you enable Apple Pay Cash. Once you slide this switch, you have to enter your Apple ID and password and accept a legal agreement stating that the services are provided through Green Dot Bank. The terms point out that Apple Pay Cash comprises two services: a virtual payment card and the funds transfer service.

Pay Cash works with every Apple phone back to the iPhone 6, and on iPads starting with the Air 2 model. If you have a MacBook with Touch ID, you can use Apple Pay Cash, or you can connect an older Mac to your iPhone and pay that way. The service also works with all versions of the Apple Watch. Androids and other non-Apple devices are not supported.

Note that you’ll only be able to send money to other iOS users who have accepted the agreement, and you both have to have two-factor authentication set up for your Apple ID. Two-factor authentication provides additional security, but it’s stricter than the other payment services’ setup requirements. Note that setup also requires re-entering your credit card digits.

After I completed these steps, I was asked to add a debit card so that money could be transferred to my new bank account. You don’t have to do this to use the service, though—I didn’t. In all, however, the setup isn’t more involved than it is with Venmo, though Facebook Payments is easier than either.

Using Apple Pay Cash

As with Facebook Messenger’s Payments app, you send money via the Apple Messages app; the option is in the app tray at the bottom of the Messages’ screen. Just tap the A icon to open it. You then see a dollar amount that you can increase or decrease, and you can switch between paying and requesting. Venmo and Google Wallet require you to open their separate apps to make payments; so that’s a plus for Facebook and Apple, in that you access payments from an app you’re probably using regularly already.

When I tapped Pay to send $1 to a colleague and then hit the Send up arrow, I had to approve the transaction with a Touch ID finger press (of course, iPhone X users will use Face ID). For sending this dollar, I paid a 3 percent fee (the same as with Venmo and other services), but that’s because the payment was via credit card. If you use a bank debit card, however, you can avoid that fee. The chat entry says Pending until the recipient receives the funds.

You can also use Siri to pay someone, but that’s something also offered by Venmo. Apple Pay Cash, thankfully, doesn’t by default share your every transaction with a special-purpose social network, as Venmo does. With Venmo, unless you change privacy settings, any of your contacts can see exactly who you paid in a feed of transactions. Some may like like this, but it seems like an invasion of privacy to me. However, Venmo offers a couple of important advantages over Apple’s system: You can scan a QR code to verify your payee, and you can attach notes along with a payment. Venmo also lets you pay amounts smaller than $1, Apple’s minimum. Google Wallet, also available for iOS, adds the ability to split payments among multiple recipients.

If you receive money from a contact, it goes into your Apple Pay Cash virtual cash card. You can use that balance either by dumping it back into a connected bank account or to pay for something else via Apple Pay or Apple Pay Cash.

Apple Pay Cash, Venmo, and can all be used to shop at online retailers; PayPal (which also owns Venmo) may have the upper hand here, as the leading internet payment service. The biggest advantage of Venmo, PayPal, and Facebook Payments, however, is that they’re platform-independent—with any of them, you can send money to anyone, regardless of the operating system they use. And with any of them, you can make and receive payments from a web browser—not so with Apple Pay Cash. If you’re using Apple’s system and want to pay an Android user, you’re going to have to hand over dirty old dollar bills, for now.

Should You Pay the Apple Way?

Apple Pay Cash offers a relatively easy and secure way for iOS users to make peer-to-peer payments. But the tech giant is a bit late to the party, and, as with many things in Apple’s history, the service lives in too closedof an ecosystem. In addition to that, Venmo, our Editors’ Choice payment app, offers a richer slate of payment options. If and when Apple adds the ability to pay Android users, we’ll update this review.

Software Reviews | Computer Software Review

MSRP: $7.00



at

Bottom Line: Human resources (HR) software and management system BambooHR is not the cheapest option but you get what you pay for, namely, well-organized, visually appealing tools that are simple to set up and run. An open API allows the software to be integrated with a company’s existing HR tech vendors, and the performance review function fits with the way more companies are working.

Read Full Review

Golden Frog VyprVPN (for Mac)

Using a virtual private network is a great way to keep the bad guys, the three-letter agencies, and even your ISP from snooping on your web traffic. Golden Frog VyprVPN is a particularly competitive VPN service, and it shines on macOS with excellent speed scores and a strong offering of advanced features, as well as a smart tutorial for new users. It’s an excellent VPN for Mac, but it’s edged out by Editors’ Choice winners for macOS VPN: NordVPN, Private Internet Access, and TunnelBear VPN.

Similar Products

What Is a VPN?

When you connect to the internet, your web traffic may not be as secure as you’d like. Your ISP, the NSA, anyone on the network, and whoever controls the Wi-Fi router you’re connected to can potentially monitor your activities or even redirect you to phishing pages. Consider this the next time you log on to the Wi-Fi network at Starbucks: how do you know Starbucks operates this particular hotspot? This is why you need a VPN.

When you switch on a VPN, it’s a different story. Doing so creates an encrypted tunnel between your computer and a server operated by the VPN company. Your web traffic travels through the tunnel, secure from peeping eyes.

From the VPN server, your traffic heads off to your desired destination. That means anyone watching would see your traffic as emanating not from your computer, whose geographic location can be divined via IP address, but from the VPN server. That’s an additional layer of anonymity.

This may sound like paranoia, but reporting has revealed that the NSA has access to most internet traffic. Also, Congress gave the green light to ISPs to start selling anonymized user data. A VPN defeats, or at least greatly frustrates, these adversaries.

Pricing and Plans

Golden Frog offers VyprVPN for free for 30 days, after which you’ll need to start paying. Other VPN services have free options that stay free; AnchorFree Hotspot Shield and TunnelBear are two excellent examples. Most free VPNs have some kind of data limit or other restriction, however, though they generally perform well within those limits. Notably, the Opera browser now ships with a robust VPN built in, for free.

If you decide to spend money on VyprVPN, you’ll have to chose between the vanilla version and the higher-end plan. VyprVPN costs $9.95 per month, but only allows three simultaneous connections. That’s probably enough for one person living alone, but certainly not for someone whose family involves more people or gadgets. Those people will want to spring for VyprVPN Premium, which costs $12.95 per month; allows up to five connections; and grants access to two additional features, the Chameleon VPN protocol and VyprVPN Cloud.

That’s on the high side for a VPN service. Private Internet Access, which offers an extremely robust network of servers, costs only $6.95. TunnelBear VPN is just slightly more at $9.99 per month. Both have offerings comparable to VyprVPN’s.

The additional features that Golden Frog reserves for the highest VyprVPN tier require some explanation. The Chameleon VPN protocol is an encryption protocol that the company says is harder to detect as VPN traffic and therefore harder to block. The company recommends that users in China, or anywhere else that attempts to block access to certain parts of the internet, should use this protocol. If that’s not your thing, the macOS client also supports L2TP and IPsec, as well as my preferred option: OpenVPN. In addition to being open-source code—and therefore scrutinized for errors by a community of volunteers—OpenVPN also tends to be faster and more resistant to disconnection. Note that the VyprVPN app for iPhone only supports the IKEv2 protocol.

The other premium feature is VyprVPN Cloud. This is a specialty feature that allows you to access your cloud services on Amazon Web Services (AWS), DigitalOcean, and VirtualBox via the security of a VPN. It’s certainly a niche feature, and it’s a bit of an odd one at that.

Note that Golden Frog also offers Cyphr, a free encrypted chat app for Android and iOS, as well as Outfox, a VPN service specifically for gaming. NordVPN doesn’t offer a chat service, but it does have specialized servers for using BitTorrent, connecting via VPN to the Tor anonymization service, and more besides.

Features and Privacy

I go into detail about VyprVPN’s features and performance in my review of VyprVPN for Windows. I’ll summarize the important points here.

Golden Frog makes much of the fact that it owns all of the servers used for VyprVPN. There’s something to be said for this, since it gives the company far more control over the hardware customers rely on to keep them safe. This amounts to over 700 servers, which is comparatively few, however. Presumably, competitors are able to field more by using a mixed of owned and rented servers. Most VPN services offer over 1,000 servers and in the case of Private Internet Access, over 3,000. A surplus of servers means that you’re less likely to find yourself using an overcrowded server where each user gets a small slice of the bandwidth pie. The more servers, the fewer people per server; the fewer people per server, the better the performance.

VyprVPN does, however, have a respectable roster of server locations. These include some 70 cities and regions in six continents. I am pleased to see that in addition to such typical VPN locations as the US and Europe, VyprVPN also has several servers in regions often ignored by the industry, such as Africa and the Middle East. The company also offer servers in areas that tend to have repressive control over internet access: China and Russia, specifically.

A large number and diverse distribution of server locations means two things. First, that if you’re looking to spoof your location, you’ll have lots of options. Second, if you are a world traveler, you’ll have an easier time finding a nearby server. The distance between yourself and the VPN server has an important impact on performance.

The VyprVPN app comes loaded with some excellent advanced features. You can configure the VPN to connect automatically if you’re using an untrusted Wi-Fi network. You can also block local (LAN) traffic to your machine while connected to the VPN, ensuring that other infected devices aren’t sneaking peeks at your activity.

One thing that VyprVPN won’t do is block ads when running. That’s not a huge loss on a desktop computer where there are many excellent in-browser alternatives such as Privacy Badger—my ad-blocker of choice. It’s more of a detriment on Android because Google does not allow ad-blockers in its app store.

Golden Frog is headquartered in Switzerland, which, according to the EFF, does not have mandatory data retention laws. Golden Frog’s privacy policy states that the country’s “favorable privacy laws reflect our mission.” The company does not log DNS requests or the content of your traffic. Golden Frog does, however, log the source IP address, connection time (start and stop), and the total volume of traffic. It retains this information for 30 days. The company says it will not “sell or otherwise release identifying information, unless ordered to do so by a court of competent jurisdiction in the matter.” That’s an important caveat, but is also par for the course among VPN services.

Note that if you are keen to use BitTorrent over VPN, you can do so with VyprVPN. However, keep in mind that downloading copyrighted material can still be detected through other means.

Hands On With VyprVPN

Golden Frog does not offer a VyprVPN client through the Apple App Store. Instead, you’ll have to download it from the Golden Frog site and install it yourself. Unlike other VPN clients, VyprVPN has a brief tutorial that points out major features and lets you configure some of the client’s core abilities. I like this approach, since many customers may not be aware of all VyprVPN has to offer.

The client itself is a single window, the top half of which shows your network traffic in a color-coded graph—blue when it’s secured by VyprVPN and red when it is not. It seems very much at home on macOS, although it did not take advantage of the Touch Bar on the 15-inch 2016 MacBook Pro I was using for testing. Three toggles let you configure VyprVPN to connect automatically on untrusted Wi-Fi, block malicious sites, and activate the app’s kill switch. This last feature automatically shuts down internet communications should your VPN disconnect accidentally.

The large button at the bottom connects you to the fastest available server by default. Typically, this is a server that’s geographically near to you. Click the map pin icon on the connect button to open the full server list in a separate window. Here, you can filter the servers by region and view the ones you have marked as favorites. A search box at the top lets you quickly cull the list, and the app shows ping times to the left of each entry.

While VyprVPN looks quite good against the macOS backdrop, Editors’ Choice winner TunnelBear is even better looking. This application is brightly colored and filled with friendly bears. It’s got a touch of whimsy, but is also extremely easy to use, which helps make it an Editors’ Choice winner.

Opening the Preferences window reveals more precise controls. You can, for example, designate apps that must use the VPN connection. That’s handy, as it can let you avoid slower speeds or outright blocking for certain activities. There’s also an option to block all LAN traffic, which is a rarely seen feature. The Advanced section is truly advanced, letting you set Route Delay time in seconds, Log Verbosity, and Maximum Transmission Units, among other options that the average person probably shouldn’t mess with.

By default, VyprVPN uses the OpenVPN protocol and VyprDNS. Both of these can be changed from the settings menu as well.

Netflix is not a fan of VPNs, since you can use them to spoof your location and access content locked for other regions. However, I had no trouble streaming movies when connected via VyprVPN. Keep in mind that this could change at a moment’s notice. If you’re concerned about losing access to Netflix, I suggest sticking with short-term VPN subscriptions.

Speed and Performance

When you’re using a VPN, your data jumps through more hoops than usual. The result is usually increased latency, as well as reduced upload and download speeds. But we have found through years of testing that not all VPNs are created equal, and that some have greater negative (or, surprisingly, positive) impact on performance.

To really determine the performance of a given VPN service, I would have to test multiple times a day at different locations and times over the course of many days. That’s not a viable option. Instead, I opt to take a snapshot, and then I compare the difference between average speeds and latency results and find a percent change.

I first run this test while connected to a nearby VPN server and using a nearby test server. I run the same tests again, but while connected to a VPN server in Australia and a test server in Anchorage, Alaska. This second test is to evaluate how the VPN performs when connected to far-flung international servers. All of my speed test data is gathered using the Ookla speed test tool. (Note that Ookla is owned by PCMag’s publisher, Ziff Davis.)

In my domestic VPN testing, I found that VyprVPN had the largest increase in latency among Mac VPNs, at 22.1 percent. To be fair, most other VPNs are clustered around the same figure, although Private Internet Access had the least impact, at only 8 percent. VyprVPN redeemed itself in the download speeds test, where it slowed downloads by just 6.9 percent. dragged downloads down by 21.1 percent, but TunnelBear actually improved downloads speeds by 22.1 percent — the only VPN to improve downloads I’ve yet seen for macOS. Unfortunately, VyprVPN dropped the ball in upload speeds, where it had the biggest impact among Mac VPNs. It reduced upload speeds by 33.2 percent. In this same test, Private Internet Access reduced uploads by only 6.1 percent.

VyprVPN fared a bit better in the international tests. Here, it increased latency by 171.4 percent—the best score I’ve yet recorded for macOS testing. It nearly beat KeepSolid VPN Unlimited in the download test; VPN Unlimited reduced download speeds by 11 percent and VyprVPN by only 13.2 percent. It continued doing well into the upload test, where it slowed uploads by 17.8 percent, another new record for macOS testing.

In general, you will almost certainly not notice any significant slowdown when using VyprVPN. In fact, you might even notice things run a little quicker in some circumstances! With its collection of top scores in some important areas, it’s a strong contender for speed on macOS. But then again, racked up truly outstanding numbers on Windows, where it improved downloads by over 400 percent in some cases.

PureVPN didn’t perform as well in my macOS testing. As such I consider it to be the fastest VPN service for Windows. I haven’t reviewed enough VPNs on macOS to make a similar judgment.

One for the Short List

Golden Frog offers an impressive service with VyprVPN, and it’s especially good on macOS. The client is equal parts understandable and powerful, with a tutorial for new users and powerful settings for those already comfortable with IT matters. While it lacks ad-blocking and has comparably few servers, it nevertheless earned several top speed test scores in our tests.

It’s an excellent choice for macOS users, but we continue to recommend our Editors’ Choice winners for macOS for their individual merits. NordVPN has an excellent collection of features, Private Internet Access has an unbeatably robust server roster, and TunnelBear VPN is the easiest and friendliest VPN for macOS.