Posted on November 15, 2006 at 10:44 AM in @earthlink
Note: The below is an archived entry from Earthling, formerly EarthLink's official blog. The blog itself has been decommissioned and is no longer updated, and comments are trackbacks are no longer accepted.
Last I checked in on Security Product Manager Ben Kaplan, he was inviting large amounts of viruses and spyware into his computer. He and his team are preparing to release the new version 2.0 of EarthLink's Protection Control Center in the next couple of months, which will feature a new technology called Attack Shield. Attack Shield represents a new approach to fighting malware, that sniffs out potential threats as they are happening to your computer, and stops them from doing any damage. I interviewed Ben via e-mail to find out about how it works and what's new in PCC 2.0.
PCC 2.0 interface - click to see a larger screenshot
What feedback and suggestions did you hear most often from users of the current PCC, and how did you incorporate it into the new version?
The number one suggestion was to improve the Firewall to be more user-friendly in terms of providing better information about whether to allow or deny alerts. We took that information and made the firewall smarter to decrease to the number of firewall alerts while still maintaining excellent protection. We also now give recommendations to the user on whether to allow or deny an inbound/outbound communication. We also improved the UI to give the user an easier way to make sure their computer is always protected. At a simple glance EarthLink customers can now see if their virus/spyware definitions are up-to-date, if they need to run a scan, or if their Firewall settings are correct. A simple click can now make the necessary changes to keep your computer and personal information safe.
So what's the Attack Shield part of it?
A new piece of malware is created approximately every 3 minutes. According to research from our partner Sana Security the average time it takes a traditional security vendor to release a definition file is 22 days. That's 22 days between when a virus is known about, and when your traditional protection software suite can do anything about it. Attack Shield incorporates the idea of keeping your computer clean during that lag between when a new threat comes out, and when the security companies can recreate it, analyze it, make a vaccine, and get it out to you in the form of a new virus definition. This is sometimes known as Zero-day protection.
Read on for more.
How does it close that gap between when a virus comes out and when the definition files get written and distributed?
It not only uses definitions, but also incorporates a behavioral/heuristic engine that looks at the *behavior* of potential malware and the events they perform on your computer. It's trained to know how malware typically operates, and watches out for the common warning signs and known bad behaviors before the damage is done to your computer. Since it's based on behaviors and not specifics of individual viruses, it can also differentiate between programs that are malicious to begin with, and programs that started out healthy, but have been hijacked to perform malicious actions.
So whether an attack on your computer matches virus definitions files or not, the heuristics engine picks it up and quarantines the malware so it doesn't harm your files and can be removed easily. It stops the malware from being allowed to propagate, install additional components, hide out, or generally make a nuisance of itself.
If it's watching what I'm doing, will it slow down my browsing, or affect what I can and can't see on the web?
It's really not watching what you are doing, it is watching what goes onto your system. Attack Shield does not capture personal data or slow down browsing. It simply analyzes the behavior of processes running on your PC and makes an intelligent determination if code running on your PC is malware.
Does it keep track of what sites you visit? And does it share any information back to EarthLink or anywhere else?
It definitely does not keep track of what sites you visit or share information out to anywhere. However, should Attack Shield find and delete a unknown piece of Malware, the customer has the ability to opt-in to submit the malware sample back to our labs for further analysis. This helps us find out how new malware is being spread and how to better protect our consumers.
Will Attack Shield come with the new version of Protection Control Center, or will it be something separate?
All existing users of PCC will automatically get upgraded to PCC 2.0 for free. If they want the Attack Shield functionality that will cost either $2.95/month or $24 a year.
Will it be available for the Mac OS X operating system, or just Windows?
Just Windows. It will be compatible with Windows 2000 and XP in the initial release, in late Q4 2006. We expect to have Windows Vista version by the end of Q1 2007.
Update: PCC2.0 is now released and there's more information here for those who are updating from older versions.
Comments
I am excited about the new safety ware from earthlink. It is coming out in about two months.
Posted by Charles S. | November 16, 2006 11:28 AM
Looks like a good product, and one that many Earthlink users probably could put to very good use.
It does give me yet another reason to question, though, what Earthlink does for their Mac OS folks.
It seems that the 'preferred/recommended ISP' of Apple Computer should really focus a bit more on the Mac OS folks than they do.
(Actually, the most annoying thing over time is constantly being offered things by Earthlink with no mention, until it won't work, that it is "Windows Only.")
Tom
Posted by Tomas | November 16, 2006 4:40 PM
Hello,
Just as a point of clarification, PCC 2.0 with Attack Shield is fully compatible with Norton AV as well as many of the other security vendors products.
Thanks,
Ben Kaplan
PCC Product Management
Posted by Ben Kaplan | November 17, 2006 10:10 AM
Tomas, as a fellow Mac user I'm always an advocate for supporting Macs, but in this case I wonder if the need is as great on the Mac side. One thing I've been thinking about is whether people who run Bootcamp or Parallels Desktop, having been conditioned on Mac to not worry so much about malware, will remember to keep their XP/Vista partitions properly locked down. Especially when Bootcamp starts to be a standard supported app.
Also, did you try out the Shopping Mac Dashboard widget we released earlier this year?
Posted by Dave C. | November 17, 2006 10:57 AM
Installed Earthlink Protection Control Center on HP Pavilion computer. Every thing seemed okay at first but then later could not use computer because file Elnk_pcc.exe kept the cpu tied up 98% of time. Finally had to disable Earthlink Protection Control Center which gave back control of computer use to normal. Searched internet for anyone with similar problem and/or fix but could not find any.
Posted by Herb Mefford | December 7, 2006 11:33 AM
I'm sorry to hear this. We've seen this as a
rare issue from a small number of users, but haven't been able to reproduce
it in our testing environment. I'm emailing you directly to get some more
information, and it will definitely be addressed in PCC 2.0, coming in
January.
Posted by Ben Kaplan | December 8, 2006 1:31 PM
I have used Earthlink virus protection for over a year+ and am very happy with it, except it reruns Protection Control everytime I turn on my computer which could be 2-4 times per day. I could solve that problem by leaving the computer "on" but I don't do that. I would like to "click" NO to a run queston if I have already run Protection Control that day.
However, I was really un-happy with the firewall because it refused to "Learn" and kept asking the same questions repeatedly. It would not learn and I finally shut it off. I called support several and could not get a satisfactory answer to my problem.
I finally switched to COMODO and it's been doing a good job but It won't let me communicate between my computers on my LAN or to my networked printer without having to reload and restart COMODO. I never had the LAN problem with Earthlink or Nortons. I hope 2.0 solves the "Learn" problem and lets me control my LAN connections.Thank you for considering my problem.
Posted by Larry Lundeen | December 31, 2006 1:48 PM
I have installed PCC 2.0 and it is a PIA. It "initializing protection" takes forever along with "loading resources". Then it says I need to update virus definitions, I update them and it continues to request they be updated. I try to scan files and it stops at the first file, a 1k text file (that belongs to earthlink software) and will not continue. It also keeps "updating" itself. This is not what I expected in a 2.0 version and from Earthlink. Please help. Clay
Posted by Clay | January 6, 2007 1:41 PM
ok so i got the new earthlink
and it only goes to 1 file scan and freezes. whats going on
Posted by Tim | January 6, 2007 4:42 PM
I have Protection Control Center 2.
If I ask for a full virus scan, my PC locks up after the first file. I didn't have this problem with the old version. Any ideas??
Thanx.
Posted by Shaw Bridges | January 8, 2007 8:03 PM
A few days ago when my PCC notified me about available updates there was an update to PCC itself, not just a definitions update. I downloaded and installed it and I had PCC ver2! Cool! Well, maybe not...when I tried to run a full system scan PCC hung up after scanning the memory and registry. This happened a few more times and so I uninstalled PCC and re-installed the old version (from my Total Access disk). It now seems that ver2 has been pulled from the site. Will it be back soon?
Thanks,
Ed
Posted by Ed Moran | January 8, 2007 10:21 PM
I am experiencing the same issues as others. When running a full scan, it locks up on the 1st file. A reboot is the only thing that gets the computer running normal. In addition, it asks to be updated everytime it reboots. Please help, as it is very annoying that it is causing such poor performance.
Posted by Stephen M | January 9, 2007 11:42 AM
For those of you who are having installation or scanning issues with PCC 2.0, I've passed those comments on to the product team and just published an update ( http://blogs.earthlink.net/2007/01/news_from_hq_pcc_20_update_1.php ) from Ben on how to fix those issues.
Posted by Dave C. | January 9, 2007 11:46 AM
I re-installed PCC 2.0 per Ben's instructions and have successfully completed a full scan. Just as an aside, I am running Windows Defender alongside PCC 2.0 and so far they are getting along well...
Posted by Ed Moran | January 10, 2007 12:33 AM
There may be some additional issues with version 2.0 - I have reinstalled several times and each time the definitions fail to update: it says they are updated when looking at Preferences > Update Tab under "update status" but everywhere else it says they are out of date. All attempts to update take a long time and eventually fail (red X's). Also PSWBanker is being detected in scans but instead of being deleted it is ignoring them. Scanning seems to work though and is faster (hooray!). Removal/Uninstall also seems to be an item that does not always cleanly complete. Will email scanning ever be offered (i.e. when using email clients other than Earthlink Mailbox)?
Posted by Felix G. | January 11, 2007 2:02 AM
I used the earlier version without any problems. However, version 2 simply does not work. It doesn't scan for viruses, the firewall won't "learn." I just had to uninstall it.
Posted by Jim Zakany | January 13, 2007 9:20 AM
What do you do when the new PCC won't uninstall and in order to get the update linked above, you must do that?? This is so frustrating!!!!!
Posted by Joe | January 13, 2007 3:49 PM
I never got PPC 2 to work. Experienced problems similar to others who have posted here. The strangest thing though: I usually run one full scan a day and several "mini" scans. A "mini" scan is where I allow it to go through the memory, registary and cookie scan, then before it starts scanning all files, I'll stop the scan and delete risk items it finds. With PPC 2.0, it would indicate 3 risk items found after completing the memory, registary and cookie scan, but when I stopped the scan only 1 item would be listed. It indicates 3 risks found, but only details 1. And when I tried to delete the item, it simply would not delete and PPC 2 would freeze up. This thing has significant problems. BTW ... it's not my machine ... I'm running XP, dual processors, 2M RAM and PPC 1.0 works fine.
Posted by J Willis | January 14, 2007 11:57 AM
J and Jim: I've had this question in the most recent blog entry about PCC as well. I'll answer it here too for those who may have landed here via Google.
Have you already uninstalled and reinstalled the application from http://csupdate.earthlink.net/win/pcc/elnk_pcc.exe. If so, please try the following:
Uninstall PCC 2.0.
Run this Microsoft Clean Up Utility: http://support.microsoft.com/kb/290301
(Only select Protection Control Center, and then click run).
Re-install PCC 2.0 from http://csupdate.earthlink.net/win/pcc/elnk_pcc.exe
We believe this problem is caused by a Microsoft file that is not being correctly removed, and these steps should take care of it.
editor's note: the email address below should be pcc20@corp.earthlink.net, not pcc2.
If you're still stuck after that, feel free to e-mail me at: pcc20@corp.earthlink.net. I may not be able to work with every case directly, but your feedback will help me make sure Knowledge Base articles and blog updates cover any issues that arise.
Joe: From what you're saying, it sounds like the new PCC won’t uninstall via the Control Panel Add/Remove programs list? If so, please use this Microsoft support utility located http://support.microsoft.com/kb/290301
Then re-install PCC 2.0 via http://csupdate.earthlink.net/win/pcc/elnk_pcc.exe
Posted by Ben Kaplan | January 16, 2007 1:10 PM
pcc ver 2 will not install for me. I've tried downloading it 4 seperate times. It says it's downloaded and the system needs to restart but never installs and is no where to be found on my system. Very frustrating with a slow dial-up as I have. 26.4 I'll go back and install the previous version of pcc until this get's fixed.
running XP Home Editin with all the latest updates done. Windows defender "turned off during the installation"
Russ A+ Net+
Posted by Russ | January 20, 2007 7:46 AM
GOt It ! I had to go to http://csupdate.earthlink.net/win/pcc/ and instead of running the download and install from there I was able to save the download first on my desk top then install it. All is well now.
Russ A+ Net+
Posted by Russ | January 20, 2007 6:10 PM
Replaced Version 2.0.7.31373 with 2.0.8.20584 having Spyware Scan Engine 2.3.08 but had the exact same hang-ups: Noticed "complete" and that scans don't start with cookies file as before. "Update server unavailable". Selection of Attack Shield won't "stick" upon apply. Had to use a modified 290301 when I kept getting version 2.0.7 instead of 2.0.8. Used conventional PCC unistall followed by initial download to desktop of PCC 2.0.8 from http://csupdate.earthlink.net/win/pcc/ . I got it also but same issues as before.
Posted by William Deering | January 25, 2007 11:30 PM
I'm glad I found this blog. Someone please help. I have spent three days trying to get PCC v2.0 installed with no luck. Every time, the software says that it is already installed. I have tried all of the remedies posted above--uninstall v1.6 first, run the Microsoft installer clean-up utility, run the v2.0 smart installer from the desktop rather than from the support Web site, etc. I even manually deleted all of the PCC-related registry keys, a list of which was given to me by someone in the support center. Nothing works, so now I am stuck with no anti-virus/anti-spyware software at all.
I am ready to dump EarthLink altogether and switch to a different ISP because every time EarthLink releases a new version of something, it gives me nothing but problems and wastes days upon days of my valuable time, and I CANNOT STAND IT ANYMORE!
Posted by Dennis London | February 3, 2007 5:54 PM
I've been having the exact same problems as Dennis. I was experiencing some problems and uninstalled PCC 2.0. When I tried reinstalling it, the installation program said it was already installed. I've also tried running the Windows Installer Cleanup Utilty (which found nothing) and deleted any and all refistry keys pertaining to PCC. Still nothing. I called tech support, but they seemed just as clueless as I was. At this point I'm wondering if I should get another anti-virus program like Kaspersky Labs or something. Please help.
Posted by Ian Smith | February 6, 2007 7:02 PM
Ian, please be careful before replacing Earthlink or any other vendor's security suite with the Kaspersky security suite unless you're a very advanced user cos the complexity of configuring it alone will have you tearing your hair out. If you're advanced, then yes it's the best of the best on earth. Might say similar comments about the somewhat lesser quality but still darn good suites from Sophos & F-Secure. If ease of use is important to you, I'd recommend giving the AVG 7.50 Internet Security suite a 30 day free trial ~ it's hands-down the best on earth for novice to intermediate users. The reason I say these things is cos we were users of PCC too & it wasn't useful for our needs, so we tried all the above & settled in on AVG which just rocks!:) PS Whatever you do, stay away from Windows Live OneCare even though it's cheap ~ for the eight weeks we had it up, it didn't catch two viruses and tons of spyware which infected our system. PCC is a far better solution than WLOC.
Posted by amy | February 10, 2007 9:54 PM
I've installed PCC and the "attack shield" feature will not turn on. On line support has been useless in solving this. Clear Cache, Clear registry, reinstall yada yada yada and still it will not activate. Anyone have this problem.
Posted by Glenn | August 5, 2007 8:13 PM