In developing the formula for the Safety Score in Active Security Monitor, we engaged ICSA Labs (a division of Cybertrust Corporation) to provide an independent assessment of our approach. ICSA provided valuable insights on the Safety Score formula and “found that the overall reasoning of the methodology is valid and reasonably reflects the real importance of implementing essential end-user security measures such as anti-malware, firewall and patching systems.”1
The Safety Score (ranging from 0 to 100) for your PC is calculated by evaluating five categories of threat protection:
Firewall protection contributes 25 points towards the Safety Score. A firewall offers the the first line of defense for any network and is one of the most important categories in Active Security Monitor – recent estimates indicate that an Windows PC without a firewall on the open Internet will be successfully compromised within 15 seconds of connecting.1
25 points are awarded if a firewall program is detected and enabled
~22 points are deducted if the firewall program is not enabled
All 25 points are deducted if no firewall program is detected
Virus protection contributes 25 points towards the Safety Score. This category is weighted equally as firewall protection since the severity of virus infection is very high. The importance of virus protection software becomes more critical as the number of viruses created and delivery mechanisms for infecting PCs increases each year. 1
25 points are awarded if an anti-virus (AV) program is detected, enabled and up-to-date
~5 points are deducted if the AV program is not up-to-date
~14 points are deducted if the AV program is not enabled
All 25 points are deducted if no AV program is detected
Spyware protection contributes 15 points towards the Safety Score. This category receives fewer points than virus protection since the overall severity of a spyware infection could be considered less than that of a virus.1
15 points are awarded if a spyware program is detected, enabled and up-to-date
~3 points are deducted if the spyware program is not up-to-date
~8 points are deducted if the spyware program is not enabled
All 15 points are deducted if no spyware program is detected
Windows operating system and Internet Explorer browser settings contribute 25 points towards the Safety Score. This category receives a high point total since the chance of an infection or attack with a vulnerable operating system and browser is relatively high. 1
12 points are awarded if critical patches are applied, windows auto update is enabled, Service Pack 2 is installed, restore point is enabled, and hidden file extensions are visible
~4 points are deducted if critical patches are not applied
~3 points are deducted if Windows auto update is not enabled
~2 points are deducted if Service Pack 2 is not installed for a Windows XP PC
~2 points are deducted if the restore points are not enabled
~2 points are deducted if files extensions are hidden
Up to ~12 points are awarded if settings in Internet Explorer related to ActiveX controls, encryption, certificate validation and other areas are properly set
Wireless security settings contributes 10 points towards the Safety Score. This category receives a relatively lower weighting since the range of wireless network is localized so the frequency of attack is lower. 1
10 points are awarded if WPA is enabled and an uncommon SSID is used to identify the home network
1 point is deducted if a home network is configured with a common SSID
4 points are deducted if a home network is configured with WEP instead of WPA
10 points are deducted if a home network is configured with a common SSID and no encryption
The presences or absence of peer-to-peer (P2P) file sharing software and PC utilities are not used to calculate the Safety Score. However, these categories are still important - P2P software is potential source of malware and PC utilities, which includes backup and PC optimization software, can help you recover from a potential virus or spyware infection. The following table summarizes how the Safety Score is calculated in Active Security Monitor.
Category |
Category Settings |
| ||||
Installed |
Enabled |
Up to Date |
|
|
Total Points | |
Firewall |
~3 |
~22 |
N/A |
|
|
25 |
Virus Protection |
~6 |
~14 |
~5 |
|
|
25 |
Spyware Protection |
~4 |
~8 |
~3 |
|
|
15 |
Category |
Critical Patches Applied |
Windows Auto Update |
Service Pack 2 |
Restore Point Enabled |
Hidden File Extensions |
Total Points |
Windows & Browser2 |
~4 |
~3 |
~2 |
~2 |
~2 |
25 |
Category |
No Encryption |
WEP (64 or 128 bit) |
WPA |
Uncommon SSID |
|
Total Points
|
Wireless Settings |
0 |
~4 |
~5 |
~1 |
|
10 |
Notes:
ICSA Labs Position Paper for AOL, LLC. Active Security Monitor. May 10, 2006.
Details for Windows settings, which contribute ~12 points towards the Safety Score are provided