Pros & Cons
-
- Decent old-school firewall.
- Low performance impact.
- Accurate antispam.
-
- Worst-ever scores in malware removal and blocking tests.
- Poor antiphishing component.
- Limited parental controls.
- Antispam protection, direct tech support cost extra.
FortiClient Endpoint Security Standard Edition 4.1 Specs
| Free: | Yes |
| OS Compatibility: | Windows Vista |
| OS Compatibility: | Windows XP |
| Tech Support: | forums. Phone or e-mail support is Premium-only |
| Tech Support: | Knowledge base |
| Type: | Business |
| Type: | Enterprise |
| Type: | Personal |
| Type: | Professional |
"The best things in life are free," sing the optimists. The pessimists snap back with "You get what you pay for." Fortinet, known for its Enterprise solutions, offers its client-side FortiClient Endpoint Security Standard Edition 4.1 security suite at no cost. Alas, the pessimists were correct: This free suite is worth just about nothing.
Old-School Firewall
The suite's firewall may be its best feature. It handily blocked all of my Web-based attacks, putting all ports in stealth mode. Its program control module separately controls whether applications are allowed inbound or outbound (server-style) network access and further distinguishes trusted local networks from public ones.
Although it predefines access for Windows components and some well-known programs, the firewall frequently pops up queries, reporting cryptically that a program is attempting a certain kind of access and asking the user whether to allow it. Most users won't know what to do. They quickly learn to click yes every time, thereby subverting program control.
Some suites, like
Leak tests are harmless programs that demonstrate techniques malware writers use to evade normal program control. FortiClient only detected a couple of these tests. Worse, it popped up near-identical queries for perfectly valid programs. Here again, the user will be baffled.
At least the firewall is well defended against attacks by malware. I couldn't disable its essential services or change Registry settings to turn it off. And, although I did manage to terminate some of its processes, they restarted immediately every time.
This firewall isn't specifically designed to block attacks that exploit vulnerabilities in the operating system, browser, or other programs. Just to check, I tried a few attacks using the Core IMPACT penetration tool. The firewall didn't detect any of them and one actually succeeded in penetrating the test system.—
Independent lab test results for FortiClient are skimpy. Virus Bulletin gave it the VB100% award in 8 of the last 10 tests, and its most recent failure was over 5 years ago. West Coast Labs and AV-Comparatives, however, haven't rated it. ICSA Labs certified Fortinet's separate FortiGate product for virus detection, but not removal.
AV-Test, the one lab that really dug into FortiClient, gave it the best rating (very good) for proactive detection of new malware and rated it good for response time and scan speed. But for detection of malware samples it only rated satisfactory; it got the same rating for too many false positives. And for on-demand detection of malware AV-Test rated it very poor—the lowest possible rating.
Dreadful Malware Removal
The best thing I can say about FortiClient's behavior in my real-world testing is that it mostly installed okay. Eleven of the 12 test systems installed and updated it just fine. One reported an error and wouldn't install. There's no direct support for the free edition—that requires paying $29.95 for the Premium edition, which also adds an antispam module—so I asked for help in the forums. I was told to run Sunbelt's free VIPRE Rescue CD and then try to install. Because I'm testing FortiClient and not VIPRE, I chose instead to omit this one system from the test.
The scans went fairly quickly—closer to 20 minutes than the average of 30—but the results were shockingly bad. I verified that the product was configured to clean up spyware, keyloggers, and other "grayware" in addition to worms, Trojans, viruses, rootkits, and other serious threats. FortiClient completely missed over half the threats.
On five infested test systems the scan didn't find a single one. Of those it did detect it left behind many executable files, some of them still running. And on one virus-infested system it quarantined all infected files rather than disinfecting them. Its malware removal score of 2.9 is wildly behind the previous low (6.3 by ZoneAlarm). And its keylogger removal score of 0.7 point barely beats the current low score of 0.5, set by
FortiClient's rootkit detection score of 1.6 undercut the previous low score of 3.3 from
FortiClient's Web filter blocks many kinds of sites, including those known to host malware. The filter actually did a pretty good job. When I tried to re-download my current malware sample set, it blocked over 80 percent of the URLs still existing, on par with ZoneAlarm or Norton.
Of course, malware doesn't always come from a known bad site or even from the Internet, so I tested the product by opening a folder full of predownloaded malware samples. By default, the real-time protection system simply denies access to detected threats. I configured it to quarantine them instead, to make its actions more visible.
FortiClient detected and quarantined about 15 percent of the samples. By comparison, Norton wiped out almost 95 percent of those same samples on sight. Of the remaining samples, FortiClient blocked installation of exactly one. That's no kind of protection!
Most products are better at blocking malware installation than at cleaning out entrenched malware threats. Norton scored 9.6 points in this test;
FortiClient's 1.1 points for rootkit blocking is another new low. Against scareware it scored 3.3 points, matching
I mentioned these results to my contacts at Fortinet and they suggested turning on the "Use extended signature database" option, buried in the suite's advanced settings. I always test with default settings, just as the average user would, but I decided to give it a try—to no avail. As it turns out, they were thinking of the paid version. This setting isn't available in the free edition.
For more information about my testing, read
Multifaceted Web Filter
This suite doesn't so much offer parental control as employee control. It will block access to Web sites in broad categories such as "Potentially Liable," "Controversial," "Potentially Non-Productive," and more. The Web filter is on by default, applying a default filter for all users. Adult (less restrictive) and Child (more restrictive) filters are available as presets. You can also choose to block any of the eight broad categories completely or pick and choose among the almost 80 subcategories. Like
The product's Web filtering is browser-independent, but that's the extent of the suite's parental controls. You won't find Internet scheduling, IM monitoring, remote notification, or any other advanced features here. If you truly need parental controls, you'll do better with
Phishing protection is another aspect of the Web filter. Here it didn't perform well, 69 percentage points behind antiphishing champion Norton and 49 points behind
Check out
Little Impact on Performance
Although FortiClient didn't outperform all the others in any one performance test, it did well consistently. It added 27 percent to the boot time, beaten only by
FortiClient added just 5 percent to the time required for a massive set of file move and copy operations, and just 9 percent to the time for a similar test of zip/unzip operations. And where Kaspersky and ZoneAlarm respectively added 78 and 77 percent in a test of installing and uninstalling software packages using Windows Installer, FortiClient added just 9 percent.
I did run into trouble with a test measuring how long it takes to fully load 100 Web sites in the browser. The test kept terminating prematurely. In order to complete the test, I had to turn off the Web filter. Without the filter, FortiClient added 12 percent to the time for the browsing test. That's not too bad, but ZoneAlarm added just 1 percent, and Norton didn't measurably slow the test at all.
I'm not surprised at FortiClient's low impact on system performance—it's just not doing much!
For more information about my testing, read.
Simple, Effective Antispam
The spam filter is available only in FortiClient's $29.95 Premium edition, not the free standard one, but I took it for a spin just to see what it's like. It filters mail in only Outlook, Outlook Express, and Windows Mail. There are no settings to tweak, but you can blacklist or whitelist specific senders or block mail containing banned words from a user-defined list.
The spam filter barely slowed downloading of mail—it took about 30 percent longer than with no filter. And it's persistent: When I tried to sort messages from the spam folder into subfolders it quickly moved them back. I had to turn off the filter before analyzing the results. FortiClient didn't mark any valid mail or newsletters as spam, and it let just under 10 percent of the undeniable spam into the inbox. That's a bit better than Norton, which missed over 12 percent of spam. It would rate 4 stars if it were actually part of the edition under testing.
For more information about my testing, read
Enterprise Features
The product contains a number of features that are completely irrelevant unless you're connected to a network that runs Fortinet's enterprise products. The secure VPN is no use without a corresponding server to connect with. WAN optimization isn't relevant to the consumer. And the App Detection feature requires a FortiGate server upstream—it lets the boss control what applications are permitted. Consumers can just ignore these features.
FortiClient Endpoint Security Standard Edition 4.1 is free, it's true, but it's much less effective than any of the commercial products. It failed dismally in my malware removal and blocking tests, and did little to protect against phishing. The best I can say about it is that it didn't slow down the test system. You need security; this suite doesn't offer it.
More Security Suite Reviews:
Final Thoughts
FortiClient Endpoint Security Standard Edition 4.1
FortiClient Endpoint Security Standard Edition 4.1 may not cost you any money, but if you install it you'll pay the price of limited security.