Norton Internet Security offers top notch malware detection

Norton Internet Security 2010 has been investing in technology that detects malware by its behaviour, and it shows in this release, further bolstering this historically strong performer.

The Norton Internet Security 2010 interface is nicely laid out, but its peculiar use of colour (a black main window with orange accents) makes it tough to read. The left panel displays a CPU performance gauge, which may or may not be useful to you. The middle column has three sections: Computer (for desktop operations), Network (for connections to the Internet or other PCs), and web (for browser protection settings).

The right column shows configuration options for each of the three subsections. The problem is that the notifications, in green and red text, were sometimes hard to see against the black background. Norton was one of the top performers in detecting and cleaning up active malware infections on a PC. It found all the bad software, disabled 93 per cent of it and removed all traces of two-thirds of the software – the best scores of any product we tested.

Norton Internet Security 2010 detected 93 per cent of inactiverootkits, but detected and removed all active rootkits. This is a very solid score for this test, but rivals McAfee and Kaspersky both achieved perfect scores across the board here.

On the other hand, Norton Internet Security 2010 was the only suite we tested that achieved a perfect score in detecting, disabling, and removing malware using behavioral scanning (detecting new and unknown malware based solely on how it acts on a PC). This is a good test for judging how well a product can detect and disable brand new, unknown malware.

Norton Internet Security 2010 did well in our tests for old-style signature-based malware detection, finding 98.4 per cent of samples. By comparison, however, McAfee Internet Security , the top performer on this test, detected 99.9 per cent of samples. Signature-based detection is useful for detecting older malware, but it’s less important than it once was given the huge number of new malware outbreaks.

Despite improvements over the years in performance, Norton Internet Security 2010 did slow our test PC at boot, taking 3.9 seconds longer than the average startup time. But we experienced minimal drag in day-to-day desktop operations. Norton’s scan speeds were decent, but not outstanding; it took 4 minutes, 14 seconds to scan 4.5GB of data in our on-access scanner test that judges how quickly the scanners work when you’re opening or saving a file.

One annoyance with Norton Internet Security 2010 is its use of proprietary names like Quorum, Sonar, Insight for security technologies that it doesn’t explain very well. For example, on the Symantec knowledge base search page we received this message: “Our search engine was unable to find any pages related to quorum.” For the record: Quorum is Symantec’s cloud-based detection engine that assigns a reputation to programs based on several factors; Sonar is Symantec’s behavioral-detection technology; and Insight provides up-to-the-minute data on malware collected from other Symantec users.

Take a quick glance at the just-released Norton Internet Security 2010, and you won’t notice much of a difference from previous incarnations – the interface and feature set are so similar that it appears that only very minimal changes have been made to the suite.

But under the hood is a new reputation-based security technology that the company claims is better positioned to protect against quickly evolving threats than traditional signature-based and behaviour-based detection.

As with previous versions, Symantec’s suite offers protection against viruses, Trojans, rootkits, spyware and malware of all kinds. Also, like previous versions, it has a firewall, intrusion protection, email protection and web protection. It integrates with your browser and search engine to warn you away from visiting sites that might be malicious.

The suite, despite its hefty feature set, does not take up a good deal of RAM or system resources. It’s unlikely that you’ll even notice it’s running, a welcome change compared to several versions ago when it bogged down your system.

Norton Internet Security 2010: New reputation-based Quorum

Traditionally, security software detects threats by searching for signatures – distinct code patterns that identify malware – or by examining the behaviour of a piece of software. Symantec claims that these solutions can’t keep up with the massive amounts of new malware released every year.

The company has named its new reputation-based technology Quorum. It was designed for a world in which malware threats evolve exceedingly quickly and may be built to last only for a day, because malware writers know that signatures can be released to detect the threat in only 24 hours. Symantec claims that it is these kinds of threats – those intended to do their damage quickly, before they are caught – that are the primary dangers today.

Quorum creates a “reputation” for every piece of software it encounters, basing that reputation on a number of factors, including download source, age, prevalence and digital signature.

So, for example, a new file downloaded from a not-well-known website that very few people have ever used will be regarded as suspect by Quorum, even if it is not known as a piece of malware and exhibits no suspicious behavior. As a result, one of malware writers’ greatest weapons – their ability to quickly turn out new pieces of malware – makes it more likely that the new malware will be deemed suspicious by Quorum.

According to Symantec, Quorum relies on data that Symantec has been capturing for years through millions of people who use Norton products and opt in to the Norton Community, sending information anonymously about the applications running on their systems. Quorum uses this information to help calculate its “reputation score” for applications.

Symantec stresses that it hasn’t abandoned other means of catching malware; the reputation score is used in concert with signature-based and behaviour-based protection.

Will the addition of Quorum actually help protect you more than traditional forms of protection? We’ll only know when labs weigh in with their results.

As we mentioned before, Norton Internet Security 2010 looks very much like the 2009 version, so there will be very little learning curve for those who have already used the product.

The main screen is now divided into three sections entitled Computer, Network and Web (rather than the previous Computer, Web and Identity). It tells you at a glance the state of your security, notes whether any actions need to be taken, and lets you turn features on and off. As with the previous version, there are monitors on the left-hand side of the screen that show your CPU’s current usage and how much of that Norton is taking up.

If you want a quick glimpse of the state of your security, you’ll just use the main screen. But if you’re the kind of person who likes to dig deep, you’ll find plenty of links here that will lead you to additional data. For example, click the Performance link on the left-hand side, and you’ll see a new feature: a page that offers in-depth detail about CPU and RAM use over the last ten minutes, the last half hour, hour-and-a-half, day, week, and month

.

Better yet, another new link on the main page gives you access to detailed information from the suite’s System Insight feature. This display shows, over time, any events related to your PC’s security, such as virus scans and their results, and new software that you’ve installed. Using this info, you may be able to track down PC problems yourself – for example, if you notice unusual behaviour, you can check this screen to see if that behavior started after you installed a particular piece of software.

Another useful feature accessible from the main screen is the Network Security Map. It shows you all of the devices attached to your network, and includes information such as the IP address, MAC address, whether they’re online, and so on.

Another feature, the Vulnerability Protection link, is less than useful. It lists programs that Norton has found to have vulnerabilities – but not necessarily those you have on your PC. The list is generic and lists all software against which Norton offers protection. There’s no need ever to check it.

Norton Internet Security 2010: What’s new?

Quorum’s reputation-based strategy represents the biggest change compared to previous versions, but there have been other changes as well. The suite’s anti-spam component features a new engine from enterprise antispam vendor Brightmail. Symantec claims that it is 20 per cent more effective than the suite’s previous antispam protection.

Also included is Norton Safe Web; this service is new to Norton Internet Security but was previously introduced in Norton 360 version 3.0. It works with Google, Yahoo and Bing, and shows whether any sites that turn up in search results are potentially dangerous or untrustworthy.

In addition, Norton Internet Security 2010 users get a free subscription to OnlineFamily.Norton, a web-based service that lets parents control what their kids do on the web.

NIS 2010 beta review: from July 2009

However, if you’re planning to try out Symantec Norton Internet Security 2010, you’d better not do it on your main PC – this is not only a beta release, but a temporary one as well. Currently, the installed beta says that it is good for only 14 days.

The NIS 2010 beta is available for free from www.norton.com/nis2010beta, Norton AntiVirus 2010 beta: www.norton.com/nav2010beta. (Only those people who consider themselves sufficiently technically savvy to deal with software glitches and flaws should test beta software, particularly security software.)

Norton Internet Security 2010: From signatures to reputation

Symantec’s comprehensive Norton Internet Security 2010 suite offers protection against viruses, Trojans, rootkits, spyware and malware of all kinds, as did the previous versions. Like those versions, it includes a firewall, intrusion protection, email protection and web protection; for example, it integrates with your browser and search engine to warn you away from visiting sites that might be malicious.

Symantec says that Symantec Norton Internet Security 2010 marks a major shift away from signature-based detection to what it calls “reputation-based security technologies”, which it claims offer more complete and up-to-date protection.

According to Symantec, traditional signature-based solutions simply can’t keep up with the massive amounts of new malware released every year. The company says that Symantec researchers see more than 200 million attacks on PCs every month, many of them threats not seen before that may slip by signature-based security software. Because of that, the company claims, signature-based solutions by themselves can no longer adequately protect PCs.

Its new reputation-based security strategy relies heavily on Symantec’s global product reach, in which millions of people who use Norton products and opt in to the Norton Community send information anonymously about the applications running on their system. Using this data, Symantec calculates a “reputation score” for applications, and uses that reputation score, in addition to traditional malware signatures, as the engine to keep PCs safe in Norton Internet Security Suite 2010.

Norton Internet Security 2010 isn’t the first time a reputation-based technology has been used by anti-malware vendors. Cloudmark Desktop, for example, has been using it for years to protect against spam. But Cloudmark is a far smaller company than Symantec, with a smaller user base, and not as comprehensive a security suite. In addition, protecting against spam is far simpler than protecting against the myriad constantly evolving threats on the web

.

These days it takes a large-scale lab to judge whether reputation-based security is superior to signature-based security, so the final answer will have to wait until the fall of 2009 when Symantec Norton Internet Security 2010 is expected to be released in final form. At that point, various labs will weigh in with their results.

The initial download of the beta installs a small piece of software that in turn downloads the beta itself, which is 88.5MB. Installation is relatively fast. In our case, it first uninstalled Panda Internet Security, which was active on the test computer, before installing itself.

We had several hiccups with our installation. At one point, one of the installation screens said that it had encountered an unrecoverable error, but the rest of the installation still proceeded without issues. At another point, a screen popped up and told me that the program had encountered an error and was gathering information about it, but never said what the error was.

When we first tried scanning our system with Symantec Norton Internet Security 2010, it wouldn’t perform a scan because the virus definitions weren’t up to date. But after some clicking around, we managed to download the latest definitions, and the scan proceeded without a hitch.

Aside from installation glitches, there may be one very serious drawback to the Symantec Norton Internet Security 2010 beta – the software says that the subscription is good for only 14 days. It’s unclear whether the subscription will extend for free beyond the 14 days because it is still in beta.

So be warned that if you download the Symantec Norton Internet Security 2010 software, it may not work properly after two weeks

The Symantec Norton Internet Security 2010 interface: you’ve seen it before

Users of Symantec Norton Internet Security 2009 will feel right at home with the new version of the program, because the basic interface and all its workings are nearly identical to the existing version

.

The main screen is the control centre, which gives you access to your security functions and lets you turn features on and off. It’s organised slightly differently than previous versions of the software, with three main sections: Computer, Network and Web (rather than the previous Computer, Web and Identity). Most of the underlying features, though, are the same.

As with the previous version, there are monitors on the left side of the main screen that show your CPU’s current usage, and how much of that Norton is taking up. There’s no real reason for showing you this information, except to drive home the point that Norton is no longer the bloated security suite of the past, and takes up much less RAM than previously.

That’s certainly the case, although it still slows down your system more than lightweight antivirus tools such as Microsoft’s recently released Microsoft Security Essentials or ALWIL Software’s Avast!, both of which are free

In limited testing, Symantec Norton Internet Security 2010 misses a threat

Although we did not put Symantec Norton Internet Security 2010 through full laboratory testing, we did test it using the EICAR Standard Anti-Virus Test File, which was developed by the European Institute for Computer Antivirus Research as a way to allow antivirus software to be tested. The test file acts like a virus, even though it does no harm to your system.

We tested Symantec Norton Internet Security 2010 using two versions of the EICAR file: a .com file (a type of executable file), and a .com file embedded in a zip file. Norton said that the .com file might be dangerous. However, it allowed the .zip file through without any notice.

Note that these were only two test files and Symantec Norton Internet Security 2010 is still in beta, so this is not a true test of how much protection the software will give when it is released.

Symantec Norton Internet Security 2010: other new stuff

Besides Norton’s new reputation-based security strategy, there are some new features. One is what Symantec calls “Autopsy,” which gives more information about threats on your system than previous versions.

The anti-spam component has a new engine from Brightmail, which powers many large enterprises’ anti-spam efforts. Symantec claims that this significantly increases the efficiency of its killing spam.

System requirements

300MHz or faster processor; 256MB of RAM (512 MB RAM required for the Recovery Tool); 300MB of available hard disk space; Microsoft Windows Vista Home Basic/Home Premium/Business/Ultimate, Supports 32-bit and 64-bit platforms, Must meet the minimum Windows Vista operating system requirements; ws 7 Starter/Basic/Premium/Professional/Ultimate, Supports 32-bit and 64-bit platforms, Must meet the minimum Windows 7 operating .

Verdict

If you’re a user of Norton Internet Security 2009, it’s certainly worth going to the newer version, because Quorum will most likely make you safer, and the new features are worthy additions. Not only that, but the upgrade is free. As for whether to switch to NIS 2010 from a different internet protection program, that’s a tougher call. The interface is certainly simple and straightforward, and also lets you dig into security details. There’s no way to evaluate yet whether the new tools will be more effective than the old ones; only widespread use and exposure to many malware threats will tell

Source: PC Advisor

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs