Norton Internet Security 2010 takes reputation-based approach to security

The just-released beta of Symantec’s Norton Internet Security 2010 is more notable for what’s under the hood than what you actually see. However, if you’re planning to try it out, you’d better not do it on your main PC — this is not only a beta release, but a temporary one as well. Currently, the installed beta says that it is good for only 14 days.

A shift from signatures to reputation

Symantec’s comprehensive suite offers protection against viruses, Trojans, rootkits, spyware and malware of all kinds, as did the previous versions. Like those versions, it includes a firewall, intrusion protection, e-mail protection and Web protection; for example, it integrates with your browser and search engine to warn you away from visiting sites that might be malicious.

Symantec says that the newest release of its security suite marks a major shift away from signature-based detection to what it calls “reputation-based security technologies,” which it claims offer more complete and up-to-date protection.

According to Symantec, traditional signature-based solutions simply can’t keep up with the massive amounts of new malware released every year. The company says that Symantec researchers see more than 200 million attacks on PCs every month, many of them threats not seen before that may slip by signature-based security software. Because of that, the company claims, signature-based solutions by themselves can no longer adequately protect PCs.

Don’t mess with malware – a clean wipe of your system is the best response

Its new reputation-based security strategy relies heavily on Symantec’s global product reach, in which millions of people who use Norton products and opt in to the Norton Community send information anonymously about the applications running on their system. Using this data, Symantec calculates a “reputation score” for applications, and uses that reputation score, in addition to traditional malware signatures, as the engine to keep PCs safe in Norton Internet Security Suite 2010.

Norton Internet Security 2010 isn’t the first time a reputation-based technology has been used by anti-malware vendors. Cloudmark Desktop, for example, has been using it for years to protect against spam. But Cloudmark is a far smaller company than Symantec, with a smaller user base, and not as comprehensive a security suite. In addition, protecting against spam is far simpler than protecting against the myriad constantly evolving threats on the Web.

These days it takes a large-scale lab to judge whether reputation-based security is superior to signature-based security, so the final answer will have to wait until the fall of 2009 when NIS 2010 is expected to be released in final form. At that point, various labs will weigh in with their results.

Installation woes

The initial download of the beta installs a small piece of software that in turn downloads the beta itself, which is 88.5MB. Installation is relatively fast. In my case, it first uninstalled Panda Internet Security, which was active on the test computer, before installing itself.

I had several hiccups with my installation. At one point, one of the installation screens said that it had encountered an unrecoverable error, but rest of the installation still proceeded without issues. At another point, a screen popped up and told me that the program had encountered an error and was gathering information about it, but never said what the error was.

When I first tried scanning my system with the software, it wouldn’t perform a scan because the virus definitions weren’t up to date. But after some clicking around, I managed to download the latest definitions, and the scan proceeded without a hitch.

Aside from installation glitches, there may be one very serious drawback to this beta — the software says that the subscription is good for only 14 days. It’s unclear whether the subscription will extend for free beyond the 14 days because it is still in beta.

So be warned that if you download the software, it may not work properly after two weeks. (I’ve asked Symantec for clarification on this question and will update the story when I hear back.)

The interface: You’ve seen it before

Users of Norton Internet Security 2009 will feel right at home with the new version of the program, because the basic interface and all its workings are nearly identical to the existing version.

The main screen is the control center, which gives you access to your security functions and lets you turn features on and off. It’s organized slightly differently than previous versions of the software, with three main sections: Computer, Network and Web (rather than the previous Computer, Web and Identity). Most of the underlying features, though, are the same.

As with the previous version, there are monitors on the left side of the main screen that show your CPU’s current usage, and how much of that Norton is taking up. There’s no real reason for showing you this information, except to drive home the point that Norton is no longer the bloated security suite of the past, and takes up much less RAM than previously.

That’s certainly the case, although it still slows down your system more than lightweight antivirus tools such as Microsoft’s recently released Microsoft Security Essentials or ALWIL Software’s Avast!, both of which are free.

In limited testing, it misses a threat

Although I did not put the software through full laboratory testing, I did test it using the EICAR Standard Anti-Virus Test File, which was developed by the European Institute for Computer Antivirus Research as a way to allow antivirus software to be tested. The test file acts like a virus, even though it does no harm to your system.

I tested NIS 2010 using two versions of the EICAR file: a .com file (a type of executable file), and a .com file embedded in a zip file. Norton said that the .com file might be dangerous. However, it allowed the .zip file through without any notice.

Note that these were only two test files and NIS 2010 is still in beta, so this is not a true test of how much protection the software will give when it is released.

Other new stuff

Besides Norton’s new reputation-based security strategy, there are some new features. One is what Symantec calls “Autopsy,” which gives more information about threats on your system than previous versions.

The anti-spam com

ponent has a new engine from Brightmail, which powers many large enterprises’ anti-spam efforts. Symantec claims that this significantly increases the efficiency of its spam killing.

In addition, Norton Internet Security 2010 users get a free subscription to OnlineFamily.Norton, a Web-based service that lets parents control what their kids do on the Web. However, that subscription offer is good only from when the product is released until December 2009.

There are other minor changes as well, not all of them good. For example, there is a new Vulnerability Protection link on the main screen, but the link just takes you to another screen that doesn’t appear to do anything — at least, not in this beta. It merely lists programs that Norton has found to have vulnerabilities and which you are protected against, whether or not you have those applications on your PC. It feels like a bit of marketing thrown into the middle of the program.


So should you download this beta version of Norton Internet Security 2010? Given its installation bugginess — and the fact that it appears that the subscription may last only 14 days — the answer is most likely no. And since it uninstalls whatever security program is already running, you certainly won’t want to put it on your primary computer. The software is set to be final sometime in the fall; you’d do well to wait until then.

Source: Computerworld

Share on LinkedIn Share with Google+