22:38
Unknown
Review
New InterfaceAfter interviewing users and observing them navigate the product, Symantec's interface designers concluded that the on-demand scanning and checking for updates are what users do most. The new user interface puts those two features front and center, with almost everything else hidden until you click the Advanced link.
The advanced view offers all the status information that was present in the 2011 edition, along with the simple on/off controls for specific features. This is also where you'll find the indicators for CPU usage by the system and by Norton. If you prefer this level of detail you can simply pin the advanced view in place, making it the default.
Norton's settings window has also undergone a serious change. The 2011 edition effectively put every single setting in a single scrolling list, with the option to expand and collapse sections. In 2012 the settings are organized in a tabbed window, with major categories Computer, Network, and General across the top. For each of those, tabs along the left select sub-categories. It's closer to the interface of Norton 360 Version 5.0($79.99 direct for three licenses, 4.5 stars), though not quite the same. I definitely find it easier to use.
Multiple Malware CleanersThe architects of Norton AntiVirus understand clearly that the product must do its job even in adverse conditions. If malware already present on the computer attempts to interfere with installation, the installer launches a preinstall scan to root out that problem. That happened on one of my test systems. After a reboot, the installation finished without further ado. As with previous versions, once you click "Agree & Install" you can just sit back until the installation finishes.
A tougher problem after installation triggered the Autofix feature, which identified the error but couldn't automatically fix it. A full scan after rebooting into Safe Mode solved that problem. The ongoing battle between Norton's real-time protection and active malware cause a couple test systems to bog down. Here again scanning in Safe Mode solved the problem. Note that this occurred on virtual machine test systems with severely limited resources. I didn't observe any slowdown on my physical test computer.
Five of the test systems reported threats that weren't removed by the scan, with a link to "Get Help". The help page recommended downloading Norton Power Eraser (Free, 4 stars), which completed cleanup for four of them.
That left one problem system. The help page next recommended using the Norton Bootable Recovery Tool, so I downloaded and ran the wizard to create a bootable cleanup CD. I could have also chosen to create a bootable USB drive, or just save an .ISO image to burn later. NBRT managed to remove the resistant threat that was causing trouble.
You do need to pay attention if Norton AntiVirus says you should get help. In fact, if a full scan finds anything serious it's probably not a bad idea to proactively run Norton Power Eraser even if it doesn't ask.
Reputation ScanA full scan on my standard clean test system took 36 minutes, almost half-again the current average. However, after Norton had a chance to run its reputation scan and whitelist known good files a second full scan finished in just three minutes
The reputation scan checks all files on your system against Symantec's huge database of known programs. For each file you can view reputation elements including prevalence among Norton users, trust level, and resource usage. Norton's SONAR behavior-based detection system automatically applies tougher rules to processes with a low trust level.
New in the 2012 edition is a reliability rating. Based on information about program crashes gathered from millions of Norton users, it rates each program as Reliable, Stable, Slightly Unstable, or Unstable. The Download Insight and File Insight features now include reliability information as well.
Across the top of the reputation scan report several tabs let you compare your own system with the community average in three areas: prevalence, reliability, and trust level. A fourth tab reports on the size of the known good files and known bad files
Effective Malware CleanupScanning all the test systems for malware took a while, especially for those that needed multiple scans. However, the results were definitely worth the wait. Norton's detection rate wasn't the highest among products tested with the current malware collection; that honor goes to AVG Anti-Virus Free 2012 (Free, 4 stars), with 91 percent. But Norton parlayed its 85 percent detection rate into an overall score of 7.1, well above AVG's previous high of 6.5 points.
Like several other products, Norton detected 100 percent of the samples that use rootkit technology. It's score of 8.9 points for rootkit removal totally blows away the previous high score of 6.7 points, held jointly by ZoneAlarm Antivirus + Firewall 2012($59.95 direct for three licenses, 3 stars) and AVG.
Norton also detected 100 percent of the scareware samples, and completely removed all of them. With a perfect 10 points, Norton ties with Malwarebytes' Anti-Malware Free 1.51 (Free, 4 stars) for best scareware removal score.
The chart that follows clearly shows Norton is ahead of the pack. For an explanation of just how I derive these scores see How We Test Malware Removal.
Norton AntiVirus 2012 malware removal chart
SONAR for SafetyWhen tried to download my current malware collection again, Norton blocked most of them. Not all of the URLs were still valid, of course. Norton's browser protection blocked a third of those at the URL level, indicating it had done so through a small slide-in notification that vanished automatically. Download protection also took action, blocking half the samples.
Almost 60 percent of my already-downloaded samples were wiped out by Norton's real-time protection as soon as I opened the folder containing them. I launched each sample that wasn't eliminated on sight and noted how Norton handled it.
This edition's beefed-up SONAR protection caught almost all of the remaining samples at some point during their attempt to install. Because SONAR monitors process behavior it was able to roll back all changes even when it detected the malware partway through installation. In every case detected by SONAR, not a single malware trace reached the test system.
Norton detected 91 percent of the threats, the same as G Data AntiVirus 2012 ($29.95 direct, 3.5 stars). Others have detected more. TrustPort Antivirus 2012 ($39.95 direct, 3.5 stars) detected 97 percent. AVG, Outpost Antivirus Pro 7.5 ($29.95 direct for three licenses, 3 stars), and Trend Micro Titanium Antivirus+ 2012 ($39.95 direct, 2.5 stars) detected 94 percent. But Norton's very though blocking of detected threats yielded a blocking score of 8.9 points, beaten only by G Data's 9.0.
Norton totally ruled in the breakout figures for specific malware types. It detected 100 percent of rootkits and scareware samples and blocked them perfectly, scoring a perfect 10 in both tests. Panda Antivirus Pro 2012 ($49.99/year direct for three licenses, 3 stars) and G Data also scored 10 points for blocking scareware, but no other product has scored a perfect 10 for blocking the rootkits in my current malware collection. For a detailed explanation of how I derive malware blocking scores, see How We Test Malware Blocking.
Norton AntiVirus 2012 malware blocking chart
Weighted False-Positive TestingFor another view of SONAR's behavior-based detection I attempted to install twenty PCMag utilities. I was a bit surprised that SONAR identified more than half of them as risky and blocked installation. It also wiped out the tool I use to test phishing protection.
At first I thought this was a big black mark against Norton, but then I thought about it again. My purpose in this test is to see whether a behavior-based detection feature goes overboard and blocks valid programs. I deliberately chose obscure tools, to limit the possibility that they might be whitelisted. And I chose tools that perform suspicious actions like installing a global Windows hook or launching the browser under remote control.
Norton's reputation technology correctly identifies these file as very rarely seen, which triggers a higher level of scrutiny by SONAR. They're not digitally signed, and many lack file version information. In a real-world scenario SONAR would have detected that the files were downloaded from a trusted Web site. The fact that they came from another computer on the network is another strike against them, to SONAR.
Patrick Gardner, the senior director of development for Symantec's STAR (Security Technology and Response), recommends that "false positive" tests be weighted based on the prevalence and importance of the file mistakenly identified as risky. Killing an essential Windows process, as McAfee did in 2010, is extremely serious. Damaging a Microsoft Office installation is also serious. Since Norton's Insight database whitelists all trusted programs that are reasonably prevalenct, Gardner contends SONAR simply can't block a significant valid program.
Reputation-based detection is a powerful tool against polymorphic and zero-day malware, and I have to grudgingly agree that its benefits outweigh the possibility of erroneously whacking an obscure program that only exists on a few computers.
Normal users will probably never see SONAR block a valid file. If it does happen, you can simply tell SONAR to restore the file and leave it alone in the future. That's what I did with my antiphishing test tool, a program that runs on no other computer in the world.
Independent Labs AgreeAll of the independent testing labs that I follow include Norton products in their tests, and Norton gets good ratings overall. West Coast Labs and ICSA Labs certify Norton technology for both virus detection and virus removal. Norton took the VB100 aware in nine of the last ten tests by Virus Bulletin.
Norton rated ADVANCED in AV-Comparatives's on-demand virus detection test. Interestingly, in the retrospective test (which simulates detection of zero-day threats by forcing the antivirus to use old signatures) Norton attained the top rating of ADVANCED+. In a dynamic whole-product protection test carried out by AV-Comparatives over several months Norton rated ADVANCED.
AV-Test.org carries out a regular series of certification tests under Windows 7, Vista, and XP. Norton scored 15 and 15.5 of a possible 18 points in Windows 7 and Vista respectively, but only 13.5 under XP. With an average of 14.67 points Norton's up with the winners. Bitdefender's 16 point average is currently the highest.
A just-released preliminary test of the 2012 edition by AV-Test gives this product some serious praise. In every test it scored above average, and it blocked 100 percent of 0-day attacks. AV-Test will incorporate the 2012 edition in ongoing tests starting this month.
For an explanation of the various test types and the data in the following chart, see How We Interpret Antivirus Lab Tests.
Norton AntiVirus 2012 lab tests chart
Intrusion PreventionThe standalone antivirus doesn't include the full firewall component found in the full Norton suite, but it offers powerful protection against Web-based exploits. I attacked the test system with over 30 exploits generated by the Core Impact penetration tool. These included exploits aimed at Internet Explorer, Firefox, Adobe, Microsoft Office, and Windows in general.
Norton detected and identified every attack, reporting its action in a small slide-out notification window and sometimes a second notification with a more detailed identification. Clicking the link to "View Details" brings up the security history entry describing the attempted intrusion, with a wealth of detail about the attack.
The full-scale firewall in many security suites only manages to block and identify a handful of these. In the past, Kaspersky has identified all or nearly all the exploits, but in my most recent test Kaspersky Internet Security 2012 ($79.95 direct for three licenses, 3.5 stars) only caught two thirds of them. Finding this level of protection in a "mere" antivirus is very impressive.
Integrating Norton ProductsLike AVG, Norton AntiVirus 2012 integrates support for a variety of other Norton products via a set of icons across the bottom of the window. If you have a subscription toNorton Online Backup 2.0 ($49.99/year direct, 3.5 stars) you can track your online backup status by clicking an icon. Another icon links to Norton Mobile Security 2.0, a security app for Android devices.
For added browsing protection you can click an icon to install Norton Safe Web Lite. While it doesn't have the power of the Norton toolbar installed with the full suite, it can warn you when you visit iffy or dangerous Web sites. It will also mark dangerous search result links.
The most significant feature reached through these icons is the new Norton Management system. This cloud-based service lets you track the security status of all your devices, manage subscriptions and licenses, and install or uninstall protection using your existing licenses. This feature will be enabled the day the product is released. As I'm evaluating the product ahead of that release date I wasn't able to experiment with Norton Management.
A Great ChoiceBased on my own tests and independent lab tests, you can hardly do better than Norton AntiVirus 2012 for standalone antivirus protection. Its new interface is easy on the eyes, and its enhanced protective technologies are effective at both cleaning out resistant malware and keeping new infestations out of a clean system. As a bonus, you get intrusion prevention that rivals the top security suites. Norton AntiVirus 2012 is PCMag's Editors' Choice for standalone antivirus
Operating Systems Supported
Minimum Hardware Requirements
 |
0 comments:
Post a Comment