Dramatic improvements to its Norton suite during the past two years indicate that Symantec has been listening to the needs and complaints of its customers. The company’s strong and surprising changes to Norton’s impact on system performance that it introduced last year are maintained in this new version, and a new behavioral detection engine called Quorum shows that Symantec can juggle performance and protection.
Quorum incorporates behavioral detection with Norton Insight, a program-reputation engine introduced in the 2009 version of Norton. The purpose of these features, according to Symantec, is to respond faster to mutating threats, while also watching for hibernating infections that pose a potential, but not immediate threat. In the 2010 version, Insight has been split to address four main areas of concern: Download Insight for in-progress program downloads, System Insight for diagnosing system slowdowns, File Insight for file analysis, and Threat Insight for digging deeper into threat origins. Also included is a new enterprise-level antispam algorithm that, according to Symantec, shouldn’t require any “training” to use. These features were acquired by Symantec with its purchase of Brightmail more than five years ago. Norton Internet Security also includes OnlineFamily.Norton, Symantec’s new parental control system, and Norton SafeWeb, which is a search results and e-commerce rating component.
Full efficacy analysis isn’t yet available for Norton Internet Security 2010, but last year’s version scored better-than-average results, and what is available for the new release indicates that it will score similarly.
Former users of Norton should try installing this latest version, if only to see that this former sluggish beast now offers a smooth and fast operation. Once you run the installer, the program is ready to operate in about a minute–impressively fast, considering its past performance. The installation process is also the first time that you will interact with Quorum, the new behavior-based detection engine. You’ll be asked to participate by sending anonymous data to Symantec’s cloud. Opting out of the data submission, according to Symantec, will not affect your security.
Running the trial of Norton also requires free registration at the Symantec Web site–you can’t download the installer without it. Uninstalling the software left about 10 Registry entries behind, but no other traces were detectable. Overall, Norton’s installation experience was fast and hassle-free, with a minimum of configuration options–but the ones that did come up appeared necessary.
Interface and features
Robust and well designed, Norton Internet Security 2010 gives you a deep but uncluttered toolbox from which to keep your computer safe, maintain a high level of security, and access system management features. Norton’s Quorum is the big new feature this year–combined with the expanded Norton Insight, Symantec is looking to improve security while riding on the news of its overhauled performance.
Like its competitors, such as Kaspersky and Trend Micro, that also offer cloud-based, crowd-sourced behavioral detection engines, Norton gives you the option to opt out of submitting information during installation. Unlike most apps, Norton shows you the information that will be shared in detail.
From the main window of NIS, click the Details link next to the Insight Protection option. A window will open that shows you how many files have been detected throughout the network, with a column graph split into “known good files” in green, “known bad files” in red, and a middle gray area for files that are still being evaluated. Over time, that gray area should shrink as more files are recognized as safe or not. It also reveals how many total files have been judged, how many trusted files reside on your computer, and how many times Norton has used Insight and Quorum to evaluate one of your files. This is a good start, although we’d like a quick jump from here to the Norton Insight window that exposes which files those are.
Norton starts with a dark-themed window, accentuated by yellow and white font. On the left of the application is a persistent performance meter, measuring the percentage of CPU that’s being used and what percentage of that Norton is using. As a response to its past performance problems, this is a bit much–but it’s better to err on the side of exposing more data, rather than less. Below the meter is a button that flips the screen to expose more detailed performance data, but you also get to see an unnecessary animation of the window “flipping.”
The performance window defaults to showing two charts–this is the System Insight feature, and makes Norton’s system optimizing features some of the strongest and most detailed we’ve seen. The chart on the bottom shows your current overall CPU usage and the percentage of CPU that Norton has used for the past 90 minutes. You can change this to show as much as a month of history or as recently as the last 10 minutes. You can also change the chart to show memory only.
The second chart, at the top, shows important system incidents over the past month. Marked with their own icon for clarity are installations, downloads, optimization occurrences, and threat detections. You can mouse over an incident to reveal more information about it. You can also force a system optimization to run from a link at the top of the chart.
Below the performance link is a link to Application Ratings. This takes you to the Norton Insight window that exposes how your installed programs have been rated, their average resource usage, and their executable file name. The window defaults to all running processes, but you can filter it through a drop-down menu to all files, start-up items, high performance programs, user-trusted files, and untrusted files.
Here, you can also set what kind of trust-level they want using the same pill-shaped slider that’s present throughout the program. The default trust exempts Norton Trusted files from scans, a full scan checks everything regardless of trust, and high trust excludes Norton Trusted files and your local files rated as “good.” At the bottom of the application ratings window, nestled nearly out of sight, is a link to check a specific file. This opens a file browser in your system directory and lets you choose a file to check. The process took fewer than five seconds.
A somewhat hard to see link at the top left of the performance window opens up a Web page that explains in detail how to use System Insight. For some reason, useful links are occasionally placed in hard-to-see corners. Since Symantec made nearly every link in the interface text-based and in the nondescript Arial font, the text links are hard to see. We’re not suggesting using Wingdings here, but perhaps a better way to show how to access these features should be found. Notably, the shade of yellow chosen shouldn’t impede those with color-blindness from using the interface.
The center and right side of the main window are taken up by Norton’s core protection features: computer scanning, network defenses, and Web protections. To the right of each feature are quick toggles for key subfeatures, and to the right of each of those is an “i” icon that reveals more detailed information when you mouse over it. Next to the network defenses, for example, you can toggle the firewall, intrusion prevention, and e-mail protection.
When you deactivate a feature by clicking on the green slider, it will change to red and a pop-up box will appear that lets you set the length of time that the feature is disabled. You can choose from 15 minutes, one hour, five hours, until system restart, or permanently. Being able to deactivate security components at will–but not without a time limit–struck us as incredibly useful. Not only was it made accessible from the main window, but also the pop-up window will prevent you from forgetting to turn it back on and from keeping an accidental click from disabling your defenses.
When you click the scan now button, three scan options will appear in a new window: quick scan, full system scan, and a custom scan. You can access the scheduler from the custom scan window, but Norton is set to run a scan when your computer is idle by default.
You can also get to the scan and quarantine histories from links on the main window; however, the font choice and size make it a bit hard to read. The history window opens independently of the main window and offers a deep level of information. Its default setting is to show your recent history only, but you can change the setting with the drop-down menu to show your full history, scan results, resolved and unresolved security risks, the quarantine, firewall and download activities, Web sites reported to Symantec, and more. You can click each citation in the log to reveal more information about the event, the data can be exported, and you can import an older security log.
Under the computer heading in the main window is where you can force a virus definition update.
Under the Network heading is where you access Norton’s firewall management settings. Click the settings link to open the settings window, and you can configure the firewall along with e-mail protections, antispam measures, instant-message scans, and intrusion prevention that protects your system against holes in other programs, such as Adobe Flash. A network security map available in the main window reveals the state of protection for other computers in your network. Frustratingly, the IM scans only work on one out-dated multiprotocol chat client: Trillian 3. We hope that Symantec will update this feature before the 2011 version so that it becomes more useful.
Web, the last heading on the main window, is for setting up browser protections including Norton Safe Web for blocking malicious sites and rating search results, Symantec’s Identity Safe, and Norton Download Insight for analyzing downloaded file safety before it reaches your computer. You can also access parental controls here, but they require the OnlineFamily.Norton add-on.
Along with a fast installation, you can expect improvements in Norton’s scan times. Most of the major speed progress was made in its previous version, but, according to Symantec, last year’s scan speeds are comparable to this year’s version. Our hands-on test of the Quick Scan found that it completed the scan in 56 seconds for its first run, and 14 seconds for its second run. Like some of its competitors, Norton won’t rescan files that it detects haven’t changed since the last check. A Full Scan took 2 hours and 32 minutes, much longer than competitors’ Full Scans did.
CNET Labs’ benchmarks largely support the empirical data. Norton Internet Security left a fairly light footprint on the system, with a start-up time only 0.75 seconds slower than our baseline system. Shutdown time was hampered slightly more, with the system taking 1.25 seconds longer to close. NIS was also one of the fastest Quick Scans, completing its first scan in 791 seconds, and completed our Microsoft Office test in 496 seconds–only slightly slower than an unsecured machine. iTunes decoding results were average, as were the scores for the media multitasking test and our Cinebench test.
Compared with Norton AntiVirus 2010, the basic model, Norton Internet Security was faster on every count except for the multimedia multitasking and iTunes decoding tests. On three of the tests, start-up time, Quick Scan time, and the Microsoft Office test, NIS was markedly faster than NAV.
Full virus and malware efficacy scores for Norton’s 2010 products were not available at the time of this review, and will be updated here as they are announced. However, last year’s Norton 2009 scored average or better in all areas of detection according to virus and malware detection results at AV-Test.org and AV-Comparatives.org.
AV-Test noted that it detected more than 98.7 percent of malicious software on demand, and 95.4 percent of spyware on demand, with no false positives. AV-Comparitives.org awarded Norton 2009 an “Advanced” rating in the retrospective/proactive test from May 2009, while this year’s Norton 2010 earned an “Advanced+” rating in August 2009′s on-demand comparative test, noting a 98.4 percent detection rate slightly behind McAfee, Avira, and G Data, but with fewer false positives than those that achieved a higher detection rate. Norton 2009 actually scored slightly better with a 98.7 percent detection rate on the same test. However, Norton’s overall rating of Advanced+ and placement in the detection rankings did not change. The upshot of these independent test results is that Norton 2010 remains an incredibly effective tool for detecting viruses and malware, but on pure detection benchmarks, it’s not the best.
Links at the top of the window, above all the other features, make leaving feedback, accessing your Norton account online, or checking out the help menu easy to see and use. However, the help menu could use a better layout. It’s not clear that clicking the “help” link will open up on the localized help, or that hitting “get support” will launch the one-click support option. While “tutorials” is self-explanatory, there are no easy ways to get to the Norton knowledge base or to the Norton forums. Its telephone support is free, but it’s easier discovering that on Symantec’s Web site than through Norton.
Its support could do with an overhaul focused on accessibility, and until independent testers develop a method for evaluating behavioral detection engines, it’s hard to determine how much safer Quorum truly makes your computer. Nevertheless, Norton Internet Security 2010 is worth checking out for its emphasis on speed and its small footprint, and its transparent exposure of performance and detection data are good confidence-building tools. Combined with its multicomputer license, Norton Internet Security 2010 is a worthwhile security suite.