- Apr 25, 2013
- 5,355
Hands On With the Antivirus
The test results from the big independent labs are certainly useful, but I like to run my own tests, to get a hand-on feel for how each product works. The test starts when I open a folder containing my collection of malware samples. It's not uncommon for a security product to immediately wipe out most of the samples. Bitdefender Total Security 2015 and F-Secure Internet Security 2015 both wiped out more than 80 percent of the samples on sight.
Norton's approach is different, with much less reliance on simple signature-based detection. It wiped out 28 percent of the samples on sight, but blocked and quarantined most of the rest when I tried to launch them. With an overall detection rate of 89 percent and an overall score of 8.3, it's just a hair behind Bitdefender.
You'll notice in the chart that many products tested using my previous malware collection scored quite a bit higher. Since it was a different collection, scores aren't directly comparable. And I do give more weight to results from the independent labs.
Good Malicious URL Blocking
My malicious URL blocking test starts with a feed of newly discovered nasty URLs supplied by MRG-Effitas. I launch those that point directly to malicious executables, noting whether the security product blocked access to the URL, quashed the download, or simply did nothing. Despite being just a few hours old, many of the URLs are already no good. I keep at it until I have data for 100 URLs.
Most of the time, every product goes up against a different set of URLs—but always the very newest. This time I was able to test Norton simultaneously with McAfee AntiVirus Plus 2015 Testing took a little longer, because I discarded any URL that returned a "not found" error for either test system.
Norton blocked all access to 21 percent of the URLs, and it quarantined another 30 percent during or immediately after download. A block rate of 51 percent is definitely good; the average since I began this test is 32 percent. However, Trend Micro Internet Security 2015 blocked 80 percent of the malicious URLs, and McAfee, the top scorer, blocked 85 percent. Given Norton's consistently excellent phishing protection, I had expected better.
Varied Scanning
A full scan of my standard test system took Norton 26 minutes, which is precisely the current average time. I like the fact that the antivirus deals with malware immediately, without waiting for the scan to complete. On completion of the scan, it reported its actions, and asked what to do with a couple of low-risk items.
A repeat scan took seven minutes, which is good. However, a repeat scan with F-Secure took just four minutes, and with Trend Micro the repeat scan lasted less than one minute.
The Norton Insight scan checks the programs on your computer and charts which are trusted, good, unproven, or poor. For each file it also reports prevalence among Norton users and identifies whether the program's resource usage is low, moderate, or high.
Another scan creates a diagnostic report that flags any problems with your system. It also gathers detailed information about your hardware, software, network connection, and more. This report can be handy if you find that you need to contact tech support.
Antiphishing Champion
Norton is the touchstone I use for measuring how well other products can detect and block fraudulent (phishing) websites. I scrape newly reported phishing URLs from various websites—URLs so new they haven't been verified as frauds. I simultaneously attempt to visit each URL on five systems protected by Norton, the product under testing, Internet Explorer, Firefox, and Chrome. I repeat the process over a few days, always using the freshest phish, until I have about 100 samples.
Norton consistently detects almost all of the fraudsters, and Internet Explorer consistently lags way behind. Chrome is more volatile, as this test shows. Frequently Chrome's built-in phishing detection comes in almost as accurate as Norton. This time its detection rate lagged 27 percentage points behind Norton. Firefox's showing was even worse, at 47 percentage points behind.
Intelligent Firewall
Norton's firewall is the poster child for smart and silent firewall protection. To start, it correctly stealthed all the system's ports, and it resisted all the Web-based attacks I threw at it. That's important, but it's just a baseline; the built-in Windows Firewall can do the same.
The firewall also controls how programs are permitted to use the network and Internet connections. It automatically configures permissions for known good programs identified in the massive Norton Insight database. Naturally it wipes out known bad programs as soon as they're detected. When it encounters an unknown program, it monitors activity and steps in to block any malicious behaviors.
It's a tough firewall, too. Its Registry settings are protected against modification, so I couldn't turn it off that way. Terminating its processes using Task Manager just got me "Access denied." And I couldn't make any changes to the status of its single Windows service. That's a refreshing change from McAfee, which requires 12 distinct services and only protects five of them.
Malicious websites can breach system security by exploiting vulnerabilities in the operating system, the browser, or a variety of popular programs. In order to succeed, an exploit attack needs to hit a system whose configuration precisely matches the vulnerable program version. If you keep your system patched, you're not likely to fall victim. Even so, you'd surely want to know about any attempted attack. Norton is the absolute champion when it comes to detecting and blocking exploits.
I attacked my test system using about 30 exploits generated by the CORE Impactpenetration tool. Norton detected and blocked every single exploit, identifying a quarter of them by the precise CVE (Common Vulnerabilities and Exposures) number of the attack. No other firewall I've tested comes close.
Sub-Ratings:
Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.
Firewall:
Antivirus:
Performance:
Antispam:
Privacy:
Parental Control:
Full Article