Battle Emsisoft Anti-Malware or Norton Internet Security 2017

[skandaloes]

My EAM license expired in 1 month and now i'm looking for an alternative.
My isp offers me norton for free and now i am thinking about to renew my eam license or take the free norton license.

How do you see this, how strong is norton in comparison?

 

[Fritz]

Both are worth using. What I don't particularly like is that Norton grabs tons more personal info and the SONAR part sometimes just takes ages, wheres Emsisoft checks its cloud data in a snap.

 

[Rolo]

Both are worth using. What I don't particularly like is that Norton grabs tons more personal info and the SONAR part sometimes just takes ages, wheres Emsisoft checks its cloud data in a snap.

What personal info does Norton 'grab'?

 

[giants8058]

1a. Kaspersky (I know it wasn't listed but..) 1b. Emsisoft >> Norton
Detection rate: Emsisoft >> Norton (and I don't think it's close)
Real-time protection: Emsisoft >> Norton (this one is closer)
Privacy: Emsisoft >> Norton
Features: Norton has more adjustable settings where Emsisoft is more set and forget
Support: Can't comment on this one

 

[skandaloes]

Thanks for all the answers.
Its realy hard to decide between this two programs.

And yesterday i got an 2 year license for Kaspersky IS, which does not make it any easier.
But i think i will give Kaspersky a chance to convince me.
Is, I think, not the worst choice?!

 

[Fritz]

What personal info does Norton 'grab'?

• Product and license information
• Unique ID
• Product usage statistics
• OS version
• Computer name
• Information about 3rd party apps
• Hardware information
• Running processes
• System event and error logs
• Visited URLs (malicious and non-malicious)
• Referer (previously visited web site)
• Country / region setting
• OS Language
• Windows user name
• File Hashes (malicious and non-malicious)
• Name of detections
• Name and paths of files
• Suspicious executable files
• Suspicious documents
• Data collected by malware
• Collected information stored in the U.S.A.

The bold ones do it for me. Thanks, but no, thanks.

Source: AV-Comparatives, Data transmission of Internet security products, 2014

 

[Rolo]

• Product and license information
• Unique ID
• Product usage statistics
• OS version
• Computer name
• Information about 3rd party apps
• Hardware information
• Running processes
• System event and error logs
• Visited URLs (malicious and non-malicious)
• Referer (previously visited web site)
• Country / region setting
• OS Language
• Windows user name
• File Hashes (malicious and non-malicious)
• Name of detections
• Name and paths of files
• Suspicious executable files
• Suspicious documents
• Data collected by malware
• Collected information stored in the U.S.A.

The bold ones do it for me. Thanks, but no, thanks.

Source: AV-Comparatives, Data transmission of Internet security products, 2014

I don't see anything personal in there.

How do you expect it to scan and test software without it gathering information about software (and suspicious data files)?

The rest of the stuff is just telemetry, not personal, any more than the year, make, model, and sensor data for your vehicle is.

 

[Fritz]

I don't see anything personal in there.

So my clearly identified machine including every web site I ever visited is not personal?
Norton thinks my medical history or tax return is malicious and sends it off to foreign servers in the clear is not personal?

Then we have a differing point of view on what defines privacy — which is completely fine of course.

 

[giants8058]

If I'm reading into the second to last one right:

• Data collected by malware

So if spyware was able to get through and log your banking/commerce login data or other information, whatever it collected would then in turn be sent off to Norton so they now have a copy too. That's unacceptable if that's the case. So basically you get compromised twice.

 

[Fritz]

So if spyware was able to get through and log your banking/commerce login data or other information, whatever it collected would then in turn be sent off to Norton so they now have a copy too. That's unacceptable if that's the case. So basically you get compromised twice.

Precisely, that's why I marked it bold as well.

This is why I prefer Emsisoft, they collect what is necessary to do their job and that's it.

 

[Rolo]

If I'm reading into the second to last one right:

• Data collected by malware

So if spyware was able to get through and log your banking/commerce login data or other information, whatever it collected would then in turn be sent off to Norton so they now have a copy too. That's unacceptable if that's the case. So basically you get compromised twice.

No; that's equivocation.

If you don't trust the company--Norton, for example--with access to your files, then don't install their software that has access to your files.

 

[giants8058]

No; that's equivocation.

If you don't trust the company--Norton, for example--with access to your files, then don't install their software that has access to your files.

My problem isn't with them having access to files, my problem is with the personal data that malware might have logged, being sent off to them. Why would they need to have that potential sensitive information? It's bad enough that it would have been stolen already by the perpetrator. They are the only ones in the test that admit to doing it while 8 other companies won't even disclose if they do. The discussion wasn't if I would "install their software" myself (because I won't..I already have an AV), but instead our opinions as to why we would choose one over the other. And privacy is any important aspect to consider.

As per the test, it says the patch removes the user name. Is that the person's name for their Norton account, or the user name for the PC? So the data may or may not have an identity, but the contents are still there. Sorry many other things make sense as to why they require it, but this one is a head scratcher.

As per the test:
"If malware steals personal data, we do not feel there is justification for the AV program to send the same information to the manufacturer. Some products’ EULAs or privacy statements note that the product might transmit such data to the product vendor, though this is for legal reasons, in case the product inadvertently sends personal data along with legitimate information about the malware itself."

Edit

Here is another little interesting excerpt from the same review:

"The Chief Research Officer of a major antivirus vendor cancelled his scheduled participation in the 2014 RSA Security Conference, in protest at collaboration by security company RSA with the United States NSA in the form of weakening security in its encryption systems. He stated that “RSA is hardly the only vendor facing scrutiny. He said that the trustworthiness of U.S.-based security and technology companies is quickly eroding, pointing to a letter recently sent to 20 of the world's largest antivirus companies by Bits of Freedom, a Netherlands-based organization focused on digital rights. In that letter, the group asked whether the vendors had whitelisted government-authored malware. Most of those companies gave a prompt response in the negative, but U.S-based AV giants McAfee Inc. and Symantec Corp. never replied”.

 

[Fritz]

No; that's equivocation.

You may call it whatever you want, in the end stuff goes where it isn't supposed to. *shrugs*

If you don't trust the company--Norton, for example--with access to your files, then don't install their software that has access to your files.

Couldn't have said it any better.

 

[Wingman]

Precisely, that's why I marked it bold as well.

This is why I prefer Emsisoft, they collect what is necessary to do their job and that's it.

There are few things to consider (Just to make it clear I do not work or represent Symantec )

1) All that information is within the EULA that users accept before installing the software
2)According to the report (2014) Symantec would have released a patch to remove user sensitive information (windows names etc)
3) If the data is already out to the criminals in a potential data exfiltration or phishing scam then the last thing I would possibly have to worry about would be Symantec having my data (Criminals by that time would have sold that to the underground forums anyway)

At the end of the day it's a trade off. They provide you a service and some of the items you specified can be removed (aka not send them to Symantec) BUT you will have to disable insight and/or sonar, therefore not utilising the product as you should be

 

[Rolo]

As per the test, it says the patch removes the user name. Is that the person's name for their Norton account, or the user name for the PC? So the data may or may not have an identity, but the contents are still there. Sorry many other things make sense as to why they require it, but this one is a head scratcher.

Because it's all part of the system's environment. This same "personal" information is included in a DXdiag, DOS environment variables, and the Farbar Recovery Scan Tool required by MalwareTips' Malware Removal Assistance.

It's, by definition, personal information but it is of no significance in this context.

 

[Fritz]

Because it's all part of the system's environment. This same "personal" information is included in a DXdiag, DOS environment variables, and the Farbar Recovery Scan Tool required by MalwareTips' Malware Removal Assistance.

No, it's purely included because they can. For whatever magic reason Ahnlab, Emsisoft et.al. seem to do just fine with the info handed to them.

It's, by definition, personal information but it is of no significance in this context.

When documents other than executables are transmitted in the clear by my AVs whims, which might be intimate pictures, tax forms, medical or other stuff, it's of so much significance I don't have words for it.

 

[Rolo]

When documents other than executables are transmitted in the clear by my AVs whims, which might be intimate pictures, tax forms, medical or other stuff, it's of so much significance I don't have words for it.

You quoted me out of context when you separated it from the prior sentence. I wasn't referring to personal documents; that was addressed by Norton giving you the option.

 

[RoboMan]

I love these kind of threads

To reinforce aforementioned statements, if Emsisoft is working along with you, there's no reason to change. Emsisoft's Behaviour Blocker is really accurate and efficient.
On the other hand, i've never ever seen any module beat Norton's SONAR. It's really complete and secure.
Both have pretty good detection ratios as well.

But at the end of the day, and i never get tired of saying this, we are protected by behaviour blockers and heuristics mainly. Antivirus detect kind of the same percentage of malware and most of them fail on zero day malware. Meaning this, choose the product that suites the best for your OS, the one that doesn't slow down your system and makes you feel protected. Combine, combine products. Create your own efficient combination (e.g i used to have CFW + Avast Free + VodooShield and it was really awsome).

Once again, just choose what suites the best for your system and forget about trouble. I'd say keep with the good Emsisoft. Still, if you want to give Norton a try, it is really worth. Stay safe.

 

[Solarquest]

I agree, all 3 provide great, in my opinion the best (as of now) protection.
KIS and Symantec need to be tuned-up to provide this great protection, Emsisoft is "ready to go"doesn't really.
If privacy is important to you, you are safer with Emsisoft.
How old/fast is your computer?
Kis and Symantec might be heavier on resources than Emsi when tuned up.
I would try Norton, than Kis....this way you'll know what you like most (and your computer).
Since detection/protection varies by time, this way you already know 3 of the best AV available.

Update: I almost forgot...as of NOW, in my opinion, Kis has a noticeable better static detection and a great behavioral detection, Emsi has a decent static and an excellent BB, Symantec is somehow in between of the 2 with good static and great BB.

 

[giants8058]

I agree, all 3 provide great, in my opinion the best (as of now) protection.
KIS and Symantec need to be tuned-up to provide this great protection, Emsisoft is "ready to go"doesn't really.
If privacy is important to you, you are safer with Emsisoft.
How old/fast is your computer?
Kis and Symantec might be heavier on resources than Emsi when tuned up.
I would try Norton, than Kis....this way you'll know what you like most (and your computer).
Since detection/protection varies by time, this way you already know 3 of the best AV available.

Update: I almost forgot...as of NOW, in my opinion, Kis has a noticeable better static detection and a great behavioral detection, Emsi has a decent static and an excellent BB, Symantec is somehow in between of the 2 with good static and great BB.

I have noticed that as well in the Malware Hub in regards to Emsisoft, but with personal testing its static testing seems to perform slightly better than Kaspersky, and overall offers great protection. The BB seems to pick up anything the signatures miss. I've been using samples from Testmyav.com, virusshare.com, and malware infected url's, but in your opinion from your personal testing, do you think Emsisoft's static/dynamic detection really has fallen off somewhat lately or is it just normal variability?

 

[Solarquest]

In my opinion Bitdefender's signature are not" at their best" in the last month.
Other users in other forums saw the same.
Of course it can be discussed if the missed ones are rare ones or not and that they are nothing compared to the 300k new/day...but I still think static detection is not as good as before, at least for new malware.
BB compensate incredibly well most of the time so total protection is still at top level in my opinion.
I'll try the sources you mentioned above in the next time, that might also influence detection.