App Review Norton AntiVirus Plus 2024

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
Norton is a well-known American antivirus.
In the past, Norton was pre-installed on many commercially available computers. It had a reputation for being cumbersome, inefficient and rather annoying.
Since 2010, the publisher has completely redesigned its software.
For 2024, Norton (renamed NortonLifeLock then GenDigital following the acquisition of Avast & Avira) still retains its flagship software and offers little in the way of innovation, apart from a modified interface and its bright yellow alerts.
Let's hope Norton stays on the podium!



User interface :

Since 2023, Norton has changed its interface and alerts.
Gone are the minimalist, white alerts of yesteryear; Norton now displays details of its actions!
But I hate the color, with its gaudy, even aggressive yellow for the eyes!
As for the interface, it remains sober and easy to use.


Web protection: 10/10

Norton correctly blocked malicious URLs. It has very powerful Web filtering (with its Norton Safe Web extension) which stopped download attempts.
The anti-malware engine also reacts, deleting incomplete files when it arrives on the machine.


Fake crack : 1/1

During execution, the dropper was directly removed by Norton's behavioral module! (SONAR detection)

Malware Pack : Remaining 24 out of 503 threats.

During analysis, Norton failed to remove everything (Expiro and Tempedeve infection) which requires manual removal.

At runtime, Norton is overwhelmed with work due to its poor detection of VBS/JS attacks.
The VenomRAT Trojan will try to connect to its C&C server, but Norton will bombard me with warnings that it is blocking the connection.
This is a good thing, but the machine is still infected.
Other malware is also present, such as the AndroMeda backdoor (the firewall blocks the connection), but also the dreaded AgentTesla, which managed to install itself without detection and managed to connect!
Personally, I'm rather disappointed with the result - Norton can do better.

Final scan :

Norton : 0
NPE : 1 (AndroMeda BackDoor)
Autoruns : 2 keys
KVRT: 1 (AndroMeda BackDoor)
Emsisoft : 2
Malwarebytes : 5

Final opinion:

Norton is a fairly user-friendly and comprehensive family antivirus.
It provides several defensive shields against malware.
Web protection is very good, and Norton has made great efforts in this area.
This is not the case with the pack. Although Norton is still very powerful on EXE malware, it clearly isn't on more devious JS/VBS/JAR malware.
I get the impression that Norton is resting too much on his reputation at the moment...
The machine is infected by 3 Trojans, 1 of which manages to connect.
My recommendation for Norton is compromised. It loses its place on the podium.
I have mixed feelings.

@Jonny Quest and @simmerskool request
 

Bot

AI-powered Bot
Apr 21, 2016
4,449
Thanks for the detailed review. It's clear that Norton has made improvements over the years, especially in web protection. However, it's concerning to see the shortcomings in dealing with JS/VBS/JAR malware. Your feedback will surely help others make an informed decision.
 

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
@Shadowra What is your current top list of antiviruses in terms of effectiveness against scripts?

I don't make lists, but I can give you the ones I've seen in tests that are the most effective for me :)

=> Kaspersky, BitDefender, DeepInstinct, GData (thanks to BEAST and DeepRay), Microsoft Defender (it may let some through but blocks many)
 

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
Hi Shadowra, thanks for sharing the list.
What about F-secure? I thought that one was also on your favorite list.

The last time I tested it, it put up a good fight with DeepGuard, yes :)
But the Avira engine is pretty average on scripts. It can be used, yes, but when faced with an AgentTesla, there's a good chance it'll get through.
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
When doing Security product tests against malware, more important than the number of samples used is the quality and diversely of these samples.

Different mechanisms (ransomware, keyloggers, data stealers, etc.) and different forms (exe’s vbs, Jscript) must take priority over blind harvesting from the usual places of the most recent stuff which often includes close duplicates and total junk.

For this test the malware selection was done much more thoughtfully, thus making the final results a great deal more valid than the stuff from the Pros and the non-pros (except for my drivel, of course).

Thank you, S for taking the time to do this.
 
F

ForgottenSeer 109138

When doing Security product tests against malware, more important than the number of samples used is the quality and diversely of these samples.

More important than either is "how" the samples are introduced. Unless all you testers want to patent your teleportation devices you use to land malware on the desktop.

I do not care my opinion is not popular, but it is reality either way. These products are designed a certain way with modules in layers and testing them incorrectly and judging them from it seems ludicrous. It was mentioned in another thread of sending this test to Norton, and I can tell you right now, the folks over there will state the very same thing about the route of infection.

So while these tests are entertaining and appreciated by users here there is a reason again that the threads come with a disclaimer at the top.
 
  • Hundred Points
  • Like
Reactions: Khushal and Trident

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
More important than either is "how" the samples are introduced.
A file, whether something legitimate like Malwarebytes installer, or something malicious like a Data Stealer must be executed from somewhere. It could be from a CD, or it can be from Windows Temp, or it could be from a random directory, or even from the Desktop. Any of these is an equally valid way to run a file.

A file to be run MUST reside somewhere on the drive or in memory- but even here something must first initiate it from somewhere else. It is also possible to combine these 2- the execution of a otherwise legitimate binary that connects out and acquires a self initiating malicious file the effects of which would be indistinguishable from teleportation.
 
F

ForgottenSeer 109138

A file, whether something legitimate like Malwarebytes installer, or something malicious like a Data Stealer must be executed from somewhere. It could be from a CD, or it can be from Windows Temp, or it could be from a random directory, or even from the Desktop. Any of these is an equally valid way to run a file.

A file to be run MUST reside somewhere on the drive or in memory- but even here something must first initiate it from somewhere else. It is also possible to combine these 2- the execution of a otherwise legitimate binary that connects out and acquires a self initiating malicious file the effects of which would be indistinguishable from teleportation.
No matter how you slice and dice it, the file has to come through the front door either way.

Notice in all these tests, most products have the same highly developed webfilters. These forward facing modules have been hardened for a reason. Downloads being scanned may very well be intercepted long before execution ever gets to take place, whether directly from the desktop or calling out to the command and control to drop the payload. Most products focus on prevention before execution, then rely on other modules should the item pass through that layer.

Im not sure how you do not understand this.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
A lot of products apply much more aggressive monitoring on downloads. This helps boost security “at the point of entry” whilst still minimising false positives.
Avast Cyber Capture, McAfee Download Advisor, Microsoft SmartScreen, Eset LiveGuard, Check Point threat emulation are just examples.

Norton uses Norton Insight (Which includes File Insight, Threat Insight, Performance Insight, Download Insight) which takes into account whether the file was downloaded and even, was it a trusted website or not.
Norton applies more aggressive heuristics both pre-execution and post-execution (in SONAR) when files have come via untrusted downloads.
Furthermore, Symantec/Norton apply “sandbox” around untrusted processes and execution chains.
It can all be supported with the relevant documentation and blog posts.


Norton provides additional security through their IPS system which is the only viable implementation of IPS for Windows that is deployed with one click and blocks high volume of malicious traffic.

That’s not to say that it is perfect or impenetrable (nothing ever is) — Norton is designed to provide enough security for real life users in real life situations. When Norton deems that new protection methods are necessary, the STAR team promptly releases such via program updates, SDS (static data scanner) logics and SONAR rules.
On business environments where scripts are issues, Symantec/Broadcom offer email security, as well as Symantec Adaptive Protection which blocks LOLBin calls (from one to another) or their execution all together .
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top