App Review Norton Internet Security 2012 at its second fail

[Jack]

Yesterday, rynesandbergfan23 tested NIS 2012 , he basically followed the same methodology that languy99 used in his video test , ryan tested NIS with malicious links and then some malicious samples.
Watch the bellow video and then we can comment. Enjoy!

Norton Internet Security 2012 FINAL Test and Review
Uploaded by rynesandbergfan23 on Sep 20, 2011

 

[GabiCRX]

Zero Access humiliated Norton again.
Zero Access 2 - 0 Norton

 

[swftech]

And the Norton fanboys will be out in full force I'm sure defending their crappy security suite as usual by claiming this test doesn't prove anything. Only thing I know, is that Norton still fails in my opinion and I will continue to use a free alternative that is much better. Thanks for the video Jack!!

 

[mhartsellm]

Let me guess, that free alternative would be Comodo, now how did I know? :dodgy:

 

[Deleted member 178]

you have many free alternative: of course CIS, Avast , MSE, Rising, etc...

 

[GabiCRX]

But of course the number one option is CIS.

 

[jamescv7]

Even I use Norton but not a fanboy at all, seems its like the technique on how rootkits to be detected by Norton was bypassed easily.

 

[Deleted member 178]

yes but remember it is in default setting , if set to aggressive, i think NIS will detect it.

 

[win7holic]

my Norton AntiVirus just set like this. same setting was i used on my NIS test.

 

[jamescv7]

Exactly, default settings just give you optimum protection unlike aggressive a maximum protection.

 

[Deleted member 178]

you disabled one of the most important things...boot time protection...not good !

 

[win7holic]

you disabled one of the most important things...boot time protection...not good !

i don't need boot time scan.

probably just use hitman pro "scan computer daily during start up"

 

[Tom172]

you disabled one of the most important things...boot time protection...not good !

i don't need boot time scan.

probably just use hitman pro "scan computer daily during start up"

Still no harm having it enabled though. It doesn't increase your boot time dramatically.

 

[Deleted member 178]

strange behavior... you have a feature available in your main AV but prefer use it in the other apps

 

[win7holic]

you know why?
i just try it. and it very fast to scan. and, i get 1 year license for HMP. why not to use it?

 

[Jack]

yes but remember it is in default setting , if set to aggressive, i think NIS will detect it.

An rootkit as agreesive as ZeroAccess should be detected by SONAR no matter what settings are you using.SONAR is a great behavior blocker but as we've seen it can still be improved, I have no doubt that Mamutu would've alerted the user.
As I said in the previous test, Symantec should improve their File Insight technology. How? When a user attempts to run a executable,File Insight should check online the reputation of that file, similar on what Download Insight is doing for the downloaded files.

 

[HeffeD]

As I said in the previous test, Symantec should improve their File Insight technology. How? When a user attempts to run a executable,File Insight should check online the reputation of that file, similar on what Download Insight is doing for the downloaded files.

Exactly... There was a post on the Norton forums about Languys test (and a lot of conspiracy theories...) and people were saying the problem was that it wasn't a real-world test. They said, how many people are going to throw a folder full of malware at a security application?

In the real world, most threats come from the internet, and the internet shield portion of NIS would have detected the threat.

Ummm... Are you serious here folks? The point isn't that someone threw a folder full of malware at the application. The point is that your file scanning portion of your security suite missed something nasty... Why in the world would your net scan pick up something that your file scan wouldn't? If this is indeed the case, and the design methodology of your protection is weighted more towards net attacks than file system based attacks, I would definitely steer clear of Symantec for system protection.

I think file system attacks are every bit as 'real-world' as net based attacks. Are people honestly saying that CD/DVD/USB sticks aren't used anymore?

 

[Ink]

... If this is indeed the case, and the design methodology of your protection is weighted more towards net attacks than file system based attacks, I would definitely steer clear of Symantec for system protection.

fftopic:

I know this has nothing to do with Norton, but it's similar to how Snow Leopard's malware protection works (from 2009):

Based on an analysis of a corresponding preferences file called XProtect.plist, it appears that the feature checks for only two known Mac trojans. And it only flags those files if they were downloaded from the internet using Entourage, iChat, Safari, and a handful of other applications, according to this person. Files that were downloaded using Skype and dozens of other net-facing applications aren't covered, nor are files on DVDs and thumb drives.

http://www.theregister.co.uk/2009/08/25/snow_leopard_malware_protection/

 

[HeffeD]

I know this has nothing to do with Norton, but it's similar to how Snow Leopard's malware protection works (from 2009):

Yeah, that seems pretty inadequate as well... It protects against only two trojans? What is the point?

If these are the types of choices security vendors (I know Apple isn't a security vendor, but technically this applies due to their OS) are making for users relying on their software, it's a bit scary... :s

I would definitely prefer to be protected equally from all vectors of infection.