Norton 2013 Products Final Released.

Is there a way within the GUI to see what apps are not rated? Assume so based upon your last sentence.

I was just surprised to see it drop from 92 to 91 percent in just a few days. So there is no scan to run to improve the ratings of any apps?

 

Thanks. So basically it seems like this feature is one to be ignored.

 

1. Click on Advanced from the main NIS GUI screen.

2. Under Computer Protection, click on Application Ratings. This will display by default the ratings of all currently running apps.

3. If you want to change Norton's rating - be careful here - click on the app you want to change.

4. The File Insight screen will display. In the lower right corner of the is wording, "Trust Now." This will change the app rating to trusted.

 

The scan that determines the Trust Level shown on the main window is listed as Norton Insight in Norton Tasks (reachable from Performance). You can see when it was last run and run it manually from there.

On my Mum's computer, I just ran a Full Reputation Scan and Norton Insight. The Full Reputation Scan showed 81.2% files to skip but it was only after the Norton Insight scan that the Trust Level on the main window dropped from 82% to 81%.

On the other hand, selecting All Files in Application Ratings shows 82.3% files to skip.

 

Well, like so much of the Norton technology it's automated and tends to take care of itself. Most of the time letting it do its own thing is sufficient IMHO. In general I feel the Norton line is still a good product, but it's less trouble-free than it used to be and I dislike some of the design choices. For instance I feel "performance monitoring" is useless at best and actually creates performance problems on older PCs. And the last heard it was still auto-deleting what it decides are risky files without giving the user a choice - unacceptable.

 

It may possibly still do this but I have not honestly seen this problem in the last several months. It was the reason I would not use it previously but they must have done something to reduce the problem. I would have dumped it if I was still having that issue.

 

NIS is designed for the masses and as such, runs in automatic program control mode by default.

Automatic program control can always be turned off and one will start getting firewall alerts for everything. Again not recommended for the average non-technical user.

My main gripe with NIS 2013 is it is using the Trust model now for firewall rules. If a process is trusted, it is given unconditional inbound and outbound access. Norton is not alone with the use of the Trust model. Many other vendors are migrating to it.

 

Ran a reputation scan last night and the percentage actually dropped a bit lol. Guess the whole community rep thing is not that great of a model, except for people who no nothing about security.

 

I may disable the performance part of it as I have no use for it. The auto-delete stuff I can't speak to as of yet, but if it does kick in I will ditch it in a heartbeat. That's been a concern in the back of my mind and why I was hesitant to run it again.

 

Stupid question.

Why is Norton never a part of av-comparatives? Seems kind of strange. Would love to know how they rate since I am running it on my home pc now.

Also, got the latest update at some point yesterday on my pc. Feels a bit heavier now, weird. Will be keeping my eye on it.

Thanks.

 

They didn't want to take part in the on-demand scan tests, and so they weren't allowed to participate in any of the other tests either.

 

Thanks. Kind of crazy for such a large company no?

 

Well, Norton rarely performs well in signature tests, so an on-demand test might show them performing quite poorly, much worse than they would in a "real world"-scenario where all components of the program work together.

 

At Page 2

http://community.norton.com/t5/Nort...in-AV-Comparatives-testing/td-p/672299/page/2

 

What I write here is speculation. Two reasons:

1) Norton uses Smart Definitions instead of Full Definitions by default. This definition set may have lower overall detection rates in on-demand tests as AV-C tests with default settings. This change was made at about the same time Norton decided to exit AV-C testing.

2) Insight has a chance to produce false positives on obscure files or safe files with invalid or expired digital signatures/certificates. On AV-C's clean set, this might increase the FP count.

They exited from VB RAP as well, since that test is highly dependent on update frequency.

To get a rough idea of detection rates, you can look at the results of PC Tools. Norton should be about the same, or worse (due to smart definitions being used by default).

 

Thanks for the replies all. Makes me kinda second guess using their product now though however. Not to say that these tests should be a final decision for someone to choose an av, but at least be a part of it.

 

I would advise anyone who wants to know everything about NIS 2013 to download the user manual for it; all 547 pages!

Here is the scoop on Smart Definitions. NIS can use either of two sets of virus definitions; complete and core. The core set is a subset of the complete definitions and contains 30% of all the complete definitions. This subset is know as Smart definitions. It contains definitions Symantec views as critical in detecting the most severe and current malware threats. Live Update by default is set to only download the "Smart" definition subset. You can change it to download the the complete definition set if you so desire. Symantec warns this will have a "signifigant" impact on virus scanning performance and will also impact app performance such as your browser.

This being said, it would seem logical to assume NIS 2013 would do reasonably well on A-V Comparatives on demand testing which is primarily testing of recent and zero day threats.

I believe Symantec bowed out of the A-V Comparatives testing feeling it was biased.

Also the previous statement about NIS being an integrated solution are correct. It is designed by default to use all it's components to detect malware. PC Magazine illustrated this in their testing of NIS 2013.

 

Norton updates more frequently than any product I have used.

 

Most leading products today are leaning more towards cloud protection so updates are less significant in that sense.

 

Sorry to go offtopic but does SEP have a hidden option to select smart or complete set for virus definitions?

 

As has been said, Norton sends 'Pulse Updates' every five minutes.

And the last time that AV-Comparatives tested Norton and PC Tools together Norton outscored PC Tools by eight points. Sonar is the difference.

 

Not SONAR but rather Insight. AFAIK SONAR is just the behaviour blocker technology, it wouldn't be very helpful for on-demand scans.

The last time both products were tested, PC Tools used the Smart Definitions (Compact Database) by default and Norton used the Full Definitions by default. This has been inverted since 2012 (PC Tools now uses the Full Definitions by default). Still, Norton has Insight that PC Tools doesn't. That's why I say they'd both be scoring similarly.

Pulse updates are for recent outbreaks, some of them have signatures for malware counted in single digits (they are similar to the "emergency DAT" that McAfee provides for instantaneous detection after a file is analyzed to be malware until they release the next update). It still doesn't hold a candle to the hundreds that a vendor like Kaspersky or BitDefender (sometimes) adds on an hourly basis. The "real" definition updates occur 1-3 times a day for Norton and they contain the "beef" of the signatures. That's why in theory they will not be the best in RAP (but they should do pretty well). RAP is a linear graph that relies on both proactive and reactive detection - the vendors with best reactive updates (quantity, quality) along with good proactive protection do best there.

 

Yesterday I was shocked to see how big and how huge the full Norton/Symantec program definitions (only the installer for them) have become - over 180 MB:
http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=n95

And the Norton Internet Security installer - about 140 MB:
http://us.norton.com/support/redirects/redirect.jsp?type=latestnis

This is very much and there numerous smaller / small / tiny programs but still very or even more effective.

 

Yes, Symantec's full definition set is very huge, takes a lot of memory and slows down the scan process. That's why they decided to "skim" the database a little and created the "Smart Definitions".

Speculative reason for the huge size is that Symantec is trying to maintain a common database format for a large number of products (Symantec Cloud Protection, SEPS, Norton, PC Tools) to allow easier deployment of updates.

I still think it's a decent idea to continue using the "Full Definitions". "Smart Definitions" are based on a "rotating target" - signatures are added or removed from this database based on what malware is currently in prevalence. Symantec has a lot of generic signatures - removal of an old generic detection may also reduce the chances of detecting a similar new malware, at which point they will have to add that signature again to the "Smart" definitions.

The window of opportunity is less for this to happen, but it is a real scenario. It probably might be affecting some AV-tests somewhere as well.

EDIT: Just checked, the full database unpacked comes in at ~360MB

 

This is a disaster