Norton AV/IS 2012 BETA Get started!

Anyone care to explain me this, tis confusing..


Protection



2012 introduces several new technologies to combat emerging threats.



Fake AV is one of the most visible and wide-spread threats that Internet users face today. Fake AV pretends to be security software and tempts the user to pay for it. Even worse, it can install additional malware on the system and claim the system is clean. New for 2012, we’ve included SONAR 4.0 and Norton Power Eraser 2.0 to help our customers combat Fake AV.

So they say Sonar 3 wasnt working properly in terms of removal of the fake AV's or what?? and on top of that does the same include the NPE 1??

 

There's not much to conclude from the fact that one person could not completely remove the beta with a version of NRT that doesn't support the beta.

 

In my experience NIS 2010/2011 are not particularly good at blocking/removing fake AV. I think they're just saying Sonar 4 works better.

Note that fake AVs get past many AVs. Apparently they are difficult to identify.

 

Hmm as i tought, ok thanks for clearling out

 

Good luck explaining the difference between fake AVs and any other trojan dropper, oh..besides the visual aspect.


Another over-advertised AV fails..no news there. An HIPS detects special file-system/registry/network access and halts the process and dictates outcome based on human-intervention or configured actions, or at least they are suppose to xD

Here is what is really sad: Malware cant hide what they are doing from these engines till they get a rootkit loaded..most of them don't even attempt to get past these sensationalized HIPSs, it's just a convenience to the malware-author that most industry professionals are staggeringly incompetent.

Pay me six figures a year..I'll proper it in under an hour only using API programming 101 stuff xD

 

How many times do I have to retype that the NRT also doesn't remove the drivers properly for Norton Internet Security 2011?

 

First of all it would be helpful if you could document that the correct version of the NRT doesn't completely remove NIS 2011 so others could try to reproduce it. I'm not saying you're wrong, but these things need to be reproducible otherwise they remain anecdotal.

Second, this doesn't speak to the current situation of trying to use a version of the NRT that does not support the 2012 beta. Once we have a version that Symantec claims will properly remove the beta then we can see if they're correct. More likely though we won't see a version of the NRT that supports 2012 products until after they're released (but that's just an opinion).

 

Try yourself.

1. Install Norton Internet Security 2011, run the LiveUpdate, run a quick scan. Reboot your pc.
2. Uninstall Norton Internet Security 2011 with the option delete all personal data etc., reboot your pc.
3. Download the very latest version of Symantec Norton Removal Tool, run it, reboot your pc.
4. Delete the Symantec Removal Tool, reboot your pc.

Look at these places:

- Desktop and Start Menu in general
- C:\Users\Public\Public Downloads
- C:\Users\YOURNAME\My Documents
- C:\Users\YOURNAME\AppData\Local
- C:\Users\YOURNAME\AppData\Roaming
- C:\ProgramData
- Task Scheduler
- HKEY_CURRENT_USER\Software
- HKEY_CURRENT_USER\Software\SysWOW64 (64-bit only)
- HKEY_LOCAL_MACHINE\SOFTWARE
- HKEY_LOCAL_MACHINE\SOFTWARE\SysWOW64 (64-bit only)

And most importantly the legacy drivers, you could look at:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root
and
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root
and then locate LEGACY_SYMandsomethingelsehere (multiple) and LEGACY_ERASERUTILITY (not sure of that name)

Or preferably:
1. Start "Run"
2. type: set devmgr_show_nonpresent_devices=1
3. Open up Device Manager
4. Go to the menu Show -> Show hidden devices
5. Navigate to Non Plug 'n' Play devices
6. Find everything which is related to Symantec, most start with SYM/sym/Sym but their is also a EraserUtility or something like that which is part of Norton (improper removed drivers are grey instead of black).

What you will eventually find out, is that there are still many traces after running the Symantec Norton Removal Tool (however that NRT will maybe clean something of the first items mentioned, before "And most importantly...").
And the most silly thing, is that you will find registry keys related to the Norton Removal Tool (SymNRT). Also, dependant on the situation, maybe a ProgramData or AppData (Local or Roaming) folder related to SymNRT, not sure of which of the three folders though.
So you use a the NRT do remove traces but what it actually does is add atleast one trace, nice.

 

LEGACY_# is managed by Windows itself so application uninstallers aren't allowed to remove them forcefully, as that is related to Last known system config. Windows boot option (I think). And, no, such LEGACY_ shouldn't present a problem when it comes to installing/using other suites.

 

True, but if the drivers are properly removed, which they arent because they are still there in Device Manager. They shouldn't be there anymore in the LEGACY_drivers. Like most other security vendors do (Avira, ESET etc.)
But I agree with you I should have just skipped the part of the Enum\Root and just continue with the Device Manager part. If you right-click a driver in Device Manager and click uninstall the LEGACY_keys will be deleted too.

 

That is some serious detective work. Have you tried this on any other machines to if it's consistent? I'm aware of the problem of driver traces in the "non plug and play/hidden devices" menu. I've known other programs do that. I agree that none of this is good. I wonder if the other suites do a better job of uninstalling themselves? Is NIS noticeably worse?

 

Indeed it is quite some work.

I have done it at my main machine, no VirtualPC or whatever.

I have tested quite some programs.
AVG: loads of hidden drivers maybe even worse than Symantec
avast: loads of hidden drivers, however the unintall utility does it job thoroughly
Avira: perfect
Kaspersky: after running all available cleaning methods there is one or two hidden driver
McAfee: same as AVG
ESET: 2 in case of NOD32, 3 incase of Smart Security, however the ESETUninstaller removes them thorougly.
Prevx: 2 hidden drivers
G Data: not a bad uninstaller
F-Secure: not a bad uninstaller, does leave some other traces though, also after the uninstaller utility
BitDefender: not a bad uninstaller
Webroot: pathetic
MSE: it does create hidden ddrivers with random names for self-defense, don't get uninstalled, also tasks in the Task Scheduler
Panda: really quite good, no drivers, just some ProgramData / AppData stuff

Summary: Webroot, McAfee, AVG are the worst, followed by Symantec.

 

I agree that the uninstall issues with the beta are not a valid point of critique about Norton. I just hoped they have improved it for version 2012, but that is sadly not the case.
In general I should say, like I said earlier, that protection- and performance-wise Norton is a great and easy to use security suite. I just can't help I hate Symantec's influences (accounts, activity maps and other useless stuff, pricing).

I do apologise for my annoying, unnecessary posts. Let's talk about the real product again .

 

If this is the same for others and ESET, avast! and Avira can be completely removed, how is this not a valid point of critique about Norton?

 

Sorry, made an type error. I improved it now. It is not a valid point of critique for this beta, but it is for final versions.

 

All I'm seeing is a "temporary export restriction" for this beta, seen here:

http://us.norton.com/beta/restricted.jsp?pvid=restricted

Maybe should log in to MyNortonAccount (or whatever it's called) and try from
there? Or, strictly speaking is this presently only for US, and not globally available?

 

i think norton 2012 will be perfect
but the problem its will take long time until the final release
so i will wait 2 or 3 month when the final V of norton coming

 

Installed norton BETA yesterday night running well but still can feel a performance lag my system using Win7 32bit ultimate

 

Other specific difference I found in this BETA is in quick scan norton specifically scans for the fake AVs I still know how many types norton was searching for possible infection of fake AV and I guess this database will keep of updating. Nice job norton

 

Oh! Really? Tell me more? Have you created one before? Are you a malware author in disguise?

Thanks.

 

Just long enough for it to install and run a scan then..

 

.

Norton 2012 Betas Earn High Marks from AV-Test.org.

ARTICLE DATE: 04.20.11

Public beta testing for the 2012 Norton security products began last Friday. In the few days since, German antivirus test lab AV-Test.org has worked up initial impressions for Norton AntiVirus 2012 beta and Norton Internet Security 2012 beta, and both products definitely made a good first impression.

Norton detected 98.87 percent out of almost 150,000 very recent malware samples, beating the current industry average of 97.71 percent. In both on-demand and on-access tests, it detected 100 percent of widespread "WildList" malware. Since all current products detect 100 percent of those samples, this success isn't surprising.

AV-Test also challenged Norton to detect, terminate, and clean up about two dozen active malware samples. It detected them all and successfully removed 95.7 percent of them. The average program in this test detects 95.2 percent, removes the active components for 85.7 percent, and fully removes just 47.6 percent. Norton also detected and removed 87.5 percent of active rootkit samples, compared to an average of 56 percent.

The lab didn't report any measurable slowdown of system operations in daily use, and reported that after the initial full scan, subsequent scans cut 85 to 90 percent off the scan time. Norton also correctly refrained from identifying any of 250,000 valid files as malicious—zero false positives.

The final test challenged Norton to detect and prevent active attacks by malicious Web sites and malicious downloads. It correctly warned and blocked all but one sample, for a success rate of 96.8 percent. The average product detects 80 percent of these threats and successfully blocks 64 percent.

Overall, the Norton products put on a stellar performance, achieving above-average results in every test. AV-Test will replace Norton AntiVirus 2011 and Norton Internet Security 2011 in their ongoing tests once the 2012 editions are actually released. PCMag will put them through a thorough evaluation at that time as well.

http://www.pcmag.com/article2/0,2817,2383871,00.asp

 

Haters gonna hate

 

I didn't expect to be impressed from the screenshots because it didn't really look different enough from the 2011 but I went ahead and downloaded it and I can say that I definitely look forward to the final.

 

A test of the NIS 2012 Beta by AV-Test:

http://www.security.nl/artikel/36885/

Edit: pfft - the same article as above lol