NIS 2013 x64 Users - A Must Read!

in the real world has anybody actually had any issues with the lack of some of these features using 64bit os,or is it all just theory/conjecture? Its a little like crash testing cars,if you read the results and go solely by those only one or two models would ever sell,in the real world in real "everyday" accidents the differences in protection is minimal,as long as you're not a complete lunatic,same with the "top" av products,used with a bit of common sense and correctly configured there isn't much to choose from a protection point of view,the main deciding factor for me nowadays is the protection offered compared to system hit along with product support

 

What some seem to be forgetting here is that most tests don't say much about a lack of protection of 64 bit. They are just detection tests(whether on-demand or more real world.) The parts that rely/relied on kernel access are HIPS/Sandbox/Antilogging etc and those components are generally not tested or used in those tests.(Or limited such as with Avast AutoSandbox.) The only organization that tests effectiveness of HIPS is Matousec afaik, and I know none that tests how good sandboxes are at properly containing threats. For antilogging there are some results in the MRG banking tests, but those have a more limited scope.

Not really, security suites would need to be in the kernel all the time if they wanted to do their job properly from the kernel(whether kernel access is necessary is debatable, but if they use it, they need it permanently), whereas malware could be in the kernel, do it's purpose and be done, or it with the kernel access it could disable security measures and stay on the system without needing kernel access. Also, malware can use holes in patchguard to bypass it, if a security company would do this as well, and microsoft would release an update which would fix the hole, then the security product would continually BSOD the system and the company would lose tons of customers. For malware writers this isn't a problem of course and they can release updates way faster to work around the patch, because they don't need extensive testing to keep customers happy.

 

doubt a BSOD would be seen as an issue to malware writers!

 

The most serious of the missing x64 protection in NIS 2013 is lack of code injection protection. This means your only protection against zero access is Norton's signatures. Recent security testing sites zero access test results have confirmed this.

The best no cost solution at the present time for NIS 2013 x64 users would be to install Microsoft's EMET 3.0. Unfortunately, this tool needs to be tweaked and is not for non-techies.

Also for anyone who does a lot of e-commerce activities over the Internet, the lack of x64 keylogging protection is a serious security issue.

 

The problem is when security software fails to stop malware it's hard to know why. I've seen a number of occasions where Norton products have failed to stop rootkits and scareware/ransomware. Unfortunately I didn't think to check if that was on 64 bit or 32 bit Windows (it would have been a very small sample set in any case). I'd like to see tests designed to specifically test the effectiveness of security software in 32 bit Vs 64 bit environments. Then we would be able to see what, if any difference it makes. Also, if you could know that a certain aspect of protection is weaker in 64 bit Windows you could choose to compensate in some way - maybe use an additional product that covers that attack vector better. I prefer to not just trust vendors and hope for the best.

 

Rootkits are rare on WIN 7 X64. However to pick a bone with NIS 2013, why is boot protection turned off by default?

Scareware and ransomware are in most instances unwittingly let in by users; usually by clicking on a infected e-mail or web page link.

Some AV test labs do. AV-Test for one tests under different platforms. However, the labs are testing overall effectives in all security and performance categories. Running extensive tests in each category would be cost prohibitive I would believe.

 

you will find all products(well nearly all products) are by=passed from time to time,most times are down to the person using them not being "sensible":-we even have PCs brought in where user has turned off their AV protection because "it kept stopping me from down loading something" most though are folk with elapsed licences ,especially with trials on PCs bought

 

Norton boot protection is another example of a poorly documented feature which results in users not knowing how best to set it. I asked about it some time ago in the Norton forum and was told by some people that it was OK to leave it OFF since boot protection was turned ON automatically if something was detected during a scan and needed cleaning during the next boot. So I asked why the option to enable boot protection was provided if it wasn't necessary and got no answer. There's no way to know if turning it ON and choosing "Normal" or "Aggressive" provides better protection. You may as well flip a coin.

My reference to Scareware/Rasomware was just an example. The attack vector for malware is often the action of a unaware user (clicking email links, etc) and has to be taken for granted. It's appropriate to test security software against these threats.

 

I agree there's a lot of user incompetence out there. Obviously it doesn't matter what security product someone uses if they turn it off or don't keep the subscription active. That doesn't mean that all security software is created equal and it's sufficient for the user to keep it registered and turned on. I've seen many instances where systems are infected while running fully enabled and updated security software. As you say any product can be bypassed under some circumstance, but that's why we have tests and reviews. We're looking for best in class.

 

best in class seems to change from month to month or even between updates(!)the best we can hope for is a product which is reliably near the "best in class" combined with a user friendly way of working,no point in being best in any class if 90% of PC users can't configure it and because the "best in class" label can be very short lived

 

Are the features in question only on its firewall - is Norton Antivirus the same under 32 and 64?

 

Agreed! No product can be "best in class" continuously, but what every product does and does not do under various circumstances can be thoroughly documented by the vendor if they choose to, and that brings us back to the original topic of lack of transparency Re the limitations of security software running on x64.

 

These are NIS featurers only since they are associated with its Smart Firewall.

NAV does have IPS which is an independent feature. Works pretty good by the way. It detected multiple hackkit intrusion attempts when I was running NAV 2012.

 

Comodo firewall has good (I think it was highest) results on the Matousec HIPS testing for firewalls on 64-bit.

Would Comodo be a good pair for Norton or is it not a good idea to run two programs doing various HIPS work?

 

Those options in the user-interface are greyed out on 64-bit and clearly documented on the website. How much more transparency do you want ?

 

Kindly post a link to that documentation, and which options specifically are greyed out when installed on 64 bit Windows? With regard to more transparency what I would like is for that information to be made more obviously available in the documentation provided with the retail product - is it?

 

I never saw anything greyed out. Nothing. Either those things were well hidden or that is incorrect. I would have been more accepting of these limitations if it had been made more evident. But I had never seen any of this before this thread started. In any case my machines are running better without it. I thought the connectivity issues I was having with my network shared drives was Windows 8 related, but with Norton gone I am no longer having them. And yes, I had both machines set as full trust in trust control.

 

Indeed, but if the computer is in an endless BSOD loop, then the piece of malware won't be able to fullfill it's purpose

 

Norton posts it here: https://support.norton.com/sp/en/us/home/current/solutions/v19134741_N360_N360RET_2013_en_us

And it is not buried; little lightbulbs next to each exclusion point to it.

But Norton, if it were really honest, would post it on the package of the product instead of on documentation most would never see. But that would hurt its sales, and no company would likely do that unless regulations made them do so.

 

Yes. This is similar to the web page accessed via NIS 2013 using topic NIS help. Like I said previously it is not so noted in the full NIS 2013 user manual. I also believe the link posted above is for 360 and not available for direct web access.

 

Is this similar to Avira's ProActive?

 

From 2010:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=108872

Avira AntiVir ProActiv is not available for 64 Bit systems at the moment. The new behavior-based detection technology Avira AntiVir ProActive which is integrated into the new version 10 of the products Avira AntiVir Premium, Avira Premium Security Suite and Avira AntiVir Professional right now is only available for 32 bit systems. There are technical reasons which prevent the support on 64 bit systems: the module right now uses the so called kernel hooks to monitor the system. Those kernel hooks are not available on 64 bit systems. Work on a technical solution for Windows Vista and Windows 7 64 bit systems is in progress. However, at the moment no statement concerning the availability can be given.

Not sure if still the same or not.

Edit: this thread indicates it still does not work with 64-bit: https://www.wilderssecurity.com/showthread.php?t=318958

 

Thanks. I was aware of this.

 

NIS 2013 even latest patch version has serious bug at firewall in Win8 x64, it cannot correctly handle network change, i.e. lan line plug from one router to another, and will cause Win8 cannot shutdown that need to force shutdown by power button.
So if saying NIS 2013 x64 missing some firewall features is meaningless, cause the program is very buggy and using it itself is a risk. Better use NAV instead without the firewall.

 

No, ThreatFire does work under x64. Only a small component of the firewall that used HIPS techniques to protect against code injection didn't work under x64 in PC Tools. Since the option is not there anymore, I guess they removed the functionality for 32-bit users as well.