NIS 2008 v/s Symantec Endpoint Protection 11

Hello people
I am interesting what do you think about comparision these two Symantec products? One thing i know is that Symantec products always updates one day earlier than Norton's. Are these products really differents? and if so why?

 

i always wonder why doesnt symantec just make one product for both home users and business. why two different products?
im sure more home users would buy from symantec if they got the highly configrable symantec end point product.
lodore

 

Only difference I know of is the firewalls (not to say that this is the only one). NIS uses Norton's own firewall and SEP 11 uses Sygate.

lodore I remember one of your wishes was that the corporate and home editions have the same system impact. According to someone in that other thread I started SEP11 was a little heavier than NIS, lol.

Sorry I have been away for a while. I screwed my computer up by installing Vista SP1 beta on it and had to reinstall. Since I am convalescing from hernia surgery anyway at least it gave me something to do, lol.

 

Hi midway,
thats quite funny
nis2008 only supports windows xp and above doesnt it?
if so i cant try it on my windows 2k pro test pc.
the beta of symantec end protection 11 worked on windows 2k pro.
lodore

 

Yeah that is the only thing about it, it only works won XP SP2 and Vista

One review I read (I can't find it now) said that it would run only on Vista with a minimum of 300 MHz processor (like Vista would run on that processor, lol)

 

End Point is suppposed to support business pcs, and NIS is supposed to support home pcs. IMO, there are many small-to-large companies still using Windows 2K. Therefore End Point's support scale is larger than NIS.

 

Symantec offer IDS definition is faster than norton products, but that does not mean "symantec" offer better protection than "norton", you will find some feature you don't need on "symantec", and it is really heavier than "norton", but as refer to experience, some guys may like "symantec" interface and configuration.

 

Endpoint 11 is different (and better I think) than the Norton products because it also incorporates the functionality of the Norton Antibot behavior blocker/analysis stuff. So Endpoint 11 has an excellent AV, the Sygate firewall functionality, and also the behavior blocker all in one. It's a great security solution IMO. Only issue I had with it was it severely slowed down my Xp startup. Boot was normal, but right before the desktop showed up it just hung there for quite a long time before everything became available. After that, performance in general was fine. Just a slow startup thing..

 

Yeah, I also noticed the ridiculously slow startup of my system with SEP 11 (also, the shutdown is slowed down, though not as bad as startup). Othervise, it works very nice, no slowdowns once the system boots.....at least not major ones

 

There are a million reasons why SEP is different from NIS. The biggest reason is central manageability with uses MySQL by default by you can add MSSQL, Oracle etc, integration with Active Directory.

As far as protection features go SEP has over NIS:
- Device Protection - the admin can set a policy that says that no one is allowed to inser USB drives
- Buffer-overflow protection
- Sygate firewall. There are some feature overlap between this firewall and the one in NIS but there are some that are missing like IPv6. The NIS firewall has IPv6 support.
- Better interface configuration support - e.g. the administrator can configure all laptop users to only allow them to connect to WAPs that have Security enabled

Overall SEP is targeted to the enterprise and provides the admin a way to control will a lot of granuality a large number of machines with ease.

 

Hi, you must be taken the SEP training courses. I didn't notice the Buffer-overflow protection, doesn't it use the system and hardware offered or use the tech like used in Unix?

 

It's really that SEP 11 have AntiBot functionality? ? ? If so I think SEP 11 offers much better security than NIS 2008. Don't you think ?

 

Hi tsilo,

Well, I'm interpreting it to include Antibot functionality. I'm running it now, and here's what the protection is on the main GUI menu:

1) Antivirus and Antispyware Protection
2) Proactive Threat Protection (zero-day protection against unknown threats)
3) Network Threat Protection

I take #2 to be more or less Antibot functionality. If I am wrong someone correct me, but the idea seems to be there. It has settings to scan for trojans, worms and keyloggers etc. It may not be as full featured as Antibot, I'm not sure.

For me, with the router, SEP 11 seems to be all I need here. Performance is very good as well, just the initial startup delay is the only issue.

 

it does include HIPS, but is it anti-bot, i aint sure.

 

Sounds similar to threatfire

 

I haven't seen anything to indicate that AntiBot was incorporated into SEP 11. The Proactive Defense it speaks of could easily be Bloodhound/SONAR.

In fact a lot of reviewers has chided Symantec for not incorporating AB into its products but go to mention that it's exclusion is a business decision.

 

I especially find it strange (to say the least) that Antibot isn't part of Norton 360. The so called overall protection lacks the protection that AntiBot gives. Stupid.

 

AntiBot was realased after Norton 360. I think in future AntiBot will part of NIS, maybe NIS 2009 , in any case I have big desire

 

SEP 11 has settings under proactive protection regarding keyloggers and remote control programs. For example, commercial programs in these categories may be excluded. Are thre settings like these in Anti-Bot?

I actually like this suite, running under Vista on a high end notebook. The only problem I could find was the firewall setting to "block all connections until firewall starts" caused a lock-up on wake up from sleep. This sort of setting has caused problems with other firewalls on other systems.

In testing with super pi, a slowdown of 2% was noticed, as compared to either Nod32 or Avira (without mail scanning loaded). No start up or shut down delays, although I generally use sleep. The Vista system I am using right now has not been booted for 5 days, so it just might be stable.

If you can get this from your employer or university, go for it.

 

Diver, are you using the built-in firewall? I was just curious as to how users got on with it's lack of outbound notifications?

I really want to like this suite, but I can't decide whether to install a different firewall and just have the Endpoint AV/Protection, or to install the whole suite and have no outbound notifications.

I DO like to feel I have some control over what accesses the network.

 

i tend to disagree, i think norton will keep it absent, as they make more money this way.

its all about the Benjamin's for them.

 

I don't know what to believe. Most of what I read about Symantec's intention with AB is to leave it as a standalone. But then I read this from PC Mag's review of AntiBot:

Who knows, it may be part of NIS '09.

 

Particularly if it fails to generate much revenue as a stand-alone, then they may scrap it as such and just integrate it into the other products...

 

I have used the built in windows firewall, and to a certain extent mastered it. Presently I am not using it. My opinion, FWIW, is outbound filtering with the Vista built in firewall is really for setting up an enforced policy in an enterprise environment. It can be rolled out with a group of approved applications set up to communicate and no others intended to be added. When used as a personal firewall the outbound filtering is not all that useful because there are too many applications having installers that fail without net access. Many of these will use temporary files with random names making it impossible to configure the firewall. If you are lucky you can try again with outbound filtering turned off. I found out under some circumstances Adobe Flash would do a defective install and could only be fixed by completely removing it and starting again. That cost me nearly a day.

I consider the Vista firewall with outbound filtering disabled (default) to be a viable alternative, provided UAC remains enabled and a decent AV is installed. Obviously, the definition of a "decent AV" is subject to endless dispute around here.

 

Thank you for your comprehensive answer, Diver

I think I might try this out but substitute its firewall for another.