Lite Critique of NIS 2011..

NIS 2011 has now been around for a while and so time for me to think about extending my subs in one of my system images from NIS 2010 >> 2011.
See here:
https://www.wilderssecurity.com/showthread.php?t=285055

I was interested to see in light of how i had a problem; how so many threads at the NIS forum were from users who were expressing frustration re various aspects of NIS 2011 in particular Sonar, reputation, removal of files, quarantine..and then there it is again the ASk search box... .

For those who don't peruse the FDISR forums, I thought I'd leave this hanging and welcome any comments..

I've had Norton/Symantec on the MS box for years...no real reason..does well at AVC...?? .. too lazy to change??....am having a big think now.

 

Developer here.

It's mostly FUD, of course it gets overprotective when it comes to cracks, keygens and such - it deletes them without much option.
However, I have only found a single instance where I couldn't restore a file from quarantine: there was a keygen in a USB thumb drive.

I develop applications in Java, C++, C#, etc. I never had any of my applications deleted. It's not just the "newness" of the executable, it depends on many factors. I guess it's good luck from my side.

A common problem I have seen is that it deletes patched Windows Live Messenger exe (A-patch) - but you can always restore and add an exclusion. It makes sense, it's a MS file that has been patched and connects to the internet - a potential threat. But again this might represent an issue to others.

If anything goes wrong I've read that you can submit a FP and it gets whitelisted pretty quickly.

The only flaw I have found is that if you lose your internet connection you're losing a lot of the power and detection. It relies a lot on the cloud info despite having signatures too. Might be an issue for some.

I've found NIS and Avast the only suites that are robust and light enough to put in a development machine.

Just my 2 cents.

 

what do you mean by "robust"?neither are particularly difficult to shut down by malware

 

IMO biggest problem for Norton is that there is no option what to do with threat that is found.
I can understand that for grandmas it's fine, that operation is enabled by default , okay.
But why not make it in options to receive alert about it if someone wants that
That auto-deletion business is no good
And that's the only reason I stopped using it.

 

It was very good your post.

Here to be honest I think that at most 5 FP's, and I got all five of these restore successfully.

As two more people use my computer for a self-exclusion is really great, because not everyone has the right view to delete the virus correctly.

For me this is not a problem but a solution.

Sorry for my english!

 

As most security solutions are nowadays, your setup shouldn't rely on a single layer.

As said in other threads, this is kind of a losing battle unfortunately. The malware writers will always target the popular solutions and also will always search actively for flaws in them - which all software has, some more evident than others.

Pretty much anyone can come and claim that he/she is able to bypass x software. I can only talk from what I have experienced and so far I had no issues with either of them.

My browsing/computer usage habits are good enough so I can feel safe with my current setup, I need the system resources to work, not for something else in the background. I have a couple of on-demand scanners and nothing else.

I already suggested in Norton Ideas more control for the users, hopefully I can make the suggestion once the next major version hits alpha. I agree that this should be amended, however it is no big deal for me right now. I almost never have encountered FPs.

 

Boo; : Not FUD.
I use the tool !
As noted "lite" critique, recounting my ( and others') issue/s with presets and giving it all to Symantec.
OK, so that's the default: like it or lump it I guess.

Why have the ASK search as default install ?
That has aroused much ire here and there.

As to FPs: 25 page !! thread: not the only one.
http://community.norton.com/t5/Nort...Norton/SONAR-is-deleting-programs/td-p/160660
Lots of toing and froing.

It seems to me Symantec has responded - partially - to users concerns and readjusted some defaults.

Good.

The default behavior for removing some perceived threats should be revisited.
I agree, there should be some more operator dependent decisions rather than Symantec quarantining/wiping and needing somewhat annoying restore process..

Having to exclude objects from Auto scan and Sonar is overly complex.
Why does it take so many screens for exclusion ?
Learning/whitelist scan for those who want it ??
One click" known good file" option ??

Does the shell extension context menu option: "File Insight" exclude files if labeled by user as good ??
That is not clear.
etc etc
Minor gripes perhaps but still pita if one's system gets fiddled with.
Surely amongst all that gloss there could be some 'expert user' options.

@drakester:

Ya, that should just about cover it ??
Regards.

 

It's mostly not. I've opened applications (PSPad for example) and it closes the program and deletes the executable. I've removed it more than once for such issues. It seems to be doing better the last couple of months though or I would not be using it now. It needs to ask before deleting my files. My biggest if not only complaint with NIS.

 

Nice assumption , I have 5 computers and those are the products that I've used or use.
As matter of fact I'm only using 1 and 3 in them, mostly Avast. Norton is only on my laptop.
I don't list on-demand scanners and such because I'm lazy to write all that.

@Jack:
With mostly FUD I referred to the negativity towards Norton products in general.
Yesterday the latest nightly of Firefox (Minefield) got deleted for me, kinda annoying... I feel the same way, don't get me wrong. That's why I suggested more control, hopefully they'll listen.

 

Ok, and agreed.

 

For those interested in a prompt before deletion/quarantine, please give Kudos to this idea:
http://community.norton.com/t5/Nort...ther-or-not-to-quarantine-a-file/idi-p/307052
Thanks

 

I like it. Done.

 

Interesting, but I prefer to delete it automatically.

 

Then that should be an optional setting with the choice of automatic or prompted. The complaint with the automatic is false positives, which nobody should want automatically deleted.

 

what if somebody at the labs makes a **** up and one of your system gets deleted as malware:-false +ves have been know to include some pretty important files in the past(not just talking Norton here!)

 

Honestly, I had only five false positives since when I use it (Use a 1 year ago), of which 5 could restore both of quarantine.

However I agree with Jack.

 

Anybody know of any superduper, ultra mega cheap deals on Norton products? Even on the older ones?

 

http://www.frys.com/product/6373011?site=sr:SEARCH:MAIN_RSLT_PG

 

Good promotion!