NIS/NAV 2010 Beta just started

Ofc it's noisy - that's why that option is on by default. Things like being able to turn that off and turn Advanced Event Monitoring on is only there as an option for the advanced user who prefers that.

If it would allow that, it would be useless. Ever since they made the FW completely automatic back in 2007 they ofc made it "smart". That means that it'll allow all the software that is running as long as it behaves. If it doesn't and goes malicious, it won't have access to the internet, since it's not allowed to. The FW cooperates with the SONAR Protection which is now even more powerful - much more powerful - thanks to Quorum. That means, not only is it powered by behavioral protection and signatures provided by Auto-Protect and its databases - now it also has an database in the cloud which contains information on everything that you run - good or bad. If the file is completely new, so new that there's no information about it, Norton will tell you just that, and recommend you to stop it till more information has been analyzed in-house, or it's deemed safe thanks to other users having more information added to the cloud that says it's. Quorum also bolsters SONAR even more by making it able to spot even more behavior, which is then considered as safe or unsafe. This can make it able to make a decision for you, even if not much information is available in Quorum yet. Please see more information on all this in the article about the new feature and component called "Download Insight" here: http://community.norton.com/t5/Nort...et-Security-2010-Download-Insight/ba-p/113827


Hope this helps!

 

By the way, this is an argument for the use of an integrated security suite rather than the assembly of individual, discrete components working in isolation from one another.

 

Well, it's a little TOO noisy compared to other firewalls; Outpost doesn't ask about every little detail and it's easier to make rules. Thanks for the info., though - I'd like feedback from people who have used APC with malicious files. Firewall operation is one thing that turns me off of NIS.

 

Does Outpost which you mention allow some things automatically because of a digital signature and/or because it's what you're running in its database of safe software? Just to put it simple... APC on - "Make the decisions for me, block anything that's bad and allow what's not". APC off - "I want you to ask me about everything that runs and tries to form some sort of connection."

I've personally experienced a case where FW blocked malware from running. Think it's HotBar. During testing by PCMag, I think SONAR kicked in and told the FW to block a file from connecting. The reason I don't use a FW at all is because with the AV enabled at the time that the FW would block some malware, because it wasn't, the AV alone would be able to take care of it for me. The hardware FW in my router and my AM front is my defense for incoming. I'll quote myself from the signature I've on another forum: "Outbound protection? Once malware has come into your system, you don't know what it can do. If it really wants to bypass your outbound protection - it eventually will somehow."

 

Yes, it allows some programs, but I also find it easier to make rules from the Outpost prompts. And outbound is part of layered security IMO. I've seen it block files, so it's not useless.

I tried downloading some rogue files with NIS, and while it didn't label them suspicious, it did recommend not running due to the newness of the files.

 

True, but that's because they are also made different in their own individual approach, refering to what I've posted previously.

Great that you could see that in action - how bad did it consider what you tested to run on the behavior analyzed?

 

I like Outpost's approach, but I do want to see how APC progresses. I got the samples from the Malwarebytes forums; those are trojans, rogues, exploits, etc.

 

According to Symantec’s video (located here) on Download Insight, the only information transmitted to Quorum when checking a file’s reputation is a SHA hash of that file. The computation of the reputation of the file, however, is based upon additional information obtained from users participating in the Norton Community Watch program (e.g., “How many instances of a particular file are seen?” and “How long has that file been around?”, etc.).

From a privacy perspective, this seems to be ideal. A file hash eliminates any possible privacy objection -- coupled with the fact that participation in the Norton Community Watch program is optional. (Well done, Symantec!)

 

I can't stop you from doing that - all I can do is explain why they're different. About the samples... if you get an alert that something is completely new, see next time if you can find out how severe the behavior of the malware was determined to be. It should show on a meter down to the right I think along the other Quorum analyzation data that's included in an analyzis.

 

Ah, now I remember! As I've mentioned before - it seems they've really thought this through. Great analyzis and explanation from your side. Personally I think everyone should participate in NCW if using the software as all users should benefit from this by increasing detections and reducing prompts.

 

Will do if I reinstall NIS.

 

FYI -- A nice collection of screen images for Norton Internet Security 2010 (beta) is located here.

 

Norton 2010 was tested by av-test.org, results can be found here: http://blogs.pcmag.com/securitywatch/2009/07/norton_2010_beta_benchmarks.php

 

For a product still in beta testing, these results are impressive.

On a more general note, this benchmark implies that AV-Test will be similarity testing other “in-the-cloud” security solutions in the future which should foster competition and ultimately benefit users. The (spurious) argument that “in-the-cloud” security solutions can’t be tested by independent organizations seems to be evaporating.

 

dam this new version is makin it tuff to not want to try out Norton again

 

Okay, let's make it simple... I HATED Norton 2007, as it caused many problems, and even also huge problems for clients at a place I worked long ago through school. I also felt it slowed the systems down a big lot, no matter the specs. and didn't cause problems only for clients on a short period of time when working, but also overall. I didn't like OneCare from Microsoft. I didn't think it was done well for many reasons and came to the conclusion that I would never like or use the software, ever, IF it wouldn't dramatically change.

Both turned things upside-down through a period of time and are now my top-choices when I secure a PC. I don't care what has happened before - I care what it looks like now. If it changes to the bad again, okay, I won't use the software provided - but I'll never be closed to something forever.


Maybe that wasn't so simple afterall but the bottom-line is: you can't be narrowely minded when it comes to security software and software overall - you've to be open-minded when it changes. I see the narrow-minded-case too often and think it's sad. You can't hold on to the past forever or you'll miss a lot of stuff, be it cyberspace or the real world.

 

hmm i might try out this beta then when i get back home in like 2 months hopefully by then it will be pretty well polished.

 

I installed again, and virus updates are working now. I still think Kaspersky and Avira are better AVs, but KIS slows down my computer and Avira also does with WebGuard. No slowdowns with NIS.

 

ummm....i hope it's better against rootkits....one example of 2009 version's incapability...........http://www.youtube.com/watch?v=Ap0KIT4etZ0

 

He's using Norton 360, version 2 in the video. Version 3 is the latest and has engine improvements.

 

nope....its nav 2009 the guy making the review is slightly messed up in calling it 360

 

Yes, look in the comments; I'm "dinmamma333k".

 

So is that really not PrevxResearch?

 

Not sure... you see anything in the description?

 

If everyone was as forgiving and willing to forget as you, what would the software developers have to lose by releasing bad product? The knowledge that they will lose market share is a strong deterrent to them releasing crap. Don't be so quick to call people narrow-minded just because you don't agree with their decision making. It makes you look kind of narrow-minded yourself when you do so.