Norton 2010 Beta

Unlike the previous thread, this time the Norton beta really did start. See -
http://www.symantec.com/norton/beta/download.jsp?pvid=nis2010

This is, of course, beta software, so expect the unexpected and don't run it on your production machine.

Full disclosure, I'm from Symantec. But this year's model is worth looking at. We focused on

1. Performance
We are determined never to take our eye off that particular ball again. The goal is to put out the fastest scanner that uses the least memory and that does the least to impact your computing experience. We will be testing the performance many different ways - but we want to hear from you on this year’s model.

2. Quorum
Which is an internal name for a dynamic reputation system that informs many of our components. Last year we introduced Norton Insight - which used reputation to separate what files are safe from those that are not.

This year we extended that to give you insight into what is impacting the performance of the system. We also are using Quorum to better make firewall decisions (this, IMHO, is what Microsoft should have done in W7’s UAC), to throttle our new heuristic engine, do to better spam and phishing filtering. Take a look at it, it improves security, speeds the scanner and gives you a very interesting view of your system.

Quorum is white listing done right - comments are appreciated.

3. SONAR 2 - our new heuristic engine. It looks for new/unknown malware both in static files and in real time and rates every file and every process. The security rating feeds Quorum - and you get to see the security rating of everything running on your system. We expect big improvements on pro-active malware tests.

4. Feeding your inner geek. More information for the user. Including more info on:
- What happened when a system got infected
- Information on the safety and performance rating of new software before you install it
- And pretty pictures of system performance - and system changes. The idea is to make it easy to how new software impacted your system's performance.

5. Brightmail
Yes, we finally put the Brightmail spam engine into NIS

6. Onlinefamily - a new approach to parental controls - give you a little insight into what your pre-teen is doing online . . .

I know this was a long post - but hopefully some of you will try the software and send us some feedback.

 

Ofc. You can see me as "RMD" (RavenMacDaddy) on your official forums. Currently I've a boot-problem when the software installed, which really sucks, but I know that you guys are looking into it, so I'm not worried it will be long till I can test it again.

I think that with the new approach, where a new file is rated, and if too new to be rated, prompted on, is what makes 2010 so much stronger against malware. Still waiting for an answer though, just like "Red" on, if this event occurs, will Norton watch that file and report back to the user what happens with it - if safe or bad (and in that case, being bad, obviously removed straight away) - cause otherwise the user won't know when he or she can use the file, but I can see a possibility of performance drag maybe (?) if watching multiple new files or just one for that matter, checking with the cloud or so, or is that exactly what the cloud is made to prevent also? Performance drag with analyzing data?

QUESTION: Is the new file's behavior also taken into consideration? That's, if it doesn't do anything harmful, is it left alone? The example with LimeWire would be kinda lame in this case.

Anyways, the best thing I see with this technique, is that seemingly no malware can pass through if not the user's fault, and if it indeed does like I asked - looking at its behavior when making a consideration - I can't see malware coming through anyway if the SONAR Protection has been improved in its behavioral detection capabilities as well. I'm refering to a worm/bot which was NOT detected by the SONAR, even if this is what it's supposedly best at to spot, considering the added "bot-protection" in 2009-edition and the other descriptions of this component, and I'm refering to this message that I made on the official forum, about this specific case:

"I've had bad experience when it comes to its behavioral technology, since I've had a sneaky worm/bot coming into my system long ago (yes, the types of malware that SONAR is supposed to be GOOD at), and installing ThreatFire on the system I detected it presence and knew that from then on, I'd have to use TF in conjunction to be sure I would not get infected with new malware like that again. This shouldn't happen IMO since, like I said, this is what it's supposed to be good at, and not only that, but also that SONAR is there to detect emerging threats. It failed on that task miserably considering this."

The only possibility that I can see in that case would be if malware finds a technique to hide itself from checking/scanning, beyond what's called a rootkit today, or simply a "better" rootkit technique.



Overall, the most important thing I see, you as a company, is that you're very open to feedback what's bad - and what's made good in your software. Keep this up! It's more valueable than anything else together with making the software protect as good as possible with the best performance possible. Doing this - listening to your customers - is what has made you a top-company according to the users again.