Norton Antivirus/not so bad!

Just a comment on the percentage detection rates.

90% vs 98% detection - may only be 8%
but 90% is 5 times less effective than 98%

98% vs 99.99% detection - only 2%
but 98% is 20 times less effective than 99.99%

90% is 100 times less effective than 99.99%

 

I dumped NAV 2003 not because of its inadequacies as an a-v, but because of what I regarded as the despicable conduct of Symantec:seeking to exploit the release of XP SP2 security centre, they failed to release compatibility updates for versions earlier than 2004 and simultaneously remained silent as to whether any updates would be released for earlier versions. I regarded this as little more than a grubby attempt to force people to upgrade to what was then the current version - 2004 - and as this coincided with the expiry of my subscription to NAV 2003, I expressed my view with my credit card and took out a three year license with NOD32. The startling improvement in performance was unanticipated, but entirely welcome.

I note since those seedy money-grubbing few months, Symantec did release compatibility updates for earlier versions of NAV, but I can envisage no circumstance in which I would again assist Symantec in its profit grinding by purchasing any of its products. So I agree with the topic, NAV isn't so bad, but the parent company Symantec is.

 

My cousin had NAV2004 on his machine and i said,fine it's a free version (he got full license). But after like month,he called me that he can't start it and that weird stuff is going on on his PC. He's ofcourse hi risk user because he doesn't know much about malware and stuff. So i installed KAV on his machine. It's nearly 6 months after that and he never called me about malware problems.
This sunday i'll probably have chance to check it out if there is any malware on his PC. I strongly belive that i'll find 0 (zero).

 

Your math is wrong.
90% is 100 times less effective than 99.99%
Thats 9.99% difference (nearly 10% out of 100 can't be 100 times).

 

One small criticism I would level at Kaspersky is that it tags everything it detects with the term "virus" even when it does not apply. The malware it detects can include leaktests, phishing emails and joke programs (if you have the extended database in use). As such, it can somewhat exaggerate the impact of its results.

As a quick note, I've had a couple of cases where I've recommended people use AVG Free to replace Norton - the first full scan with AVG in those cases turned up a number of adware/malware items (trojan dropper downloaders especially) that Norton ignored. Whether that was due to poor detection or Symantec not targetting adware/malware at the time, I can't be sure.

 

Rej

For clarification, my maths was indeed wrong, I did not carry the zero's correctly.


90% is 1000 times less effective than 99.99
ie 90% misses 1000 virii per 10,000 virii
99.99% misses 1 virus per 10,000

same error in maths for the others - 98% is 200 times less effective than 99.99%

 

This thread really bothered me as I have relied on NIS for a number of years and I thought that it was doing really well. I currently have NIS 2004 with up-to-date subscription, last full scan done on 11/5/2005, (clear), and definitions up-to-date.
Using a sig link from this thread I went to the "Panda" website and carried out an online scan, with the following result, (some references removed for confidentiality):-

I feel betrayed!
Is what I see as bad as it seems?
Did NIS really miss those common viruses or is Panda duping me in some way into believing that I have a problem and those are just "footprints" of viruses that NIS has previously removed?
Something tells me that I need to take action - do you agree?

 

It seems like it's detecting old things in folders for deleted items, which don't really pose any risk to you.

 

rjbsec,

It probably isn't as bad as it seems.

First, go over NIS in detail. What settings are you using? Are they designed to pick-up what is seemingly left behind here?

Second, what are the locations of these files? Are they in a ready to pounce state or are they stuffed in an archive/restore point of some sort? Do you scan these? Are these really the key operational files or simply stuff left behind from a messy cleaning? Simply because a competing product identifies a number of "malware" files, be certain they are the malware files and not something innocuous that came along for the ride.

Lastly, are any of them in a temporary cache?

Blue

 

The answer is yes it has Improved. It is always evolving , just as other antivirus products do. I use NOD ,but not because of detection removal issues related to my previous product which was NAV 2003. NAV 2003 was a excellent product. I have noted where KAV users have screemed blue murder wiht KAV's use of ADS.

 

Along with NAV 2005 & Norton Firewall I also have the BitDefender free scanner & Trend Micro House Call on line scanner.

According to ALL 3 programs ...... my system is clean !!
So I guess Norton can't be that bad ........ right ?

HR

 

Confess I'm not sure here, bit puzzled om what settings I can check/change to establish this.

All files are scanned and I think you are right, they do seem to be in archive etc and not "ready to pounce", I guess I was expecting NIS to remove everything, though in truth it doesn't does it - if a virus email is received it cleans/quarantines the infection and lets the email pass through. Some are probaby those I've just noticed in the Norton Quarantine Backup file, (just deleted them).
Guess the lesson comes from Corporal Jones in "Dad's Army" .... "Don't panic, Don't panic"!

 

That's not entirely true, those you are talking about are clearly detected as "Not-A-Virus:Riskware". If you follow the link in the screenshot, you then get this explanation: http://www.viruslist.com/en/viruses/encyclopedia?chapter=152540533 on what this catagory contains. ......But it can be annoying, if it's a program that you've used for long time and feel is safe to use.

In the next version of Personal it's easy to exclude these as you can see in the screenshot too.

 

It has been some time since I used Norton, so I'm not quite sure what options you have. The point that I was trying to make, and should have been explicit on, is that if the alternate scanners were set to a much tighter security level (for example, something akin to the post above showing KAV detecting riskware), additional flags are to be expected.

Yes, it always pays to draw a breath and survey the situation. There are some places that you simply do not really want an AV walking through with impunity. In part, that may be what you are seeing here.

Blue

 

rjbsec. most of what is in the log looks as if it could just be remnants of old removed stuff but these were disinfected by panda. It looks as if norton missed these

 

Plus these two

 

Almost All the pro's and contra's have been posted here already.

But if you look at the history, and i was using the first versions
of ALL PETER Norton tools, then i must say that they were the best
in the old computerdays.
But when Symantec took over the show it did not get better as it used to be each year.
But ..Larger,slower,worse and more expensive.
all kind of Symantec #%^$# .. things where added, that you don't want.
and instead of a new program each year, we no get a
extra diskusage and modules added to the product.
(like Microsoft office 2025 that is 5 terrabytes in size)
This makes NAV the slowest most computer resources eating AV there is in the world.
And the advise to add a Anti Trojan is very funny.
If you are buying, buy an extra pc to run NAV).

Please if you use NAV, try to deinstall en see what is left behind
(updater etc. search directories and registry).

after cleaning try another virusscanner like NOD32 and see how fast
a full scan is, and you can work with your pc at the same time (those few minutes) and don't need to wait until the next morning.

Since Symantec has the best Marketing department in the world
for (AV's) it is the most expensive (except Sophos but you can't compair those two). and most easy to find in the shops.
" and when you see it that much, it must be good ... :>) "

That is why every computer magazine is testing NAV and not NOD32 or
Sophos etc. etc.

And what about this, how is it possible that any small/large computermagazine
can get a database of virii (virusses) that are NOT know,
by the Top 10 virusscanners for there tests ??

And why is it, that if you take some time, you can find a
tests result with a 'best AV for 2004 or 2005' for every AV you can think of?

And why is it, that if i or my colleagues scan computers of our customers
(that were used for a long time without reinstalling the OS..)
with any other AV then they (customers) are using we always find virii ?

And how about other malware trojans/spyware/adware/phising/firewall/Spam/browser hijackers etc. etc. ?

Which programs can you use together without too much overlap
or even worse conflicts?

One customer of me used:
Tiny Personal Firewall 2005 Pro
Processguard
NOD32
Spybot Search and Destroy
Regrun 4.1 Gold
Regdefend
Spy Sweeper
Boclean
Trojan Hunter
Ewido
Mail Washer Pro
Counter Spy
Ad-Aware Pro
Kaspersy 4.5 (only for on-demand)
A2 squared
acronis True Image (for backup)
Crypto Suite
Password Depot
And some security tools that i can't mention here..
how do you mean paranoia?

Perhaps we only need a better OS,
With all the OS-es i've worked with only Windows Xp has so many Security Problems.
1 because it was made by a company that looked at security
only from a marketing point of view
2: Because there are so more copies in use then every other OS.

Of course this is my personal opinion.

worst case scenario:
Within a few years, all the large Companies in this field will be buying other companies (products) to build security suites...
and only the largest top 3 will get the largest marketshare.
And sell there COMPLETE SUITE for lots of money in the shops
on each corner.

sorry i am getting to old for this ...

 

Virus:W32/Netsky.B.worm version not detected ??

That is very funny, and can't be true,
because that is one the most active virusses at this moment.
Look at the top10 of this moment ...

See:
http://www.malwarefighters.info/0722_virusnews.php

So i can't imagine that there is 1 virusscanner in the world that can't find
these!

 

It looks as if panda online scan found it.

 

um............ sorry to bring up a topic that is already conclusive. But wanted to point out i am on my 2nd computer this week installed with norton and have so far 4 trojan detected by Ewido. ........

 

Are you sure that weren't just third-party cookies? What were the names of those four Trojans?

Acadia

 

i dont have it with me anymore. Fixed and hand it back to my friend. But i am sure it isn't cookies becoz if i included cookies than it would be >150...

He need it tomorrow to present ( I was thinking with a machine like that? )
So i quickly fix it for him.

 

Hi iwod and Acadia,

iwod's experience closes mirrors my own recent experience with my friend's computers.

My own analysis is this: Norton's suite of products are extremely complex and somehow has "breakdowns" under certain circumstances that are difficult to isolate and replicate. This would not be unheard of because where there is great complexity there is generally more chances for inherent failures (Murphy's Law).

For this reason, I usually feel more comfortable with products that have less complex architectures with a "point focus" on a singular problem - i.e best of breed as opposed to "integrated suites".

I think Norton AV, over the years, has probably grown to complex to predict its behavior in a multiude of environments, and because of this there are huge breakdowns under specific conditions, which are especially likely to happen because of Norton's complex architecture and its large base of users.

My opinion is that since it is difficult to predict Norton's behavior, it therefore has an inherently larger risk associated with it. This is why I left it.

Rich

 

Well since I started this thread I figured it was only right that I run Norton so I can give my realtime experiences. I installed systemworks 2005 and Norton firewall 2005 today. It is a little early to give my report but so far I am very surprised, it takes a bit of Hdd but what the heck. I have over 100 gigs free so space is not a problem. It runs very light on my system so far and when I am running a full scan I can still browse the web and run other apps with no slowdown at all which is a pleasant surprise.

bigc

 

My first experience with Norton was when
it came with the first computer I bought
in 1995, and aside from occasional buggy
live updates requiring a reinstall I had
no problems until 2004.

The NIS2004 version I had major problems
with from time I installed it, contacted
Symantec got a standard automated response
and no follow up, tried the search feature
at their website, which was useless, but
when I called them I received surprisingly
good phone support and a week later a live
update was issued which solved my problem.

Than through work I was offered Mcafee8.0i
and at first scan it detected some trojans
that norton had missed and what that taught
me was that no anti virus is perfect.

I have installed Norton 2005 products for
my mother, my grandmother, and my sister,
none had any computer experience, and I
maintain their computers, and what I have
noticed is the 2005 versions seem faster,
the gui opens faster, on demand scans run
close to the same on all, and for some
reason it seems to me that NIS 2005 uses
more resources than SystemsWorks2005, and
there have been some problems with the live
update modules on all, and on one my sisters
computer three trojans managed to get past
norton and were removed by ewido.

For other family members I have installed
McAfee home versions, (their choice) and
on those computers there have been no
problems with live updates, and really
no noticable impact on system resources
and no problems with viruses or trojans.

On my wifes laptop I installed Nod32, and
on another computer she uses to play a on
line game I installed kav personal and both
have been performing well.

I know many of you here are computer experts
with far more knowledge than I but I wanted
to let you know my families experience with
Norton and which overall has been a good one.

bigc thanks for starting this thread and I look
forward to reading your report.


Wake