Norton Internet Security, Antivirus and 360 Being Retired?

Zango filed a law suit in a court of law. It filed a Complaint and a Request for A Temporary Restraining Order. The defendant had to file an Answer to Zango's complaint, and prepare a brief and appear in Court to argue against the restraining order. That is "being taken to court." Zango dropped the lawsuit against PC Tools because it got what it wanted. PC Tools changed its software so as to flag, but no longer block Zango.

So that's at least one.

You haven't seen many lawsuits because the a/v companies have been self protectively cautious in not blocking and removing non-malicious PUPS.

The fact is the a/v companies have had to be very cautious here. Do you you know of any program that blocks Conduit, one of the biggest pain in the azz browser/search engine hijacker PUPs that the casual PC user will have no clue as to how ro remove ? Do you know why?

An A/V company can't just go around blocking non-malicious, though bothersome adware pups without running a fowl of the law. Most of these programs sneak in by having the main installer of a downloaded program make inconspicuous the box to uncheck that says you agree for the PUP to be installed with the main program. Unless the A/V company KNOWS whether or not the PC owner consented to the PUP, either knowingly or unknowingly, if it blocks or removes it, it opens itself up to a law suit for the tort of Interference With Contractual Relations, which is part of the Common Law of the USA. Even if the PUP was snuck in under the radar, unless the A/V company KNOWS that, it places itself at risk if it blocks it. The A/V companies would have to hire a horde of call center workers to contact the owner of any PC on which a PUP was found to investigate how it got on to that PC before it could remove it without the risk of being sued.

If I own a building and you pay me to place a billboard on my roof, a billboard removal company hired by the city or community beautification group can't just come in the middle of the night and remove it without asking me if I allowed the sign to be placed on my roof. A non-malicious PUP is no different.

That is why Malwarebytes, Webroot, and Emisoft should be called out for their agressive stand against PUPS. They are doing such at some risk. I suspect they are only targeting PUPS that are capable of executing malicious actions on a PC.

 

Installed Norton Security on a computer with settings set to aggressive. Updated until there were no more updates, and then did a full scan. Nothing was detected during the full scan. About an hour after the full scan I kept noticing ns.exe using about 24 percent cpu, but when I opened a web browser it would just go back to zero. It was just doing it while the computer was idle.

Then all of a sudden the Kaspersky Internet Security 2015 MR1 maintenance release was detected by file insight and quarantined which is a false positive.

http://i936.photobucket.com/albums/ad205/snippits75/nsfalsepositive.png

 

The quality of a security program that relies to a degree on the reputation , number of users, or comments by users is only as good as the method by which that reputation is determined. The quarantine was more likely triggered by anti-competitive behavior than by reputation.

From it's abrupt change in upgrade policy that is screwing its existing customer base to some of the heavy handed ignorant removal of posts from the Norton Forum I have seen, I don't believe anything is below Norton to do to succeed in foisting it's new NS on the market. Insight/no Insight/Sonar/no Sonar/ I don't care. IMHO, a 37% detection on demand score is totally unacceptable. And who can say those undetected files would be detected when opened. All the tests but one cited from the recent PC Mag Article which peeps having been using to tout NS were done with NIS 2014 that did not use cloud based Sonar. Even the author of the review at one point said he expected more from Norton:

"Norton blocked all access to 21 percent of the URLs, and it quarantined another 30 percent during or immediately after download. A block rate of 51 percent is definitely good; the average since I began this test is 32 percent. However, Trend Micro Internet Security 2015$49.95 at Trend Micro blocked 80 percent of the malicious URLs, and McAfee, the top scorer, blocked 85 percent. Given Norton's consistently excellent phishing protection, I HAD EXPECTED BETTER."

http://www.pcmag.com/article2/0,2817,2469521,00.asp

Don't listen to me, I'm just angry with Norton. I bought a years license to NIS 2014 two days before Norton announced the upcoming release date of NS and it's new no free upgrade policy which was a major change from years of past practice. Actually, I have little confidence in NIS.

I had been using KIS 2015 and some upgrade from windows or KIS made it impossible for me to access my favorite gaming server and I found a good deal on KIS - now I know why. After some inconvenience and wasted time talking to customer support they will add at least a part of my remaining days on my NIS License to a new NS subscription but I have to shell out $90 for a NS subscription first. I don't know what they are thinking but they are going to lose a large portion of their formally loyal customer base by this short sighted attempted money grab. I have gone as far as uninstalling my NIS 2014 with 11 months left on the subscription. I do not want to be associated with Norton in any way. Others have expressed a similar view on their forum. Their business ethics are less than stellar.

 

"And who can say those undetected files would be detected when opened."

Who can say those undetected files are unbroken or malicious?

 

Hit Man Pro found them to be malicious.

At some point after a number of comprehensive,methodological, unbiased reviews, a YouTube A/V Reviewer develops trust between himself and his viewers. There has been nothing in his current NIS review or past reviews to suggest he is not competent.

 

"Hit Man Pro found them to be malicious."

Them all or only the ones he ran?

 

This cuts both ways. The fact is in all the years I've been cleaning up PCs I've not met a single person who wanted the crapware that was on their computer. The overwhelming majority of people do not consent to PUPs being installed on their computers. The PUPs are installed through deceptive "opt out" mechanisms, often hidden and made intentionally confusing. The only reason the crapware vendors get away with this is people haven't yet become sufficiently outraged to get class action lawsuits started against them. In their defense AV/AS vendors would have no problem getting numerous users to testify to the way this works and fact that in most cases they don't even know where the crapware comes from. Consent implies awareness of choice and being able to make a choice without fraud or duress (Google it). People do not give consent!

 

Where does it say in that review that NIS 2014 and not NS 2015 was used for any part of the testing?

 

Has anyone found the QUARANTINE for Norton

I downloaded about 10 pieces of Zero-Day, but didn't execute them. I left them sitting in the download folder and went to work today. I came home from work, and about half of the samples disappeared. I know Norton performs a lot of tasks when your system is idle, so I will assume it eventually got around to classifying about half of them, and pulled them off. I can find them in the security reports, and what is funny is I wasn't even home when these actions took place.

But where is the quarantine?

 

I did not keep NS on my machine long enough to find the quarantine since Insight quarantined Kaspersky Internet Security 2015 MR1 maintenance release based on reputation apparently. According to Insight, the file was released 25 days ago, and Insight still quarantines it. While Insight is a security layer in NS, I would not put much faith in it period.

 

Great response!

 

Check in the Security section > History > on the top you will see Recent History. Click the down-facing arrow > Quarantine.

 

The reviewer states:

"In the latest report from AV-Test Institute, Symantec earned a perfect score (along with Bitdefender, Kaspersky, and McAfee). This lab also releases a yearly report on how well antivirus products clean up malware samples that they're known to detect. Norton detected and neutralized all the samples, but lost a few points for leaving non-executable traces behind."

http://www.pcmag.com/article2/0,2817,2469519,00.asp

The "latest report from AV-Test Institute" referred to was conducted on July 29 2014 and the chart clearly references NIS 2014

http://www.av-test.org/en/news/news...epair-performance-test-after-malware-attacks/

The reviewer also states:

"In the grueling real-world test performed by Dennis Technology Labs, Norton rated AAA, the top rating, as did Kaspersky and ESET."

http://www.pcmag.com/article2/0,2817,2469519,00.asp

That test was conducted in June 2014 using NIS

http://www.dennistechnologylabs.com/reports/s/a-m/2014/

http://www.dennistechnologylabs.com/reports/s/a-m/2014/DTL_2014_Q2_Home.1.1.pdf

The only current tests using NS was done by the reviewer. One was for "malware blocking" (blocking malicious websites)

http://www.pcmag.com/article2/0,2817,2469521,00.asp

Respecting the result of that test the reviewer stated:

"Norton blocked all access to 21 percent of the URLs, and it quarantined another 30 percent during or immediately after download. A block rate of 51 percent is definitely good; the average since I began this test is 32 percent. However, Trend Micro Internet Security 2015 blocked 80 percent of the malicious URLs, and McAfee, the top scorer, blocked 85 percent. Given Norton's consistently excellent phishing protection, I had expected better."

http://www.pcmag.com/article2/0,2817,2469521,00.asp

The reviewer also conducted an antiphishing test with NS:

"Almost every product I've tested comes up short when compared against Norton. Among the few to actually score better are Bitdefender, Kaspersky Internet Security (2015), and Webroot SecureAnywhere Internet Security Complete (2014)."

http://www.pcmag.com/article2/0,2817,2469521,00.asp

 

You are free to check that out on the YouTube Test.

 

The law presumes that a reasonable man would carefully read any document that he consents to by allowing the installation. Yes I agree that most do not realize that they are giving consent for the PUPs , but the burden of proof would be on the person claiming he didn't want the PUP and didn't realize he was consenting to it and the A/V company would have to check this on a case by case basis. So they play it safe and don't block or remove the PUP.

There is a very cool application being developed by a Wilders Poster that scans EULAs and such for key words that might indicate that by agreeing to the EULA you are also agreeing to the installation of other programs among other things.

https://www.wilderssecurity.com/threads/eulalyzer-2-2-released.324853/

 

I took a test machine and executed a dozen zero-day's pulled fresh, in the last hour.

Norton nailed them all. With one caveat, one of the threats was actually a Greyware (System Speed Tool type of app) bundled with about 9 different pieces of malware. Norton blocked all of the malware attempting to be injected during the installation, but actually allowed the greyware itself to be installed. It wasn't intrusive, and could easily be uninstalled via Programs/Features in Control Panel. One of the the other files executed, and I thought it sneaked past Norton. But then a SONAR Analysis popped up saying it was 'monitoring/checking' the program, and about 3-5 minutes later the threat and all traces of it were removed - very interesting. MBAM+HMP scans were clear on the test system, so I consider this(limited) test to be a 100% success. Settings wise, I had everything maxed including boot-time scan, insight, heuristics, and SONAR (all set to aggressive).

I'm actually impressed, and I was fully expecting to destroy the test machine, then get angry and ask Norton for a refund and reload ESET back onto my systems.

 

found what i think is interesting. i think there is a issue with the aggressive setting. i ran it through today's test files on aggressive it only removed 2 of the 30 (just grabbed some quick stuff from today so this was not a lot of files but i think it shows what im seeing), it also only blocked another 3 upon execution for a total of 5. but when set to normal it found 27 of the 30 on the first go and removed one more on execution.

i repeated this test with the other handful of files i have here and while not as big of a gap between them i found the aggressive actually to not be able to detect as well. i have sent them my results and ill post back if i get a response or a email back. i even sent them a .zip with password so they can test this as well.

 

Hi, everyone.
It's my first post in here but I've been reading Wilders more than a year so in a sense not a newbie

I haven't watched any Youtube test for NS2015, frankly speaking don't have much interest, but if you are refering to The PC Security, he made a mistake when he tested Sandboxie, let malware go to real desktop, and considered it was flaw in SBIE.

Well, everyone can make a mistake. But seriously I don't trust most if not all of those amateur tests much.
It's not uncommon for me to find mistake/misunderstanding/lack of knowledge in those amateur tests(*1), even PCMag's editor Neil didn't correctly understand how Immunet Free or old version of EAM works and wrote misleading explanation.

Some other problems are discussed in here Wilders bofore, e.g. they should test in real environment and not in VM. I'll add some more.

First, their source of malware may not be fair. The PC Security takes his samples from CleanMX & Malwareblacklist, but MBL tie-up with some AV vendor so those vendor have advantage (not necessarily means they can achieve 100% because there can be time lag).
CleanMX on the other hand includes many actually-not-dangerous sites. Most youtube tester don't confirm whether those links are actually harmful,though some tester throw them onto Virustotal and if there's more than 5 detection then consider it as malicious (still far from the best way).
Some other source sites apparently tie-up or give info to some AV vendor but never disclose who they are.

Second, they never test real exploit which is main attack gate recently.
This is natural though, as finding working-exploit and configure plugins or so are really exhausting and if he did, the video would most likely become not interesting one at least for most audience.
IMO what Norton most shines is their IPS (besides Insight of course) which is quite efficient and proved by all exploit/IPS tests performed from 2012. Most are posted here but somehow those seems not to be posted?
hxxp://www.mcafee.com/us/resources/reports/rp-nss-labs-corporate-exploit-protection.pdf
hxxp://www.mcafee.com/us/resources/reports/rp-nss-labs-corporate-exploit-evasion-defenses.pdf
Notes:
1. NSSLabs' evasion test is almost useless. If you look through the paper you'll find why.
2. NSSLabs let each vendor sets each products configuration properly(*2).

Finally (actually not final, but I'll cut other things), they seems to be using real network and I'm not sure they have made special FW configuration before tests, but probably no.
So when they infected their Machine/VM, those malware can send DDoS packets or spam e-mail to real world.
It doesn't affects reliability of test but serious problem.

Hence, I take those amateur test just as a grain of salt.

However, I admit I don't like Symantec at all.
They are notorious pioneer for their auto-renewal almost-enforced automaic deduction system.
In my mother tongue, when I entered 'norton' and some other terms such as 'automatic renewal' or so into Google search box, I saw it suggested 'norton automatic renewal fraud'! lol
Many people have accused this but they don't care.

But it's another thing when evaluating Norton product. I don't like Symantec but like Norton as it's effective & light(*3), though if they keep ignoring consumer customers and start to be more selfish I'll say good-bye.


(*1) Just an example:
IF a tester uses simple equation:
{(total # of files) - (remaining #)} / (total #) * 100 = detection rate
Then, it's inappropriate. Why?
Because Norton (and many other AV) don't remove all detected threat, rather they try to 'remedy' as long as possible. At least NIS2014 don't have option to remove all threats thus can't avoid those remedies.
So you have to look into scanlog to calculate correct detection rate.
BTW Kaspersky has option for 'remove all', but even if you chose this, still 'Other software' can't be automatically removed if you enabled Other software detection.

(*2) Contrary, MRG tested CORPORATE PRODUCTS in default settings which IMO meaningless, and they tested TrendMicro Office Scan but in this product vulnerability protection is an add-on and require another purchase, meaning Trend couldn't use IPS capability which all other products use in this test.
So this explains why Trend got such a low score (I also suspect McAfee's score is due to setting), and I have to say it's quite unfair test. Probably Mayahana can confirm my assertion.

(*3) Remember Norton is the first consumer security product which employ behavior-based proactive exploit protection called Un-Autherized Download Protection (UxP). This has been from their 2010 product so 3 year earlier than Kaspersky's AEP, though UxP is relatively primitive buffer-overflow protection and not as efficient in recent exploit situations where ROP and use-after-free play main role.
Also from Norton 2014, download insight is applied not only usual download but also zipped file download or files from USB thumb drive so claim "Norton should improve static file detection rate because malware can come from USB" is inappropriate.

[#Edited some wrong English]

 

You are quite right and thank you for pointing this out. The review states at the beginning:

"Norton Security was just released last week, so the antivirus labs haven't tested precisely this product. That's too bad, because Symantec added a number of under-the-hood enhancements that should, in theory, offer even better protection than the previous edition."

It is a big assumption on the reviewer's part that the new product is as good or better than the previous version IMHO.

 

giving Norton complete control of your PC and connecting it to their cloud will result in massive loss of privacy. the cloud sucks

 

Which aggressive setting? There are multiple. This is a curious finding indeed! Keep us posted.

Also a whole lot of so-called threats on many of the websites that have them for download are invalid, non-working, or incapable of being utilized in their current form. For example I downloaded 20 pieces of malware from Clean MX, and analysis of each one only found 12 to be actual pieces of the malware, and only about 10 of them were 'true' in the truest sense. The rest were either 'potential' malware code that was uncompiled, obsolete or incorrect formats, and in some cases broken JSON files. So when a neophyte tests a product they probably don't consider this.

We can safely assume a significant portion of samples from Youtube reviewers are probably corrupted/invalid. We can also assume youtube testers aren't aware that some products have honeypot sharing agreements with some sites, and those will 'naturally' score higher with threats draw from those sites.

Norton response is VERY speedy. I sent a sample to them last night. SONAR blocked it, but the detection signatures weren't there. Norton 'magically' removed it from my test machine an hour later. I would guess their lab classified it, and Norton's 'Idle Guard' sniffed around and pulled it. This should be considered when deciding on what product to put your trust in. How fast labs respond, and how capable a program is to retroactively respond, and correct issues.

 

It's a logical assumption because 2015 builds on the previous product, and introduces a string of Enterprise level aspects into the consumer product. So the net result is likely to be the results of the previous product, coupled with improvements from the enterprise product. It's a valid assumption.

 

Actually there is a checkbox in Norton to not participate in sharing information of any kind. Any other information is hashed, salted, and sent over an encrypted connection. Beside if you are worried about this, I have some bad news. Everything you use is already doing it unless your internet connection is unplugged.

 

I would agree that the assumption is logical, but it still needs to be proven using the new product don't you think?

 

Absolutely. Importing the technology is one thing. Importing it without tweaks, and not having bugs, or requiring it to marinade in revisions - and expecting it to be identical is a whole different thing. I expect by 2016 Norton should have the enterprise migration to the consumer product completed, similar to how Trend has done, and both products should have amazingly high detection/prevention. This is the trend we are seeing lately, what works in enterprise eventually filters down to the consumers. But the utter failure of traditional AV methodologies are pushing these changes a bit quicker now.

Not to go off topic, but it's similar in the health business. Thoroughbred Racing->Livestock->Humans. If you want to find the latest health advancements, look toward where people/companies make the most money. Most people aren't aware that much of our medical advances actually come from high end thoroughbred technologies/methods/substances. Stem Cells have been used for decades on race horses as one example. Magnesium pellets in animal feed has been shown to improve longevity long before humans were encouraged to take magnesium (search Magnesium books on Amazon).

It's similar with anything really, but 'emerging' trends in security, are almost universally found on the enterprise level first, and/or military/govt. Migration of enterprise technologies will be a game changer in the AV marketplace soon. Any company not integrating advanced enterprise solutions will become obsolete. (my opinion) Also within 5 years almost all consumer router/firewalls will have UTM solutions integrated. It's the logical progression of things, we've been using UTM for decades in enterprise, and only now are we seeing consume grade hardware with it.. It took long enough, right?