Norton Launches 2012 Products

Watch it again and at 9:22 you can see it prompt for elevation and he grants it. I am not going to fault Norton too much for its failing to stop a rootkit someone gave admin permission to. You'll notice it also broke MBAM and Hitman Pro from running as well. Just another commercial for Comodo.

 

Atleast the UAC should be turned on which is the default setting in the OS. If the user is ignorant enough to allow all UAC prompts he should not use his system for sensitive financial and personal purposes.

There were already threads about languy and his testing methods which were subsequently closed by Admin.
-http://www.wilderssecurity.com/showthread.php?t=260143-
-http://www.wilderssecurity.com/showthread.php?t=280496-

 

Of course a test can be faked, as you describe. The answer for that is to use strict testing methodology and make it possible to duplicate the results so that others (or at least other testing agencies) can confirm the findings. The main problem I see with the test is how casual and imprecise it is. I haven't watched other test videos by Languy before so I don't know if this is typical. An additional benefit of doing this more professionally is the videos could be shorter - this one rambles on and is tedious to watch.

 

I agree. However, this does not explain how easily Norton was disabled. I mean, if you have a folder with 70 malware executables, and go ahead and run them one after the other, pretty much every security suite will fail at some point and let something through. I am not shocked that Norton failed at stopping a piece of malware, but I am surprised that its "tamper protection" was so easily disabled.

 

I missed that - thanks for pointing it out. It should be stated as part of the testing methodology that UAC prompts will automatically be allowed if that's the case.

 

Well, as I said before (post #98 ) what difference does it make if the program is deleted Vs bypassed? Tamper Protection is something enforced through software settings. I don't find it surprising that some malware knows how to target those settings.

 

Norton was still operating AFTER he granted those permissions (Unless the rootkit was wise enough to generate its own Sonar pop ups). Additionally, the files he granted permission did not install.

I don't see any way around calling this a huge fail by Norton Self-Protect. So much more disturbing it being the second time this by-pass of the NIS 2012 self-protection has been demonstrated. I have a current subscription to NIS 2012 and I have now lost confidence in it. Word spreads and Norton is gonna be a BIG target for this type of work-around of the self-protect module. If the author of this rootkit figured it out he soon will have a lot of company in the cybercrime community.

Luckily I only have a month to go on my subscription and Kaspersky KIS is on sale at Best Buy ($39.95) and I'm gonna run out and get it. At least KIS knows how to protect itself. http://www.anti-malware-test.com/?q=node/190.

 

That is does, probably better than any. I however got tired of seeing avp.exe crash every time I open Outlook. And sometimes when I would launch other products. Every product has a weak point where it fails. I sit on licenses for 4 products and am not entirely happy with any of them. I wish you the best of luck in finding the one you like best.

 

I got to thinking about this and I may be entirely wrong, but I have to wonder about the newly introduced Norton Management. This will let you remote uninstall Norton from any machine under this management. Maybe someone found a way to exploit this. Maybe it is not the tamper protection that is failing after all, but someone exploiting this uninstall mechanism. Though the end result doesn't matter much which it is.

 

I've noticed that at about the 0.33 second of the vid,the action centre flag suddenly appears flagged with a red cross which possibly means that NIS needs a reboot or something else?.As the vid proceeds and languy opens the about gui of NIS and continues,you can see that there's no trust level and that nortons cpu activity is very very high(about the 48sec mark its showing 80%).Im just wondering whether he updated NIS and didn't bother to restart ,which is sometimes required?.Im not saying that NIS still wouldn't have been shut down or any other av that he might have tested,but his methodology and the way he conducts these tests isnt really that good imo.Why doesn't he show all the icons in the tray,and why does the action centre suddenly give a warning even before any malware is tested?

 

Good catch. Something not right there.

 

Unless someone can PM me with a sample of malware that is able to disable Norton , or even better, just to infect the machine with Norton running, I'm not going to believe in any of this. Simple as that.

This is like talking whether some UFO footage is real or not....

 

I have been a fan of Norton for the last couple years, and felt it is the best AV available. With that said, I just tested it in VirtualBox, using links from Malc0de. about 6-7 links in Nortons firewall and AV were both disabled and from then on failed to protect the system. I tried rebooting, and though NIS loads, all protection is disabled, and will not restart.

It appears there may ve some flaws in Norton 2012 that need to be address asap.

 

Okay, I'll try it now with malc0de , if true ... what can I say ... buy buy Norton ...

 

I guess there is stuff out there that could disable it.I've downloaded one or two from languys list that he,s clicked but norton has stopped them.Of course the ones I downloaded may not be the same as languys ,but hey..i guess my methodolgy is as good as his? To be honest though he clicks so fast without letting the viewer see what happens that its hard to tell (for me anyway)which piece of malware on his list is actually the culprit?,or whether its a combination

 

Looking at best, have things very wrong in this test as already pointed out. Excessive use of CPU is really strange.

The ease as he ignored the Norton is also bothered me.

Hawki, you will switch to another product because of a test that looks pretty doubtful?

I do not want to do A vs. B, but I've seen a plethora of tests in which NIS was better.

I'm happy with my NIS and I know that is extremely reliable.

 

I wouldnt recommend anyone abandon Norton after this test. I think it has been the best or near the top for the last 3 years or so. If there is an issue, I am sure Norton engineers will fix it asap.

I was testing another one of my favorite AVs yesterday (CIS beta), and two different links causes the PC to reboot, even though they were sandboxed. No AV is perfect.

 

Yes, antivirus are not perfect really. But now because of this test it seems that Norton does not protect anything. At least that's the feeling I'm having.

Norton failed but I do not think that is reason to crucify him as some are doing.

I'm not believing this test - not that I'm no fanboy - I'm not believing for a few things that are not normal as I mentioned in my previous post.

It ran against the malware and NIS was excellent, so trust and will continue relying on NIS - as at least in my tests (and AV-Comparatives, etc.) it is good.

Sorry for my poor English.

 

Assuming for the moment that the methodology of that test was good so the results are accurate and reproducible it is still about products that are one or two years/versions old. I don't know that you can take for granted that the latest version of Kaspersky scores 100%. NIS 2010 scored 91% which is not too shabby, but what does that say about NIS 2012? Nothing unfortunately - it might be better, or worse. Also keep in mind that these tests were apparently not done on x64 versions of Windows 7 - who knows if outcomes would be different on that OS? My point is just that the effectiveness of security apps is always in flux. If it were perfectly clear which apps are the best (for everyone in all cases) we wouldn't need to have these discussions

 

Interesting theory. If I had the time I would retry the same links with 2011.

 

Very true.

 

I don't know what's your game here buddy , but I just executed every single link from malc0de , including the last one from page 6 , that's right , 6 pages.
Guess what, it was perfect, every single one was detected, machine is clean, Norton works normal.

Thanks for wasting my time

 

What VM software are you using?

 

VMWare.

OS is Windows XP SP3, there was nothing in there installed.
NIS 2012 was downloaded from sofpedia, 30 day trial.
After installation I did one update, it was 75MB , checked again after that for updates, there was nothing to update.
I didn't reboot.
Then I launched firefox , went to malc0de and tried every link from the first 6 pages.
I invite everyone to try the same thing and confirm.

btw I just want to say that I'm far far away from being a Norton fan boy , couldn't care less for it , and like I said ... give me just one sample that infects machine and I'll uninstall it.

 

Ok, well I don't have a "game here". I reported what I found. I didn't ask you to test 6 pages of links, so don't complain I wasted your time. I don't care if you believe me or not.

I still like NIS, and have confidence in it. I have it installed on one of my PCs, and my parents. No AV is perfect, and after two years of personal testing Norton has always been one of the best for me.