Norman Antivirus 10 review

Norman Antivirus 10 successfully implements a new emphasis on simplicity and ease of use. However, its cleanup partially disabled one test system, and its actual antivirus capabilities don't match those of the very best products.
Photo of Norman Antivirus 10

Security experts need antivirus protection, but so do folks who just want to use the PC for entertainment and communication. The makers of Norman Antivirus 10 ($45.95 direct for three licenses) aim to make it completely simple and self-explanatory, and for the most part they’ve succeeded. As for the product’s ability to remove malware from an infested system and to keep out further infestations, well, those features could use a little work.

The current edition’s user interface has shifted toward big, touch-friendly controls. Large button panels on the main window serve to launch a scan, check for updates, or view files in quarantine; smaller buttons open the task scheduler and settings window. This emphasis on big, self-explanatory controls goes deeper than just the main window. Big sliders turn components on and off, big radio buttons select between different states, and so on. There aren’t a lot of configuration options, and all come pre-configured for the best security.

The one possible source of confusion is the fact that the product installs under the name Norman Security Suite. If you look at the settings page you’ll see that antivirus protection is present but the other five suite components marked with a note saying “The license for this product has expired.” Don’t let it throw you; this really is Norman Antivirus.

Preinstall Scan
As part of the somewhat lengthy installation process, you’ll be offered the chance to run a preinstall scan. This launches a version of Norman Malware Cleaner that’s tailored for automatic action. It doesn’t log what it did, but I know it found malware on half of my malware-infested test systems because it requested a reboot to complete the cleanup process.

The preinstall scan offers to run a follow-up scan after reboot; on one system it ran three times to complete the cleanup process. After a preinstall scan that requires rebooting, you’ll have to start the installer again and just skip the preinstall scan this time around.

On one test system, malware actively terminated the antivirus scanner every time it launched, and also made booting into Safe Mode impossible. A scan with the full Norman Malware Cleaner didn’t help immediately; what solved the problem was uninstalling and reinstalling the full Norman antivirus.

Ransomware on another test system renders the desktop inaccessible, even in Safe Mode, making installation of antivirus software impossible. I was absolutely amazed that Norman tech support deduced the exact nature of the ransomware from my sketchy description and supplied a code that unlocked the desktop.

Now the bad news. The preinstall scan on one of my systems apparently quarantined or deleted a huge number of important Windows files, among them Notepad and the Windows Installer. As noted, the preinstall scan doesn’t log its activity, leaving me in the dark as to just what it did. Going forward, the developers plan to add logging. With a lot of help from tech support I eventually managed to get the product installed and working, but the system remained partially unusable.

I rate the antivirus installation experience on a five-star scale, with five stars meaning the product installed on all my test systems with little or no hassle. The more time and effort needed the fewer stars, with two stars normally meaning it took hours and hours of interaction with tech support. Utter failure to install on one or more systems earns a single star; completely disabling one or more systems gets no stars at all.

The amount of work required to get Norman installed and scanning on all twelve systems would have earned it three stars for installation, except for the fact that it left one system partly disabled. I’m knocking it down to two stars, since the damaged test system was still partially functional.

Decent Lab Results
Not all of the independent labs include Norman’s technology in their testing, but those that do give it generally good marks. ICSA Labs certifies Norman for both virus detection and virus cleaning, and Virus Bulletin awarded it VB100 certification in 80 percent of the latest tests.

German lab AV-Test rates antivirus products on Protection, Performance, and Usability. A product can earn six points in each category, with a total of 10 needed for certification. In the two most recent tests, Norman earned 12 and 13 points respectively, easily achieving certification. With 17 of 18 possible points, Bitdefender Antivirus Plus 2013 is this test’s consistent top scorer.

The chart below summarizes recent results from the test labs that I follow regularly. For more on the labs and their tests, see How We Interpret Antivirus Lab Tests.

Norman Antivirus 10 lab tests chart

Decent Malware Removal
With the product installed on all test systems, I launched full scans. The antivirus scanner automatically takes care of any problems it finds. I definitely prefer that style to products that accumulate a list of found malware traces and wait for permission to deal with them. In some cases, the scanner requested permission to reboot for complete cleanup. When no reboot was needed, the scanner simply shut down on completion.

For most users, that’s probably just fine. In my case, I really need to know what the antivirus found, so I can check how thoroughly it was removed. Between the quarantine list and the product’s detailed log file, I pieced together just what it did during the antivirus scan.

Norman, avast! Free Antivirus 8, and Emsisoft Anti-Malware 7.0 all detected 75 percent of my current malware samples. Avast! did a somewhat better job cleaning up what it found, earning 5.8 point to Norman’s 5.6. The best score among products tested with this same set of samples was 6.0 points, earned by Kaspersky PURE 3.0 Total Security, so Norman isn’t far behind.

Among the larger group of products tested with my previous collection of malware samples, the free cleanup-only Malwarebytes Anti-Malware 1.70 earned the top score, 7.1 points. Norton AntiVirus (2013) and Webroot SecureAnywhere Antivirus 2013 both took 6.6 points.

The chart below lists my scores for dozens of current antivirus products. Please read How We Test Malware Removal for details on how I arrive at these scores.

Norman Antivirus 10 malware removal chart

Decent Malware Blocking
After installing Norman on a clean test system, I opened a folder containing my current collection of malware samples. The minor file access that occurs when Windows Explorer checks a file’s name, size, and date/time stamp for display was enough to trigger the product’s realtime protection. It wiped out 83 percent of the samples on sight. It did ask for (and receive) permission to remove one file identified as merely “potentially unwanted.”

As a sanity check of a product’s ability to detect polymorphic malware, I also opened a folder containing hand-modified versions of the same collection. For each file, I changed the filename, appended nulls to change the file size, and tweaked a few non-executable bytes. I was a bit surprised to find that this simple chicanery caused Norman to miss fully a third of the files whose unmodified versions it successfully detected. This could indicate a signature-based detection system that’s less flexible than most.

I launched those samples that weren’t wiped out on sight and observed Norman’s behavior. It missed most of them, and allowed installation of some executable files for all those it did detect. In fact, despite Norman’s attempts at prevention, one sample managed to install and activate its rootkit technology. Yes, in my malware removal test the full scan did remove this particular rootkit, but preventing installation entirely is surely preferable. For a detailed explanation of how I perform this test, see How We Test Malware Blocking.

Norman Antivirus 10 malware blocking chart

Perhaps the best method for fending off a malware attack is to prevent the malicious program from ever downloading to your PC. Some antivirus products actively prevent access to known malware-hosting URLs, some check all downloaded files, some do both. Norman doesn’t block URLs, but it did catch 71 percent of the samples during the download process.

Avast! did quite well in this test, with 56 percent blocked at the URL level and 32 percent during download. G Data AntiVirus 2014 also did well, blocking the URL for 61 percent and catching another 17 percent during download.

Improved, Could Still Improve
I like Norman’s emphasis on simplicity, and this version improves on the previous in many areas. It did some reversible damage cleaning up one test system, but its test results are good overall.

The problem is that other systems have returned great results in those same tests, without any collateral damage. Norton AntiVirus (2013), Webroot SecureAnywhere Antivirus 2013, and Bitdefender Antivirus Plus 2013 share the honor of Editors’ Choice for commercial antivirus. Yes, one license for these products costs almost as much as Norman’s three-license price, but they’re definitely worthwhile.

If price truly is an issue, consider one of our two Editors’ Choice products for free antivirus, AVG Anti-Virus FREE 2013 and Ad-Aware Free Antivirus+ 10.5. Both of them outscore most commercial products both with the independent labs and in my hands-on tests.

Specifications
Tech Support Local language tech support via mail of phone.
OS Compatibility Windows Vista, Windows XP, Windows 7, Windows 8
Type Business, Personal, Professional

Verdict
Norman Antivirus 10 successfully implements a new emphasis on simplicity and ease of use. However, its cleanup partially disabled one test system, and its actual antivirus capabilities don't match those of the very best products.
Published under license from Ziff Davis, Inc., New York, All rights reserved.
Copyright © 2012 Ziff Davis, Inc