Early computer viruses under MS-DOS were simple things, chunks of code appended to executable COM files. Norton Antivirus was there, starting in 1990, working to wipe out these nasty infections. Norton AntiVirus (2014) continues to do the job, growing and evolving to face ever more complex types of malicious code.
Like Bitdefender, Kaspersky, and a few others, Symantec has stopped using a year or version number for its Norton product line. I’ve appended “(2014)” for the simple purpose of distinguishing this product from earlier versions.
Big, touch-friendly buttons on the main window let you quickly launch a scan or check for updates. An info panel monitors CPU usage (overall and specifically by Norton). The product comes configured for the best balance between security and performance, so most users won’t need to dig into the product’s settings.
A New Technique
When I met with Symantec representatives prior to this review, they explained a truly impressive new feature that’s been added to the current version. Sometimes malware infests essential Windows components, in effect taking them hostage. The antivirus can’t quarantine the infected file without disabling Windows. The best solution would be to replace the file with a clean copy of the original, but licensing issues prevent doing so directly.
To clean up this kind of problem, the product first consults the immense Norton Insight database to locate the corresponding clean file, then runs a cloud-based comparison against the infected edition. It supplies the local Norton installation with a file that represents the difference between the two—in effect, a set of instructions for changing the corrupted file back to its clean equivalent. Once the clean file has been verified, the cleanup is complete.
I frequently run into big problems with antivirus products that get too aggressive and delete important Windows files. I’m really impressed with the cleverness of this technology.
Installation Ups and Downs
The installer for Norton AntiVirus checks for problems and, when possible, solves them. For example, on one test system it detected an illegitimate proxy installation and offered to remove it. Doing so saved it from a host of post-install connection troubles.
When malware has rendered a system unbootable, or when ransomware actively blocks access to the system, the Norton Bootable Recovery Tool offers two ways to save the day. You can run Norton Power Eraser, an aggressive malware-killing tool, or run an advanced recovery scan. This tool easily wiped out ransomware on one test system, allowing installation of the full product.
On the flip side, the new cleanup technology I described didn’t prevent Norton from damaging two test systems to the point they would not boot. On one system, Norton’s Auto-Protect flagged a number of files immediately after installation and requested a reboot to finish cleanup. After reboot, it went into an endless logon/logoff loop. The other system couldn’t update, activate, or call on its built-in support. On advice from tech support I tried Norton Power Eraser, and when that didn’t help, Norton Bootable Recovery Tool. This system ended up in the same kind of logon/logoff loop.
Getting these problems fixed required several hours of interaction with tech support, including remote-access diagnostics and repair, which was rather disappointing. Both systems did eventually get fixed, but it took a lot of work. I rate the installation experience at two stars.
Norton and the Labs
My Symantec contacts always point out that Norton products block malware at many different levels. The Norton Insight database blocks downloading from known malicious websites and increases surveillance on files coming from suspicious sites. The database identifies a vast number of known good and bad files, and calculates a reputation score for unknowns. Depending on the score, an unknown may be blocked from launching, or may just have its behavioral monitoring level cranked up.
The product also includes a level of intrusion prevention rarely seen in standalone antivirus tools. When I attacked it using the Core IMPACT penetration tool, it blocked every one of 30-plus exploits at the network level and identified many by name.
Because of this multi-layered approach, Symantec’s position is that standard, static tests of malware detection are passé and shouldn’t be relied on. They advocate “independent ‘whole product’ or ‘real-world’ tests that most closely represent the interests of consumers and utilize all of the proactive technologies provided with a product, as opposed to ‘static’ tests that only test an individual component.”
Because they don’t accept the on-demand test performed by AV-Comparatives, Norton products can’t participate in any of that organization’s tests. That’s too bad, since AV-Comparatives performs one of the more significant real-world dynamic antivirus tests.
Both ICSA Labs and West Coast Labs do certify Norton’s technology for virus detection and removal; West Coast Labs adds a number of additional checkmark certifications. The company skips most testing by Virus Bulletin, but has received VB100 certification in three of four fairly-recent tests.
AV-Test rates antivirus products on their ability to protect against malware attack, their low impact on performance, and their overall usability. Norton earned six points (the maximum) for usability in the two latest tests; it got one 5.5 and one 6.0 for protection. Overall it averaged 15.8 out of a possible 18 points in those tests. That’s good, but Bitdefender managed 17 points both times.
For more about the labs and their tests, see How We Interpret Antivirus Lab Tests.
Norton AntiVirus (2014) lab tests chart
The question does come up—why couldn’t they adjust the product so it does what they think it should and also passes all the tests? Indeed, rumor has it that some vendors assign as many as a dozen engineers specifically to the task of ensuring good test scores. My Symantec contacts say doing so would just encourage retention of what they consider to be bad testing styles; they don’t want to be enablers.
Good Malware Cleanup
Norton did a good job cleaning up my malware-infested test systems, though it didn’t earn the very highest score. It detected 86 percent of the samples and scored 6.3 points. Of products tested using this same malware collection, only two did better. The oddball cleanup-only Jumpshot got 6.5 points, and Bitdefender Antivirus Plus (2014) earned the top score of 6.6.
When I tested Norton’s last edition using my previous collection of malware, it was likewise almost the top scorer, with 6.6 points. Comodo Internet Security Complete 2013 and Webroot SecureAnywhere Antivirus 2013 also got 6.6 points. The top score, better than any other free or paid product, went to the free Malwarebytes Anti-Malware 1.70, with 7.1 points. For details on how I test malware removal, see How We Test Malware Removal.
Norton AntiVirus (2014) malware removal chart
Decent Malware Blocking
As noted earlier, Symantec touts Norton’s many-layered approach to protecting PCs from malware. URL-based blocking is among the first defenses. When I tried to re-download my current malware collection, Norton blocked access to all but one of the still-functioning URLs. Its Download Insight feature whacked the one sample that got past that initial defense, for 100 percent protection in this simple test. Norton also scans files that arrive on your PC via email and instant messenger.
Detection of samples already present on a PC before Norton’s installation is the kind of static test that Symantec considers iffy, at best. They point out most of the information available in a real-world attack is missing. Even so, Norton wiped out 72 percent of my samples as soon as I opened their folder.
I launched the samples that survived, and was a bit surprised to find that Norton missed several of them. It detected 86 percent of the samples and scored 8.5 points for blocking, well below the best products tested with this sample set. Bitdefender and several others took 9.0 points, while Ad-Aware Free Antivirus+ 10.5 managed 9.4 points.
Tested using my previous malware collection, Webroot received a near-perfect 9.9 points. Norton’s performance last time around was almost the same as the current test, with 84 percent detection and 8.4 points. To learn more about how I test malware blocking, please read see How We Test Malware Blocking.
Norton AntiVirus (2014) malware blocking chart
Impressive Bonus Features
As I mentioned earlier, Norton includes an Intrusion Prevention System that performed extremely well in testing. It blocked more than 30 exploits at the network level, identifying some of them by name.
Norton AntiVirus also includes powerful phishing protection, a feature that many vendors reserve for their full security suite. In my own testing, I use Norton as a touchstone to compare with other products, as it consistently detects the vast majority of brand-new phishing sites. Only a few antivirus products have done better in recent tests. Bitdefender Antivirus Free Edition (2014) beat Norton’s detection rate by one percentage point while McAfee AntiVirus Plus 2013 beat it by four points. The only other products with better detection rates were two full-scale security suites.
To learn more about how I obtain brand-new phishing URLs and conduct this test, see How We Test Antiphishing.
Norton AntiVirus (2014) antiphishing chart
This product comes with a full installation of the effective Norton Identity Safe password manager. Granted, Identity Safe is free, but having it automatically installed along with your antivirus is a nice boost toward using safer passwords. Note, too, that you can sync multiple installations of Identity Safe via your online Norton Account.
The Network Map feature reports on the security of your wired or wireless network and displays all devices attached to the network. Once you enable remote monitoring, you can view the status of all your Norton installations from any one PC, and dig in for full details including recent malware detections. You can’t remotely launch a scan or change settings, though.
When you’re on wireless-over-4G or some other expensive connection, you don’t want to spend bandwidth on antivirus updates and such. You can define Cost Awareness settings for each network you use: No Limit, Economy, or No Traffic. That’s handy!
Clicking the Performance link visibly flips the main window, displaying a performance graph on the “back.” From here you can also check the status of background tasks. A Norton Insight scan will analyze all the applications on your PC and report on their prevalence, resource usage, and stability.
If you subscribe to Norton Backup, you can reach your files online via a quick link on the main window. Another link reaches the file-sharing service Norton Zone. You can scan a QR code with your Android or iOS device to install Norton Mobile Security. A fourth link lets you manage your Norton installations online.
Still a Winner
Symantec could do me a real favor by adjusting Norton so it passes static tests, but I can’t fault them for sticking to their guns and refusing. I use Norton to protect my own main work computer. Norton Antivirus (2014) remains an Editors’ Choice for standalone antivirus.
Webroot SecureAnywhere Antivirus 2013 also doesn’t do well in tests due to its unusual detection style. If you insist on good protection and good test scores, consider Bitdefender Antivirus Plus (2014). All three are Editors’ Choice products for standalone antivirus.
Copyright © 2012 Ziff Davis, Inc