The third candidate in our Security for Everyone series is Norton Internet Security 2010. Symantec's technological stars are Quorum and SONAR2, two technologies that are hoped to push the efficiency of the new security suite to the limit. Quorum uses input from the many users of Symantec products to build a reputation rating for any file that may be encountered in order to better assert its maliciousness. SONAR2 analyzes the behavior of programs to detect any threads. In this review, we will see if these two technologies, along with Norton Internet Security's other features, are as good as they sound.
The first impression I had was anything but favorable. Norton claims that they will not nag you with messages that remind you to buy their product and that they make the purchase as simple as possible. This is indeed true. I am yet to see any such screen and I have been testing Norton Internet Security 2010 for a full week. Unfortunately this comes at a price: you need to leave behind a lot of information on Symantec's website even if all you want is to download the trial version. You must leave your name, address and, most of all, a valid credit card number. This is very annoying, especially if you know that you do not intend to buy the program because you have not made up your mind yet (that's what trial version are for after all).
Symantec's clumsiness doesn't end here. For what it's worth, the installer is almost a usability dream. It brings up a flashy interface that actually looks good with Windows 7's default theme, you click install, wait a few seconds and that's it. It's really a one-click installer. OK, two clicks, if you want to select not to send data about the threats on your computer to Symantec. Unfortunately, a third click that would have allowed you to choose not to install the annoying Firefox/Internet Explorer toolbars would have not had a negative impact on the installer's usability. However, the toolbar has a negative impact on people's internet browsing experience. It just sits there, nagging you with obvious messages or offering to do things that Firefox/Internet Explorer already do, like storing your passwords securely. Even if it would offer more security, there is absolutely no reason why these features should not have gone into an extension instead of a full-width toolbar with a big Symantec logo on it. For what it's worth though, the toolbar can be safely disabled without any adverse effects.
The first run takes you straight to the main screen. That's it! No wizard, no suggestions for what to do next. Fortunately, there is little reason to tweak anything. All default options in Norton Internet Security 2010 are very well-thought: with the exception of Microsoft Office automatic scanning, all other scanning features that you might care about are turned on. The firewall is also correctly configured, idle time scanning and automatic updates are scheduled. The initial configuration is very finely-tuned, and my bad impression was already starting to fade out at this point. The only issue you need to consider here is the high resource consumption of the user interface. However, if you close the main window, things return to normal.
Ease of use and configuration
If you manage to get past the Star Trek-ish look of the interface, chances are you will like it. If there is one word that applies to it, that has to be 'minimalism'. There are very few options on the main screen and they can all be configured from a paged configuration screen. All the settings are gathered in the same place and, after the last two reviews of the series, you can already see me screaming that it's a disaster, but it's not. The options are so well divided that there's little scrolling to do anyway. Advanced options are separated from the rest, but there are only a few modules that have advanced options.
There is little context help available for options, but the documentation offers excellent explanations about most of the features, and you can quickly get to tech support from the interface. It's very hard to get stuck in the interface.
The firewall included in Norton Internet Security 2010 proved to be a lot stronger than I expected. In fact, it is the strongest of the programs I have tested so far in this series. Not only is it very easy to use, but its performance is way above average.
Unlike most solutions that ask you for confirmation almost every time you run something, Norton Internet Security will automatically allow known trusted programs to access the network without bugging you. This is where Symantec's database shows its strength: I could not find any program that your grandmother would want to use that is not already on the list of known trusted programs. Yahoo! Messenger, Skype, Firefox, MSN, Google Talk, Firefox, Internet Explorer, file sharing programs like uTorrent (but not like Kazaa), they are all there and you need not bother to confirm any of them. Unknown programs can be allowed, but their behavior will be monitored.
Furthermore, Norton Internet Security 2010 also includes a known list of application vulnerabilities and web exploits against which it can protect, so that malicious users will not be able to exploit their presence on your system. It is also very subtle and does not intrude the user's work in any way: all my attempts to remotely crash, choke or retrieve data from the computer were promptly dealt with and a small message popped up to announce that the attack has been dealt with. I was not successful in bypassing the firewall either: Norton Internet Security 2010 did not allow to kill the firewall or disable it in any other manner.
The only problem it had was blocking information leak from the computer. It did not leak any information to scanners, but programs on the computer that are not known to be malicious can freely leak information until SONAR2 notices and offers the option of blocking it. The unfortunate consequence of this is that it becomes very easy for a user's computer to leak information without his or her knowledge, as malware attached to a trusted program will be able to freely spread private data to its peers. Nevertheless, the magnitude of this threat is not too scary due to SONAR2's remarkable efficiency.
Antivirus and antispyware features
Norton Internet Security's anti-malware feature is two-sided: it has a great range of features and it is technologically sound, but the malware database is not on-par. It missed some test files that its other competitors correctly recognized as malicious, performing particularly bad against keyloggers. This is not due to a small database. In fact, anything older than a few weeks was promptly detected and fixed. Unfortunately, Symantec's team does not seem too agile and packs of newer malware managed to elude detection. However, there are some good things to be said about the anti-malware feature.
To begin with, the scanner has excellent performance. The first scan I performed took almost an hour and a half but all subsequent scans took less than ten minutes. Norton Internet Security 2010 does that by skipping files which have not changed since the last time they were scanned, and once the Norton Insight feature has gone through all the files, it can also skip those marked as trusted. Norton Internet Security 2010 also has the benefit of SONAR2 and Quorum when trying to heuristically evaluate risks: a file for which Quorum reports a good reputation will be treated a bit more loosely by SONAR2. However, I need to point out that Quorum is exploitable, since it relies on user input that is not otherwise verified.
Another area where Norton Internet Security 2010 excels is that of integration. The anti-malware features are tightly integrated with all the programs that can bring malware into your computer (web browsers and instant messengers included), allowing the protection engine transparent access to all downloaded resources and network traffic.
But the truly remarkable fact about the anti-malware engine is its low resource consumption. I was not having high hopes about this area, knowing Symantec's 'achievements' in this field during the last few years, but I had a surprise. If you leave the main window open, the CPU usage will go through the ceiling all the time, and the first scheduled scan will take a few ice ages, but after that Norton Internet Security 2010 resource consumption becomes much thinner. There is a noticeable slowdown when booting and shortly after logging in, but otherwise, the impact is very low considering the protection that Symantec's security suite offers.
I was somewhat reluctant in handing out the first 'Buy for Grandma!' award in our series. Norton Internet Security 2010 is not technologically top-notch in all areas. It does have good heuristic detection and it is tightly integrated with the system, but its antivirus and anti-spyware modules are far less efficient than today's industry standard. This is not due to a small database but rather due to a lack of agility.
However, I have to give Norton Internet Security 2010 credit for its strong points. The interface uses non-standard controls and the color scheme is a matter of taste, but it does its job. It is very easy to configure and every function easy to reach. It has a minimalistic design, the options are carefully packed together and the documentation is well-written and concise. Despite not fulfilling the complete potential of its technology, Norton Internet Security 2010 is a sound improvement over Symantec's efforts in the last few years and is now a suite that can give an inexperienced user enough protection for his needs.