Review: Norton Internet Security 2011

Symantec has kept the progression moving, improving both the proactive and reactive protections in its security suite. The Tech Herald spent some time digging into Symantec’s latest 2011 unified offering and, with the exception of a few items, found it to be just as impressive as previous versions.

Norton Internet Security 2011 (NIS 2011) has plenty in common with previous versions. This isn’t a bad thing. For 2011, what Symantec has done with the Internet Security version of Norton is improve the technology proven to work, while adding coverage to the latest vectors of attack that seem to have gained plenty of traction over the last year or so.

Symantec has added reputation-based defenses to NIS 2011, thanks to the growing Norton Community Watch and its more than 50 million members. This feature checks for the presence of unknown or untrusted files, even going as far as to examine uncommon files. It ties hand-in-hand with the new versions of System Insight and Download Insight.

For the Insight and Web protection, browser coverage includes Firefox and Internet Explorer, as well as Opera, Safari, and AOL. In addition, NIS 2011 uses these proactive detections to protect against malicious links seen in Outlook, AIM, Windows Live, and Yahoo Messenger. There is even a Facebook application that will monitor links posted to walls on the world's leading social network.

Signature protections aside - as those are just a given for security software - SONAR 3, the behavioral engine for NIS 2011, has been tuned to be less obtrusive and faster. It will focus more on what something does and compare it to its reputation, only in the event it doesn't immediately discover any potential malicious actions by a given process. SONAR 3 is no sandbox, but it did its job when needed, and offered no false positives in our tests.

We had a few concerns, of the cosmetic variety, and there were some detection hiccups, but overall NIS 2011 didn’t fail to live up to expectations or the hype.


Installing NIS 2011 was just as easy as the previous version. Installation takes about 90 seconds, and the only real interaction needed is the EULA agreement and the Norton Community membership. Given that the community program ties directly into the full scope of coverage, and the information collected is anonymous, we allowed the test system to join the community network.

After the installation process is complete, the final steps include the creation of a Norton Account. This will enable the ability to use Norton Online Family, and Online Backup. You could also run Live Update, downloading the latest detections and definitions, but this is optional really. Live Update ran for us within four minutes of installation. At the time of the initial installation, Live Update was 42 days old, but this will vary from user to user.


Using NIS 2011 will be quite simple for most. However, the dark skin on the control panel gave us pause. One of the reasons being the contrast of yellow, black, and white (with a touch of gold) seems to blend the entire interface.

While the actual controls are laid out in blocks and can be accessed with a click for finer control, several of the people we asked to look at the screen had to squint. Perhaps this is being too picky, we’ll freely admit this, but we were hoping for a bit of a change in the graphical user interface (GUI) department.

Nagging aside, one great addition to the NIS 2011 interface itself, is how it can act like a master control for the other Symantec Services. As seen below, it’s nothing more than a simple matter of point-and-click to access Online Family options, Online Backup options, or Safe Web reputation and search options. The map itself represents real-time threat monitoring around the globe by Symantec sensors.

The ability to control all of a vendor’s offerings in a single setting is a great one. Symantec earns some points for this, but, at the same time, the granular controls over the application itself could cause confusion for some. Clicking settings alone from the main panel will offer a section split into five parts, each with different switches and granular settings.

Symantec has included a noticeable help icon next to each section, and that opens the HLP file shipped with the product. The help documentation is full of pertinent information, but it isn’t for the faint of heart. When in doubt, if the HLP file isn’t cutting it, use the Help section link from the main panel, which includes links to one-click support and online tutorials.

Aside from the dark interface, and the risk of too much control, using NIS 2011 offered us no problems that prevented the software from working or hindered system operation in any way.


Since 2009, Symantec has adopted the stance that a good file shouldn’t be scanned more than once, unless something has changed it. The reputation checks, combined with the community aspect of the detection engine, are what allow NIS 2011 the ability to perform deep system scans without much of a system drain and taking ages to complete.

Below are the results of the scan tests.

Full System Scan (Norton Internet Security 2011):

Scan One: 0:00:22:18
Scan Two: 0:00:05:02
Scan Three: 0:00:03:37
Scan Four: 0:00:03:43
Scan Five: 0:00:04:53

Average Scan Time: 0:00:07:54.6
(AST NIS 2009: 0:00:11:85.2 reviewed 10-02-2008)
(AST NIS 2010: 0:00:22:55.2 reviewed 10-19-2009)

In each of the tests, a full system scan was performed, using the base defaults offered by NIS 2011. The scanned system uses 12.3 GBs of space total.

As is the case with all reviews, only the top-five scans were counted for the total average. However, to confirm the findings from the 2009 and 2010 tests, we ran several scans to confirm the slowdown between the first scan and other subsequent scans. The pattern remains in NIS 2011. There was a reboot after scan one, which was a scan performed after a cold start of the system, and another reboot after scan four.

Even with the anomaly of longer scans after rebooting, and the larger scanning area, the times speak for themselves. NIS 2011 dramatically shaved its scan time performance compared to prior versions.

Malware Detection:

When it came to the actual Malware samples, NIS 2011 missed nothing.

If it wasn’t detected on a passive scan, the moment the Malware was executed it was flagged and removed. However, as mentioned in our recent Comodo test, Norton did leave a trace behind and missed out on a point for overall detection.

We collect new samples for each security review and the previously used samples are submitted to Virus Total, where they are shared with each of the security vendors. Given that we had already tested NIS 2011 with live samples during the comparison with Comodo, we did not run a second live sample test.

To test Symantec again, even with different samples, seemed unfair. After all, Symantec would have had advanced notice for the majority of the samples its platform was to be tested against. No other vendor gets that consideration, as each of them has only one chance to take the live Malware test, so we felt it wouldn’t be right to change processes for a single review.

Symantec did fine on the live test, earning 50 points out of a possible 50 for sample detection and removal, and four out of five points for overall detection.

Malicious URL Detection:

Unlike the Malware test, where we did not test Symantec a second time, we did run the URL test more than once.

Malicious URL detection is different from Malware testing. There are thousands of malicious URLs created each day to spread Malware or steal information. Detecting Web-based threats is something a security suite has to do on the fly, with near real-time results. Most of the Malware a user will see while online comes from the Web, nearly all of it in fact.

For this reason, we gave Symantec's latest offering 10 more domains. Each of them, at the time of testing, was less then 24 hours old. As was the case before, NIS 2011 didn’t miss a beat, no matter what threat was delivered. If reputation didn’t flag the problem, Download Insight or the intrusion prevention did.********.exe

For each of the previous six domains, NIS 2011 prevented the page from loading by displaying a Safe Web alert. There is no mistaking the bright yellow screen and giant red 'X', and, unless you click the small text to bypass the warning, you get no access at all.

This domain attempts to use the Eleonore exploit kit to infect the system by exploiting Java. The attack was blocked using the intrusion detection offered by the NIS 2011 firewall.

These domains attempt to push Rogue anti-Virus platforms. The fake security software was flagged and removed with Norton’s Insight the moment it was downloaded. At no point was the software allowed to run.

This domain redirects to an entire host of Malware and exploit attempts. Once the redirection started, NIS 2011 flagged the domain and prevented communication with the controlling site. The attempted payload was blocked as well.


Spam filtering in NIS 2011 worked remarkably well. We were impressed with the scanning and removal of malicious attachments.

When the email-based Malware arrived in a Zip file, the file remained, but the payload itself was gone or rendered useless. Likewise, HTML file attachments were replaced with a friendly .txt document informing us that the malicious content had been deleted.

We tested a total of 2,137 messages. They were a mix of opt-in news letters and marketing materials, unsolicited marketing (drug spam, dating spam), normal legitimate email, and malicious email (i.e. LinkedIn scams, Xerox scams, UPS shipments, HTML attachments, and CVs or Resumes).

Norton missed only 26 messages, earning it a detection rate of 98.78 percent.


NIS 2011 is consistent when it comes to protection. It uses all of the layers available to make a solid attempt to defend a system, no matter the threat. It won’t stop everything, no security software can, but we can honestly see the effort here.

Layered defense aside, there were some other add-on features we took note of that are worth mentioning. We liked the introduction of the Facebook application in NIS 2011, part of Safe Web, where wall links are scanned for threats. The thing we didn’t like about it was the fact it is an application and it needs permissions.

Another cool addition to the Norton line is Power Eraser. When you run a scan or if there is a detection made, there is an option to select if you feel there is still a problem. This option is a link to the Power Eraser tool.

What it does is blast away infections that are hard to get via normal means, but it should be treated as a last resort, as it is aggressive and could flag important system files. If this happens, the problem could be compounded if they are removed.

This year’s version of Norton Internet Security is the first to incorporate several Norton services in one setting. This is a sign of things to come for security software, where quick access and ease of use will be all that matter to the consumer.

Overall, Symantec has done a great job improving momentum by sticking with what already works and adding new tools and a single point of control for several related products. Earlier nitpicks aside, NIS 2011 is well worth trying out, not least because its free 30-day trial is fully featured. The purchase cost for Norton Internet Security 2011 is $69.99 USD for a license covering three PCs.

Final Score: 99 out of 100

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Awesome Stuff Made Out Of Car Parts

An awesome picture has started doing the rounds showing a bathroom with sinks made out of car tires and faucets created from gas pumps. It’s the ideal bathroom for any discerning car nut. That got us thinking — what other stuff is there made out of car parts and car paraphernalia. Here are some of the coolest […]

Range Rover Evoque Convertible Confirmed

Land Rover has officially confirmed that the Range Rover Evoque Convertible will go on sale in 2016. The company released some publicity photos showing a prototype of the Evoque Convertible driving through train tunnels under construction in London. The company says use of the Crossrail tunnels let them test the convertible in privacy. A Land […]

Mercedes-AMG GT3 Racing Car to Debut at Geneva Motor Show

The company says the standard Mercedes-AMG GT already provides the ideal base for the race model, with low centre of gravity, good weight distribution and wide track width.The driver sits on a carbon-fibre seat pan and is protected by a roll-over cage made from high-tensile steel.The engine cover, doors, front wing, sidewalls, side skirts, diffuser, […]

Lamborghini Aventador Wallpaper

Lamborghini Aventador wallpaper for your desktop or mobile device. The Aventador LP 700–4  has a 6.5 liter V12 that will go 0–60 mph in  2.9 seconds and take you all the way to 220mph and maybe beyond.Each image links to a page with multiple sizes of wallpaper you can download.

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]