The Tech Herald got a chance to review Norton 360 2.0 recently, and after three days of testing, here is a rundown of the results.
Norton 360 comes with an impressive set of features. It is a well balanced offering for the typical user. Anti-Virus, anti-Spyware, ID protection, and data archiving are just some of the items that make Norton 360 a good tool to have on a computer. With that said, it is important to note that even all-in-one products have their shortcomings.
The coverage and protection offered by Norton 360 was great. There were some glitches however, with Norton 360 failing to prevent some Spyware, and Adware. When testing known malicious sites, the virtual computer was infected with various fake anti-Virus products, such as Advanced Cleaner, Malwarecore, and AntiSpyware Shield. In another round of testing, (Google searching for “watchguard vpn disconnected applications”) a malicious link led to an ActiveX (BHO) request to load an embedded video on the website.
In both cases of testing, the virtual machine was infected with Malware of various types. The backdoors and Trojans were picked up by Norton 360 instantly. However, the Adware that presented fake AV warnings and random pop-up messages on the desktop were missed completely. Inside Internet Explorer, another toolbar appeared with links to AV scanning and Spyware removal. These options, when clicked, led to trustedantivirus.com and systemerrorfixer.com via a redirection script from safenavweb.com. Those two sites installed more fake AV software including a second install of Advanced Cleaner. Later, Spybot S&D was installed to clean up the items.
After Spybot cleaned the system, samples of known Malware were loaded on to the C: Drive. Each sample was located by Norton 360 and removed before they were activated. A single piece of Malware, previously unknown in the wild, was detected using active monitoring and removed.
Norton 360 uses an “Intelligent Scanner,” running scans and other checks in the background as you work. While this happens, you will notice little—if any—resource drains to the system. During testing, several background options were being run during scans, including PDF viewing and creation, web browsing, and downloading. In addition, it will automatically scan when the computer goes idle if you chose to allow this.
Drive-by-downloading is another protection feature of Norton 360. During testing, malicious sites that were using iframes to download Malware were blocked by 360’s scanner. The built-in firewall is likely the reason for this. The Symantec Online Network for Advanced Response (SONAR) Smart Firewall automatically configures itself to allow good programs to communicate over the Internet while blocking Spyware, viruses, and worms.
The navigation and usability are exactly what you would expect for a product aimed at both home users and SMB's. Its easy to follow menus allow for fast access to scans and reports. The Identity Protection, granting the ability to store personal information securely, works well with the Phishing filter. Out of fifty links to Phishing domains, Norton 360 stopped all fifty. This is after Internet Explorer and Firefox allowed access to five of them. (Norton 360 will ask to manage anti-Phishing protection, for the test this was both allowed and disallowed.)
The backup option allowing data to be stored on Blu-ray, HD DVD, iPods and shared drives, in addition to internal drives, CD/DVD drives, USB drives, external hard drives, mapped network drives, and secure online storage worked as expected. (Blu-Ray testing was not done.) The backup is a scheduled option, along with scanning and PC health checks.
Regarding PC health, Norton 360 cleaned up missed registry links that were broken by Spybot, and not removed. With a single scan, Norton 360 found them and cleaned up the issues. There is also an interesting diagnostic report for easy system troubleshooting and problem solving. Users receive data on Norton 360’s status, startup applications, installed applications, resource utilization, OS configuration, hardware configuration, and system restore points.
Overall, Norton 360, despite the issues with some Malware getting past the scanner, is a solid combination program. Where it lacks on coverage when dealing with some of the older Malware, it more than makes up for when it comes to current protection. The added advanced scanning, detecting threats before they are known, is a serious bonus. While there is no single source to stop all web threats, Norton’s 360 in combination with a currently patched system comes seriously close. Adding Spybot S&D only added to the layers of protection.
Recommending Norton 360 Version 2.0 to a home user is an easy decision. The mix of layered protection and the ease of use will work well in the home. However, large business networks would be better served by a managed solution. SMB’s with a small scale network could use Norton 360, until they out grow it. The target should be twenty users or less, more than twenty should call for an Enterprise level setup.
Total Score: 8 of 10
Windows XP SP2 (Completely patched)
Intel Pentium D 3.4 GHz CPU
Norton 360 – 2.0
Adobe PDF Reader 8.1
Spybot S&D 1.52
With Norton 360 installed, and with Windows (including Internet Explorer) completely patched, the testing was as follows:
1. Infect system with Spyware and Malware:
A. Install known malicious software
B. Visit known malicious websites
C. Using the list from http://www.it-mate.co.uk/downloads/hosts.txt
2. Infect system with known Viruses:
A. Samples from offensivecomputing.net
B. Known samples form live websites
3. Phishing and Online Fraud:
A. Visiting sites included in random email samples
Malware Spamles: Trojan-Spy.HTML.Smitfraud.c - Located and removed instantly
Malware Samples: I-Worm.Alcaul.z - Located and remove instantly
Malware Samples: Magician - Located and removed instantly
While not the most scientific of tests, the goal was to take a fully patched system and blast it with known Malware. The mentality behind this was to mimic the common user, one with little to no knowledge of Internet security or safety.
The test is rated on four parts each worth twenty-five points:
1. Over all ease of use to the end user
2. Ability to detect and remove Malware samples
3. Active defense when surfing known Malicious websites
4. Active defense when visiting Phishing or other malicious links inside of email
In this test, Norton 360 rated the following:
1. 25 pts
2. 20 pts
3. 15 pts
4. 25 pts