Norton 2009 products released...

[HAN]

Well, it's a slow Saturday night... So I downloaded Norton Internet Security 2009 and loaded it up on my XP Pro SP3 laptop.

Pros:

It loaded blazingly fast. Symantec says a minute and while I didn't time it, it seemed like less than a minute. Amazing for a product that's an AV and a firewall. And it did not require a reboot to run.

Updates and the way it updates are much different than the old Norton programs. LiveUpdate is now part of the program. Definition updates seem to trickle out from Symantec every 5 minutes or so. It may not be that often but it sure seems like it. (After initial testing, I turned off auto LiveUpdate. I need to pick and choose my update times at home (I'm on very slow dialup and need to control everything that connects... both what and when.)) But even manually updating proves that updates are coming from Symantec every few minutes. Kind of unbelievable when I've been used to only 2 or 3 a day.

CPU activity, number of processes and RAM usage are much lower than before. To help monitor NIS 2009's usage, it now includes a CPU Usage bar chart. As I type this, NIS 2009 is using 0% CPU and around 10.5 MB of RAM. Only 2 processes show up under TaskManager. Excellent results!

A full system scan took just under 17 minutes for 15 GB. Very quick!

I ran the firewall against GRC's ShieldsUp and it tested stealth for the main 1056 ports test.

I also tested NIS 2009 while running under my Limited User account. While the main interface is blocked from changes when running under a limited account (which is a good idea), NIS 2009 can still download and update virus and filter definitions. A key thing that needs to happen.

The home menu screen gives a nice overall report of current program conditions. When running from an admin account, you can drill down from here to reach the more advanced settings.

Cons:

By far the most serious... 2 freeze-ups so far. One at shut down and one at boot. Both froze on the desktop image. In both cases, I had to hold down the power button to kill the PC to be able to start over. (This is on a month old Dell laptop that ran fine before this on NOD32 and free ZoneAlarm (both completely removed before installing NIS.) Not good!

In some areas, the advanced portion of the interface menu is not the easiest to grasp. If you want to tweak something, plan on spending some time. (Although to be honest, most users probably won’t change much.) One example, if you wish to disable an item as I did (outbound email scanning), the tray icon turned red and it wasn’t the easiest thing to figure out how to make it green again. (I needed to find the “Ignore” link.)

Since I’m new to NIS 2009, there are probably tweaks I’ve missed. But by default, downloading zipped copies of the eicar.com test file did not trigger an alert. Only the fully extracted file set off an alarm. (By comparison. NOD32, Kaspersky, Trend Micro, Avast and more do this without any setup changes.) IMO, the scanning of archive downloads should be a default behavior. It seems to me that preventing a bad download to start with is much safer than catching it only at execution.

I’m probably spoiled by ZoneAlarm, but I can’t find a way to have the firewall always ask the user for permission to allow a specific program to have access to the web. It’s either Allow or Block. (This isn’t a serious issue and it’s probably this way for many firewalls. But I like the flexibility to always Allow, Deny or Ask.)

These are my first impressions. I plan to keep NIS on my laptop for a few more days to give it a more compete workout. So more later...

[fink]

Better report than I expected but, yeah, the freezups would be a showstopper so we await more on your experience.

thanks for being a guinea pig

[Broni]

Well, we really won't know anything until we have a bunch of people, who'll be using it for a while, and we have to see, if TWO main Norton's issues were really addressed:
1. If it works flawlessly with Windows, and all other applications, not causing any conflicts.
2. How good its protection is. We all know how many people were visiting malware section on this board, and tens of others, because they were using Norton, and its protection was close to null.

[MadAmosMalone]

I had no freezeups while using it during the beta program so I am hopefull the final release is also ok. I am downloading the final version today and will let you know how it goes upgrading using a current 2008 license with ~80 days left on it. I have read the forums at dslreports and so far no major issues reported there.
Amos

[General Winters]

Just bought and installed on my laptop, NIS 2009 over 2008, so far looks nice, no trouble so far.

Actually had to buy from the USA symantec store, the uk store does not list 2009 only Norton360 and 2008.

At the bottom of the page it mentions you can only buy if from America or Canada, but no problems other than having to select GreatBritain (no United Kingdom) on my credit card info ( I am in NI which is in the UK and not part of GB )

Like the interface so far, and when you ask it to stop a scan it does so at once, unlike the old 2008 where you could click stop and make a cup of time while it decided if it wanted to stop or not.

Never really had problems with the old version I must admit, but no freezes so far so good!

[HAN]

A little more info... I did some digging and there is no way to switch on archive scanning in real-time. Plus, I also did some checking to see if NIS 2009 used either a Winsock tie-in or a local proxy to scan HTTP web traffic. The answer is no, it does not.

So, based on these answers, it's clear that Symantec doesn't feel that archive scanning is important until it's either decompressed or manually scanned.

Personally, I feel it's better to scan early rather than later. But it's just my opinion...

[HAN]

Here is a reply from someone at Symantec to my post at dslreports concerning HTTP scanning and new NIS 2009...

Hello everybody,

I work at Symantec and in the past I have worked on the team that builds our HTTP or Web scanning engines. I just wanted to clear up some confusion about whether or not Norton products have Web scanning engines.

The short answer is "yes" we do. In fact there are 5 independent engines that scan HTTP content.

1) There is the Intrusion Prevention (IPS) engine that scans for all types of HTTP based exploits. The engine has many 100s of generic vulnerability signatures that dont need to change often if at all since they target the vulnerability condition which doesn't change rather than the shell-code which does. New ones are added almost weekly. The list of signatures can be found at »www.symantec.com/avcenter/attack_sigs/. Look under "H". Every signature prefixed with "HTTP_" is being scanned on HTTP traffic. Its also important to note that the IPS engine scans ALL traffic coming into or going out of your machine, not just HTTP.

2) Browser Protection - This engine is specifically targeted at obfuscated JScript/VBScript HTTP content that exploits vulnerabilities in ActiveX, DOM or even specific data-types like VML. Highly obfuscated attacks are difficult if not impossible to reliably detect by scanning network traffic or by scanning the files in the IE cache. Hence this uses a totally different approach to the problem. But the bottom line is that it is still will block content coming over HTTP before it exploits the browser.

3) Anti-Phishing Engine - Also scans HTTP content looking for phishing page characteristics.

4) Privacy Scanning engine
5) Parental Controls.

Engines 1 and 2 are targeted at blocking malware from automatically infecting your machine when you visit an infected web page. aka drive-by downloads.

NIS/NAV doesn't scan incoming HTTP traffic for a malicious PE files (portable executable file i..e exe, com etc). We dont see the value in doing that because ultimately that file will hit the disk and when it does, our real-time scanner Auto-Protect will catch it. Hence, as some users have reported, if you try to download eicar.zip from a remote site, it wont be detected until you open the zip up and extract the eicar.com. AutoProtect will detect and block it before you can execute it.

Hope this helps.

Best,

Shane.

[HAN]

Well, after a few days, some final thoughts (I removed NIS tonight to test another antivirus)...

Since I began to tinker with PCs a few years back, I have never seen anything quite like this. A program that had (IMO) some fairly serious flaws* has been totally re-written and given a new start. I have been amazed many times over the last few days. (Keep in mind that this is coming from a self proclaimed Norton hater!)

I unhesitatingly recommend Norton Internet Security 2009. I also feel comfortable in recommending Norton Antivirus 2009 (as it apparently has the basic same code (minus the firewall and it's associated filtering.)

I'm impressed enough to say that while I currently run NOD32 on my home PCs, I am heavily considering switching to Norton 2009. IMO, it's that good.

*Items that come to mind as I type this... Older versions of Norton ran slow, it slowed the performance of the PC it was installed on, it had at least 3 separately installed components, many users had persistent download problems with Live Update, and on and on.

[Shinma]

...
Cons:

By far the most serious... 2 freeze-ups so far. One at shut down ...

Sure that was a freeze and not an extremely slow shutdown?
I ask, since I encountered reeally slow shutdown with Kaspersky Internet Security 2009.
I suspect it was conflicting with UPHClean clashing with KIS...
Removed UPHClean and problem appears to have been settled.

[HAN]

Sure that was a freeze and not an extremely slow shutdown?
I ask, since I encountered reeally slow shutdown with Kaspersky Internet Security 2009.
I suspect it was conflicting with UPHClean clashing with KIS...
Removed UPHClean and problem appears to have been settled.

Yeah, it's possible. When it comes to patience, I'm not always over endowed. The 2 issues I noted were the only ones I ever had, so that by the end of my test, I no longer considered them an issue.

As for UPHClean, I've read it can have issues. Apparently it can be ran with command line shutdown parameters to bypass issues like that. But in my own case, I've never really checked into doing so.

[Shinma]

Thanks for the response.

Friend required a decent AntiVirus,
so I installed KIS into his notebook.
As a result, I had to troubleshoot.

[HAN]

It's too late to edit my post but UPHClean parameters are modified by registry entries, not the command line. (In case anyone cares... )

[usil]

It will also be interesting what av-comparatives score Norton 2009. In the tests done in may (on V15 of Norton which is Norton 2008 I believe), Norton received just 18% success in the proactive tests. The next test results will be in November.

[KLR]

Han - also had the freeze up problem - and went back to NAV2008.
I have a router and set up it's protection .... so I uninstalled Zone Alarm and installed NAV2009. Seems ok now. Running windows firewall (XP SP3).
Bye the way Windows Security Center and Norton Protection do not recognize NAV2009 yet. Need Fix. Should come soon, I hope.
Ken

[HAN]

KLR: I had one more freeze during a shutdown. After tinkering a bit with my copy of Superantispyware Pro, I turned off it's 1st Chance protection (which scans at boot and at shutdown.) Since doing that, boot ups and shutdowns are now extremely fast and I have seen no signs of freezes. My speculation is that NIS 2009 may have been interacting a bit with 1st Chance. IMO, disabling 1st Chance was not a critical thing...

I have read elsewhere that some have reported that NAV 2009 and ZA 7.x may not run together well. I don't know exactly what the issue is and how wide spread it may be. Since I went with NIS 2009, I never found out if NAV and ZA 6.x would have been ok (I have been running ZA free version 6.x for quite a while.)

I'm surprised that NAV 2009 doesn't show up under Security Center. It's possible that your Security Center cache may need to be cleared. (I never checked to see if NIS 2009 shows up in Security Center. I always disable Security Center on XP.)