Norton Internet Security 2009 beta
- 31 July, 2008 16:20
Security software customers are speaking with their feet: they want security updates and other security interruptions out of their faces, and they won't hesitate to dump their security suites because of performance drag - whether or not it's actually the security software that's to blame.
That's why Symantec is working on the next iteration of Norton Internet Security, NIS 2009, with the mantra of what it's calling Zero Impact Performance: "Security so light and fast you never even know it's there - until you need it."
We're talking about more than 300 major overhauls that the company asserts will affect almost every aspect of the security suite, from scanning engines to user interface. Symantec says that NIS 2009, released to public beta on July 14 and due to ship in the Autumn (September 16 is our current best guess), will include the industry's fastest protection updates, half the memory usage of its next-most-memory-stingy competitor (BitDefender Internet Security 2008) and a blink-of-an-eye install time of one minute.
Interestingly, Symantec says that underpowered systems with pre-existing performance problems are the root cause of the majority of complaints it receives in its support centre every month. A Symantec representative stated that of some 1 million people who contact Norton technical support monthly, 40 percent are running PCs with 512MB or less of RAM and 75 percent memory utilisation, and another 31 percent are running with 1GB of RAM and 57 percent memory utilisation.
So in order to test Symantec's Zero Impact Performance promise, the system we chose to run the beta on was a sputtering lemon - an older, underpowered Windows XP machine with performance problems.
The results? After having suffered far too long under the tyranny of Norton Internet Security 2008's constant intrusions and the near-comatose reaction time of an outdated system, we found that the beta actually delivered the goods.
Ready, set, go
We installed the NIS 2009 beta and found the security suite already clocking in at impressive speeds. The install time has vastly improved over that of Norton Internet Security 2008, which takes 30 minutes to install. It took between three to four minutes, which doesn't quite hit Symantec's claimed one-minute install, but we're not going to quibble over two or three minutes with such a quantum leap in install speed.
The process itself was painless except for a script-loading error, which didn't interfere with the beta install. The initial, full-system scan took 2 hours, 9 minutes, picking up only two tracking cookies out of 195,176 items scanned.
NIS 2009's user interface has been overhauled into a sharp, high-contrast and semitransparent screen stripped down to the bare essentials of what most users want to see: computer stats, network stats and a way to quickly access all of the user's log-in data (featuring a link to a new Identity Safe technology that will lift the hassle of passwords and log-ins off of users' shoulders).
Getting performance up to speed
Regardless of whether NIS deserves it, customers are in fact blaming security suites for sluggish performance. In fact, Symantec has been citing an August 2007 NPD Group market study of customers who switched security suites. It found that of those who switched, 39 percent blamed performance, 28 percent blamed functionality, and only 23 percent pointed to price.
In fact, in NIS 2009, Symantec is covering its backside when it comes to getting blamed for performance drag. Instead of just assuming that your security suite is causing performance degradation, you should be able to check NIS 2009's version of the Task Manager's CPU Meter, which should spell out whether Norton or other system components are to blame.
We say "should" because we couldn't find this feature, even though other reviewers have cited it as being on the main home screen. Ultimately, a support technician told me that the CPU usage meter is found only in the NIS 2009 .61 build but is missing from the later .69 build that we tested. When the final product ships, you should be able to find the meter under Settings, Auto Protect, Configure, Miscellaneous.
So we couldn't drill down into CPU Meter, but we're looking forward to seeing it in the final product. We question why Symantec is so thoroughly hiding it away from easy access, however. After all, if security companies are tired of being blamed for poor CPU performance, shouldn't a don't-blame-me feature be front and centre?
One particularly big performance boost in NIS 2009 comes from what Symantec claims is an industry first: Norton Insight, a technology that identifies trusted files that don't require a scan, thus drastically whittling down the number of files that require scanning in the first place.
Leveraging data from millions of Norton Community members, Norton Insight lets Norton security products avoid scanning files that are found on most computers and statistically determined to be trusted. Symantec estimates that more than 65 percent of files will never need to be scanned, but we lucked out: the Norton Process Trust page graphically rendered the pleasing fact that 77 percent of the files on our test system are trusted, leaving a mere 23 percent that required scanning. NIS 2009 also promises to avoid redundant multiple scans, such as those that occur before, during and after a file is copied.
Symantec has also introduced features such as silent mode, which automatically suspends alerts and updates to avoid interrupting or slowing down games, movies or other presentations.
All in all, performance has improved drastically. After a week of running the beta, we're no longer interrupted by updates and scans, some of which managed to crash our poky test system under Norton Internet Security 2008. Instead, after we return from leaving the system idle for any appreciable time, we find a message telling us that updates are being done — updates that stop until we wander off again.
Analysing and fixing risks
All that said, Norton's fix-it functionality hasn't changed much from the same easy-to-intuit interface Symantec offered in Norton Internet Security 2008. The security suite provides details about detected risks and then suggests the appropriate action, which is initiated with a single click. Drilling down into the risk details pinpointed just where we picked up the two tracking cookies it found.
Security-wise, NIS 2009 serves up the whole enchilada: browser protection against web-based attacks, Symantec Online Network for Advanced Response protection (behaviour-based malware detection that tracks applications to identify new threats in what Symantec says is real time), and intrusion-prevention system capabilities, as well as anti-rootkit, antivirus, antispyware and anti-bot technologies.
The Risk Impact window gives a concise summary of a risk's potential effect on system performance and privacy, how involved the risk removal will be, and its level of stealth, which refers to the number of tactics a given risk uses in order to conceal itself. In this instance, the cookies weren't exhibiting any sneaky hiding behaviours; hence, a low stealth level was given.
It's not new — it debuted in Norton Internet Security 2008 — but one thing that's still fun to play with is the suite's Security History. Here, you can access, for example, a firewall activity history that time-stamps the specific applications that have attempted outbound connections and identifies which ports they use, remote IP addresses, bytes sent and received, elapsed time, and which protocols they use, such as TCP or UDP.
Other log views include Firewall Network and Connections, Intrusion Prevention, Resolved Security Risks and Scan Results. These logs are exportable. It's hard to imagine what a typical home user would do with a collection of such reports, but it's nice that a consumer security suite has the added bells and whistles to satisfy the uber-security-conscious.
Searching for the CPU Meter prompted me to try NIS 2009's One-Click Support, a free support service that connected me almost instantly to live chat with a service technician. Before we could chat, however, we needed a Flash update, which was automatically fetched and downloaded without sending us off to a separate site to get it - a smart play when you're talking about supporting an ever-more-unsophisticated user group.
Symantec offers one-click, in-product support for its software, featuring free email and chat support besides its paid phone support. These support channels are open as needed to customers both during installation and beyond.
Home network help
Another notable feature new to NIS 2009 is the Home Network view, which gives users a network device map from which those devices can also be managed. Of particular note is a view of security danger zones, including wireless networks - setups that are notorious for being insecure both in home and business settings.
A remote-monitoring feature allows the user to keep tabs on whether other Norton-protected computers on the network are at risk, while a network map presents a visual picture of a network and all connected devices - a feature that allows users to detect when an unidentified and potentially unauthorised device has connected to the network.
The final menu item for Norton's Home Network view is Trust Controls, a feature that allows users to view or change default trust settings for the entire network or for individual network-connected devices.
Also new in NIS 2009 is Identity Safe, technology that allows for storage of personal information that is typically entered in buying, banking, browsing and online gaming. Identity Safe allows users to enter their personal information for a given site once; after that, they can kick back and let the feature fill in the necessary log-in information the next time they visit a particular site.
True, many Web browsers have similar functionality. Symantec doesn't mince words: the Identity Safe function offers to import your personal identity information from IE (but not from Firefox) and says that NIS 2009 will do a better job at keeping it safe, period. NIS 2009 works with Firefox, of course, but a Symantec representative says that the new ability of Identity Safe to import information is only for IE.
Norton's updated toolbar grades sites for phishing attempts with a colour-coded check in the upper lefthand corner of the toolbar. We filtered through a Yahoo Mail spam folder to get a good, broad selection of unsavoury tidbits and decided to visit a "US based online p/h/a/r/m store" where we expected to be able to "buy any m.e.d.i.c.a.t.i.o.ns you need!"
After clicking on the link provided, Norton didn't report any phishing attempts. Naturally, we didn't follow through with inputting an email address and a query.
Instead, we turned to the Norton Public Beta Forum, where posters were reporting that NIS 2009 AntiPhishing is providing multiple false positives. More critically, NIS 2009 AntiPhishing is also missing phishing identifications that would seem to be easy catches, including URLs that are publicly identified as phishing sites according to PhishTank, a free site run by DNS service provider OpenDNS.
Symantec is obviously still fine-tuning the product and promises that whatever's causing the false positives and missed identifications will be ironed out in the final cut. In the meantime, Symantec asks that users send along the URLs for false positives or for phishing sites that slip under the radar.
Beyond phishing, if beta users suspect they've been infected with something seriously fishy-looking that NIS 2009 didn't detect, Symantec suggests running LiveUpdate to install the latest virus definitions and running a full system scan to remove detected malicious files. Symantec has further instructions here for troubleshooting suspected malware infections with the NIS 2009 beta.