Symantec has been listening to its users, and this year the company delivers a slimmed-down and faster Norton AntiVirus 2009. Almost all the security vendors have recognized the changing threat landscape and have rethought traditional protection. We especially like the Insight feature, which identifies "trusted" files and applications and doesn't waste time rescanning them unless there's been a change. No other product does this. The redesigned logic behind Norton AntiVirus 2009 clearly shows in CNET performance testing: it is faster and considerably lighter than last year's version. Norton continues to win awards in third-party effectiveness testing. Lagging behind, though, is Symantec's technical support. While Norton users now have free telephone support, Symantec still doesn't provide enough of a knowledge base, or even an adequate user's manual. Once again, this year it emphasizes its premium services a bit too much. That said, Norton AntiVirus 2009 presents a remarkable transformation of a product and is worth a second look.
On our test system, we downloaded Norton AntiVirus 2009 and installed the product within a minute. Instead of relying upon Microsoft's installer, which Symantec has blamed for much of its past product bloat, the company started over, designing its own installer. There is the added advantage that as criminals target MSI files (say to prevent you from installing a security defense product on your already compromised machine) Symantec won't be affected--for now. The new installer process works fast, borrowing streaming technology from its Norton Ghost product. On both Windows Vista and Windows XP test machines, we were up and running in one minute and without a reboot.
Should you want to uninstall, Norton includes an uninstall option. In the past, Norton left a mess. Now, after rebooting our machine, what is left behind is licensing information.
Speaking of a mess, we didn't like last year's Halloween colors on the user interface. This year's redesign is much cleaner and more sophisticated, one befitting a major security product, and the colors used on the Interface can be changed if you want. Also gone are the tabs reminding you that you can purchase other Norton products. Specific tools can be turned on and off easily without diving into the configuration settings. The configuration settings page itself is always one click below the main page. The interface also offers a pop-up dialogs to explain specific terms, although thorough explanations of the choice users have in changing the settings is still lacking.
In the lower left-hand panel are two bar graphs representing the overall Windows resources used and one for the specific resources used by the Norton product. Compared with the resources used reported within the Task Manager in Windows, we noticed a slight sync problem between what Windows reported and what Norton reported for the overall system. Symantec confirmed that while Norton AntiVirus 2009 is looking at the Windows Task Manager, it is doing so at different intervals. We like the transparency, and think the presentation here is better than the line graphs used in some other security applications. Should you want line graphs, an icon will reveal how the system and Norton CPU usage has been since the system was last rebooted.
Norton has, in the past, included some sophisticated technology from its enterprise products, which is good because it's cutting-edge, but it's also bad, because it doesn't necessarily integrate with the product, nor is it necessary. In Norton AntiVirus 2009, they seem to have found the right balance.
Whitelisting, the buzzword of security products for 2009, is included, and by marrying it with other technologies, Symantec makes it more suited for the user. Files on a whitelist are deemed trusted, and thus do not need to be scanned as often. Not all "safe files" make it onto the whitelist. For those, Norton uses a community process, called Insight, similar to that used by other security products such as. The thinking is that if thousands of other people are using this suspicious file, chances are it's not a new piece of malicious software but a new application. On the other hand, if only a few are using it, then maybe it's worth it to take another look to see if it's malicious software.
Malicious software signature updates are provided much faster, in some cases within five minutes of the last update.
Gone is the awful LiveUpdate component of past Norton products. With 2009 products, Symantec is providing antimalware definition signatures every few minutes or so. On the interface, you'll see a notice indicating how many minutes since the last update. We didn't see definitions older than four minutes in our testing.