Dramatic improvements to Norton over the past two years indicate that Symantec has been listening to the needs and complaints of consumers. Strong and surprising changes to Norton's effects on system performance introduced last year are maintained in this new version, and a new behavioral detection engine called Quorum shows that Symantec can juggle both performance and protection.
Quorum incorporates behavioral detection with a program reputation engine called Norton Insight, introduced in the 2009 version. The purpose of both, says Symantec, is to respond faster to mutating threats, while also watching for hibernating infections that pose a potential but not immediate threat. In this version, Insight has been subdivided to address four main areas of concern: Download Insight for in-progress program downloads, System Insight for diagnosing system slowdowns, File Insight for file analysis, and Threat Insight for digging deeper into threat origins.
Full efficacy analysis isn't yet available for Norton AntiVirus 2010, but last year's version scored better-than-average results, and what is available for the new release indicates that it should score similarly.
Former users of Norton should try installing this latest version, if only for reassurance that this former sluggish beast now offers a smooth and fast procedure. Once you run the installer, the program is ready to run in around a minute--impressively fast, considering past performance. During the installation is also the first time you will interact with Quorum, the new behavior-based detection engine. You'll be asked to participate in sending anonymous data to Symantec's cloud. Opting out, Symantec says, will not affect your security.
Running the trial of Norton also requires free registration at the Symantec Web site; you can't download the installer without it. Uninstallation left about 10 Registry entries behind, but no other traces were detectable. Overall, the installation experience was fast and hassle-free, with a minimum of configuration options--but the ones that did come up appeared necessary.
Interface and features
Robust and well-designed, Norton Internet Security 2010 gives you a deep but uncluttered toolbox from which to keep your computer safe, maintain a high level of security, and access system management features. Norton's Quorum is the big new feature this year; combined with the expanded Norton Insight, Symantec is looking to improve security while riding on the news of its overhauled performance.
Like its competitors, such as Kaspersky and Trend Micro that also offer cloud-based, crowd-sourced behavioral detection engines, Norton gives you the option of opting out of submitting your information during installation. Unlike most of them, Norton exposes that information with more detail.
From the main window of NIS, click the Details link next to the Insight Protection option. A window will open that shows how many files have been detected throughout the network, with a column graph split into "known good files" in green, "known bad files" in red, and a middle gray area for files that are still being evaluated. Over time, that gray area should shrink as more files are recognized as being safe or not. It also reveals how many total files have been judged, how many trusted files reside on your computer, and how many times Norton has queried Insight and Quorum to evaluate one of your files. This is a good start, although we'd like a quick jump from here to the Norton Insight window that exposes which files those are.
Norton starts with a dark-themed window, accentuated by yellow and white font. On the left is a persistent performance meter, measuring the percentage of CPU that's being used, and what percentage of that Norton is taking up. As a response to the performance problems it used to have, this is a bit much, but better to err on the side of exposing more data. Below that is a button that flips the screen to expose more detailed performance data, but users also get exposed to an unnecessary animation of the window "flipping."
The performance window defaults to showing two charts; this is the System Insight feature, and makes Norton's system optimizing features some of the strongest and most detailed we've seen. The chart on the bottom shows your current overall CPU usage and Norton's CPU usage going back 90 minutes. You can change this to as far back as the past month, or as recently as the past 10 minutes. You can also change the chart to show memory only.
The second chart, at the top, shows important system incidents over the past month. Marked with their own icon for clarity are installations, downloads, optimization occurrences, and threat detections. Mouse over one to reveal more information; you can also force an optimization to run from a link at the top of this chart.
Below the performance link is a link to Application Ratings. This takes you to the Norton Insight window that exposes how your installed programs have been rated, their average resource usage, and their executable file name. The window defaults to all running processes, but you can filter it through a drop-down menu to all files, start-up items, high performance programs, user-trusted files, and untrusted files.
Users can also set here what kind of trust level they want using the same pill-shaped slider that's present throughout the program. The default standard trust exempts Norton Trusted files from scans, a full scan checks everything regardless of trust, and high trust excludes Norton Trusted files and your local files rated as "good." At the bottom of the application ratings window, nestled nearly out of sight, is a link to check a specific file. This opens a file browser in your system directory, from which you can choose a file to check. The process took fewer than 5 seconds.
A somewhat hard-to-see link at the top left of the performance window opens up a Web page that explains in more detail how to use System Insight. For some reason, useful links are occasionally placed in hard-to-see corners; nearly all the links in the interface are text-based and in the nondescript Arial font, which also makes them harder to see. We're not suggesting using Wingdings here, but perhaps a better way to show how to access these features should be found. Notably, the shade of yellow chosen shouldn't impede those with color-blindness from using the interface.
The center and right of the main window are taken up by Norton's core protection features: computer scanning and network defenses. To the right of each are quick toggles for key subfeatures, and to the right of each of those is an "i" icon that reveals more detailed information when you mouse over it. Next to the network defenses, for example, you can toggle the firewall, intrusion prevention, and e-mail protection.
When you deactivate a feature by clicking on the green slider, it will change to red and a pop-up box will appear that lets you determine the length of time that the feature is turned off. You can choose from 15 minutes, 1 hour, 5 hours, until system restart, or permanently. Being able to deactivate security components at will but not without a time limit struck us as incredibly useful: not only was it made accessible from the main window, but the pop-up will prevent you from forgetting to turn it back on and from keeping an accidental click from disabling your defenses.
When you click the Scan Now button, three scan options will appear in a new window: quick scan, full system scan, and a custom scan. You can access the scheduler from the custom scan, but Norton defaults to running a scan when your computer is idle.