Norton AntiVirus 2010 (1 User review: Norton AntiVirus 2010 (1 User

Dramatic improvements to Norton over the past two years indicate that Symantec has been listening to the needs and complaints of consumers. Strong and surprising changes to Norton's effects on system performance introduced last year are maintained in this new version, and a new behavioral detection engine called Quorum shows that Symantec can juggle both performance and protection.

8.1

Norton AntiVirus 2010 (1 User

The Good

Norton AntiVirus 2010 treads lightly on your CPU, while bolstering last year's reputation-based detection engine with a new behavioral detection system.

The Bad

Despite dramatic performance improvements in the past two years, Norton still doesn't leave the smallest footprint on your CPU, and new efficacy results show that while it continues to be in the top five at detecting malicious software, it still doesn't have the highest rate of detection.

The Bottom Line

Norton AntiVirus 2010 builds on the immense progress made in last year's version, maintaining a low system profile while strengthening its security framework. It's not perfect, but even Symantec's detractors should check it out.

Quorum incorporates behavioral detection with a program reputation engine called Norton Insight, introduced in the 2009 version. The purpose of both, says Symantec, is to respond faster to mutating threats, while also watching for hibernating infections that pose a potential but not immediate threat. In this version, Insight has been subdivided to address four main areas of concern: Download Insight for in-progress program downloads, System Insight for diagnosing system slowdowns, File Insight for file analysis, and Threat Insight for digging deeper into threat origins.

Full efficacy analysis isn't yet available for Norton AntiVirus 2010, but last year's version scored better-than-average results, and what is available for the new release indicates that it should score similarly.

Installation
Former users of Norton should try installing this latest version, if only for reassurance that this former sluggish beast now offers a smooth and fast procedure. Once you run the installer, the program is ready to run in around a minute--impressively fast, considering past performance. During the installation is also the first time you will interact with Quorum, the new behavior-based detection engine. You'll be asked to participate in sending anonymous data to Symantec's cloud. Opting out, Symantec says, will not affect your security.

Running the trial of Norton also requires free registration at the Symantec Web site; you can't download the installer without it. Uninstallation left about 10 Registry entries behind, but no other traces were detectable. Overall, the installation experience was fast and hassle-free, with a minimum of configuration options--but the ones that did come up appeared necessary.

Interface and features
Robust and well-designed, Norton Internet Security 2010 gives you a deep but uncluttered toolbox from which to keep your computer safe, maintain a high level of security, and access system management features. Norton's Quorum is the big new feature this year; combined with the expanded Norton Insight, Symantec is looking to improve security while riding on the news of its overhauled performance.

Like its competitors, such as Kaspersky and Trend Micro that also offer cloud-based, crowd-sourced behavioral detection engines, Norton gives you the option of opting out of submitting your information during installation. Unlike most of them, Norton exposes that information with more detail.

From the main window of NIS, click the Details link next to the Insight Protection option. A window will open that shows how many files have been detected throughout the network, with a column graph split into "known good files" in green, "known bad files" in red, and a middle gray area for files that are still being evaluated. Over time, that gray area should shrink as more files are recognized as being safe or not. It also reveals how many total files have been judged, how many trusted files reside on your computer, and how many times Norton has queried Insight and Quorum to evaluate one of your files. This is a good start, although we'd like a quick jump from here to the Norton Insight window that exposes which files those are.

Norton starts with a dark-themed window, accentuated by yellow and white font. On the left is a persistent performance meter, measuring the percentage of CPU that's being used, and what percentage of that Norton is taking up. As a response to the performance problems it used to have, this is a bit much, but better to err on the side of exposing more data. Below that is a button that flips the screen to expose more detailed performance data, but users also get exposed to an unnecessary animation of the window "flipping."

The performance window defaults to showing two charts; this is the System Insight feature, and makes Norton's system optimizing features some of the strongest and most detailed we've seen. The chart on the bottom shows your current overall CPU usage and Norton's CPU usage going back 90 minutes. You can change this to as far back as the past month, or as recently as the past 10 minutes. You can also change the chart to show memory only.

The second chart, at the top, shows important system incidents over the past month. Marked with their own icon for clarity are installations, downloads, optimization occurrences, and threat detections. Mouse over one to reveal more information; you can also force an optimization to run from a link at the top of this chart.

Below the performance link is a link to Application Ratings. This takes you to the Norton Insight window that exposes how your installed programs have been rated, their average resource usage, and their executable file name. The window defaults to all running processes, but you can filter it through a drop-down menu to all files, start-up items, high performance programs, user-trusted files, and untrusted files.

Users can also set here what kind of trust level they want using the same pill-shaped slider that's present throughout the program. The default standard trust exempts Norton Trusted files from scans, a full scan checks everything regardless of trust, and high trust excludes Norton Trusted files and your local files rated as "good." At the bottom of the application ratings window, nestled nearly out of sight, is a link to check a specific file. This opens a file browser in your system directory, from which you can choose a file to check. The process took fewer than 5 seconds.

A somewhat hard-to-see link at the top left of the performance window opens up a Web page that explains in more detail how to use System Insight. For some reason, useful links are occasionally placed in hard-to-see corners; nearly all the links in the interface are text-based and in the nondescript Arial font, which also makes them harder to see. We're not suggesting using Wingdings here, but perhaps a better way to show how to access these features should be found. Notably, the shade of yellow chosen shouldn't impede those with color-blindness from using the interface.

The center and right of the main window are taken up by Norton's core protection features: computer scanning and network defenses. To the right of each are quick toggles for key subfeatures, and to the right of each of those is an "i" icon that reveals more detailed information when you mouse over it. Next to the network defenses, for example, you can toggle the firewall, intrusion prevention, and e-mail protection.

When you deactivate a feature by clicking on the green slider, it will change to red and a pop-up box will appear that lets you determine the length of time that the feature is turned off. You can choose from 15 minutes, 1 hour, 5 hours, until system restart, or permanently. Being able to deactivate security components at will but not without a time limit struck us as incredibly useful: not only was it made accessible from the main window, but the pop-up will prevent you from forgetting to turn it back on and from keeping an accidental click from disabling your defenses.

When you click the Scan Now button, three scan options will appear in a new window: quick scan, full system scan, and a custom scan. You can access the scheduler from the custom scan, but Norton defaults to running a scan when your computer is idle.

You can also get to your scan history and quarantine from links on the main window, although the font choice and size make it a bit hard to read. The history window opens independently of the main window, and offers a deep level of information. The default setting is to show your recent history only, but you can change that through the drop-down menu to show your full history, scan results, resolved and unresolved security risks, the quarantine, firewall and download activities, Web sites reported to Symantec, and more. Each citation in the log can be clicked to reveal more information, the data can be exported, and you can even import an older security log.

Under the computer heading in the main window is also where you can force a virus definition file update.

The next heading down, Network, is where you would access firewall management from. Click the settings link to open the settings window, where you can configure the firewall along with e-mail protections and intrusion prevention that protects your system against holes in other programs, such as Adobe Flash. A network security map available in the main window reveals the state of protection for other computers in your network.

Norton AntiVirus lacks certain key features than its heftier sibling provides. The more expensive Norton Internet Security offers enterprise-grade antispam defenses incorporated from Brightmail, parental controls, expanded network protection, identity theft prevention tools, Web site evaluation, and search result ratings, all of which Norton AntiVirus lacks.

Performance
Along with the fast installation, you can expect commensurate improvements in Norton's scan times. Most of the major progress was made last year, but Symantec claims that last year's scan speeds are comparable with this year's. Our hands-on test of the Quick Scan found that it completed in 1 minute and 3 seconds for its first run, and 16 seconds for its second run. Like some of its competitors, Norton won't rescan files that it detects haven't changed during a Quick Scan. The Full Scan took 2 hours and 5 minutes, which is much longer than competitors' Full Scans did.

CNET Labs' benchmarks largely support the empirical data, although Norton Internet Security 2010 generally benchmarked faster than NAV, its lighter sibling. Boot-time was 6 seconds slower than an unprotected PC, and more than 5 seconds slower than NIS. Shutting down was nearly as fast as NIS, slower but only by 0.43 second. Norton AntiVirus notched a Quick Scan slower than Norton Internet Security by 1 minute and 16 seconds, as well as a slower MS Office test, and a slower Cinebench test. NAV was marginally faster for the iTunes decoding test, and was 13 seconds faster than NIS during the media multitasking test.

We were a bit surprised to find that Norton AntiVirus, with fewer features, was generally slower than Norton Internet Security. On three tests--start-up time, Quick Scan time, and the MS Office test--NIS was markedly faster than NAV.

Full virus and malicious software efficacy scores for Norton's 2010 products were not available at the time of writing, and will be updated here as they are announced. However, last year's Norton 2009 scored average or better in all areas of detection according to virus and malware detection results at AV-Test.org and AV-Comparatives.org. AV-Test noted that it detected more than 98.7 percent of malware on demand, and 95.4 percent of spyware on demand, with no false positives.

AV-Comparitives.org awarded Norton 2009 an "Advanced" rating in the retrospective/proactive test from May 2009, while this year's Norton 2010 earned an "Advanced+" rating in August 2009's on-demand comparative test, noting a 98.4 percent detection rate slightly behind McAfee, Avira, and G Data, but with fewer false positives than those that achieved a higher detection rate. Norton 2009 actually scored slightly better: a 98.7 percent detection rate on the same test. However, Norton's overall rating of Advanced+ and placement in the detection rankings did not change. The upshot of these independent test results is that Norton 2010 remains an incredibly effective tool for detecting viruses and malware, but on pure detection benchmarks it's not the best.

Support
Links at the top of the window, above all the other features, make leaving feedback, accessing your Norton account online, or checking out the help menu easy to see and do. However, the Help menu could be laid out better. It's not clear that clicking the "Help" link will open up on the localized help, or that hitting "get support" will launch the one-click support option. While "Tutorials" is self-explanatory, there's no easy way to get to the Norton knowledge base or to the Norton forums. Telephone support is free, but it remains easier to discover on the Symantec Web site than through the Norton program itself.

Conclusion
User support could do with an overhaul focused on accessibility, and until independent testers develop a method for evaluating behavioral detection engines, it's hard to determine how much safer Quorum truly makes you. Nevertheless, Norton AntiVirus 2010 is worth checking out for its emphasis on speed and its small performance footprint, and the transparent exposure of performance and detection data are impressive for what's otherwise a basic model. If you've got basic security needs to fill and you don't trust the free antivirus solutions that are available, Norton AntiVirus 2010 is a worthwhile program.