Symantec's latest version of its all-inclusive protection software, Norton Intenet Security 2007, offers top-flight protection without getting in your face.
With the 2007 release, Symantec's Norton Internet Security takes a clear new direction. The suite does its level best to stay out of your faceinstead of asking confusing questions it makes its own decisions. And the design strives to limit the utility's impact on system performance (a common complaint in earlier versions)to the point of omitting some modules in its default configuration. Your subscription gets you all updates for a year and lets you install on three computers.
The new main window is much easier to navigate, unlike the confusing layout in NIS 2006. Select the Norton Protection Center tab (one of two), and you'll see program status&$151;the expected green, yellow (well, orange) or red icon that shows the system is secure, iffy, or at risk. If it's not green you just click the big FIX NOW button. The Norton Internet Security tab lets you turn features on and off or dig into detailed configuration options. The out-of-box configuration is mostly fine, so you won't be changing much.next: Fuss-free Firewall >
Common wisdom holds that when you install a new firewall you're going to experience a flood of gibberish-riddled messages asking whether to allow this process or that to access the Internet, act as a server, and so on. The better modern firewalls automatically allow or deny access to thousands of known programs, but updates to those programs can throw them off. Even smart ones like ZoneAlarm Internet Security ask questions that most users can't understand, much less answer. NIS takes the approach that the firewall is more qualified to evaluate programs than the user. It automatically allows access to known good programs and blocks known bad ones. Unknowns get put under the microscopethose that show bad behavior, NIS blocks; all others it allows. And you don't see a single confirmation popup.
Does it work? It let a half-dozen PC Magazine utilities connect to the Internet, no questions asked. It even allowed several little programs that I wrote specifically for testing, so they certainly aren't on anyone's whitelist. When I tested it with live malware, though, none could "phone home". I really like this approach; it's the wave of the future.
Naturally, malware has techniques for getting around program control, usually by taking advantage of approved programs. High-end firewalls typically include a second tier of program control to block these. NIS works differently&$151;its behavior blocking automatically catches this type of malicious activity. On the flip side, I couldn't challenge the suite using standard leak test programsthey do exercise a specific technique used by malware, but they don't actually show malicious behavior. I had to use actual malware that tries to sneak around ordinary program control. I came up with a half-dozen examples and tried to launch them with the AutoProtect feature turned off (so the antivirus wouldn't catch them). In every case, the firewall kept the malware from accessing the Internet, briefly displaying an information-only popup announcing it had done so. Impressive.
Not surprisingly, the firewall successfully stealthed all ports. I even tried launching a couple of exploits against it from another computer within the network; the Intrusion Protection system brushed them aside. And when I tried attacking the firewall directly, it proved invulnerable. I couldn't disable it with Registry changes, Task Manager failed to kill its essential processes, and I couldn't even fool it by sending simulated mouse clicks. I had no trouble shutting down a gaggle of Windows services associated with NIS, but this had no effect on the firewall, since it works down at the kernel driver level. Like many firewalls, it automatically adjusts configuration for different networks. To avoid any possible mix-up it identifies networks by the physical address of the gateway rather than by IP address. It can even distinguish between wireless networks that have the same IP address and SSID name.next: Tough on Viruses and Spyware >
Tough on Viruses and Spyware
NIS offers fully integrated antivirus and antispyware protection. It scans files on demand, on access, and on schedule; if necessary it can eliminate entrenched files during Windows startup. By default, it also scans removable media on insertion and the A: drive at shutdown to foil boot-sector viruses. It strips viruses from e-mail coming in through POP3 or going out through SMTP, and has additional outbound checking for worm activity. You can also have it check files as they arrive through popular IM clients. This release hasn't been out long enough for independent lab testing of the 2007 antivirus, but the company's antivirus technology gets full honorsthe VB100% award from Virus Bulletin, certification for virus detection and removal from ICSA Labs and West Coast Labs, and additional certification for Trojan detection from WCL.
Testing the product's ability to remove spyware from infested systems proved interestingin a good way. The pre-installation scan killed off a fair number of threats, and others were removed by the real-time AutoProtect scanner even before the installation and LiveUpdate finished. In a couple of cases the full scan reported no threats at all because other program elements already cleaned up. Serious threats like viruses and Trojans get quarantined or deleted automatically. The scan reports medium and low risk items separately and lets you choose their fate. For low-risk items like Adware it defaults to Ignore, but in every case I changed that to Fix.
Overall it did a fantastic job. Out of 16 sample spyware threats it detected all but one. It couldn't completely remove two, but it cleared out the other 13. I also tested against eight commercial keyloggers, and it removed every onea first in my testing. One of my samples actively tries to prevent installation of security software. Some products, like OneCare and the CA suite, were totally foiled. Others, like Spy Sweeper and earlier versions of Spyware Doctor, had to install in Safe Mode. NIS was completely unfazed; it installed with no trouble. A couple of the other threats interacted badly with some protection products, putting the system in a blue-screen death spiralthis happened to the Trend suite, Panda Antivirus, and McAfee Total Protection. Again NIS sailed grandly past the reefs that sunk its competition.
NIS was almost as effective at blocking malware installation on a clean system, but only after I changed its configuration to ask me what to do with low risk itemsby default it ignores them. In many cases it deleted the malware installer the moment it appeared. It snuffed a number of others during the installation process. Of 16 spyware installations, it detected 14 and was able to prevent installation for all but 2. It also detected all 8 commercial keyloggers, though one managed to install. This performance ranks with that of Spy Sweeper and Spyware Doctor, our Editors Choice products for standalone antispyware.next: Fresh Phish and Stale Settings >
Fresh Phish and Stale Settings
NIS evaluates each site you visit to see if it's a known fraudulent site; if not, it analyzes the site's underlying code looking for anything sneaky. You'll also find this feature in Norton Confidential. While other products, like Microsoft's IE7 beta, rely mostly on their list of known bad sites, NIS puts more trust in its analytical abilityand it's impressively effective. I collected links to two dozen very fresh phishing sites from actual e-mail and from sites that track phishing. NIS recognized all but two as fraudulent, and in every case it used analysis rather than the blacklist. I challenged IE7 and McAfee Total Protection with the same group of sites; IE7 blocked 17 and McAfee 16. The Norton Confidential beta would blow up the browser to full-screen on finding a suspicious page; NIS fortunately doesn't include this annoying behavior. So far Symantec's anti-phishing technology is the category leader.
The Security Inspector lives in the NIS tab's Tasks & Scans area, looks at a number of system components that might host vulnerabilities, then reports its findings. For example, it identifies user accounts with weak passwords, non-secure IE settings, and problems in the HOSTS file. If possible, it will fix problems. When your action is required (for example, to choose stronger passwords) you'll find help available. More technical users can enable scanning for problems with sharing, permissions, and Windows services. The feature is nice; too bad it's almost hidden!next: And the Rest
And the Rest
Not everybody needs spam filtering; many of us get our mail filtered at the server level. And not everybody wants parental control,. Symantec decided to reduce the suite's footprint by leaving these and a couple other modules out by default. Users who want the extra features can download them as an Add-on Pack and choose whether to include parental control, during installation. Add-ons show up on a third tab in the main window. Besides dumping these modules from the main suite, Symantec cut out features that impacted performancein several cases seriously reducing the add-on module's capabilities.
Norton's antispam module filters incoming POP3 e-mail and integrates with Outlook and Outlook Express; those using other e-mail clients will have to create a message rule to file spam. The filter identifies junk mail based on message content, and its AutoBlock feature blocks messages that contain suspicious elements like scripts, invisible text, and HTML forms. Gone in this version is the Language Filterthe company says it's less useful with current worldwide spam, and it caused some false positives.
The antispam can adjust its filtering based on the content of messages you send; I didn't test this, though. The module automatically whitelists correspondents in your address book as well asanyone you e-mail. I tested it on 1,500 real-world messages without using the whitelist feature and analyzed the results, discarding any message that weren't undeniably spam or undeniably valid. What a letdown! It let over half the spam into the InboxOutlook alone can do better than thatand it put five percent of the valid mail into the Spam folder. The misidentified valid mail, though, was all from members of my family and would have been whitelisted. But other suites do much better without the benefit of whitelisting. When I last tested, ZoneAlarm blocked no valid mail and let under two percent of spam into the Inbox. More recently Trend Micro's suite blocked only one percent of valid mail and let ten percent of spam into the Inbox.
Another performance tuning casualtyper-user settings for parental control and privacy control. Previously you could omit restrictions for your own account, grant your teenager access to sex education sites, and restrict your toddler to a list of approved sitesno more. One configuration applies to all users, and there isn't even a way to temporarily override it. Also missingthe ability to block entire categories of Internet-aware programs like instant messengers or online games. On the plus side, NIS 2007 acts directly on the HTTP data and thus works with any browserI couldn't get around its protection. But if you actually need parental control, you'll want a purpose-built product like Safe Eyes.
Privacy Control lets you record specific private data and prevent its dissemination via web forms, e-mail, or IM. You can specify exceptions, for example to allow your bank password at your bank's site but nowhere else. Previously you could choose (on a per-user basis) whether to block sending the data or merely ask for confirmation. So, for example, you could keep your kids from sharing the home phone and address over IM without tying your own hands. Not any more; all users can choose to allow or block outgoing private data. Also, NIS displays the secret data to anyone who has the supervisor password. I prefer the style of ZoneAlarm and Trend Micro, which hide the protected data once it has been entered.
NIS 2007 gives you best-in-class firewall, antivirus, and antispyware protection, and those are the most important elements of a security suite. It may let too much spam into the inbox, and its privacy and parental control features are limited, but those features just aren't as important. I prefer that combination of strengths and weaknesses to those of ZoneAlarm, which has fantastic spam filtering but relatively poor spyware protection. These factors plus the silent wisdom of the firewall's program control make NIS 2007 the new PC Magazine Editor's Choice for security suite.