Norton Internet Security 2009 beta ramps up

LATEST NEWS

Computerworld is New Zealand's only specialised information systems fortnightly.
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

Symantec strives to deliver simple security

By Lisa Vaas | Framingham | Monday, 4 August, 2008

Security software customers are speaking with their feet: They want security updates and other security interruptions out of their faces, and they won't hesitate to dump their security suites because of performance drag -- whether or not it's actually the security software that's to blame.

That's why Symantec is working on the next iteration of Norton Internet Security, NIS 2009, with the mantra of what it's calling Zero Impact Performance: "Security so light and fast you never even know it's there — until you need it."

We're talking about more than 300 major overhauls that the company asserts will affect almost every aspect of the security suite, from scanning engines to the user interface. Symantec says that NIS 2009, released to public beta on July 14 and due to ship in the fall, will include the industry's fastest protection updates, half the memory usage of its next-most-memory-stingy competitor (Bit Defender IS 08) and a blink-of-an-eye install time of one minute.

So, in order to test Symantec's Zero Impact Performance promise, the system I chose to run the beta on was a sputtering lemon — an older, underpowered Windows XP machine with performance problems.

The results? After having suffered far too long under the tyranny of NIS 2008's constant intrusions and the near-comatose reaction time of an outdated system, I found that the beta actually delivered the goods.

Ready, set, go
I installed the NIS 2009 beta and found the security suite already clocking in at impressive speeds. The install time has vastly improved over that of NIS 2008, which takes 30 minutes to install. It took me between three to four minutes, which doesn't quite hit Symantec's claimed one-minute install, but I'm not going to quibble over two or three minutes after such a quantum leap.

The process itself was painless except for a script-loading error, which didn't interfere with the beta install. The initial, full-system scan took 2 hours, 9 minutes, picking up only two tracking cookies out of 195,176 items scanned.

NIS 2009's user interface has been overhauled into a sharp, high-contrast and semitransparent screen stripped down to the bare essentials of what most users want to see: computer stats, network stats and a way to quickly access all of the user's log-in data (featuring a link to a new Identity Safe technology that will lift the hassle of passwords and log-ins off of users' shoulders).

Instead of just assuming that your security suite is causing performance degradation, you should be able to check NIS 2009's version of the Task Manager's CPU Meter, which should spell out whether Norton or other system components are to blame.

I say "should" because I couldn't find this feature, even though other reviewers have cited it as being on the main home screen. Ultimately, a support technician told me that the CPU usage meter is found only in the NIS 2009 .61 build but is missing from the later .69 build that I tested. When the final product ships, you should be able to find the meter under Settings --> Auto Protect --> Configure --> Miscellaneous.

One particularly big performance boost in NIS 2009 comes from Norton Insight, a technology that identifies trusted files that don't require a scan. Using data from millions of Norton Community members, Norton Insight lets Norton security products avoid scanning files that are found on most computers and statistically determined to be trusted. Symantec estimates that more than 65% of files will never need to be scanned, but I lucked in: the Norton Process Trust page graphically rendered the pleasing fact that 77% of the files on my system are trusted, leaving a mere 23% that required scanning.

Symantec has also introduced features such as silent mode, which automatically suspends alerts and updates to avoid interrupting or slowing down games, movies or other presentations.

All in all, performance has improved drastically. After a week of running the beta, I'm no longer interrupted by updates and scans, some of which managed to crash my pokey system under NIS 2008. What I'm seeing instead is that after I return from leaving the system idle for any appreciable time, I find a message telling me that updates are being done — updates that stop until I wander off again.

Analysing and fixing risks
All that said, Norton's fix-it functionality hasn't changed much from the same easy-to-intuit interface Symantec offered in NIS 2008. The security suite provides details about detected risks and then suggests appropriate action, which is initiated with a single click. Drilling down into the risk details pinpointed just where I picked up the two tracking cookies it found.

Security-wise, NIS 2009 serves up the whole enchilada: browser protection against web-based attacks, Symantec Online Network for Advanced Response protection (behaviour-based malware detection that tracks applications to identify new threats in what Symantec says is real time), and intrusion-prevention system capabilities, as well as anti-rootkit, antivirus, antispyware and anti-bot technologies.

The Risk Impact window gives a concise summary of a risk's potential effect on system performance and privacy, how involved the risk removal will be, and its level of stealth, which refers to the number of tactics a given risk uses in order to conceal itself. In this instance, the cookies weren't exhibiting any sneaky hiding behaviours; hence, a low stealth level was given.

It's not new — it debuted in NIS 2008 — but one thing that's still fun to play with is the suite's Security History. Here, you can access, for example, a firewall activity history that time-stamps the specific applications that have attempted outbound connections and identifies which ports they use, remote IP addresses, bytes sent and received, elapsed time, and which protocols they use, such as TCP or UDP.

Other log views include Firewall Network and Connections, Intrusion Prevention, Resolved Security Risks and Scan Results. These logs are exportable. It's hard to imagine what a typical home user would do with a collection of such reports, but it's nice that a consumer security suite has the added bells and whistles to satisfy the uber -security-conscious.

Also new in NIS 2009 is Identity Safe, technology that allows the storage of personal information that is typically entered in buying, banking, browsing and online gaming. Identity Safe allows users to enter their personal information for a given site once; after that, they can kick back and let the feature fill in the necessary log-in information the next time they visit a particular site.

Norton's updated toolbar grades sites for phishing attempts with a colour-coded check in the upper left-hand corner of the toolbar. I filtered through my Yahoo Mail spam folder to get a good, broad selection of unsavoury tidbits and decided to visit a "US based online p/h/a/r/m store" where I expected to be able to "buy any m.e.d.i.c.a.t.i.o.ns you need!"

After clicking on the link provided, Norton didn't report any phishing attempts. Naturally, I didn't follow through with inputting my email address and a query.

Instead, I turned to the Norton Public Beta Forum<, where posters were reporting that NIS 2009 AntiPhishing is providing multiple false positives. More critically, NIS 2009 AntiPhishing is also missing phishing identifications that would seem to be easy catches, including URLs that are publicly identified as phishing sites according to PhishTank, a free site run by DNS service provider OpenDNS.

Symantec is obviously still fine-tuning the product and promises that whatever's causing the false positives and missed identifications will be ironed out in the final cut.

Conclusions
The beta of NIS 2009 shows that Symantec is on track to vastly improve performance in Norton. The UI is clear and uncluttered, putting front and center only the elements most users need to see, while allowing for easy drill-down for those who want more.

Having said that, I'd like the CPU usage meter to be easier to access. It would match the product's one-click ease of use in other areas. Still, with so much performance enhancement, such quibbles get left in the dust of this speedy, smooth new suite.

Lisa Vaas is a freelance technology writer and can be reached at lisavaas@lisavaas.com.