Symantec takes on spyware

Symantec finally jumped into the antispyware fray, releasing a beta of Norton Internet Security with spyware removal, and I’ve got a preview of it. The public beta is available from Symantec’s Web site as a hefty 33MB download. The trial will run until June 1, and includes an entire suite of Norton security products. If you’re going to try it out, don’t expect a quick install and test–it’s a bear of a program. During my testing, installation took about half an hour and required a restart. On a slower machine it took about an hour, all told, and caused the machine to lock up a number of times. It caused my other security programs to flash all sorts of warnings, and its various components asked for attention via dialog boxes after the restart. I ended up shutting down all of its services except for spyware and antivirus scanning. As further advance warning, removal was also fairly painful, requiring a few restarts to get my system back to normal.

As a spyware scanner, it offers the essential features, from real-time protection to scheduling. Of course, these were already features of the antivirus product–Symantec’s main work here was coming up with a spyware definition database. It offers a few configuration options, with checkboxes letting you choose to scan for adware, spyware, dialers, remote access, and hacker tools. It doesn’t offer much information about how it differentiates between adware and spyware. You can have it do a quick scan or a full system scan. I went for the latter, and it took around 30 minutes. That’s about average compared to other spyware scanners. My first scan was on a relatively clean machine. Norton found a couple of traces from New.Net, but unfortunately didn’t tell me the exact whereabouts of these components.

I decided to test its real-time protection by installing Norton on a test machine, than hitting it with the really nasty set of components we had used in our second Spyware Obstacle Course. This testing was inconclusive. It caught 180Search first, and offered me the options of ignoring it completely, ignoring it for 30 minutes, or scanning immediately. It needed a decision on that alert before it would display any other alerts, and I chose to scan, because I didn’t want it ignoring 180Search. I let the scan run, and will report the results later, as it looks like it’s going to take a while on my poor, over-taxed test machine.