Norton 2014: Still a good decision

There are many good Windows security suites on the market. The 2014 editions of Norton Antivirus, Norton Internet Security and Norton 360 are among them.
Written by Larry Seltzer, Contributor

If you're not running an up-to-date security suite on Windows, it's time to stop kidding yourself. Everyone needs to be running one or they greatly increase their chances of being compromised.

If you're shopping around for one, the 2014 editions of the Norton consumer security suites from Symantec are some of the best options. Security suites don't get much more secure than the Norton 2014 products: Norton Antivirus ($49.99 for one year for one PC), Norton Internet Security ($79.99 for one year for three PCs) and Norton 360 ($89.99 for one year for three PCs or ). But they can never be too mature, because the landscape is always changing.

It's tempting for experts - or those who fancy themselves as experts - to think they don't need such a product, because they know not to go to dangerous web sites. For years, the real problem has been the legitimate web sites, which are frequently hacked through ad banners and vulnerabilities in their own servers, to serve malicious software and redirect the user to unsavory locations on the web.

Norton Internet Security adds many online protections, including parental controls and online identity protection, to the basic antimalware capabilities in Norton Antivirus. To these, Norton 360 adds PC tune-up tools and an online backup with 2GB of storage (you can buy more storage). In the era of Dropbox and other cloud services which give you a lot more than that for free, Norton 360 seems like a hard sell, but the extra features in Norton Internet Security are certainly worthwhile to most users. The company has also added a Norton 360 Multi-Device edition for $99.99 which includes Norton Internet Security for Mac and Norton Mobile Security (a security suite for Android), and which supports up to 5 total devices for one year.

According to Symantec, in the last year the threat landscape hasn't changed all that much. They say they have seen in increase in the sophistication of online scams, particularly as they spread into secondary networks like Pinterest.

The improvements in the protection features of the products (what they call the "Symantec Protection Stack") are also an increase in sophistication. The components in the stack (pictured below from a Symantec presentation) attempt to block threats as they come in from the network, as they touch the file system, based on reputation of the file hash or the location from which it came, and based on the behavior it exhibits in the system.  Symantec includes removal as a component of the protection stack and they have a wide variety of approaches to it with different strengths and potential pitfalls.

Symantec Protection Stack
Symantec keeps different forms of detection capability both on the client and in the cloud.

I won't attempt to test the actual effectiveness of the new Norton products at combating threats. Doing this properly is complicated, time-consuming and controversial. There are organizations that do this well and throw massive resources at the job, such as AV-Test, an independent test lab in Germany.

AV-Test's most recent test of the Norton products was their May/June report on Windows 7. As is almost always the case, Norton Internet Security scored very highly, although several other products did slightly better. I'm not sure the difference in protection scores is enough to direct a buying decision. Other factors are sure to be more important.

I cite the AV-Test scores on Norton Internet Security 2013 to underscore the point that Symantec's detection engines have long had an excellent reputation. If they aren't at the top of any well-designed tests, they're near the top. Symantec is claiming improvements in the protection engines  in these new versions, so perhaps it will do better this year. AV-Test also tests for usability and impact on system performance, but I'll skip them because I suspect it's even less proper to suggest those results indicate how well the new versions will work.

I also won't get into the advanced settings that all these security suites include. Users can do things like exclude files from scanning or block a particular signature, but almost nobody should ever do this.

You really shouldn't have to do a static scan; if the file got past the dynamic protections it's probably too late. But it still feels like a good idea.

Several years ago the Norton product installers were completely rewritten and they are now so fast that it's almost unsettling. I've never understood then effort they put into it, as installing is not something most users do more than once, but Symantec insisted that it is important to users. If so, they did a good job.

After installation and registration I ran a "Quick Scan" which took about 8 minutes. The Quick Scan checks only the directories and registry keys most likely to evince infection. All it found were tracking cookies, all of which it removed. A Full System Scan takes far longer; I ran one later and it found nothing new.

Norton Internet Security includes the ability, from their Norton Safe Web product (a URL reputation service), to scan a Facebook Wall. On my wall it found 99 links in the last 24 hours (even worse than I thought it would be). 63 were rated "Safe" and 36 as "Norton Secured," which means that Symantec certifies that site as having "the best security practices in place".

It also includes Norton Power Eraser, an aggressive threat removal tool which, the program warns, runs a greater risk of false positives than their standard tools. You don't have to buy it though; Norton Power Eraser is available as a free download.

One example of the bonus protections you get with Norton Internet Security as opposed to Norton Antivirus is the ability to have it check your Facebook wall.

There are also a series of tools in NIS (System Insight, Norton Tasks, Norton Insight and Startup Manager) with which to monitor running tasks, system performance and startup programs. These tools approximate the Autoruns and ProcExp (Process Explorer) tools in Microsoft's excellent and free Sysinternals tools.

Both the Norton tools and Sysinternals are excellent first responder tools for problems when a threat is not found by security tools like Norton Antivirus, but it's expert-level work when it gets to the point of using these tools.

There are several good security suites these days providing a high level of protection. Bearing in mind that I haven't compared current versions of products here, it's still safe to say that Norton products are one of many good choices you can make.

Editorial standards