The new Norton (SEP – Extras)

I believe you all have seen my previous post about Norton 360 where I was very unhappy with the beta. In addition to testing the beta, the reason why I never included the release versions so far is because I have seen that it doesn’t make a difference between what I’ve seen with the beta. My office desktop has the Norton in it and it always gets in the way of my work. I mean all the time, whenever I need to get something done urgently, the first thing to do is to disable Norton and then get it done.

Now, why I felt like including this 2010 version of Norton Internet Security is still a mystery to me. Now let me tell you what I do on my non-working hours. I have accounts in a few social networking websites, including Facebook and Linkedin and I do occasionally enter the “technical” forums and discuss with people over there on the latest technology trends and lots of high tech stuff. Now, couple of weeks ago I ran into this guy Steve, who works in Symantec. It was a security experts forum and there was this thread on whats the best AV solution available and as usual people started praising the ones they use. I, in addition to praising BitDefender, gave the true insight on Norton which I go thru everyday and also included references to my previous blog post on it here. Then on, everybody started kicking norton like hell.

Steve contacted me and gave me an offer. He gave me a free license to the new Symantec Internet Security 2010 and what he told me is that the new SEP or Symantec Endpoint Protection is a complete rebuild of the code from scratch and doesn’t have any of the problems that it used to have(as shown in my post). What he expects in return is to try it out and say something “positive”. Well, because he did admit the “previous” mistakes of norton and that he keeps telling me that “you need to check out the latest”, I decided to give it a try. There are a few surprises considering how I know norton. Let me thank Steve for the free 1yr license at this point.

What steve promised me was a <1min installation time and very less “load” and memory footprint to the PC. Whats shown above is the installation in progress. The installation file is about 80MB and took me more than an hour to download because of my slow mobile connection(now that I moved into a new city, haven’t quite settled down yet to get the regular broadband).

Now what you see here is when the installation is about to end. The timeline of <1min surprisingly holds true here. This is surprise number one. Now to find out if its like Microsoft Security essentials where the installer is small and the real installation happens only during the first update. But since the installation file is 80MB, I was quite skeptical about that theory. But it was quite confusing though. Because, everytime I run the Live Update, I see something like 30-40MB downloaded everytime. After a week of downloading like that, the individual update sizes have reduced to a few MBs, which I beleive is quite normal considering the other AV suites that I have been using.

Now this is what the installed product looks like. It did make me laugh a bit when I saw that CPU and memory usage monitor 🙂 I see mostly less than 10% and around 20-30-40 when a full system scan is on. Memory usage will always be low percentage because of my 4GB memory setup. This is my new laptop. So, wouldn’t want to violate the warranty agreement 🙂

This is the flipside of the window and where they claim to show the system performance and theres a text button which when clicked will “optimize”. Now, I have a friend here who has a pretty neat collection of viruses in his laptop. I made him transfer it to my laptop little by little everyday to watch what happens. I have my favourite bitdefender standby on my other laptop to see if anything got undetected. I’m using a thumbdrive to do the transfer and everytime I transfer it both my laptops and both norton and bitdefender scan it. The red triangles here shows when and how many infections or risks were detected. The graph at the bottom shows the relative CPU usage percentage between norton and others. The blue shows others and yellow is norton’s usage of the CPU, which is shown as very less. The next tab to that shown memory usage too. Looks like Symantec is really desperate to show that their product is “not” taking up too much resources. Can’t blame them though 🙂

Now what I have observed over the last week is that norton does some scans everyday and present me with this window. This is also the same dialog that appears when a threat is detected in real-time. In the internet context, I found that its not allowing access to malware-infested sites. I tried running an orkut malscript thru the browser and it immediately blocked the script from executing and redirected me to my homepage, kinda makes me wonder what if my homepage itself contains malicious scripts… will try that and give you the update later :).

So far its been the good side of Norton. Its true that its much faster and I don’t feel a difference in performance when compared to my personal choices like Bitdefender and Kaspersky.

Now here comes the problems :

Problem 1:

Notice the system tray. You can see that there are two instances of norton running. This happens pretty rarely and so far has happened twice in two weeks. Its IMPOSSIBLE to close just one. An improper reboot(just pull the plug) solves this problem.

Problem 2:

Before pulling the plug for problem 1, I tried killing the process and this is what I get, even though I’m the Administrator. I have the windows user account control turned off. So, seeing this could only mean that Norton has taken over my system. From a security point of view, this is good if the PC is being used by “normal” people who mostly don’t know what they are doing. But from a sysadmin perspective, you need to have a window thru which a trained person should have full access to the PC for maintenance purposes. Seems norton has closed all windows leading to it here.

Problem 3:

This happens too often. This happened to me when I scanned my thumbdrive. You see, norton detected threats, I removed the thumbdrive from my laptop and asked norton to forget about it. Instead of doing what I asked, it kept looking for my thumbdrive and because it didn’t display(I doubt the code on this one) the filenotfound exception, it went to the hang state. Problem 2, doesn’t allow me to kill this either. Again, I had to pull the plug. 

Problem 4:

This is very similar to problem 3, but happens when I custom scan my harddrive and ask to cancel the fixing of threats. Don’t ask me why I wanted to cancel. I just tried 🙂

Then again the hanged process is not killable. To be frank its a pretty bad idea to have “pulling the plug” as the only option here.

Conclusion:

Symantec had come a long way to improving their products. Its just that they need to improve a bit more to be considered as one of the best. Once again, thanks to Steve for providing me the product to try it out. I hope the problems I mentioned above will be fixed.