The main Graphical user interface of Norton Internet Security 2011 |
|
Developer(s) | Symantec Corporation |
Stable release | 2011 or 18.1.0.37 (Windows Edition), 4.0 (Mac Edition) / 31 August 2010 |
Operating system | Microsoft Windows, Mac OS, Mac OS X |
License | Proprietary |
Website |
Windows: symantec.com/norton/internet-security |
Norton Internet Security, developed by Symantec Corporation, provides malware prevention and removal during subscription period and uses signatures and heuristics to identify viruses. Other features include a software firewall, e-mail spam filtering, and phishing protection.
Symantec distributes the product as a download, a box copy, and as OEM software. Norton Internet Security held a 61% market share in the US retail security suite category in the first half of 2007. In this study, competitors, in terms of market share, included security suites from CA, Trend Micro, and Kaspersky Lab.[1]
Contents |
In August 1990 Symantec acquired Peter Norton Computing from Peter Norton.[2] Norton and his company developed various applications for DOS, including an antivirus. Symantec continued the development of the acquired technologies, now marketed under the name of "Norton", with the tagline "from Symantec". Norton's crossed-arm pose, a registered U.S. trademark, was featured on Norton product packaging.[3] However, his pose was later moved to the spine of the packaging, and later dropped altogether.
Existing users of the 2006, 2007, 2008 or 2009 versions can upgrade to the latest 2010 version without buying a new subscription. The upgraded product, in this case Norton Internet Security 2010, uses the number of days left on a user's subscription.[4]
Norton Internet Security 2000, released January 10, 2000, was Symantec's first foray beyond virus protection and content control filters.[5][6] Its release followed an alliance between Internet provider Excite@Home and antivirus vendor McAfee.com to provide Internet subscribers with McAfee's new firewall software, McAfee Personal Firewall.[7] Version 2000's firewall, based on AtGuard from WRQ, filters traffic at the packet level. It can block ActiveX controls and Java applets. Other functionalities include cookie removal, and banner ad blocking.[8][9] ZDNet found the ad blocker removed graphics that were not ads, breaking pages. Adjusting the settings fixed the problem, however the process was complicated. ZDNet noted the lack of information presented concerning attacks the firewall blocked.[10] Norton LiveUpdate downloads and installs program updates.
The Family Edition adds parental controls. Parental controls are backed by a quality control team of 10 searching the web for inappropriate content. Found content is categorized in subject matter and placed on a blacklist of about 36,000 sites. A designed administrator can add blocked sites, however the pre-supplied blacklist cannot be viewed or edited since it is hard coded. Administrators can block certain subject matters. Another option is to block all sites, then create a whitelist of allowed sites. Family Edition can also block transmission of specified personal information. Such information is replaced with the letter "X". However, CNN noted X-rated sites are retrieved when personal information is queried by a search engine.[11]
Version 2001 was released September 18, 2000, adding support for Windows ME in addition to the Windows 9x series, Windows NT, and Windows 2000.[12] Following attacks by the ILOVEYOU and Anna Kournikova script viruses, this version can block malicious scripts without virus signatures, but by analyzing behavior.[13]
The firewall scans for internet-enabled applications and creates access rules based on a knowledge base maintained by Symantec during installation. In PC Magazine testing, the installation took 24 minutes to complete on a 750-MHz Pentium III with 92 Internet-enabled applications. Using the firewall, users can determine whether to accept cookies, Java applets, and ActiveX controls on a global or per-site basis. A new feature, Intrusion Detection with AutoBlock, can detect port scans and block further intrusion attempts. The program provides notifications for intrusion attempts, stating the severity level and providing access to threat details. Alternatively, the firewall can put the computer in stealth, essentially hiding the system. Users can configure the security level, affecting the number of notifications. Testing conducted by PC Magazine using Shields Up and Symantec's Security Check found that the firewall successfully stealthed all ports, hiding the computer from view. A leak test was conducted to see the firewall's ability to detect outbound connections. Each attempt was detected and the suite offered to block the attempts.[14]
The Family Edition, like the prior version, includes parental controls and the information filtering feature. Parental controls come with a list of objectionable sites, separated into 32 categories. The list is updated every two weeks by Norton LiveUpdate. Using the list alone, Norton only blocks sites present on the list. Consequently, Norton may not block sites until the next update. Parents can customize the list, adding or removing sites. A list of allowed sites can be created to restrict children to those specific sites. This version uses application blocking rather than protocol or port filtering to control Internet access. Children can be restricted in what applications they used to access the Internet. A parental controls profile can be setup for each child, and settings can be automatically configured based on their age group, whether they be a child, teenager, adult, or administrator. Internet usage and violations are noted in a report presented to parents.[15] PC Magazine found that enabling parental controls added a minute to a computer's boot time.[16]
Version 2002 was announced August 28, 2001. The Family Edition was dropped, so parental controls and information filtering are bundled with this release. The installation was noted as quick and simple by both PC Magazine and CNET. An installation requires a reboot, and afterwards the Security Assistant guides users through a questionnaire to best configure the settings. A problem CNET encountered when upgrading from the prior release was the loss of customized settings. PC Magazine found the default settings, aimed at avoiding frequent notifications, were somewhat permissive. Windows 95 support was also dropped.[17][18]
Running a full scan complies a list of Internet-enabled applications. Users set permissions or accept Norton's default settings. The firewall detects and blocks port scans and logs intrusion attempts. This version does not run a trace on attackers, however Symantec is planning an online tool to do so. To ensure rogue programs can not masquerade as a trustworthy application, Norton verifies programs against a list of digital signatures for known programs, updated every two weeks. The Norton Alert Tracker warns users if hackers attempt to gain access to users' computers. The firewall blocked all access attempts from Shields Up and Port Checker. This version includes a wizard to simplify firewall setup to accommodate for multiple computers sharing a Internet connection. With this release, Norton can prevent specified personal information from being transmitted via a compatible instant messenger client, e-mail, and websites. Ad-blocking includes the Ad Trashcan, where users can place ads that slipped past ad-filtering.[19]
A Professional Edition was announced December 11, 2001, with marketing aimed towards business owners. This version features Norton Intrusion Detection, which intercepts suspicious connections and attacks, such as the Code Red worm. Intrusion Detection focuses on Windows-based attacks only. Central management is also present in this version. Administrators configure firewall and productivity settings for client computers. Productivity settings allow administrators to block newsgroups, websites, and advertisements. The suite integrates with XP user accounts, settings can be personalized for each user.[20]
Version 2003 was announced September 16, 2002, scheduled to be available for purchase later that month. This version adds Norton Spam Alert to reduce e-mail spam. Spam filtering scans the whole message and its context, rather than looking for keywords to ensure accuracy.[21] A POP3 client must be used. When a message is identified as spam, Norton inserts an identifier, by default it is "Spam Alert:", in the subject line. Using the mail client, users can create a rule to delete or move flagged messages. Users can also create strings of text for Spam Alert to look for when classifying e-mail. In PC Magazine testing, Spam Alert mistakenly classified 2.8 percent of legitimate e-mail as spam. 47 percent of spam slipped passed the filter. Although misidentification of valid e-mail was low, the feature did not fare well at finding actual spam.[22]
The updated main interface has green and red indicators to show which features are active and which need attention. The firewall has several updated features in this version. A Block Traffic button present in the main interface blocks all incoming and outgoing Internet traffic. Another new feature, the Visual Tracker, graphically maps attacks back to their origin. The firewall blocked all port scans conducted by CNET, stealthing each port.
Following the Nimda and Code Red worms, this version scans all incoming and outgoing traffic for suspicious data exchanges against a routinely updated database, a feature ported from Norton Internet Security 2002 Professional Edition. Connections to the offending computer is automatically severed if the traffic matches a database item.[23][24]
Symantec announced a Professional Edition on November 19, 2002. Data recovery tools in this version allow users to recover deleted or malware damaged files. The inclusion of a data erasure tool allows users to delete files while minimizing the chance of recovery. Web Cleanup removes browser cache files, history, and cookies. To maintain dial-up connections, Connection Keep Alive simulates online activity during periods of user inactivity. Norton Productivity Control enables users to filter Internet content and block newsgroups. When used with the User Access Manager, multiple filtering profiles can be created, assigned to different users.[25]
Announced September 8, 2003, version 2004 adds adware, spyware, and keylogger protection. PC Magazine found the added protection to be weak. Out of the spyware samples Norton detected, a significant number were not removed completely, requiring manual removal. Norton also did little to prevent spyware infections.[26]
Norton AntiSpam, the renamed spam filtering feature, has a set of spam rules, which cannot be viewed or edited. Whitelists and blacklists of senders can be created. Users may also create their own spam definitions. AntiSpam integrates with Outlook, Outlook Express, and Eudora, allowing users to tag e-mail as spam on-the-fly. E-mail identified as spam are either quarantined by default, however the feature can be configured to delete such messages automatically. In CNET testing, AntiSpam correctly identified 94 percent of spam messages.[27][28]
Product activation was introduced in this release. After installation, users are allowed a 15 day grace period to activate their copy of Norton Internet Security 2004. The program will not work after the deadline without the 24-character product key. The product key used to activate a copy of Norton Internet Security ties in with an alphanumeric code based on a computer's hardware configuration. Users may activate their product five times with the same product key, however licensing terms dictate users are allowed only to install Norton Internet Security 2004 on one computer.[29][30]
Symantec introduced Version 2005 on August 17, 2004. This version is sometimes referred to with the tagline of "AntiSpyware Edition", since spyware detection is integrated with Norton and is by default enabled. Found threats are listed, separating the ones already dealt with and the ones requiring user interaction. More detailed information is provided through a link to Symantec's website. However, PC Pro and PC Magazine noted lengthy scan times. A full scan took 24 minutes to over half an hour, respectively. IN PC Pro testing, Norton detected 61 percent of the spyware samples, compared to an average of 68 percent for all the tested products. Removal rates were above average, 72 percent verses the average of 68 percent. Norton blocked reinstallation with a score of 48 percent, compared to the group average of 43 percent. Overall, Norton ranked fifth among the tested products.[31] In PC Magazine testing, Norton installed slowly on infected systems and failed to install on one altogether. Contacting Symantec did not resolve the issue.[32]
Other new features include Internet Worm Protection to block worms, which scan IP addresses for open ports. It also blocks inbound ports based on known and suspected exploits using signatures and heuristics. The addition of the feature follows MSBlast in 2003 and Sasser in 2004, worms that exploited vulnerability in Microsoft Windows' operating systems.[33] In response to emerging privacy threats — 75 percent of the threats in the last 12 months attempted to steal confidential information — this version adds phishing protection. Using the firewall component, users can create a whitelist of sites where confidential information can be transmitted. Users are alerted when information is transmitted to a site not on the list. The Outbreak Alert feature warns users of major threats as classified by Symantec, and users can press the Fix Now button to applies a set of changes to close vulnerabilities, such as blocking necessary ports used by a propagating worm.[34] The Browser Privacy can suppress information website generally receive about its visitors, such as the browser and operating system used. The feature can also block advertisements.
Privacy Control can warn users when sending confidential information. It can also be configured to block the transmission. It allows users to specify how the information can sent, such as via IM or e-mail. Item-specific exceptions allow users to control where there data can be sent. However, PC Pro found a flaw in the information filtering feature. The way information is formatted on the list of confidential information can affect its effectiveness. For example, entering the last six digits of a credit card number will not stop the numbers from leaking if they are grouped in four digits. PC Magazine also noted the fact anyone who can login to the computer can view the database of private information. For that reason, Symantec recommends entering only the last portion of sensitive information.[35]
Norton AntiSpam now scans e-mails for spoofed URLs and deals with any offending e-mail as spam. E-mails can also be blocked based on language, however by default the filter allows all languages. AntiSpam can syncs its own list of allowed senders with POP3 address books. Users can train the spam filter by pointing out valid e-mail marked as spam and vice versa. Support for Yahoo! Mail and Hotmail was added in this release.[35]
Norton Internet Security 2006 debuted on September 26, 2005.[36] The new main interface, the Norton Protection Center, aggregates all information in a central location. Security status is shown by how secure the computer is for tasks such as e-mail and Internet browsing, not in the context of which features are enabled. The Protection Center can also recognize third-party software protecting the computer. The new interface advertises additional products from Symantec; some categories of protection, such as "Data Protection", will read "No Coverage" until the user purchases and installs Norton SystemWorks. An additional system tray icon is created by the Protection Center.
The installation was noted as lengthy by PC Magazine, especially on malware-infected systems. Spyware detection has been tweaked since the last release. It has been updated to better identify keyloggers. In PC Magazine testing, Norton successfully detected all 11 spyware threats and removed all but two. PC Magazine did give Norton credit even when manual removal was required. The suite also removed three of four commercial keyloggers. When attempting to install the spyware on a clean system, Norton blocked all 11 and two of the four commercial keyloggers. In most cases, it did not block the installation, however Norton did call for a scan after the spyware was installed. In PC Pro testing, Norton detected 78 percent of spyware, removed 82 percent, and blocked 65 percent from installing.
Norton AntiSpam was discontinued as a separate product from Symantec, now only available in Norton Internet Security. The feature can block all e-mail from unknown senders, and automatically blocks messages with suspicious elements such as invisible text, HTML forms, and phishing URLs. To improve accuracy, Norton analyzes outgoing e-mails and messages whose categorization is corrected by users by hitting the This is spam and This is not spam buttons. In PC Magazine testing, the feature marked one in ten valid e-mail as spam and let one in every six spam messages in the inbox. 400 messages were used, and the program was allowed to process the messages for over a week. In PC Pro testing, the feature performed better, blocking 96 percent of spam, with a false positive rate of 0.2 percent.
Norton recommends disabling the Windows Firewall to avoid redundant alerts. The firewall stealthed all significant ports in PC Magazine testing. Attacking the firewall itself was unsuccessful, PC Magazine was unable to stop its service, terminate its process, or disable the firewall using simulated mouse clicks. The firewall also passed PC Pro's tests, successfully stealthing all ports.
Other features include Bloodhound technology, which looks for virus-like behavior to better find zero day viruses. The Security Inspector looks for common vulnerabilities, including insecure user account passwords and browser insecurities. Advertisement blocking rewrites a website's HTML to prevent advertisements from being displayed. Parental controls, an optional component, can block certain programs from accessing the Internet, such as IM clients, and restrict newsgroup access. Restrictions can be assigned to different Windows users accounts. Sites are classified in 31 categories, and the four profiles which can be assigned each block different categories of sites. Supervisors define exceptions, add global blocked sites, or block all access to sites not on a user-created whitelist. Both PC Magazine and PC Pro noted the exclusion of time-based restrictions.[37] Information filtering can be controlled on a per-user basis.
Windows 98 compatibility was dropped from this release.
The 2007 version was announced September 12, 2006. A tabbed interface allows users to access the Norton Protection Center and the program settings without separate tray icons and windows open. Symantec revised Norton Internet Security and made this version more modularized, which has reduced the suite's memory usage to 10–15 megabytes and scan times by 30–35 percent. Another result is that spam filtering and parental controls are separate components to install. When installed, the features consume 100 MB of disk space.[38]
Anti-phishing integrates with Internet Explorer. It analyzes sites, examining the website's URL, title, form, page layout, visible text and links, and uses a blacklist to detect phishing sites. Users are blocked access from suspected phishing sites, however are presented an option to continue. In PC Magazine testing, the feature blocked 22 of 24 phishing sites, while Internet Explorer 7 recognized 17 of the 24 sites. In PC Pro testing, the feature successfully blocked access to every phishing site it was tested against.[38] Spam filtering no longer includes a language feature, Symantec claims it is less useful with current spam and created false positives. Tested against 1500 messages by PC Magazine, Norton let over half of the spam to the inbox. Five percent of valid mail were marked as spam. This version utilizes Symantec's Veritas VxMS technology to better identify rootkits. VxMS allows Norton to find inconsistencies among files within directories and files at the volume level. A startup application manager allows users to prevent applications from launching at login. This release drops support for Windows 2000 and was be compatible with Windows Vista upon its release with an update.[39][40][41]
The firewall makes all decisions by itself to lessen the chance of being weakened by a misinformed decision. Applications known to be safe are allowed Internet access, and vice versa for malicious applications. Unknown ones are analyzed and blocked if they exhibit malicious behavior. In both PC Magazine and PC Pro testing, the firewall did not incorrectly block any safe applications from Internet access. All malware was blocked by the firewall.[38] PC Magazine testing reflected the same results. The firewall also stealthed all ports. Exploits were blocked by the intrusion prevention system, which prevents threats from leveraging vulnerabilities. The system is updated whenever a vulnerability is identified for Windows-based computers. Attempts to disable the firewall were unsuccessful; registry changes, process termination, and simulated mouse clicks all failed. Disabling Windows services had no effect on the firewall since it works at the kernel driver level. This version automatically adjusts configuration for different networks based on the physical address of the gateway rather than IP addresses.[41]
In PC Magazine testing, Norton detected 15 of 16 spyware samples. 13 of the 16 were removed. Against eight commercial keyloggers, the suite removed all the samples. On a clean system, Norton blocked 14 of the 16 spyware samples from installing, and stopped seven of the eight keyloggers from installing.[41]
The 2008 version was announced on August 28, 2007, adding support for Windows Vista 64-bit. New features include SONAR, the Norton Identity Safe, and Browser Defender. SONAR monitors applications for malicious behavior. The Identity Safe supersedes the information filtering function; instead of blocking personal information from leaving the computer, it stores personal information to fill webforms. It is password protected and checks a website's authenticity before filling any forms. Browser Defender inspects and blocks suspicious API calls, intended to stop drive-by downloads. The Network Map identifies networked computers with Norton Internet Security 2008 installed. Remote monitoring allows checking the status of other installations on different computers; problems are identified with a red "X" icon. Using the feature, users also can control network traffic between computers. It also warns users if they are using an unencrypted wireless network. The startup application manager and advertisement blocking features were dropped from this release. Information filtering, although superseded by the Identity Safe in the suite, is available separately. It can be used in conjunction with the Identity Safe.[42]
Phishing protection now integrates with Mozilla Firefox. Testing by PC Magazine found that Norton blocked 94 percent of phishing sites, compared to 83 percent for Internet Explorer 7 and 77 percent for Firefox 2.[42] CNET identified an issue with the feature; when anti-phishing is disabled, the Identity Safe still offers users to automatically submit personal information to websites, including phishing sites. Symantec declined to call it a "flaw", stating it is recommended to use the Identity Safe with anti-phishing enabled. Alternatively, the Identity Safe could be used with Firefox and Internet Explorer's built-in anti-phishing capability.[43]
PC Magazine found that the firewall put all ports in stealth mode. The firewall blocked ten of 12 leak tests, used to see if malware can evade the firewall's control of network traffic. Previous versions did not identify the tests because none carried a malicious payload. Another test was conducted using Core Impact, which successfully exploited one vulnerability on the test computer. However, other components of Norton stopped the exploit from causing harm. The other attempts were unsuccessful either because the system was invulnerable or Norton's Intrusion Prevention System stopped it. Attempts to disable the firewall were unsuccessful by PC Magazine.[42] On the contrary, PC Pro identified 15 open ports on a computer with Norton installed.[44]
In PC Magazine testing, Norton completely detected most of the malware samples. For two-thirds of the samples, all traces were removed. Norton found and removed all the commercial keyloggers. A full scan took nearly an hour to complete though, twice as long as the 2007 version. The suite blocked most of the malware from installing and all the commercial keyloggers, regardless of any modifications made to the samples.[42] PC World noted that Norton removed 80 percent of malware-associated files and Registry entries.[45]
Spam filtering imports users' address books to compile a whitelist of allowed senders. Addresses to which users send mail and e-mail tagged as valid mail can be automatically added to the whitelist. Using several thousand messages, PC Magazine found that Norton marked over 40 percent of valid e-mail as spam. Over 80 percent of valid newsletters were marked as spam. Norton did correctly identify 90 percent of spam e-mail.[42]
The 2009 version was released for sale September 9, 2008.[46] Symantec set several goals for version 2009 while in development: complete installations under minute and a footprint of 100 MB. Average installation times range from eight to ten minutes, and the previous 2008 version had a 400 MB footprint. Other goals included reducing load time after the computer starts, from 20–30 seconds to 10 seconds, and file scanning times with a technology allowing Norton to skip certain trusted files. The technology works in the basis that if a software runs on a significant portion of computers, then it is safe.[47][48]
A public beta was released July 14. A reduction in memory consumption was made, prompted by the fact 40 percent of people contacting Symantec support had 512 MB of RAM. The beta uses about 6 MB of memory, compared to 11 MB by the prior version. To reduce scan times, Norton Insight uses data from Norton Community participants to avoid scanning files that are found on a statistically significant amount of computers.[49] Citing a NPD Group study finding that 39 percent of consumers switching antiviruses blamed performance, a CPU usage meter will be available within the final product to allow users to find the cause of high CPU usage, whether it be Norton or another program. This version features more frequent updates, a change called Norton Pulse Updates. Rather than deliver an update every eight hours, as the 2008 version does, Pulse Updates are delivered five to fifteen minutes.[50][51] The Silent Mode automatically suspends alerts and updates when a program enters fullscreen mode and can be manually enabled.[52] The suite's activities take place while the computer is idle, and terminate once user activity is registered.[53] The final release (16.5) bundles spam filtering, which used to be a free download from Symantec. This release also bundles Norton Safe Web, which identifies malicious websites, compatible with Internet Explorer and Firefox. Norton Safe Web color codes search results from famous search engine such from Google and Yahoo for safety. The Norton Safe Web toolbar also includes an Ask.com search box. The search box does not share code with the Ask toolbar; instead the box redirects queries to the Ask search engine. Norton Safe Web is compatible with Internet Explorer and Firefox. Norton Safe Web.
Benchmarking conducted by PassMark Software highlights the 2009 version's 52 second install time, 32 second scan time, and 7 MB memory utilization. Symantec funded the benchmark test and provided scripts used to benchmark each participating antivirus software. Tests were conducted in Windows Vista running on a dual core processor.[54] PC Magazine found the suite added 15 seconds to the boot time, with a baseline of 60 seconds. Norton added less than 5 percent to the time it takes to complete file operations. 25 percent more time was taken to unzip and zip a set of files.[55]
In PC Magazine testing, Norton removed most traces of 40 percent of the malware. On a similar test, specifically using commercial keyloggers, Norton was able to remove most of the keyloggers, beating other tested products. Norton blocked all attempts to install malware on a clean system. Modifications made to the samples did not fool Norton. Norton was not able to block the installation of all the commercial keyloggers.
Phishing protection blocked 90 percent of verified phishing websites in PC Magazine testing. Internet Explorer 7 caught 75 percent, and Firefox caught 60 percent.
Norton stealthed all ports, according to PC Magazine. Port scans were unsuccessful. The firewall blocked all exploit attempts by Core Impact.
Malware blocking and removal garnered good results PC Magazine testing. All but one malware samples contained within a folder were removed once the folder was opened. The last one was removed when executed. Modifications made to the samples did not affect detection. On a similar test, specifically using commercial keyloggers, Norton did not successfully detect all.[56] In removing threats, Norton almost completely removed 40 percent of the malware samples and related executables. Norton was also able to remove more commercial keyloggers than any other product.[56]
Version 2010 was released officially on September 8, 2009. This version features a technology code named, Project Quorum, which introduces reputation-based threat detection to keep up with the 200 million attacks each month, many of which Symantec claims evade signature based detection. The new approach relies on Norton Community Watch, in which participants send information about the applications running on their computers. Safe applications exhibit common attributes, such as being of a known origin with known publishers. Conversely, new malware may have an unknown publisher, among other attributes. Using the data a "reputation score" is calculated and can be used to infer the likelihood of an unknown application being safe, or malicious.[57][58]
Other facets of Quorum are parental controls and spam filtering. Norton Internet Security 2010 bundles a free subscription of OnlineFamily.Norton, which PC Magazine found to be an improvement over the parental controls bundled with prior releases. Spam filtering uses technologies Symantec acquired from Brightmail. Two filters are used to find spam: a locally installed one and a check against Symantec's servers to see if the message is known spam. In PC Magazine testing, no valid e-mail were marked as spam. However, 11 percent of spam still made it to the inbox. This was a significant improvement over prior releases. Another improvement to the product is the improved heuristic feature called SONAR 2. It leverages reputation data to judge if a program is malicious or clean. Norton Insight has also been expanded, showing users the number of Norton Community participants who have a certain program installed, its impact of system resources, and how long it has been released. Information about the program's origin and a graph of its resource usage is also provided. A new feature codenamed Autospy helps users understand what Norton did when malware was found. The malware's actions and Norton's resolution are presented to the user. Previous releases removed threats on sight and quietly warned users, potentially confusing when users are deceived in downloading rogue security software.[59]
Another addition to the product is the new "Flip Screen". With a compatible graphics card, the main display "flips over" to shows the opposite side of the main interface, comprising of a chart of CPU or memory usage and a timeline of security events. Without one, the "Flip Screen" link is replaced by a "back" link, which opens the back of the windows as a separate window.[60]
The product also adds a search engine labeled "Safe Search". The custom search allows the user to filter out unsafe sites, get insight on them, and keep track of cookies. Malware removal and blocking performed well, setting or meeting records in PC Magazine testing. The exception was blocking commercial keyloggers, where Norton made an above average score. File operations took 2 percent longer, and the file compression and extraction test took 4 percent longer. The only area where Norton introduced a significant delay was when the system was booting, the beta version of the suite added 31 percent to the boot time, significantly longer than prior versions.[60] According to the Norton performance comparison website, Norton Internet Security scans 31 percent faster, is 70 percent lighter, and installs 76 percent faster than the leading Anti-virus product.[61]
Norton Internet Security 2011 (18.0) Final Version was released on Wednesday, September 8th, 2010
Norton Internet Security 2011 Beta was released on April 21, 2010. Changes include a new user interface and improved scanning of internet sites for malware. With the 2011 version, Symantec also released an application that "scans" the user's Facebook feed for any malware links. This application does not require a valid subscription. [62]
The final version of Norton Internet Security 2011 was released on August 31, 2010 to users with a current subscription as a free download for the remainder of their subscription through Norton Update Center.
Symantec has released a special edition of Norton Internet Security optimized for Netbooks.[63] This is available as download from the Symantec website or in a USB thumb drive.[64]
Symantec states that the Netbook edition is optimized for netbooks. The main display is optimized to provide support for the 800 x 480 screen resolution. In addition, non-critical tasks are delayed while the netbook is on battery. Furthermore, the netbook edition contains complimentary access to Norton's secure online backup and parental control to protect children as they surf the web. [65]
Norton Internet Security is available on Symantec's Website as a download or users can opt for a physical CD version for a higher price. The primary distribution media sold in stores is a Compact Disk (CD). In addition, many stores carry the netbook version of Norton Internet Security, which is distributed on a thumb drive.[64] This special Netbook edition is also available as a download from the Symantec website.
Norton Internet Security version 1.0 for Mac was released November 1, 2000. It can identify and remove both Windows and Mac viruses. Other features include a firewall, advertisement blocking in the browser, parental controls, and the ability to prevent confidential information from being transmitted outside the computer. Users are prompted before such information is able to be transmitted. The incorporation of Aladdin Systems' iClean allows users to purge the browser cache, cookies, and browsing history within Norton's interface.[66] Operating system requirements call for Mac OS 8.1. Hardware requirements call for 24 MB of RAM, 12 MB of disk space, and a PowerPC processor.[67]
Version 2.0 also ties in with the WHOIS database, allowing users to trace attacking computers. Users can inform network administrators of the attacking computers for corrective actions. When running under Mac OS 8.1 or 9, a PowerPC processor, 24 MB of RAM, and 25 MB of free space is required. Under Mac OS X 10.1, a PowerPC G3 processor, 128 MB of RAM, and 25 MB of free space is required.
The subsequent release, version 3.0, maintained the feature set found in version 2.0. The firewall now allocates internet access as needed rather than relying on user input using predefined rules. Compatibility with OS 8 was dropped. When running under OS 9.2, a PowerPC processor, 24 MB of RAM, and 25 MB of free space is required. Under OS X 10.1.5 through 10.3, a PowerPC G3, 128 MB of RAM, and 150 MB of free space is required. However, version 3.0 is not compatible with OS X 10.4, or "Tiger".
Version 4.0 was released on December 18, 2008.[68][69] Symantec also markets a bundle of Version 4.0 and the 2009 version for Windows, intended for users with both Microsoft Windows and Mac OS X installed.[69] iClean was dropped from this release. The firewall now blocks access to malicious sites using a blacklist updated by Symantec. To prevent attackers from leveraging insecurities in the Mac or installed software, exploit protection was introduced in this release.[70] Phishing protection was introduced in this release as well.[71] Operating system requirements call for Mac OS X 10.4.11 or higher. A PowerPC or Intel Core processor, 256 MB of RAM and 150 MB of free space are required.
Symantec, in compliance with the Federal Bureau of Investigation (FBI), whitelisted Magic Lantern, a keylogger actively developed by the FBI. The purpose of Magic Lantern is to obtain passwords to encrypted e-mail as part of a criminal investigation. Magic Lantern was first reported in the media by Bob Sullivan of MSNBC on November 20, 2001 and by Ted Bridis of the Associated Press.[72] Magic Lantern is deployed as an e-mail attachment. When the attachment is opened, a trojan horse is installed on the suspect's computer. The trojan horse is activated when the suspect uses PGP encryption, often used to increase the security of sent e-mail messages. When activated, the trojan horse will log the PGP password, which allows the FBI to decrypt user communications.[73] Symantec and other major antivirus vendors have whitelisted Magic Lantern, rendering their antivirus products, including Norton Internet Security, incapable of detecting Magic Lantern. Concerns include uncertainties about Magic Lantern's full potential and whether hackers could subvert it for purposes outside the jurisdiction of the law.[74]
Graham Cluley, a technology consultant from Sophos, said "We have no way of knowing if it was written by the FBI, and even if we did, we wouldn’t know whether it was being used by the FBI or if it had been commandeered by a third party".[75] Another reaction came from Marc Maiffret, chief technical officer and cofounder of eEye Digital Security, "Our customers are paying us for a service, to protect them from all forms of malicious code. It is not up to us to do law enforcement's job for them so we do not, and will not, make any exceptions for law enforcement malware or other tools."[76]
FBI spokesman Paul Bresson, in response if Magic Lantern needed a court order to deploy, "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process."[77][78]
Proponents of Magic Lantern argue the technology would allow law enforcement to efficiently and quickly decrypt messages protected by encryption schemes. Implementing Magic Lantern does not require physical access to a suspect's computer, unlike Carnivore, a predecessor to Magic Lantern, since physical access to a computer would require a court order.
In 2006, Oli Warner analyzed the system performance impact of various Windows applications and antivirus software, including Norton Internet Security 2006. He later reran the experiments, revising his methodology and included 2007 version at Symantec's request. Warner benchmarked the processor and the disk performance with and without each application, compiling two scripts in C++, a programming language. One calculated all prime numbers between 100,000 and 200,000 and the other tested file read/write time. BootVis was used to measure boot time. All testing was conducted inside a virtualized environment created by VMware. Despite the 2007 version's improvements, Warner noted its significant boot delay and impact on file operations.[79]
Testing in 2008 by PassMark Software found Norton Internet Security 2009 had the least impact on system performance among the tested antivirus software. Symantec funded the testing and provided some of the scripts used. Warner's scripts were also used to test file read/write time. The second and third ranked suites were ESET Smart Security 2008 and Kaspersky Internet Security 2009.[80] Systems were benchmarked with a clean installation of Windows Vista, then with a security suite installed. The 2009 version had the least impact on boot time, the fastest scan speed, lowest memory utilization, and the program itself installed the fastest out of its competitors. However, the 2009 version had the second most impact on file read/write time, as highlighted by Warner earlier.[80]
Norton Internet Security (Windows versions) is criticized for not uninstalling completely, leaving unnecessary files and registry entries.[81] Versions prior to 2009 also installed a separate LiveUpdate program, which updates Norton-branded software. The user must uninstall both Norton Internet Security and the LiveUpdate component manually. The LiveUpdate component is purposely left behind to update other Norton-branded products, but is not uninstalled if they are not present. Symantec has developed the Norton Removal Tool to remove leftover registry keys and values along with files and folders.[82] Uninstallation will not remove subscription data, preserved to prevent users from installing multiple trial copies.
When Norton Internet Security 2008 is installed, users may encounter incompatibilities upgrading to Windows XP Service Pack 3 or Windows Vista Service Pack 1. Users report numerous invalid registry keys being added by a tool named fixcss.exe, resulting in an empty Device Manager and missing devices such as wireless network adapters.[83] Symantec initially blamed Microsoft for the incompatibilities but has since accepted partial responsibility.
Dave Cole, Symantec's senior director of product management, acknowledged that users running Norton products were experiencing problems, but said the numbers are small. Cole also said that Symantec had done "extensive testing" of its products with Windows XP SP3, but this issue was not encountered. Cole blamed Microsoft "This is related to XP SP3." Microsoft recommended that users contact Windows customer support.[84] To resolve the problem, Symantec has issued a fix intended for users before upgrading.[83] Symantec also recommends disabling the tamper protection component in the 2008 release, dubbed SymProtect. A tool to remove the added registry entries is also available from Symantec.[83]
Sarah Hicks, Symantec's vice president of consumer product management, voiced concern over Windows Vista 64-bit's PatchGuard feature. PatchGuard was designed by Microsoft to ensure the integrity of the kernel, a part of a operating system which interacts with the hardware. Rootkits often hide in a operating system's kernel, complicating removal.[85] Mike Dalton, European president of McAfee said, "The decision to build a wall around the kernel with the assumption it can't be breached is ridiculous", claiming Microsoft was preventing security vendors from effectively protecting the kernel while promoting its own security product, Windows Live OneCare. Hicks said Symantec did not mind the competition from OneCare.[86] Symantec later published a white paper detailing PatchGuard with instructions to obtain a PatchGuard exploit.[87] After negotiations and investigations from antitrust regulators, Microsoft decided to allow security vendors access to the kernel by creating special API instructions.[88]
Versions 2009 and 2010 are compatible with Windows 7. Version 2006 to 2008 users can receive an upgrade to the latest version (Norton Internet Security 2010) through the Norton Update Center. Version 2009 will receive a patch automatically through the built in LiveUpdate feature. However, this patch will have to be installed BEFORE the upgrade. However, Version 2010 is supported right out of the box. Thus, those not upgrading from Windows Vista will have to get the 2010 or later version. Versions 2005 and older are not eligible for the upgrade or a patch.[89]
|