05-07-2012 07:28 AM
In its June 2012 issue, Consumer Reports ranked Norton Internet Security 2012 in the middle of the pack of paid security suites (eighth out of 14), and gave NIS its worst rating of Poor for "Updating," which they explain "shows how quickly the product is able to protect against new malware."
Historically, most every testing organization out there has consistently placed Norton at or near the top of the rankings. And every time I open my NIS, it shows that the most recent update was within the past few minutes, so it's not like I'm waiting days for updates to deal with new threats. Does anybody have insight as to how CR tested Norton, and why it received a mediocre rating overall and a poor one in that particular category?
05-07-2012 08:21 AM - edited 05-07-2012 08:21 AM
I am interested to hear why they gave Norton a poor rating for updates. Check this graph! http://www.av-test.org/en/statistics/updates/
05-07-2012 08:33 AM
Symantec does not add definitions for brand new malware as fast as many other anti-virus companies.
However, Norton protects as well or better than most against new malware anyway, using cloud reputation detection and SONAR technology, which doesn't rely on traditional signature updates to detect malicious code and/or behaviour.
05-07-2012 11:52 AM
Good question! I too am puzzled by the rating that Norton received for "updating." Of course, every year Consumer Reports publishes its evaluation of security programs, and every year I am mystified by some of their recommendations, which never seem to agree with those found in similar reviews conducted by organizations dedicated exclusively to computer and software testing. I really like Consumer Reports and appreciate what they do, but I always take their ratings of security software with a grain of salt. How can a Pulse Update every 5 to 15 minutes be considered "poor?"
On the other hand, their article on what Facebook knows about you (even if you have not joined Facebook) is must reading.
05-07-2012 12:52 PM - edited 05-07-2012 12:55 PM
SendOfJive wrote:How can a Pulse Update every 5 to 15 minutes be considered "poor?"
The update frequency doesn't really say anything about the ability to detect 0-day malware unless you know which malware detections are being added. If the updates add definitions for malware that was detected the day before by other anti-virus programs, the product in question is still a day behind the others, even if the updates come every 10 minutes.
Compare the amount of detections being added by Norton:
with those added by Kaspersky, example:
05-07-2012 01:42 PM
CR is a non-technical publication, and it seems more likely to me that when they rate Updating, it has to do with how quickly a local signature database is refreshed, rather than the specific signatures that each update contains. The way they define "Updating," though, is somewhat ambiguous as to whether they are using a measure of quantity or quality.
05-07-2012 02:46 PM
Just keep in mind that CR are the same folks who stated at the beginning of the story:
"You can get good protection, especially against online threats, free of charge" and "Our evaluations .... turned up free programs that should adequately protect all but the most at-risk Internet users from malware ....."
Okay, show of hands:
How many want "Good Protection" ?
How many want "Adequate Protection" ?
Norton 360 • Norton Internet Security • Norton Zone | XP SP3 • Windows 7 Professional SP1 x64
• PLEASE, BACKUP or EXPORT your Identity Safe Data on a regular basis •
05-07-2012 03:21 PM
> How can a Pulse Update every 5 to 15 minutes be considered "poor?"
When content is more important than frequency.
> CR is a non-technical publication, and it seems more likely to me that when they rate Updating,
> it has to do with how quickly a local signature database is refreshed,
> rather than the specific signatures that each update contains.
There's an assumption in there.
> The way they define "Updating," though, is somewhat ambiguous
> as to whether they are using a measure of quantity or quality.
I more or less agree with you though. Cars are pretty technical, and CR does a pretty good job of evaluating them. I would say though that that's one of the few areas that they do a good job of.
Specifically with regard to this issue, unless CR knows the _content_ of the NIS updates their opinion isn't worth much on that aspect of their study.
There's an old saying: even a blind pig finds an acorn sometime. Meaning I don't disagree with their overall conclusion.
It seems to me that Symantec's products are not of the same quality that they previously were. Their reluctance not to participate in the AV Comparisons study, and issue a lame excuse instead, was one indicator of a possible concern about being evaluated.
A look at the threads in this forum, going back aways, shows that Symantec's ability to fix problems, which was never speedy, has deteriorated further.
The previously disclosed loss of NAV source code, and the claim on Friday of NIS source code also, if true, may be diverting effort. It's tough to believe anything you hear about this.
05-07-2012 03:30 PM
I have been a Consumer Reports subscriber for many years, and usually trust them. However, their computer security advice I find dubious at best.
I tested out various (numerous!) security suites before settling on one. I chose the one that gave this message when re-visiting the infected web site:
“Norton 360 has blocked the JS.Downloader Trojan. Your system is safe”.
And though I've now decided that NIS better serves my needs, it will take more than an article in Consumer Reports to make me leave Norton!!
05-07-2012 04:48 PM
<< Their reluctance not to participate in the AV Comparisons study, and issue a lame excuse instead, was one indicator of a possible concern about being evaluated. >>
There are a couple or more of assumptions there too! <g>
I'm not a subscriber to CR so I don't know what they say about how they did it.