I am interested to hear why they gave Norton a poor rating for updates. Check this graph! http://www.av-test.org/en/statistics/updates/

Symantec does not add definitions for brand new malware as fast as many other anti-virus companies.

However, Norton protects as well or better than most against new malware anyway, using cloud reputation detection and SONAR technology, which doesn't rely on traditional signature updates to detect malicious code and/or behaviour.

Hi JorgeA,

Good question!  I too am puzzled by the rating that Norton received for "updating."  Of course, every year Consumer Reports publishes its evaluation of security programs, and every year I am mystified by some of their recommendations, which never seem to agree with those found in similar reviews conducted by organizations dedicated exclusively to computer and software testing.  I really like Consumer Reports and appreciate what they do, but I always take their ratings of security software with a grain of salt.  How can a Pulse Update every 5 to 15 minutes be considered "poor?"

On the other hand, their article on what Facebook knows about you (even if you have not joined Facebook) is must reading.

---

SendOfJive wrote:

How can a Pulse Update every 5 to 15 minutes be considered "poor?"

 

 

---

The update frequency doesn't really say anything about the ability to detect 0-day malware unless you know which malware detections are being added. If the updates add definitions for malware that was detected the day before by other anti-virus programs, the product in question is still a day behind the others, even if the updates come every 10 minutes.

Compare the amount of detections being added by Norton:

http://www.symantec.com/security_response/definitions/multipledaily/

with those added by Kaspersky, example:

http://www.kaspersky.com/viruswatchlite

Hi Bombastus,

CR is a non-technical publication, and it seems more likely to me that when they rate Updating, it has to do with how quickly a local signature database is refreshed, rather than the specific signatures that each update contains.  The way they define "Updating," though, is somewhat ambiguous as to whether they are using a measure of quantity or quality. 

soj:
> How can a Pulse Update every 5 to 15 minutes be considered "poor?"

When content is more important than frequency.

> CR is a non-technical publication, and it seems more likely to me that when they rate Updating,
> it has to do with how quickly a local signature database is refreshed,
> rather than the specific signatures that each update contains.

There's an assumption in there.

> The way they define "Updating," though, is somewhat ambiguous
> as to whether they are using a measure of quantity or quality.

No kidding.

I more or less agree with you though.  Cars are pretty technical, and CR does a pretty good job of evaluating them. I would say though that that's one of the few areas that they do a good job of.

Specifically with regard to this issue, unless CR knows the _content_ of the NIS updates their opinion isn't worth much on that aspect of their study.

There's an old saying: even a blind pig finds an acorn sometime.  Meaning I don't disagree with their overall conclusion.

It seems to me that Symantec's products are not of the same quality that they previously were.  Their reluctance not to participate in the AV Comparisons study, and issue a lame excuse instead, was one indicator of a possible concern about being evaluated.

A look at the threads in this forum, going back aways, shows that Symantec's ability to fix problems, which was never speedy, has deteriorated further.

The previously disclosed loss of NAV source code, and the claim on Friday of NIS source code also, if true, may be diverting effort.  It's tough to believe anything you hear about this.

I have been a Consumer Reports subscriber for many years, and usually trust them. However, their computer security advice I find dubious at best.

Back in 2008, I used their top-rated  (now rated #4) pay security suite for my computer, my wife's, and  recommended it to friends. It worked quite well for nearly a year, until my wife's computer got infected by a Javascript exploit on a compromised web site. Within a week or so, to my embarrassment, the same thing happened to a very good friend who was using the same security suite on my recommendation.

I tested out various (numerous!) security suites before settling on one. I chose the one that gave this message when re-visiting the infected web site:

“Norton 360 has blocked the JS.Downloader Trojan.  Your system is safe”.

And though I've now decided that NIS better serves my needs, it will take more than an article in Consumer Reports to make me leave Norton!!

<< Their reluctance not to participate in the AV Comparisons study, and issue a lame excuse instead, was one indicator of a possible concern about being evaluated. >>

There are a couple or more of assumptions there too! <g>

I'm not a subscriber to CR so I don't know what they say about how they did it.