---

moriseif wrote:

80% of Carberp infected computers had antivirus software installed.

---

That it is still possible for a PC to become infected by certain malware, despite running antivirus software, is not news.  Of course, a system that is itself configured to be secure - in addition to running AV - will be much better protected than an inadequately secured system running AV alone.  Unfortunately, the additional layers of protection necessary to lock down a Windows operating system are either unknown to many people, or the users simply choose to rely solely on AV products in order to avoid the inconvenience and attention to detail that is required to properly secure a system in depth.  The methods that malware now uses to infect systems are often extremely sophisticated, and defending against them requires that potential attack vectors be closed off as much as possible.  Security software is certainly part of the solution - an important part - but it is not the total answer.  You don't leave your home's doors and windows unlocked on the assumption that the police already have all of the potential burglars under control, do you? 

I agree with u but Norton must say about use of additional software for security and when don't do it so it's mean Norton is enough for us.

another note: If security of users are important for symantec they have to customize their softwares for high protection like contract with other companies to use thier technology.some times Norton do that but why there are some bugs on their software yet?!!!

Hi moriseif,

You should never install more than one real-time antivirus product, although it is fine to use on-demand-only scanners and software that uses only passive protection, such as SpywareBlaster.  Not only will two AV products conflict with each other, reducing their effectiveness, but you aren't really gaining any additional benefit by using more than one AV product because they all provide essentially the same kind of protection.  Layered protection means using different measures in combination - not simply adding more of what you already have.  Running as a limited or standard user, making sure all of your software has the latest security patches, restricting which sites can run JavaScript in your browser, using a sandbox, using a Hosts file to block known malicious websites and using a disk imaging program to backup your entire harddrive are some examples of different types of measures that one can take that offer additional security in ways that do not duplicate what your AV software already does.  The first two items I mentioned - not running as an administrator and staying current on patches -  are easy things to do that will greatly increase your security.  The other things require a bit more commitment and computer skills and may not suit everyone, so tailoring your own layered security is really a matter of personal choice.

I don't say about deleted files or infection with risks,i say about infected computer and Norton 360 has been closed that's so different it's mean Norton's bugs.I write some codes (honestly i am cracker)  and know about what you say but i agree with you only in HIPS and sandbox cases.so in this feature why Norton don't use sandbox in their products? Security is a puzzle and if you complete that then you win and you don't have risk.from knowledge till limeted user or etc must be join with each other but you must accept that Norton passed same way from some years ago till now and every year Norton said about speed (absolutely reduced from 2009) , upgrade of  SONAR ( not yet effective well ) , ... and nothing is new from 2009 till now.

I agree with moriseif about the fact that since 3 years Norton hasn't been changed much but the malware did.

The impact of Norton on the system is just amazing, its very low on resources which is great.

Since their signature database is great and well up to date it would be easy to implement application whitelisting (blacklist by default) which is now only used in corporate security software?

If application whitelisting plus some behavor detection is done properly they could basically offer 100% security

Osirison,

<< the fact that since 3 years Norton hasn't been changed much but the malware did. >>

That's back to 2009/10 so I think that is factually incorrect. The Norton engines, coding whatever you want to call it was totally changed over those years.

But more important none of us can really know what or how they changed unless we have hacked their coding and the servers upon which detection depends.

<< If application whitelisting plus some behavor detection is done properly they could basically offer 100% security >>

Perhaps but would we acccept the consequences of such tight restrictions? My impression is that most users would not ... just as VISTA's UAC was not accepted.

In a business environment, if mangement says you may not to eg Facebook you have to accept that; if their implentation of security enforces that, you have to accept it .... or quit the job. Try to do the same to the typical "home" user and they would disable it or change products.

bom:

> The report says nothing about whether or not the security programs were updated so its pretty useless.

That post sounds like it could come straight out of a corporate public relations department.

1. You don't know.  Yet you come up with a flawed conclusion ("it's useless") in support of Symantec.

Where are the rational, unbiased posts?

2. One reasonable assumption (if you're going to make assumptions) is that AV-Test used the _same "conditions"_ for all the products.  If they didn't, a company that scored low would sue them if "tight" conditions were used for them but "loose" conditions were used for their competitors.

So Symantec was held to the same conditions as the other products.  Let the scores fall where they may.

Alias:

> Does the report answer these important questions? ...

You left one out. Were all the products treated the same?

> In the part of the protection test where the whole product gets tested, Norton scored better than both of them.

AV testing is like the decathlon.

You don't win the decathlon because you won the long jump event.

hu:

>> since 3 years Norton hasn't been changed much but the malware did

>

> The Norton engines, coding whatever you want to call it

> was _totally changed_ over those years.

> But more important _none of us can really know_ what or how they changed

> unless we have hacked their coding and the servers upon which detection depends.

In the first section you said that Norton "totally changed."

Then you said that "none of us can really know."

Which is it?