Not what you are looking for? Ask the experts!
NIS 2011: Community Watch Failure
I have NIS 22.214.171.124 for 13 days.
Final NIS 126.96.36.199 was able to download from the beginning of September (and via NUC from the end of the August). many users download and use it. But what will happens if they are not able to help Symantec to increase their Blacklist of malware? Less effectiveness for all of course! In NIS 2011 I saw more effective heuristic level (via Suspicious.Cloud and WS.Reputation.1 detections), but this unknown to Symantec viruses can't be upload (Submitted) to be added after additional analysis to traditional Virus Definitions.
And what we see by av-comparatives.org reviews? 98.7% effectivenes on dead (body) scan of malware.
Symantec is always in 98-99% range for 3-4 years of testing. Always little more than middle position, on 3-7 places that for so big company is not very good - can be better.
And testing version was only 188.8.131.52, which is Beta (184.108.40.206 is final)...
Look at G-Data 99.9% with few false alarms - it is submit all suspicious files and data to analisys - in result - more viruses are known. Avira 10 - 99.8% with few false alarms - very good! Look at Free of charge Avast! 5 - 99.3% - more effectiveness with absolutely free of cost, few false alarms and the best scan speed. There is exist a thing, that can think about...
NIS 2011 is greatly improved performance of computer in Boot-time, but scanning speed is down to (18.6-13.3)/18.6=28% comparing to NIS 17.5 engine.
Alright scanning speed is very fast still. But when our product's the heuristic and submitting levels/components and URL blocker (by known links to malware, like it perfectly workinkg in Kaspersky and ESET), scan of malwaredomainlist.com items directly by Symantec virus analytics, effectiveness of dead-body scan will be more than 98-dot-something percents will be working better?
Many general problems are but now must be to switch to subject of topic...
I saw the work of Norton Community Watch (NCW) component in all engines of NIS 2010 till 17.7 version (don't know about 17.8): "Submitted" status was appeared in maximum 1-1.5 days after each "incident" happened (from "Pending" through "Waiting" to finally "Submitted"). In 220.127.116.11 Norton Community Watch task starts only 1-2 times a day, then the "Pending" entries adding for 10-40 items per each day.
But I never turn off my computer and in daytime and during nighttime it is in Idle state, like it was during all engines of NIS 2010, in which NCW was working like exquisite.
So many samples with Heuristic detection (like Suspicious.Cloud, WS.Reputation.1 and other) cant be submitted to further analysis to Symantec and be Blacklisted via classic Virus definitions.
To lost samples - to lost effectiveness, but still (on 27-Sep-2010) in 18.104.22.168 Norton Community Watch Pending-Waiting-Submit task execution is working very badly, comparing to NIS 17.0-17.7 engines. Some days ago I help NCW manually - via direct execution for 50-60 times of the task from Norton Tasks window i have each sessions for 2-4 minutes long and in Security History the state of 1-3 old "Pending" items was changing to Waiting or Submitted. By the way: "Sample Submition" tasks was changed only to "Waiting" state and no one of mm... about 40-50 to "Submitted". But I can't do it always manually (and Sample Submission can't achieve the normally "Submit" state).
Since NCW Submission was working on NIS 2010 just fine, it is not normal in NIS 2011.
Constantly connected to Internet, running Win XP SP3 32 bit x86 English