• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

Hi. I recently purchased Norton Systemworks 12 Standard and it had Norton AV bundled with it. I've noticed few issues with it. Even when I set "Advanced Heuristics" to aggressive on the settings page, Norton AV keeps missing obvious threats. Here are two examples:

Example one: A virus compressed inside an archive is sitting in a random folder. When running Rising-AV (Chinese AV app), just opening that folder would trigger an alarm. Rising-AV scans files in directories as you open those directories. With Norton AV I can open the directory and even open the compressed file itself and it still does NOT detect the virus. Only way to detect it is to right click on the file and force a scan. I mean what is going on here? Even opening the archive with the virus detects nothing.

Example two: Downloading a compressed archive from internet that contains a virus triggers an alarm with Rising-AV. Norton AV on the other hand does nothing in such situation. I tried this with three different browsers and the results were same. (Firefox, Chrome, and IE8).

Before I uninstall and return this product to MicroCenter for a refund, is there anything I can do to make Norton AV more aggressive or just plain smarter at least?

Replies

Kudos0

Re: Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

Hi. I recently purchased Norton Systemworks 12 Standard and it had Norton AV bundled with it. I've noticed few issues with it. Even when I set "Advanced Heuristics" to aggressive on the settings page, Norton AV keeps missing obvious threats. Here are two examples:

Example one: A virus compressed inside an archive is sitting in a random folder. When running Rising-AV (Chinese AV app), just opening that folder would trigger an alarm. Rising-AV scans files in directories as you open those directories. With Norton AV I can open the directory and even open the compressed file itself and it still does NOT detect the virus. Only way to detect it is to right click on the file and force a scan. I mean what is going on here? Even opening the archive with the virus detects nothing.

Example two: Downloading a compressed archive from internet that contains a virus triggers an alarm with Rising-AV. Norton AV on the other hand does nothing in such situation. I tried this with three different browsers and the results were same. (Firefox, Chrome, and IE8).

Before I uninstall and return this product to MicroCenter for a refund, is there anything I can do to make Norton AV more aggressive or just plain smarter at least?

Kudos0

Re: Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

Norton only scans compressed files during a Full system scan and if you manually ask it to scan the compressed file.  Otherwise Auto Protect will scan every NON-COMPRESSED file on access (read, write, move, delete, etc).  This allows you to use more of the system resources and still keep you safe.  A malware in a compressed file is contained and inert.
Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

I see, but other AV support such scanning (like Rising-AV). That still does not explain why Norton refuses to detect the virus once I actually OPEN the file/archive. What do I actually have to do to trigger an alarm? Run the virus itself and hope Norton will catch it before it does damage?Are you serious?

Also this means I might download a virus and Norton will not detect it just because the virus happens to be compressed? Example: I click to download a file from some random website. (some cool app). It is in zip format. Inside there are ten files and one is a virus. That virus will sit there "contained" as you put it until I do a on-demand scan OR actually run the virus?

Kudos0

Re: Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

How are you OPENing the archive?  If you are looking at it in Explorer (Vista supports zipped archive natively) the file is still inside the archive and not actually on the hard drive extracted from the archive yet.  If you drag the file from inside the archive to the folder (thus extracting the file) then Norton scans the file (Auto Protect) just as it scans all files during any files based activity (writing to the hard drive from an archive to uncompressed form, for example).  The only other time the files inside an archive are scanned is when you initiate a manual scan (of the folder, archive or hard drive) from a right click menu or the Scan menu on the main Norton interface.  Also a scheduled (user defined or Idle Time) Full System Scan will scan inside archives (default settings).

Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

So if I open the archive (double click #1) and then execute the fake setup file aka virus (double click #2),  then Norton should detect the virus? Although at that point the virus has executed and delivered it's payload. Do you see the issue here? The potential for exploits is amazing.

Kudos0

Re: Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

How did it execute?  The moment it tries to execute (write anything) or even goes from compressed to uncompressed form and into memory, it is scanned then.  You miss the point here; the file can not go from compressed to any other state without being scanned.  I see your point; you want the AV to reach in and yank out the file thus destroying the archive and / or removing one of the files someone was trying to download / save.
Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

Not necesarilly "yank" anything, a nice prompt would be nice, which brings me to another point. There is no way of actually getting Norton AV to prompt the user for action like with Rising-AV or many other AV apps for that matter. There seems to be only one course of action, auto deletion and/or auto removal. I checked the settings panel and there is nothing there that would make Norton AV more interactive in any way.

It seems Norton AV either does what it wants (auto-deletion and auto-removal) or it doesn't do anything at all (ignoring archives which are pretty much THE standard file format for file distribution on the internet). There seems to be no middle ground. It will ignore what it wants and fix/repair what it wants. It's apparently up to the user then to crawl from menu to menu in order to figure out what Norton AV deleted or removed. Which could be a pain for obvious false positives. 

Kudos0

Re: Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

Norton AV does not scan compressed files and folders in real-time because of the need to uncompress them to do this. There are many AV's that, by default, do not scan compressed files in real-time. For instance, NOD32 can do this, but, if you enable it, it gives you a warning of serious system performance degredation, unfortunately this is an inescapable fact. I would guess that Symantec has wisely chosen to leave compressed files as they are UNTIL A SCAN IS NECESSARY (like during decompression) - because I bet you anything that there would be millions of people complaining about how their systems slow down because of Norton, whereas its because its unpacking and scanning archives. Because the virus cannot do anything from within the archive, it does not need to be scanned. As you cannot use anything in an archive without it first being unpacked, there is no point in scanning it; The moment the archie is decompressed or unpacked, it will be scanned. It is not possible for the virus to cause any harm this way; unless ofcourse it is not detected, but EVERY antivirus misses things.

Secondly, as for Norton being very silent about what it does - well yes, it is very silent and doesn't give the user much choice - but thats actually what most people asked for. The majority of computer owners are not PC-Literate and they cannot make decisions for removing viruses, thus the decision was made to allow the AV to do it for them, which is fair enough seeing as Norton has an exceptionally LOW False Positive rating. Then you could take, say, Avira AV, which gives you a choice with just about anything, but has a very HIGH False Positive rating; so thats basically the trade off. In the end, the majority of the market is what anybody would like to appeal to.

Obviously Norton is not everybody's cup-of-tea, and if you are not happy with it, I would certainly encourage you to look around, try a few trial versions of different AV's and pick the one you like best and that suites your needs.

I hope this helped :-)

Matt

"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos0

Re: Norton AntiVirus not aggressive enough and it keeps missing obvious threats.

Well MicroCenter refused to refund my money. They do not allow refunds on software, so i'm stuck woth Systemworks 12. All the cool utilities that were available under Windows XP are unavailable under Vista. DiskDoctor is replaced by a GUI for Vista's own CHKDSK utility, SpeedDisk is replaced by a GUI for Vista's own defragmenter. Only decent utility that works is WinDoctor. I had Norton Systemworks 2005 and this new 2009/12.0 version is a serious disapointment, under Vista at least. The only reason i upgraded to 2009 version was because NSW 2005 does not support Vista.

As for the Norton Antivirus, it feels like Microsoft's OneCare (heavy on resources and lack of customizability). The CPU and RAM footprint are smaller but the disk I/O utilization level is heavy. Apparently Norton AV runs with highest disk I/O prioritization. In fact while doing on-demand scans of large groups of files, both my system and Norton AV seem to freeze up for anywhere from few seconds to half a minute at a time. Which is bizzare since I have a very fast system. (i7 920 CPU @ 4.1GHz, 6GB of RAM, 3x640GB disks in RAID0).

Also, how does Norton Systemworks determine if a particular file is an archive? Simple extension check or something more involved like file header check? If it just checks extensions, then what's stopping somebody from changing an extension on virus that is an exectutable(exe) to something like .zip or .rar? I mean, on many systems, depending on how file associations are setup, once you execute a narchive (zip, rar, cab) and it it happens to be incorrectly named extension then whatever application (WinZip, WinRAR, or 7Zip) will make the determination of what the correct extension is and pass it on. In other words, an executable virus disguised as a archive will be passed onto the OS and execute. I just tried with 7-zip as my default archive manager and with a executable with renamed extension.

This thread is closed from further comment. Please visit the forum to start a new thread.