In the AV-Comparatives Proactive test, Norton only scored 43%, why is this, it was way behind the leaders Trustport and Panda, also well behind the runners up, I am not saying Norton should be on top all the time, but it should at least have a higher score, why has Norton done so poorly?, can anyone give me an explanation, was the test a fair test of Norton's capabilities? etc.
SlamDunkley,
I think you are referring to the retrospective test that was conducted by AVC in May 2010. This test covers the heuristics scanning aspect of all AVs. I agree that the scores are not great, but, you should look at the on-demand scanner report and the numbers are pretty high. It is the combination of both these numbers that would give you an indication of the performance.
Also, I see that this test was conducted on Norton 2010. Norton 2011 is currently under beta and would like to wait and see how the numbers come up for the latest one.
-MbR
To follow up a bit on what Mythbuster said, the documentation that accompanies the test results greatly clarifies the conclusions that can be drawn from the results. This is a test of how well a product does with out-of-date definitions. No product scored higher than a 63% detection rate and Norton's 43% earned it an entirely respectable Advanced rating. AV-Comparatives points out that using updated definitions will increase the detection rates and that the tested products, including Norton, each use additional protection features to combat emerging threats, They conclude therefore that users should not be concerned about running any of the tested products, based on the scores achieved in this test.
One of Norton's primary weapons against the newest malware variants is Pulse Updates, which are released every few minutes. Norton also uses reputation-based methods in its Download Insight feature to guard against previously unknown threats. The AV-Comparatives test only looked at on-demand heuristic detection and cautions anyone republishing the test results that it is mandatory to include an explanation that the test only evaluates this one aspect of new threat detection and does not take into account the many other additional protection features incorporated into AV programs that also work to block new malware strains. The total package makes all the difference in how well each product protects the user in the real world.
Even with these good explanations, the score was not very good, yeah you say that they were using out of date definitions, but why was was Panda able to beat you by 20%? that's a massive difference, weren't Panda also using out of date definitions, but they were still able to beat you by a large margin, why can't someone say we done poor, and Panda was better in this test instead saying stuff like well 2011 is coming out soon and will do better, that maybe be true, I am more focused on the present then the future.
There are explanations for failure but no excuses.
The reason is simple and it is not that Panda is better than (any software).
This test feautures just on-demand scan with outdated protection . It is meant to test how will a product defeat new threats . This test methodology comes from the past and is in no way valid nowadays .
Let me show you why (they are not valid):
# Nowadays you won't have a chance to remain so long with no updates. Even if happens so that you can't update your product , this will mean that you are not connected to the Internet , thus you are not exposed to most threats.
# On-demand scanning is valid only to products with outdated technologies such as ESET NOD32 , Avast , AVIRA , etc.
Norton is first class modern product which uses innovative technologies and its power is in real time scanning . Real time scanning is what actually matters . Norton uses SONAR , Insight , SafeWeb and many other technologies which AV-Comparatives does NOT test in its regular tests . Practially Norton will beat ~~100% of the malware.
What really matters are tests which evaluate the product in whole with all available technologies used . Such a test in the Dynamic tests conducted both by AV-Test.org and AV-Comapratives.org
As for Panda - here is a "secret" . Since version 2009 when Panda Security implements Cloud scanning , Panda is acting a bit strange . Reason is they try to be lighter . Currently versions 2009 , 2010 and 2011 (just released) DOES NOT scan correctly all files in real-time . Reason is that they have included some strange way to impelement the information that comes from the cloud in the real-time scanner. In order to remain as light as possible , Panda relies mainly on the cloud and about 30% of all definitions are NOT stored locally at all. If you leave Panda without internet even for a minute or two , it won't be able to detect about 30% of the threat it will detect with active internet . Additionally , because of the the strange implementation of the cloud data , Panda does not detect every malware in real time . Some malware can execute with no problem but if a manual scan is performed , Panda may be able to detect the malware . However , somethis it will be way too late.
SendOfJive & 3play have it right - AV-Comparatives's retrospective only tests one technology - the antivirus file scanner. For true effectiveness, real-world tests are the best way to evaluate and compare products. Testers actually download software, with all of our technologies in force (SONAR behavior blocking, network security, and reputation). This is how real users are protected from malware. AV-Comparatives has done a real world test (their whole-product dynamic test) and you can see that when all Norton technologies are used, the picture is quite a bit different.
You may also wish to look at the False Positive/Alarm portion of that same report where Panda is in the list of Many False Alarms. If users keep getting false alarms they either disable the product or simply ignore any messages presented. In my opinion, both of those cases are worse than having lower detection rates from one small, specific area of the technology.
very good, you guys have explained everything to me now, I can't wait for the real world test, I'm sorry if I sounded a bit rude, I was just a bit frustrated, is the real world test in December? Thanks for your explanations guys :)
Hi Folks,
To add just a bit on this. Below is a link to a real-world test done in Dec 2009 in which Norton was at the top of the list at 98%.
http://www.pcmag.com/article2/0,2817,2357347,00.asp
Since I have been BETA testing NIS 2011 on my test laptop and have infected it with a number of threats I can say that I am duly impressed with the improvements!! 
Allen
The only area as with most AV's that Norton is struggling with is not being able to handle some Rootkits and Bootkits, When the PC has already become infected with them, but Symantec is working on it.
But installers for them keep being added to the definitions to stop the infection to start with.
Quads
Quads wrote:The only area as with most AV's that Norton is struggling with is not being able to handle some Rootkits and Bootkits, When the PC has already become infected with them, but Symantec is working on it.
But installers for them keep being added to the definitions to stop the infection to start with.
Quads
I totally agree with Quads.
NPE is only one solution yuo can see Symantec is working on it. NPE is catching more and more rootkits.
Symantec will get things right. They've worked for years on getting the GUI, detection and slowness right. Now they have time to get to the more severe malware like rootkits etc... They have a great team to work on this
to make it clear with my above statement,
I wasn't wasn't talking about NPE (Norton Power Eraser). But Norton AV.
NPE was not created to handle rootkits and NPE with Tidserv!inf (TDL3 (+)) is a disaster for the PC, NPE also will NOT detect Bootkits and is not suppose to.
Quads
First, Panda and Trustport are far away from being leaders. This is a test of Norton's heuristics and while I can't say they are not important, they are not everything you rely on. Pulse updates are send to you every 5-15 minutes and SONAR combined with Norton Insight blocks more than any other solution. Also the removal of malware is important - Norton knows every process, file, registry key or service that is related to malware and then uses tactics such as on-boot-cleaning to ensure malware is sweaped completely.
somebody said: "63% is better result..."
yes, but Norton was taken only the 7th place and is not in leaders of heuristic scan (I means the products with a few FP only - only effective products)
I do not remember the times, that Norton was better than its 43%. Always (for about 4-5 years) Norton recognize less then 35% of risks by it's heuristic scanner. The results are growing up and it is a very positive dynamics. Many years the industry leaders of heur. scans with a few False Positives are: G DATA, ESET, Kaspersky. I think Norton (in consideration of a few FP) now takes 4th or 5th place, which is middle in industry.
But Norton have Behavior protection which is not having ESET or Avast and this test it is not testing malware while its running, SONAR can provide much help in this.
But very pleasantly to see that Norton stops the malware BEFORE IT IS GOING TO RUN ON THE MACHINE - on definitions or heuristic levels of defense. Psychologically, than the file is running, SONAR can allow some malicious actions if it (SONAR like no one is not ideal), and only after that can stop it... Will be good the combination of SONAR and Sandbox technology (first the file is allowed to run only in SONAR's sandbox, analyze this and only than do it (with SONAR too) in a real conditions)
Great hopes that Norton Team will be improve the future risk detections with heuristic algorithms too !important! with a few or nothing false alarms.
PS The times was than ESET detects 70% viruses in 10 000 files by heur. scans and NOTHING of it was in FP detections!!! (infromation by av-comparatives.org).
That was the real masterclass!