Why Kaspersky is better in use (more user friendly) than Norton?

At least cause of:

1) it is blocks/freezes file using/activity and asks user about to delete file or not (critical as false detection or just infected self-extracted rar archives, which can be unpacked without execution, false detection on not mine USB sticks or other drives - It needed to go to the quarantine and restore, and if this file is in root folder or used path, it must be added into exclusions, and there is not just one file and there are 5 files? )

2) Kaspersky have very useful banner-blocker - flash, gif-png-jpg (images), and pop-ups or opening of new windows (norton have not, saw many such activity in supported Google Chrome web browser)

Here lists (in the first sight of kaspersky) very comfortable things that kaspersky can and norton can not.

May be such functionality/ability and posted below in further can be added into Norton to make it more comfortable, user-friendly? Why not? Why to stay as is?

Look at the Kaspersky cloud network (Kaspersky Security Network) work on the product page - many of technologies are used cloud, and every client product checks URL in the cloud (not only localy downloaded with updates) too, and there are other things.

After subscroption expired Norton completely turn off all of its engines/modeles. So You are completely unsecure (with disabled firewall too). With Kaspersky  - not - product stays in the last state - all components/modules (antivirus, program behaviour monitor, firewall, intrusion prevention) are active, but just not able to receive any updates. With Kaspersky your computer greatly more secure than with Norton for situation after product key expired.

So, after key is expired Norton give no any secured time to renew subscription.

I am not just write bad about Norton, by me it is more than normal product, but I want Symantec to make not so difficult-to-be-done improvements in it.

Thanks for attention!

Is Kaspersky having a good ad-block?

I've never tried Kaspersky, but I know that Norton is at least good at detecting malware.

Last time I used Kaspersky Internet Security 2009 and 2011 versions. it was vegy good in ad-blocking. no other banners/flash videos on a viewing pages. blocked about 18-19 banners from every 20.

>but I know that Norton is at least good at detecting malware.

hm..  can not say that it is fully true in my cases. tried it in offline mode on my work today. some threats (some rootkit, hidden service of svchost.exe -netsvc or close to it detected by GMER, and USB sticks worm) are still persists after norton work (2 full system scans and 3-4 reboots). 8-10 infections was recognised by NIS 19.1.0.28 (with no any updates, only with todays definition update file installed, oflline work), but work on my flash drive (used after cleaning and scanned after work) contain worm and GMER and HitManPro (offline scan) after Norton cleaning process are still reporting about svchost.exe -netsvc RootKit activity. Viruses there is only from local subnet and USB sticks, there is no internet connection. so viruses probably are old, or slightly old.

I began using NIS from 2009 version. and saw the works of every 2010, 2011, and a very little of 2012 work and can say that Norton is bad (yes, bad) in detecting of !active! infections, but Kaspersky and DrWeb can do it very good. they can easy, have such strong functionality to terminate active processes, norton have not. Norton 2010 in december 2009 was unable to stop Sality active infection. I start the infected file with NIS disabled and start NIS after 4-5 seconds after infection start. Norton and virus just load CPU for 100% for a 40 minites and I am giving up... reset the computer. Norton only prevent from starting Sality - detect it only while infection starts.

Such examples I saw only on my computer during 3 years about 5-8, not remember... I know what if after infection to install DrWeb or Kaspersky scanner or internet security suite (or different machine install and trying to infect it), they can easy detect and terminate active infection, but using much of resources of CPU and memory... but they can stop infection. 

So for last 3 years of my experience I have opinion that Norton giving up more frequently against active infections.

Why?

May be to rewrite dtetection and termination modules of Norton? Then it will be more strong, but again: samples sended by me twice are still remaining undetected by Norton - about 10 samples was added into blacklist and next are not (for a month or more):

http://www.virustotal.com/file-scan/report.html?id=a0fc6be8d2e2a2d25443838c83e9d6cea0174dddf47b80dbb0efbc7afaaf8884-1316627732

http://www.virustotal.com/file-scan/report.html?id=154ceda7efdea3145fcff66ff7418dc622656d7bcef1a92c076b330deabb4215-1316628157

http://www.virustotal.com/file-scan/report.html?id=868b1aee31c6335a5fc4257f20346e2d99fbd86bc7554b415da41fc19b13b3b1-1316627706

http://www.virustotal.com/file-scan/report.html?id=9273ad398315046342a7ad969353af0fd6f57f8cd97b22085f247cabcfc6d454-1316627699

http://www.virustotal.com/file-scan/report.html?id=e5ee4fd81fe606fb28c74807a004287a9c5848b2b47858f665472c13a16353f4-1316627697

http://www.virustotal.com/file-scan/report.html?id=1ca17028b1f4c85a4913ded7d29e02e0236d4b3e65fa451483b8114e93eb4959-1316628135

http://www.virustotal.com/file-scan/report.html?id=eac1b0a8068f46554e899113474a5f84d95773c77a24e8c5c4b74a19f734d40d-1316627693

Again.. each company have each opinion what is malware. probably by Symantec it is not malware. I found it by using 3rd side programs on my computer, most was from my web browsers cache folder. Studing what it is and what it is donig whaile active - for me as I think - it is 100% malware.

During all time I upload it to analyse to Symantec server once in 4-6 days.

Probably it is all that makes Norton not the best for me like russian user.

I wish Symantec direction to heard it.

Thanks for attention and given and giving good security support in other very good sides of Norton!

PS

was infected by and catched by Norton:

http://www.virustotal.com/file-scan/report.html?id=baa78b222e7c28948d474c0968b1febd375123c120fce0c15976540d9b4d78e8-1316629622

http://www.virustotal.com/file-scan/report.html?id=7fb855a7a2d4a2e2be9c1b6a1a87ca57aa8fc927df628d48be54156661de70a5-1316629683

http://www.virustotal.com/file-scan/report.html?id=4202574ee60beb13a329f4ba6f6bc55a6e3cfbdfccab929f50024603d9cde020-1316629704

there is one of messages:

http://community.norton.com/t5/Norton-Internet-Security-Norton/so-disapointed-with-NIS-2012/m-p/542008#M174149

Neil Rubenking at pcmag.com says that Kaspersky's firewall no longer stealths all ports in his review of KIS 2012.  Norton's firewall does.

I was a long user of Kaspersky Internet Security and must say that it was a pretty nice program.  The 2012 version definitely looked sleek and easy to use.

However, when I uninstalled Kaspersky from my laptop and installed Norton and did a full scan, Norton found 5 trojan horse viruses on the computer.

With that being said, user friendliness shouldn't override performance.  Norton is still a top performer and is still getting great reviews.

No security product is perfect.

>>"No security product is perfect."<<

Hi eric3312 -

This is why Malwarebytes and even SUPERAntiSpyware are added to my security as backup for daily scans.

You need "layered protection" on any computer that is active on the internet these days.

Even the most seemingly trustworthy site can contain a driveby infection or tracking device that you never suspect as dangerous.

I still shop around and find that what one A/virus misses another can detect. This applys to all security.

That is why the areas for removal of malware are always active on all forums -

Regards -

@ eric3312

Norton False Positives.

Ex: False detections of legitimate software as malware during a system scan (above industry average)

KIS and NIS was on the manual update. usually 1 time per day.

KIS 2012 reported "definitions are out-of-date" frequently, 2 times I saw that message with the last update was 19 hours ago.

NIS reported that only after 3-5 days.

Kaspersky reported it to Security Center component and it is pop-up red shield in system tray with "Kaspersky antivirus may be out of date"

With Norton this will be after 5 days only. This is preference of Norton for my use.

During scan process

I saw Norton 2011 with 600 MB peak RAM using with 350 MB continiously.

KIS 2012 peak 900 MB, 600 MB continiously.

for non-scanning state the are similar: 60-80 MB.

I can not recommend Kaspersky to users, which PCs have 1 (may be with 1.5 GB too) or smaller size of RAM on Win XP running machines.

During KIS 2012 scan I can not operate with my computer normaly. avp.exe gets normal priority and scan takes all system resorces.

With NIS scan I can easy operate with PC.

Starting computer and typical programs with NIS is longer in about 1.2-1.3 times than with Kaspersky. But first time executing is in about 2-3 times longer with Kaspersky than with Norton. Typical work with Kasperky is faster.

Kaspersky IS 2012 main window opens in 3 times faster than NIS 2012.

---

WinXP SP3 (all updates)

CPU Intel Pentium 4 3.00 GHz

3.0 GB RAM 400 MHz (800 MHz in dual channel)

Videocard: Nvidia GeForce FX 5200, 128 MB VRAM

@ Niko233

Performance Benckmarks (17-Aug-2011):

http://www.passmark.com/ftp/antivirus_12-performance-testing-ed1.pdf

"The highest possible score attainable is 85; in a hypothetical situation where a product has
attained first place all 17 metrics."

I told all by the results of my work with NIS and KIS installed. For Kaspersky I saw faster work only in 1 case: second start of applications after installing KIS 2012. for the nearest example: mozilla firefox and winword (2010) and computer cold start are faster in about 1.2-1.25 times.

just kidding:

"Yes, we have defense from ZeroAccess 1.8.7.2. oh.. 1.8.7.3 released and crash our product again???? but why? they are completely rewrite their mechanism of attack....."

but kaspresky just don't know about that and catch new variant simply by very suspicious behaviour including constant their driver access...

Self-defense of Kaspersky and Norton in the example of their drivers access by third-party program:

sym*.sys - symantec (newest NIS 19.1.1.3) drivers

kl*.sys - kaspersky (KIS 2012) drivers

Pictures are telling all that I want to say.

Interesting test. for Norton fans)

Today in machine having updated KIS 2012 and NIS 2012 engines at once (2 AV engines together) I have an password protected rar-archive with 3 nowadays malware files inside.

Settings of KIS was untouched. setting of Norton was aggressive (heuristic, SONAR, but standard trust mode).

I turn off Kaspersky and Norton protection and unpack archive. make a copy of unpacked archive, so I have 2 folders with the same 3 malware file inside.

Now  I turn on Kaspersky (Norton is still inactive) and scan the first folder. it picked up all 3 malware samples and offer to make a pure disinfection of active infections (some scan and reboot). after reboot it start to make full system scan by itself. I decline it.

After that I swithed beetween AV engines (kaspersky in off, norton is on) and scan second folder. norton picked up all 3 malware files and so on. non of other operation was offered. but i am not about this (in my case not needed additional operations).

Now I think about what will be if to turn on all engines and unpack the archive. I turn on the kaspersky and save all my work.

After that via context menu i press Winrar and "Extract here"...

drum roll....

and Norton stand up and blocked all the samples. kaspersky just do not know any information about them.

now another experiment.. to unpack the files and just open the folder... now I post this message and will edit it if I can ;)

again only norton! why is it so fast???))) glad to know this, but may be kaspersky setting can be aggressive too?..

Hm.. If to turn off norton, Kaspersky is working...

"Есть необработанные объекты" - "There are untreated objects"

but why kaspersky did not block access to them in test with norton?

another experience:

why norton IS (2010, 2011) did not block access to files then it detect it and proceeding them? I have about 15 sitiations then Norton writing that proceeding a threat and I just manually remove it via typical Explorer window...

---

Niko233 wrote:
Today in machine having updated KIS 2012 and NIS 2012 engines at once (2 AV engines together)

---

Do I understand you correctly that you installed KIS and NIS on the same machine + partition + Windows OS? Because this will lead to problems (including false results of you tests too). If you would like to do the same test on the two product, please do it this way:

1. Create a Windows installation with programs you would use and all the Windows update, but no AV yet!

2. Create a backup of this installation (Ghost or other backup product)

3. Install one of the AV products, and test it.

4. Revert back to the clean Windows installation

5. Install the other AV product, and redo the test with it as well.

This will give you a much better test results, and you will have no false positives, etc.

Do I understand you correctly that you installed KIS and NIS on the same machine + partition + Windows OS?

That is right. But they are not the same folder of Program Files :)))

I have no false positive detections, no any other problems. Thanks for suggestion!

File Insight of Norton and Kaspersky. For Norton fans too.

3 main differencies + many optional.

What am I about?

Let we see on a two files for example - 1 original and 1 patched (view it by file names), here the are:

1) MAIN. With Norton we can say is the file have a VALID digital signature or not. With Kaspersky we can not say this.

2) MAIN. File is Trusted or not? Kaspersky have only unknownm abstract (I mean that it have something like rating of security in percents, I saw non original files, patched with highest KSN rating) reputation from Kaspersky. And mainly only 2 discrets: unknown and kaspersky security network trusted (this is not means that file is whitelisted or can not be a threat of illegal/patched files of legal programs). Norton have many more disrects of reputation: bad, poor, unknown, low, good, trusted. but again I saw about 5-6 threats with 2-sticks Good reputation what was blacklisted in further after submition.

3) MAIN. Startup item or not? Only Norton shows.

4) Where is this file came from? Only Norton can shows.

5) Locate this file? Only Norton can open explorer window.

6) To instant scan the file? Only Kaspersky can do it (via special button).

7) Norton shows file Activity.

8) Age of the files is MUCH more better in Norton. Kaspersky have only: less than a week, more than a week, and the same for month and year and so on.

I always have infected (probably with Kido/Downadup) computers in my network who attack my computer each day. Per day is about 10 attacks from at least 5 different local IPs. Before Installing KIS 2012 Norton always told me:

OS Attack: MSRPC Server Service RPC CVE-2008-4250. and blocks it.

After I have both active KIN 2012 and NIS 2012, Norton did not know about any network attack - Kaspersky components always blocks it (something like bufferoverflow). So by web attacks Norton did not know anything - all attack takes (and blocks) Kaspersky on itselft. So Kaspersky integrate more deeper into network components so it can block attack earlier than Norton.

---

WinXP SP3 32bit