Smart Definitions question

Norton Security | Norton Internet Security
1

With smart definitions turned on, does that mean that nortons does not detect all virus, or just the newest ones?

2

Thank you. I will trade a few resources for a short time to improve protection :smileyvery-happy:

3

I would add that Smart Definitions is ON by default with 2012. This is largely because most of the older malware has not been seen in the wild for years.

 

I have mixed feelings on how good an idea this is. Could it be that over time people who produced some of the old malware might try to reintroduce it into the wild just because they know some products like Norton no longer detects it by default? Who knows? In the end only time will tell.

 

But in deciding whether you go with the default or turn Smart Definitions back OFF it is worth considering the following:

 

1. If old malware were to be reintroduced into the wild, it would become known to Symantec quite quickly and it would start getting included in the CORE set of definitions again.

 

2. It is also likely that any old malware reintroduced into the wild would have changes made to it where it would no longer match the signature of the old malware anyway.

 

3. Norton still has things like IPS, SONAR and other technologies in play that will still provide protection. So it is not like you would have no protection against this old malware when using Smart Definitions.

 

In the end I have left Smart Definitions at the default of ON because I feel confident that this will offer the right level of protection.

 

But in the end this is a personal choice of one's comfort level in knowing that older definitions will no longer be included if one uses Smart Definitions.

 

My two cents worth. :smileywink:

 

Best wishes.

Allen

4

"This is largely because most of the older malware has not been seen in the wild for years."

 

And it will never has been seen if to turn on smart definitions! ;)))

 

what is the benefit of performance to use it? 2% ? very helpful feature with decreasing security!

5

Smart definitions have nothing to do at all with how old a virus may be, so I have to disagree with any statements about not being protected from old malware.

 

Smart definitions protect you from any and all active threats, it's as simple as that.

The way things have always worked is that when a new threat emerges, Symantec is able to quickly identify it and push out an antivirus definition for it.  the same thing happens now but if it's an older threat that hasn't been seen in years it happens much quicker because the definitions have already been made.

 

Contrary to popular belief, I would find it impossible that the "full definition set" could actually contain each and every virus known to the world since the first virus.  If thats the case then we have really been using a form of smart definitions for a long time, just a much bigger set then we are now.

 

As the number of viruses grow every year, sooner or later it will become impossible for everyone to have a full antivirus definition set.  It would take some very powerfull computers to compare each file against a multi-gigabyte local database of defintions without slowing down the system very much.

 

Why would you possibly want definitions for a threat that has not been in the wild for many years when Symantec can update your system with it quicker than it can with a new virus?

 

Dave

6

"This is largely because most of the older malware has not been seen in the wild for years."

 

And it will never has been seen until you turn on Full definitions set! ;)))

 

How to know is this virus for now on small group of computers or not? no how. heuristic and SONAR is not perfect.

7
Yeah, the Smart definitions definitely do not cover every piece of malware know to the world, only to Symantec, if that. These days, there are more than 55000 new pieces of malware discovered every day, and no antivirus company can keep adding definitions at that rate, let alone keep up with discovering them all. Luckily, we have other ways to block unknown malware with Norton now.
8

DaveH wrote:

  

Contrary to popular belief, I would find it impossible that the "full definition set" could actually contain each and every virus known to the world since the first virus.  If thats the case then we have really been using a form of smart definitions for a long time, just a much bigger set then we are now.

 

As the number of viruses grow every year, sooner or later it will become impossible for everyone to have a full antivirus definition set.  It would take some very powerfull computers to compare each file against a multi-gigabyte local database of defintions without slowing down the system very much.

  

Dave

Agreed. Some estimates put the number of new malware strains each day at ~73,000! I agree there is no way that any security software can keep up with that pace using traditional signatures. All of us would need super computers to handle that kind of workload.

 

This is why the traditional scans are to a significant degree losing importance over time with most if not all security software. The world we live in simply mandates that other technologies such as Sonar, IPS and others become better and better at detecting threats in a real-time fashion!

 

I believe that Symantec is at the forefront of these new technologies.

 

The change in 2012 to have full scans be monthly instead of weekly by default is another step in that direction.

 

In the end we all have to rely more and more on these newer technologies.

 

Allen

 

9

With smart definitions turned on, does that mean that nortons does not detect all virus, or just the newest ones?

10

AllenM wrote

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Could it be that over time people who produced some of the old malware might try to reintroduce it into the wild just because they know some products like Norton no longer detects it by default? Who knows? In the end only time will tell.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

A very valid point indeed..........I have often expected this very scenario to become prevalent and start showing up in Security reports and blogs etc;.

I am more than willing though , to sacrifice an amount of resource capability in order to maintain my comfort level with the protection that NIS offers !

 

Looking at varied posts that mention resource usage rates...I am more than happy to configure NIS to have Smart Defs set at "On "  If it ever comes to a trade off between" resource usage " and " peace of mind "...there's no contest .

 

Purely my personal choice I know... but the day will never dawn when we will reach total immunity from malware threats at any point with regard to the "chinks in the armour " that will always exist in a users security protection !

 

The weak link in many cases of security breaches has often  been user error...and no security provider can "factor in " protection in that area either.

 

That's exactly why the feature set of NIS totally suits me ...its'all there if I want / need it.....

I'd sooner that ......than have the aggro of cleaning up a trashed system ...and yes...I'll put my hand up ! I caused my own loads of trouble by a stupid mistake! ...just another good reason to have the range of option choices that come with NIS . :smileywink:

 

 

11

I ran a few tests on my system to compare the NIS 2011 set of Smart Definitions vs Full Definitions, including 5 on-demand full system scans (Scan Now | Full System Scan) in quick succession with each set, and the only significant difference I found was that the smaller core set of Smart Definitions saved less than 20 MB of space on my hard drive. I used the Smart Definitions for about 2 months and couldn't see any difference in performance on my system, so I went back to using the Full Definitions.

The NIS 2012 Product Manual claims that "You can choose Smart Definitions to minimize download time, installation time, and memory consumption as Smart Definitions are a subset of virus definitions."  I assume this means download time during product installation, because daily LiveUpdates should deliver the same set of newly detected virus definitions, regardless of whether you have the Smart Definitions or Full Definitions on your system.  I have a dial-up Internet connection and if I have to download a 110 MB NIS installation file, reducing that download by 20 MB isn't going to help a great deal.

I still use NIS 2011 and have a 32-bit Win Vista system (1.83 GHz, 3.0 GB RAM), and it's possible that Symantec made significant changes to their set of Smart Definitions for NIS 2012 that might be noticed on a full scan of Win 7, but as far as I can tell Smart Definitions are a bit of a sales gimmick. I agree with other users in this thread who say that we will rely more and more on heuristic detection for protection against all the new malware being released these days, so why doesn't Symantec just pick a one set of definitions they feel provides optimum coverage for most users without impacting performance (likely Smart Definitions) and leave it at that?
--------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 7.0.1
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

12

For what it is worth, I have had Smart Definitions on since I started using 2012 (NIS)

I just turned it off and ran Live Update.

Update = 124.49MB.

Took me by surprise, really.

Anyway, I also believe that this would most likely be a "once off" download of all the "old" definitions, after which only the new ones would be added, regardless of the setting.

Also, the whole heuristic and behaviour-based argument is, of course, spot on.

Lastly, I think that the smart definitions may make a difference on low-powered pc's, such as netbooks, with about 1GB of RAM (seeing as most of that RAM will be used by windows) -- Baring in mind definitions have to be loaded to memory while scanning (at least in some form or another, even if in the form of links to the definitions files on the hard drive (which of course would be far smaller than defs themselves)).

At least, that's what i think must happen :-D. Could be totally wrong though :)

 

Matt 

13

Hi mattsegers:

 

I'm sure you're on the right track.  It appears that Norton has decided to stop selling netbook versions of all their 2012 software.  I know of several users in the forum who own more than one PC who purchased a single 3-PC licence for the "standard" version of NIS 2011.  They simply used one of their installs on a netbook and switched to the Smart Definitions and saved themselves the extra cost of buying a separate subscription for the netbook version of the software.

 

Kudos to Symantec for doing away with the old practice of trying to double-charge these types of customers for both a "standard" and netbook version of their Norton product.  I'm guessing that Smart Definitions are now the default in NIS 2012 because of the growing number of netbook users with with 2 GB or less of RAM.

--------------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 7.0.1
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

14

Hi Folks,

 

The Smart Definitions option was added for concerns of both RAM and download time on slower internet connections. Additionally, when a user has "metered" download where they have to pay more for exceeding a certain allotment then the size of the download definitely makes a significant difference.

 

If you look at as an example a 56kbps dial-up connection the download time comparison between say a 90MB definition set (smart def ON) vs say a 110MB definition set (smart def OFF) comes to about 45 minutes difference.

 

Use the following download calculator to plug in some sample numbers and you can get a good idea how the size affects the download time.

 

http://www.t1shopper.com/tools/calculate/downloadcalculator.php

 

While true that this only affects the initial download where the full definitions must be retrieved, this does not always just affect you during the initial installation. There are times when the full definitions must be downloaded even after installation. This can be triggered by things like a computer being offline for extended periods of time which can trigger the full download or certain live update failures can also trigger the full download.

 

Hope this clarifies a bit. :smileywink:

 

Best wishes.

Allen