Hi. Is there a way that I can test if Norton Internet Security is sufficiently protecting my computer from a variety of drive-by downloads such as from various tool kits? I already know that it's working, but I want to put it up against real tests to see how effective it is. Is there a site that I can go to where you can actually try get attacked by such downloads for testing? Any recommendations? Thanks.
phillipkeenan wrote:Hi. Is there a way that I can test if Norton Internet Security is sufficiently protecting my computer from a variety of drive-by downloads such as from various tool kits? I already know that it's working, but I want to put it up against real tests to see how effective it is. Is there a site that I can go to where you can actually try get attacked by such downloads for testing? Any recommendations? Thanks.
Hi Phillip,
I don't know of any sites where you can become the target of a live fire training exercise. Personally I like to stay as far from that type of danger as possible. I'm sure ther are some and I'm also sure that one of them will have a sneaky nasty that will get through and end your fun/test. If you insist, hang around someone may have directions for you.
Thanks. I wasn't really thinking that the drive-by downloads would be a real threat though; just tests.
phillipkeenan wrote:Thanks. I wasn't really thinking that the drive-by downloads would be a real threat though; just tests.
If you're shooting blanks nobody gets hurt. To test the value of a protective device you have to use the real thing. If you want to do that type of testing I would recommend a test system that you can reimage easily when something gets in and crashes everything. Otherwise I'm all for letting the experts with the really expensive toys play in that cesspool.
But that's just me
Okay thanks.
Keep in mind that any antivirus product is just one component in the security of the machine. Use one primary real time scanner. Doubling up on protection may sound like a good idea, but I see more users with infections on other forums who have two and sometimes three real time scanners. Conflicts allow infection.
In order to maintain as much security as possible, all of your programs such as Adobe, Flash, Internet Explorer, and others need to be updated regularly. All programs have vulnerabilities that the malware writers try to use. Don't leave gaping holes in your security and expect Norton to pick up the slack.
The third component is the user. Use of torrents can open your machine to infection. When there are multiple P2P hosts, there is no guarantee that an infection will not occur. Using cracks and keygens leave you open to infection, if only because malware writers know how popular they are.
If a fake scan pops up, do not click on it. Back off the website. Use the browser tools, In \private browsing, smart screen filter, if there are no slow downs, Firefox with NoScript to prevent scripts running.
Nothing is 100% all of the time. Know where to go to get the machine fixed if and when you have a problem. There are several very good free malware removal forums that will help you on a one to one basis.
Thanks for the detailed info.
phillipkeenan wrote:Hi. Is there a way that I can test if Norton Internet Security is sufficiently protecting my computer from a variety of drive-by downloads such as from various tool kits? I already know that it's working, but I want to put it up against real tests to see how effective it is. Is there a site that I can go to where you can actually try get attacked by such downloads for testing? Any recommendations? Thanks.
Hi phillipkeenan,
What I would add to what is already said is that the type of testing you are talking about doing is very specialized and if you are not a malware expert and/or do not have a proper test environment you would be asking for trouble to do this kind of testing.
Testing like this should be done on a test system (NOT a production computer / environment) and with the proper know how.
Given the proper test environment and knowledge then certainly testing like this is very valuable and security products like Norton are put to real-world tests quite frequently by independant testing labs and other individuals with the proper knowledge.
You are better off to rely on Comparative testing results which are released by independant labs periodically.
One such recent comparative test is:
http://www.av-comparatives.org/images/stories/test/performance/performance_aug_2011.pdf
As you'll see from this Symantec is rated near the top as is typical. This particular test is for the upcoming NIS 2012 but shows typical results for what is seen with Norton in these tests.
Best wishes.
Allen
There are many videos on You Tube where security software "testers" subject NIS to a variety of known malware infested websites. Usually they use 10 websites in wach video. While on rare occaision one will slip through, NIS almost always is successful in blocking 100% of the drive-buy malware that these sites attempt to sneak onto a visiting PC. Go to Youtube and search for "Norton."
In my (admittedly amateur) tests, Norton almost always block more than the competitor vendors I have tried. Not by definitions (Symantec is pretty weak against 0-day malware when it comes to identifying it with signature based detection, and quite slow at adding definitions for new malware, compared to many others), but as a complete package, Norton blocks at least as much and often more than other security solutions by a layered approach, where the file insight, reputation based detection, and SONAR contributes to identify and stop otherwise unknown malware very effectively.
Bombastus wrote:In my (admittedly amateur) tests, Norton almost always block more than the competitor vendors I have tried. Not by definitions (Symantec is pretty weak against 0-day malware when it comes to identifying it with signature based detection, and quite slow at adding definitions for new malware, compared to many others), but as a complete package, Norton blocks at least as much and often more than other security solutions by a layered approach, where the file insight, reputation based detection, and SONAR contributes to identify and stop otherwise unknown malware very effectively.
Hi Bombastus,
This is exactly why a real-world test must by definition involve the entire security package. It is interesting to note that some independant testers test Norton and other security software using just signature based detection and effectively disable other components of the software. This is not a real-world test since no one will actually run security software in this configuration.
I know you know this, just clarifying for others benefit. 
Best wishes.
Allen
Thanks guys.
Hi phillipkeenan,
You are most welcome. 
Best wishes.
Allen