Norton Internet Security 2009 beta ramps up

Security software customers are speaking with their feet: They want security updates and other security interruptions out of their faces, and they won't hesitate to dump their security suites because of performance drag -- whether or not it's actually the security software that's to blame.

That's why Symantec is working on the next iteration of Norton Internet Security, NIS 2009, with the mantra of what it's calling Zero Impact Performance: "Security so light and fast you never even know it's there -- until you need it."

We're talking about more than 300 major overhauls that the company asserts will affect almost every aspect of the security suite, from scanning engines to user interface. Symantec says that NIS 2009, released to public beta on July 14 and due to ship later this year, will include the industry's fastest protection updates, half the memory usage of its next-most-memory-stingy competitor (Bit Defender IS 08) and a blink-of-an-eye install time of one minute.

Interestingly, Symantec says that underpowered systems with pre-existing performance problems are the root cause of the majority of complaints it receives in its support center every month. A Symantec representative stated that of some 1 million people who contact Norton technical support monthly, 40 per cent are running PCs with 512MB or less of RAM and 75 per cent memory utilization, and another 31 per cent are running with 1GB of RAM and 57 per cent memory utilization.

So in order to test Symantec's Zero Impact Performance promise, the system I chose to run the beta on was a sputtering lemon -- an older, underpowered Windows XP machine with performance problems.

The results? After having suffered far too long under the tyranny of NIS 2008's constant intrusions and the near-comatose reaction time of an outdated system, I found that the beta actually delivered the goods.

Ready, set, go

I installed the NIS 2009 beta and found the security suite already clocking in at impressive speeds. The install time has vastly improved over that of NIS 2008, which takes 30 minutes to install. It took me between three to four minutes, which doesn't quite hit Symantec's claimed one-minute install, but I'm not going to quibble over two or three minutes with such a quantum leap in install speed.

The process itself was painless except for a script-loading error, which didn't interfere with the beta install. The initial, full-system scan took 2 hours, 9 minutes, picking up only two tracking cookies out of 195,176 items scanned.

NIS 2009's user interface has been overhauled into a sharp, high-contrast and semitransparent screen stripped down to the bare essentials of what most users want to see: computer stats, network stats and a way to quickly access all of the user's log-in data (featuring a link to a new Identity Safe technology that will lift the hassle of passwords and log-ins off of users' shoulders).

Page Break

Getting performance up to speed

Regardless of whether NIS deserves it, customers are in fact blaming security suites for sluggish performance. In fact, Symantec has been citing an August 2007 NPD Group market study of customers who switched security suites. It found that of those who switched, 39 per cent blamed performance, 28 per cent blamed functionality, and only 23 per cent pointed to price.

In fact, in NIS 2009, Symantec is covering its butt when it comes to getting blamed for performance drag. Instead of just assuming that your security suite is causing performance degradation, you should be able to check NIS 2009's version of the Task Manager's CPU Meter, which should spell out whether Norton or other system components are to blame.

I say "should" because I couldn't find this feature, even though other reviewers have cited it as being on the main home screen. Ultimately, a support technician told me that the CPU usage meter is found only in the NIS 2009 .61 build but is missing from the later .69 build that I tested. When the final product ships, you should be able to find the meter under Settings --> Auto Protect --> Configure --> Miscellaneous.

So I couldn't drill down into CPU Meter, but I'm looking forward to seeing it in the final product. I question why Symantec is so thoroughly hiding it away from easy access, however. After all, if security companies are tired of being blamed for poor CPU performance, shouldn't a don't-blame-me feature be front and center?

One particularly big performance boost in NIS 2009 comes from what Symantec claims is an industry first: Norton Insight, a technology that identifies trusted files that don't require a scan, thus drastically whittling down the number of files that require scanning in the first place.

Leveraging data from millions of Norton Community members, Norton Insight lets Norton security products avoid scanning files that are found on most computers and statistically determined to be trusted. Symantec estimates that more than 65 per cent of files will never need to be scanned, but I lucked out: The Norton Process Trust page graphically rendered the pleasing fact that 77 per cent of the files on my system are trusted, leaving a mere 23 per cent that required scanning. NIS 2009 also promises to avoid redundant multiple scans, such as those that occur before, during and after a file is copied.

Symantec has also introduced features such as silent mode, which automatically suspends alerts and updates to avoid interrupting or slowing down games, movies or other presentations.

All in all, performance has improved drastically. After a week of running the beta, I'm no longer interrupted by updates and scans, some of which managed to crash my poky system under NIS 2008. What I'm seeing instead is that after I return from leaving the system idle for any appreciable time, I find a message telling me that updates are being done -- updates that stop until I wander off again.

Page Break

Analyzing and fixing risks

All that said, Norton's fix-it functionality hasn't changed much from the same easy-to-intuit interface Symantec offered in NIS 2008. The security suite provides details about detected risks and then suggests the appropriate action, which is initiated with a single click. Drilling down into the risk details pinpointed just where I picked up the two tracking cookies it found.

Security-wise, NIS 2009 serves up the whole enchilada: browser protection against Web-based attacks, Symantec Online Network for Advanced Response protection (behavior-based malware detection that tracks applications to identify new threats in what Symantec says is real time), and intrusion-prevention system capabilities, as well as anti-rootkit, antivirus, antispyware and anti-bot technologies.

The Risk Impact window gives a concise summary of a risk's potential effect on system performance and privacy, how involved the risk removal will be, and its level of stealth, which refers to the number of tactics a given risk uses in order to conceal itself. In this instance, the cookies weren't exhibiting any sneaky hiding behaviors; hence, a low stealth level was given.

It's not new -- it debuted in NIS 2008 -- but one thing that's still fun to play with is the suite's Security History. Here, you can access, for example, a firewall activity history that time-stamps the specific applications that have attempted outbound connections and identifies which ports they use, remote IP addresses, bytes sent and received, elapsed time, and which protocols they use, such as TCP or UDP.

Other log views include Firewall Network and Connections, Intrusion Prevention, Resolved Security Risks and Scan Results. These logs are exportable. It's hard to imagine what a typical home user would do with a collection of such reports, but it's nice that a consumer security suite has the added bells and whistles to satisfy the uber -security-conscious.

Stellar support

Searching for the CPU Meter prompted me to try NIS 2009's One-Click Support, a free support service that connected me almost instantly to live chat with a service technician. Before I could chat, however, I needed a Flash update, which was automatically fetched and downloaded without sending me off to a separate site to get it on my own -- a smart play when you're talking about supporting an ever-more-unsophisticated user group.

The support technician promptly took over my PC with a remote connection, fiddled around trying to find what I was looking for, determined the beta build wasn't supporting CPU Meter, and told me exactly where the feature would be in the final product.

Symantec offers one-click, in-product support for its software, featuring free e-mail and chat support besides its paid phone support. These support channels are open as needed to customers both during installation and beyond.

Page Break

Home network help

Another notable feature new to NIS 2009 is the Home Network view, which gives users a network device map from which those devices can also be managed. Of particular note is a view of security danger zones, including wireless networks -- setups that are notorious for being insecure both in home and business settings.

A remote-monitoring feature allows the user to keep tabs on whether other Norton-protected computers on the network are at risk, while a network map presents a visual picture of a network and all connected devices -- a feature that allows users to detect when an unidentified and potentially unauthorized device has connected to the network.

The final menu item for Norton's Home Network view is Trust Controls, a feature that allows users to view or change default trust settings for the entire network or for individual network-connected devices.

Identity Safe

Also new in NIS 2009 is Identity Safe, technology that allows for storage of personal information that is typically entered in buying, banking, browsing and online gaming. Identity Safe allows users to enter their personal information for a given site once; after that, they can kick back and let the feature fill in the necessary log-in information the next time they visit a particular site.

True, many Web browsers have similar functionality. Symantec doesn't mince words: The Identity Safe function offers to import your personal identity information from IE (but not from Firefox) and says that NIS 2009 will do a better job at keeping it safe, period. NIS 2009 works with Firefox, of course, but a Symantec representative says that the new ability of Identity Safe to import information is only for IE.

Phishing phun

Norton's updated toolbar grades sites for phishing attempts with a color-coded check in the upper left-hand corner of the toolbar. I filtered through my Yahoo Mail spam folder to get a good, broad selection of unsavory tidbits and decided to visit a "US based online p/h/a/r/m store" where I expected to be able to "buy any m.e.d.i.c.a.t.i.o.ns you need!"

After clicking on the link provided, Norton didn't report any phishing attempts. Naturally, I didn't follow through with inputting my e-mail address and a query.

Instead, I turned to the Norton Public Beta Forum, where posters were reporting that NIS 2009 AntiPhishing is providing multiple false positives. More critically, NIS 2009 AntiPhishing is also missing phishing identifications that would seem to be easy catches, including URLs that are publicly identified as phishing sites according to PhishTank, a free site run by DNS service provider OpenDNS.

Symantec is obviously still fine-tuning the product and promises that whatever's causing the false positives and missed identifications will be ironed out in the final cut. In the meantime, Symantec asks that users send along the URLs for false positives or for phishing sites that slip under the radar.

Beyond phishing, if beta users suspect they've been infected with something seriously fishy-looking that NIS 2009 didn't detect, Symantec suggests running LiveUpdate to install the latest virus definitions and running a full system scan to remove detected malicious files. Symantec has further instructions here for troubleshooting suspected malware infections with the NIS 2009 beta.

Conclusions

The beta of NIS 2009 shows that Symantec is on track to vastly improve performance in Norton. The UI is clear and uncluttered, putting front and center only the elements most users need to see, while allowing for easy drill-down for those who want more.

Having said that, I'd like the CPU usage meter to be easier to access. It would match the product's one-click ease of use in other areas. Still, with so much performance enhancement, such quibbles get left in the dust of this speedy, smooth new suite.

Lisa Vaas is a freelance technology writer and can be reached at lisavaas@lisavaas.com