pcns - blog - eric braun, owner.

june 2007 - internet security products 2007 - pick your poison

Norton Internet Security 2007 - Glowing Reviews, bad user experiences

The problem with most software reviews is they are tested in ideal laboratory conditions.  Often it's run on a computer more powerful than the average consumer owns, and they are tested with clean installs.  The test beds are clean environments, not a typical hodgepodge, where a user may be replacing McAfee, or even upgrading from a previous version of Norton.  Cnet.com gave Norton Internet Security a 7.8 - Very Good rating, yet the average score from 108 users was 3.8 - Very Poor.

The Amazon.com average user review as of this writing - 1.5 stars - from 44 user reviews.  Some users experiencing devastating Computer consequences.

Newer isn't always better.  Although PCNS has seen test reports that Norton Internet Security 2007 has performance improvements over 2006, PCNS recommends renewing, not upgrading Norton (or McAfee) for the lifetime of the pc.  When ready to buy, purchase retail CD's, and do not purchase on line (downloading of Trial Versions is okay), because most users do not burn the distribution, product keys, and proof of purchase to CD, so in case the hard drive fails (or the PC is replaced), you will not be able to reinstall the product, or you will go through great difficulties with Symantec.  Retailers often have rebate incentives, which can make the cost lower than buying on line.

PCNS Experience - Norton

The majority of problems with Norton relate to installation and performance problems.  Installing a security suite is similar to installing a service pack.  Your system has to be prepared, and you have to research how it should be installed.  Should I remove the prior version?  Should I use the Norton Removal Utility?  Should I run Chkdsk, Defrag, and clean out my Browser Cache and Temporary Internet Files, and System Restore Points?   The trouble most users encounter with installs is directly related to the "hodge podge" state of the PC.  Norton doesn't install well if there are traces of other manufacturer's Antivirus Software, Norton 2006 even had problems with traces of it's own prior versions. When possible renew the subscription.  Most Norton products will be supported for 3 years.  As a test, I tried to renew a copy of Norton Antivirus 2004, it will renew as of Feb 4, 2007. PCNS has also seen Internet Explorer 7 crashes on exit with Norton 07's IE Plug-ins (anti Phishing filter).  Norton 2007 will not get along, and advises uninstallation of Webroot Spysweeper or Spybot Search and Destroy.

McAfee Internet Security 2007

Quote from PC Magazine Review:

"Still, a security product really shouldn't kill the computer it's trying to protect."

PCNS Experience - McAfee

McAfee Internet Security 2007 contains many security features shoehorned into its package.  Criticized in the past that all these tools seemed hodgepodge and not seamlessly working together, MIS 2007 seems better, but as the above PC Magazine review pointed out, there are still rough spots.  The McAfee Security Center, at the surface, appears inviting and easy to use, but some menu items are buried in a confusing maze of counter intuitive items.  I found myself having to backtrack trying to find an option I had found only a few minutes ago.  McAfee monitors registry changes, monitors Processes, detect Antispyware and keyloggers (middling Antispyware results were reported by the PCMAG review), offers parential controls (though much weaker abilities than industry leading Cyber Patrol), content filtering, spam filtering (which I've never liked), Site Advisor and anti-phishing filtering.

Web browsing in particular seems to be slower with 2007 installed.  McAfee Privacy Manager in 2007 remains an achille's heel, just as it did in the 2006.  Privacy Manager in this release causes some web sites, included trusted sites like banks and corporate websites not to come up at all.  Long term use of McAfee Spam filter (over a year) causes problems with the delivery of whitelisted messages.  Spam messages are stored in a dedicated folder.  The folder contents grows extremely large, and becomes unmanagable by the software that created it.  A better approach, in my opinion, is to not store spam messages in the file system, but in a separate folder in Outlook, because email is stored more efficiently in a database, not as individual smtp messages (though PCNS realizes some users may not want the Spam contaminating their mail client).

All these Popups, what's a user to do?

Here's a quote from PC Magazine review of Zone Alarm Internet Security version 6:

"To protect yourself against malware effectively, you want to stop it before it makes it onto your system."

A typical complaint is antivirus software has always been a reactive solution to a problem.  That is, the virus has to implant itself on your PC for the virus to be detected.  By the time that occurs, a virus can activate itself, and make packages like Norton, Zone Alarm, and McAfee unable to remove the viruses.  In some cases viruses will neutralize the security software.

Many security software vendors, including Zone Alarm, Norton Internet Security, and McAfee Internet Security have begun implementing ways to detect viruses or virus like behavior before the virus reaches your PC.  This is in the form of Program Alerts, or what I call Win32 Process Monitoring.  Programs like Zone Alarm monitor every process on your PC.  Processes are not necessarily user programs, they are lower level routines most users aren't aware of.  If Zone Alarm detects a program or low level process that may launch something characteristic of viral activity, you'll see the familiar pop up alerting you to suspicious activity.  Many PCNS customers have complained about the incessant pop-ups Zone Alarm, Norton, McAfee, and Panda are generating.  These programs are doing their job - preventing what it thinks may be hacker-like activity which may bring down a virus onto your PC.  It serves public demand - that is, buying a program that not wait for a virus to come down to your pc and reacting after it has become infected.

The problem with this, besides the pop-ups themselves, are the cryptic explanations leave many users not knowing how to answer security questions.   This kind of monitoring and detection results in frequent "false positives."  Zone Labs doesn't know InstallShield is a common compiler package used by software companies for installing programs.  It is nothing to be concerned about.  But, on the other hand, the same InstallShield package could be used to install a Trojan or other badware.

Writing this kind of software is complicated, requiring it to be entrenched deeply into the operating system kernel and networking stack.  It takes more software bloat, and it slows down your computer.  Why do they do this?  Well if Brand "M" wrote software that didn't stop some Virus which Brand "N" or "Z" stops, then they would lose market share. 

So it's not your imagination, your computer really is getting slower every passing year.

That bad news is you really don't want to compromise your security by replacing the product with something that does less.  If you went to Half Price books and found an old copy of McAfee or Zone Labs, these products are less proactive and more reactive.  That is, it won't alert you until a virus or trojan has arrived on your PC, and by then it may be too late.

There are other solutions with fewer popups - mainly corporate version of Antivirus, such as McAfee Small Business and Norton Corporate Antivirus, which are available in 5, 10, and greater user packs.  These products are simply Antivirus.  No firewall, no spam filtering.  Corporate Antivirus offers less protection and fewer popups.  The assumption is big business has a stronger perimeter AND ordinary users run under a limited account (meaning users are locked down and cannot install programs, change screen savers, or affect system wide changes). A small office may have a simple, consumer grade Linksys Router, a medium or large corporation will have Cisco, Iron Port, Barracuda, or other high end equipment, hardware viral firewalls, and other high dollar equipment. 

This equipment inspects every packet in and out of the Corporate lan, stopping "bad packets" or a payload of packets it identifies as a virus, spam, or other badware.  IT Staffs are armed with monitoring equipment and are alerted immediately of any suspicious activity.  Managed Ethernet switches can detect unusual traffic and can cut workstations off from the network, thus effectively quarantining a suspect infected PC.  So while Corporate versions of antivirus can reduce the popups, it does reduce protection if a supporting, iron clad hardware perimeter is not present.