Since I’ve finally had some down time I decided to work on my next review: Norton Internet Security 2010.
Here’s a tiny sneak peak on one of my “gripes” with NIS 2010 and plenty of other security applications. Rogue Antivius! Internet security suites seem to be helpless when trying to identify rogue security applications. While not exactly malicious to your operating system they are very malicious to your wallet and identity.
Here’s an example.
I installed NIS 2010 and performed all the live updates. Right after that I went on the search for some rogue antivirus. After finding a fake codec site I clicked on the codec download and installed it. NIS immediately says that the file is new and has never been seen in the Norton community, nor does it have a digital signature….but…the file is allowed to install itself on the PC and run!!!
I’m not sure why NIS 2010 allows untrusted files to install and run nor could I find anything on their forums (or help files) that explains why untrusted files are allowed to run.
What NIS 2010 (and other security applications need)
If a file or process is untrusted an average user should have an easy to use applet that allows them to terminate the process or file and then quarantine it.
Let’s take a look at the screen shots below:
The first one shows that a Rogue antivirus called SoftSafeness is untrusted by NIS 2010 yet it’s allowed to run along with all of its scareware components.
The next screen shot shows how easy it is to load the rogues payment site and Norton says it’s a safesite…ouch…someone’s going to lose their identity.
{ 27 comments… read them below or add one }
I’ve just installed NAV2010, seeing this, I think I’ll uninstall it again.
And I thought Norton had got better…
Seems like Symantec has some work to do, company of that size can’t just ignore this kind of a problem. I also thought symantec had improved their software and definitions/heurestic, but seeing this… Wow
Btw, I have never liked their softwares, but I hope they do something to fix this.
Waiting to see video of this and all the others.
@atanos – well they do have a fantastic record (in my testing so far) of blocking everything else except for Rogues.
This is why I have Malwarebytes and its protection module alongside Norton IS 2010 as I know pretty much all AV’s suck at detecting rogues. And even though the safe site thing failed I use Chrome and that toolbar isn’t there anyway.
Matt, the site might not have been phishing. It very well well be roguish but that doesn’t mean that they are taking your info and using it.
No AV solution cant detect all malware and is not problem to install malware on pc where any antivirus is runnig. The top antiviruses have about 95-100 % detection rates of …so that means…if we have 1 000 000 malware files…you can run on your pc about 5 % /50 000 samples/ of this malware files and nothing will be detected.
It is not hard to find any samples of any malware which are undetected by some company…
* can detect
*running
Where can I buy SoftSafeness to test it out and see if it works?
@Matthew – that’s exactly where malwarebytes fits in. Good idea man.
@123zap – correct, it only steals you data when you buy the fake antivirus.
I found though that norton has been a little behind on signatures lately. Quorom is the biggest thing in the suite.
As it happens I needed to do a re install of the Windows 7 RC. As a result I’ve changed my combo entirely. Now I have PC Tools Firewall Plus (it scored 99% in the latest Matousec tests) alongside Nod32 Antivirus. I now have Malwarebytes as a backup but I feel pretty safe with this combo.
Norton is useless in my book. Every time I see it installed in a new client’s infected computer, I uninstall it and install something more effective.
That said, even the best legacy av solutions that are signature based are history. Even if the block 90% of the known malware, they miss about 50% of the unknown ones.
Norton is good, but as always it is heavily targetted and can be downloaded for free, plenty of Trial Resetters out there.
I have to agree with ‘RHE’. Most of my client infected computers are running Norton AV. The other point about even the top AV software blocking anything under 100% is true and is simply unacceptable. It only takes a single virus to get through and disable the AV software. So, even with a 99% detection rate, that’s not acceptable. I usually install Geswall as a secondary line of defense because you can’t rely on any AV. I tell my clients that since no AV software is perfect, why pay for it? Use a free AV, so you at least are flushing your money down the commode.
When new video, Matt?
Matt i would like to thank you very much for all these reviews you do and could you start posting some more vids.
i am so addicted to this anti-virus stuff ur website is my homepage lol
plz post more vids
thankyou
norton is trash. my friend had norton on his ne pc and for some reason it was super slow so i installed sas and mbam and found so much stuff (no roges) that norton missed. he then deleted sas and mbam and about a month later his computer was slowing down again so he put sas and mbam back on and found more stuff that norton missed. (i dont know what he does all day because there is no way you could get as much crap as he had without using questionable sites i.e. adult movies)
oerall systemamtec is better off makeing viruses instead off trying to defend from them. srry for long comment.
im having trouble accessing the forums i am able to log in everything i try to go on it just says this board is unavilable
Didn’t you find a similar issue with Kaspersky? It caught the malware but it was given a low security risk (by default) so it was allowed to download and install.
I thought I remember seeing something like this in one of the videos.
Didn’t you find a similar issue with Kaspersky? It caught the malware but the AV assigned it a low security risk and so it was allowed to download and install.
I thought I remember something similar happening in one of your videos.
why single out norton? in your reviews and i have watched almost all of them MANY of the ones you have tested let these rouges run. im just not sure why the singling out of nortons was needed. nis 2010 has caught a number of rouges using sonar for me and stopped them from installing. it usually catches them even before that though…
When I tested NAV 2010 it usually caught everything that did not have a signature. But some things it won’t detect till it does a malicious activity. Did you restart the PC to see if the rogue modifys anything on boot up and blocks it? Can’t wait to see the video review.
“Now I have PC Tools Firewall Plus (it scored 99% in the latest Matousec tests”
This site cannot be trusted – they gave a ‘10+’ to a rouge product (Malware Defender 2.2.2)
Well, Insight is just like ThreatCast in Comodo IS. It will need time to improve. But more people uses Norton, so it will go faster. I just hope that Symantec will win WAY more percentage of people’s faith in them in there next years. But Norton did good on this test. Matt, you should retest Norton in March 2010. Might improve by then =DD
Jimmy, how do you know its a rogue? Maybe there is a rogue calling itself Malware Defender 2009, but there is a legit software called Malware Defender 2.4. I’m guessing someone decided to name a rogue software after a legit one and because lots of security software has the year as part of its moniker, many people would easily mistake the two and go for the rogue one as it has the current year in its name.
kaspersky AV 2010,did not detect rogue (antivirus2010)& allow it to enter in my friend’s computer it disable KAV2010 & would not update, we were able to download MBAM update & scan it found 2 rouge & 1 worm, rebooted the computer and its gone,kaspersky then able to update things going to normal again,thanks MBAM’ great job’