|
|
|
NOTE: Some of the words are links to images showing the screens relevent to what happened, such as in the second paragraph where the word DOWNLOADED appears.
Norton is the leader in sales of Antivirus software in the United Sates. Their software has been refined over many years, as is obvious by looking at the graphical user interface. I downloaded an installer from thier website which was about 800k. After downloading this installer, I had to run it to complete the download of about 30Mb. The install went as I expected, requiring a reboot after I was done. Once installed the software weighed in at just over 30Mb. The first thing I noticed after rebooting was a new tray icon. I selected this and launched main interface. Knowing that I had an out of date virus pattern, I switch to Live Update so that I was sure to have the latest virus patterns. Live update uses IE settings to connect to the internet, or you can override them with your own settings, such as a proxy server. Over my v.90 modem it took about 5 minutes to download. One thing that is nice about Norton Antivirus is that live update updates not only the pattern file, but the entire product. Other vendors leave it up to you to check for software updates and some have insane methods for updating the software. Live update required a reboot, as the software had been updated. Normal pattern file updates do not require a reboot. After rebooting, I re-ran Live Update. I was presented with a screen informing me that there were no new updates. One of the first things Norton requires you to do is a complete scan of your computer. Norton took the longest to scan my entire computer, however it seems to be doing this so that you can continue to work while this process runs in the background. Some of the other scanners consume a lot of CPU cycles and are not very multitasking friendly. I had on my machine viruses stored in MIM files, TXT file, viruses I had downloaded from newsgroups, and worms I had recieved in Nescape Messenger. My machine was not infected, as these viruses had never ran - they were just there for testing purposes. Norton Antivirus 2003 was able to detect and clean all of the viruses I had on my machine except for the ones I had in my Netscape folders. With Netscape completely closed as so there were no file locks, Norton Antivirus still could not detect KLEZ in the e-mail folder. In fact, only Panda was able to scan and clean my Netscape folder. This may be a mute point, considering that Norton can scan incoming and outgoing e-mail. If you simply visit Panda's site and use their free PandaActiveScan scanner, you can make sure your Netscape folders are free of viruses. I went ahead and tried to send the Klez virus from my Netscape e-mail to another one of my e-mail accounts. Norton Antivirus 2003 intercepted the outgoing e-mail via transparent proxy, and scanned the outgoing e-mail. Norton detected Klez. After the alert, I clicked on more details to see that I had WIN32.KLEZ.h@mm in Eie.exe. In both cases, the e-mail made it through with the attachment, but with KLEZ stripped out. There was no indication in the e-mail itself that it had been modified by the Norton Antivirus. There were additional headers in the e-mail, however; X-Symantec-TimeoutProtection: 0 X-Symantec-TimeoutProtection: 1 X-Symantec-TimeoutProtection: 2 X-Symantec-TimeoutProtection: 3 X-Symantec-TimeoutProtection: 4 X-Symantec-TimeoutProtection: 5 X-Symantec-TimeoutProtection: 6 In fact, all outgoing e-mail now has these headers, and some have more than others. The ability to scan incoming and outgoing e-mails is a powerful tool in protecting your computer from the massive amount of worms being passed around by Microsoft Outlook clients. This is a must if you use Outlook or Outlook Express. Norton Antivirus 2003 has one of the richest feature sets in the roundup. The Autoprotect screen gives you the ability to turn autoprotect on or off, hide the tray icon, define what the realtime scanner scans, and what to do when an infection is found. The Script Blocking screen allows you to enable or disable script blocking, which should protect you from websites infected with NIMDA or the like. You can configure the manual scan options to scan memory, boot sectors, all files or select files, archives, and specify what action to take on detection. There are 3 levels of heuristic scanning, with the default automatically turned on. If for some odd reason you want to skip a drive, folder, or file from scanning, you can. The * pattern matching is very powerfull here, although I don't see why you would want to do this. One of the more powerfull features is the e-mail scanning. You have the ability to specify to scan incoming and/or outgoing e-mail. You can turn on worm blocking, or disable if you so desire. And you have a whole slew of options for what to do when a virus is detected. Futhermore, if you get tired of the interactive display, you can disable the interactive display, and let it process in the background. Another outstanding feature of Norton Antivirus 2003 is it's ability to scan instant messages. Granted, other antivirus's realtime scanners will still detect and protect against virsus in these applications, however Norton takes it to the next level. They intigrate their scanner into MSN Messenger, Yahoo Messenger, and AOL AIM. There are currently worms going around that can affect some of the older versions of these products, which Norton protects you from. One thing to note here is if you decide to protect MSN Messenger, then MSN Messenger will always be loaded. I tried to kill it with Sygate, but it kept re-appearing, albeit without any interface or icons. A quick search on Google said this was normal if you are protecting MSN Messenger with Norton Antivirus 2003. This may be an issue if you don't have much memory or normally keep MSN Messenger closed. I personally keep it closed so that it cannot automatically log me into websites using .NET. Live Update is one of the nicest update solutions around. All of Norton's product line is intigrated with live update. If you install PC Anywhere, it will intigrate in. Some of the other vendors make you hunt for critical software updates and force you to use strange installation methods to update your actual software. Norton was the cleanest. You can set it to automatically download the patterns, however you cannot specify the interval at which this occurs. It seems to be multiple times per day, however. Inoculation Options allow you to protect your boot record and to be notified when it changes. This is standard on all antivirus products. Miscellaneous Options allow you to specify to keep a backup of infected files (good for false positives), protect Microsoft Office documents via an Office plugin, and password protect your settings. This is nice if you are installing this on a relative's computer and don't want them to accidentaly disable their antivirus software. Another option from the main screen is Reports. This is one of the nicest reporting tools I have seen in the Antivirus roundup. In the Quarantine report we were able to gather a lot of information about the Klez virus that was detected via the e-mail scanner. The Activity Log was just as impressive. One thing I did not like, however, is that the Reports launched the SPOOLER subsystem on my computer. This is usually used for printing, and consumes additional resources. With over 1 gig of RAM, it wasn't an issue for me. Norton Antivirus 2003 includes a command line scanner you can launch in batch files. The executable is called NAVW32. Unlike the other DOS scanners I have seen, this one launches a 32bit Windows app to do the scanning. You can create rescue disks which will work with DOS boot disks. To protect your webbrowsing and e-mail, Norton employees a form of transparent proxy. This means that it intercepts your outgoing web requests and handles them directly. Sygate showed this app to be CPAPP.EXE. If you are a network admin., such as myself, then this causes some concerns. First, my network scanner is now showing port 25, 80, and 110 open on devices I know they are not open on. I can telnet into these ports and CPAPP intercepts the telnet, which keeps me from being able to do low-level diagnostics on these servers. This also requires additional resouces on my client, and obviously slows down these request since they must now go to CPAPP prior to their final destination. I thought that by proxying these request, my firewall rules in ZoneAlarm or Sygate would be broken, since CPAPP is now intercepting requests. This was not the case. Blocking Netscape, while allowing CPAPP internet access still blocked Netscape webbrowsing and e-mail. In summary, Norton Antivirus 2003 is one of the most well rounded products, with the best feature set and an intuative interface. This comes at a cost of resources, however it is worth it if you have 64Mb or more of RAM. No other product protects as many entry points of viruses, nor has as many options. There is no noticable degradation in system performance, and the on-demand scanner does not slow you down while you are working. Click here to continue onto TREND PC-Cillin 2003 Antivirus analysis. |
Purchase online
|
