Norton Internet Security 2010

Take a quick glance at the just-released Norton Internet Security 2010, and you won't notice much of a difference from previous incarnations -- the interface and feature set are so similar that it appears that only very minimal changes have been made to the suite. But under the hood is a new reputation-based security technology that the company claims is better positioned to protect against quickly evolving threats than traditional signature-based and behavior-based detection.

As with previous versions, Symantec's suite offers protection against viruses, Trojans, rootkits, spyware and malware of all kinds. Also, like previous versions, it has a firewall, intrusion protection, e-mail protection and Web protection. It integrates with your browser and search engine to warn you away from visiting sites that might be malicious.

The suite, despite its hefty feature set, does not take up a good deal of RAM or system resources. It's unlikely that you'll even notice it's running, a welcome change compared to several versions ago when it bogged down your system.

New reputation-based Quorum

Traditionally, security software detects threats by searching for signatures -- distinct code patterns that identify malware -- or by examining the behavior of a piece of software. Symantec claims that these solutions can't keep up with the massive amounts of new malware released every year.

The company has named its new reputation-based technology Quorum. It was designed for a world in which malware threats evolve exceedingly quickly and may be built to last only for a day, because malware writers know that signatures can be released to detect the threat in only 24 hours. Symantec claims that it is these kinds of threats -- those intended to do their damage quickly, before they are caught -- that are the primary dangers today.

Quorum creates a "reputation" for every piece of software it encounters, basing that reputation on a number of factors, including download source, age, prevalence and digital signature. So, for example, a new file downloaded from a not-well-known Web site that very few people have ever used will be regarded as suspect by Quorum, even if it is not known as a piece of malware and exhibits no suspicious behavior. As a result, one of malware writers' greatest weapons -- their ability to quickly turn out new pieces of malware -- makes it more likely that the new malware will be deemed suspicious by Quorum.

According to Symantec, Quorum relies on data that Symantec has been capturing for years through millions of people who use Norton products and opt in to the Norton Community, sending information anonymously about the applications running on their systems. Quorum uses this information to help calculate its "reputation score" for applications.

Symantec stresses that it hasn't abandoned other means of catching malware; the reputation score is used in concert with signature-based and behavior-based protection.

Will the addition of Quorum actually help protect you more than traditional forms of protection? We'll only know when labs weigh in with their results.

Welcome to the familiar interface

As I mentioned before, Norton Internet Security 2010 looks very much like the 2009 version, so there will be very little learning curve for those who have already used the product.

The main screen is now divided into three sections entitled Computer, Network and Web (rather than the previous Computer, Web and Identity). It tells you at a glance the state of your security, notes whether any actions need to be taken, and lets you turn features on and off. As with the previous version, there are monitors on the left-hand side of the screen that show your CPU's current usage and how much of that Norton is taking up.

If you want a quick glimpse of the state of your security, you'll just use the main screen. But if you're the kind of person who likes to dig deep, you'll find plenty of links here that will lead you to additional data. For example, click the Performance link on the left-hand side, and you'll see a new feature: a page that offers in-depth detail about CPU and RAM use over the last ten minutes, the last half hour, hour-and-a-half, day, week, and month.

Better yet, another new link on the main page gives you access to detailed information from the suite's System Insight feature. This display shows, over time, any events related to your PC's security, such as virus scans and their results, and new software that you've installed. Using this info, you may be able to track down PC problems yourself -- for example, if you notice unusual behavior, you can check this screen to see if that behavior started after you installed a particular piece of software.

Another useful feature accessible from the main screen is the Network Security Map. It shows you all of the devices attached to your network, and includes information such as the IP address, MAC address, whether they're online, and so on.

Another feature, the Vulnerability Protection link, is less than useful. It lists programs that Norton has found to have vulnerabilities -- but not necessarily those you have on your PC. The list is generic and lists all software against which Norton offers protection. There's no need ever to check it.

What's new?

Quorum's reputation-based strategy represents the biggest change compared to previous versions, but there have been other changes as well. The suite's anti-spam component features a new engine from enterprise anti-spam vendor Brightmail. Symantec claims that it is 20 percent more effective than the suite's previous anti-spam protection.

Also included is Norton Safe Web; this service is new to Norton Internet Security but was previously introduced in Norton 360 version 3.0. It works with Google, Yahoo and Bing, and shows whether any sites that turn up in search results are potentially dangerous or untrustworthy.

In addition, Norton Internet Security 2010 users get a free subscription to OnlineFamily.Norton, a Web-based service that lets parents control what their kids do on the Web.

The bottom line

If you're a user of Norton Internet Security 2009, it's certainly worth going to the newer version, because Quorum will most likely make you safer, and the new features are worthy additions. Not only that, but the upgrade is free.

As for whether to switch to NIS 2010 -- which costs $69.99 for a three-PC license -- from a different Internet protection program, that's a tougher call. The interface is certainly simple and straightforward, and also lets you dig into security details. There's no way to evaluate yet whether the new tools will be more effective than the old ones; only widespread use and exposure to many malware threats will tell.

This story, "Norton Internet Security 2010" was originally published by Computerworld.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in