Norton AntiVirus 2001: Because you're NOT entitled to your opinion
Written: Jun 26 '02 (Updated Jun 26 '02)
|
Product Rating:
|
|
|
Pros: Superior Virus Protection; only two contenders even come close
Cons: Not for use with Windows XP; support is bare-bones at best
The Bottom Line: Ability to detect viruses is not a matter of opinion-- it is tested by independent authorities. Since September of 1999, Symantec's record has been perfect. No one else is.
|
|
|
| woody_goode's Full Review: Symantec Norton AntiVirus 2001 7.0 Full Version fo... |
If you have a computer, you need virus protection software. If you're looking for virus protection, Norton Anti-Virus 2001 is the program to buy. That statement isn't my opinion-- well, 95% of it isn't. And if it were my opinion, you'd be a fool to pay attention to it.
Virus software is one of the few products where opinions aren't relevant--and are actually counterproductive. In most cases, quality is a matter of opinion; it is often heavily--if not entirely--dependent on your background and preferences.
I don't, for example, recommend JBL speakers, because they don't accurately reproduce sound. They produce too much high end; low frequency reproduction is boomy. But if you always crank bass and treble to 10--if you like sizzly cymbals and a bass that goes wwwhhhooooommmmpppphhhh, instead of WHOMP!--you'll like how JBLs sound. And there is no law saying that accurate reproduction is more important than what sounds good to you.
Some issues aren't open to debate--anti-virus software is one of them. There are objective standards for measuring effectiveness; no sane person should want a program that doesn't detect viruses well.
A recommendation could be influenced by other factors. And, actually, mine is. Norton AntiVirus 2001 isn't the best program at identifying viruses. But it is very close to being the best; the subjective issues put it ahead of its most serious competitor.
And Norton AntiVirus 2001 outperforms every program that epinions rates. With one arguable exception, any positive review of an alternative is just plain wrong.
Important Note: This review is of Norton AntiVirus 2001, which works exceptionally well. Norton AntiVirus 2002 has serious problems. I do not recommend the 2002 version unless you are running Windows XP. If you do run Windows XP, do not, repeat, do not install Norton AntiVirus 2001. It is not designed for your system and it won't protect you properly.
If you are wondering why I am writing a review of an old release, it is because (a) copies of the 2001 version are still out on the market and easy to find, (b) the 2001 release works extremely well if you're running Windows 95, 98, 2000 or ME and (c) if I don't write these two reviews, I'll need to pull my review of McAfee's VirusScan (whose opinions are still spot-on and whose jokes are still funny). If you have any questions, please e-mail me and I'll do my best to explain everything.
The Good Viruskeeping Seal of Approval
The best source of information about viruses is the web site of a British monthly magazine: Virus Bulletin. The magazine is aimed at computer security professionals; annual subscriptions are $395. It offers concise, well-written articles that are as non-technical as possible. Their contributors include every important name working in computer security. The site (www.virusbtn.com) offers selected articles, links to news stories that the staff deems important and summaries of their research.
Since 1998, Virus Bulletin has been conducting regular tests of virus software and giving out what they call the 100% Award. Their test process is exquisitely simple:
1. Using the list of actively spreading viruses (as compiled by the WildList Organization), they create a group of infected files and place them on a group of test machines.
2. They install the current release of every participant on one test machine and check for both "on demand" (scan the disk and see how many you find) and "on access" (I'll open the file and see if you save me) protection.
3. Programs that spot every infected file and also have no false alarms get a 100% Award. Everyone else fails. Detecting 199 out of 200 viruses is a failing grade. So is finding 201.
This is the most practical and most useful method of testing for virus protection. When this standard is used, only one program has consistently beaten Norton AntiVirus.
Digression: A Methodology Firewall
Believe it or not, some people don't agree with those standards. If you're just interested in finding the best program, you can skip this section. If you want to know more about virus issues, enjoy concrete examples of human stupidity or just like invective, read on. I promise not to be technical; I will be informative and amusing; I even savage a major media outlet. Anyway, these people do pick nits, so I'm going to dismiss their objections before they get a chance to raise them:
I'm not interested in 97.3% protection. If even one virus gets through, I'm hosed. I want a product that protects me against everything. If you think it's "unfair" to "penalize companies" for missing "only a few" strains that might be "very recent in origin", you probably work for a company that keeps failing the tests.
If you're a generous soul, who truly believes that 100% is too high a standard, let's talk about standards. The WildList is a public document, maintained by a group of 70 full-time computer security professionals located in over 40 different countries. Members keep in close touch; they have a repository of virus samples. If a threat emerges, any reputable developer can be notified, and get a sample to test against.
To make the WildList, at least two members must submit a documented case of a virus "spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users." The groups check reports to make sure there are no duplicates or false alarms.
If there's only one report, the virus goes on their "Supplemental List". Viruses can get onto the main list without first making the supplemental, but that's unusual. Viruses like that are usually the ones who get coverage from CNN--everyone sees them and everyone rushes out a fix.
When a program doesn't get a 100% Award, it means the company was unable to develop protection against a virus that has been damaging computers around the world for the past month. It would be unfair to write off a company for an occasional slip, but why on earth would anyone want to argue that a program with a history of poor results is being unfairly stigmatized?
I don't care about "zoo" viruses. I'm interested in protection against the 200-250 active threats, not a list of 3,000 things, most of which haven't been active in years. If you're so concerned about this, conduct your own tests and give out the Pedantic Nitwit awards for the benefit of the other people who don't have any day-to-day security responsibilities and thus have the luxury of taking nonsensical positions like yours.
OK, OK.... I'm doing my breathing. I'm cool. This objection comes from people who think the tests aren't strict enough. If a virus hasn't been spotted "in the wild" for some time, it is placed into the list of non-active threats, which is known as "the zoo" (who says geeks don't have senses of humor?). Until other outbreaks are reported, it is no longer tested.
As companies update software, they sometimes break old features. It is, therefore, possible that a new program might lose the ability to detect an older virus. There are few documented cases of this, but the people who like to raise this issue always think conjecture is as valid as a smoking gun. They insist that the organizations (of course, they're always too busy) should be testing for every threat ever documented.
They acknowledge that probably no program would score 100% any longer (in a typical test, about 50% pass). Some even admit that their changes would make it very difficult to compare. But when you say that people would weight the results by ignoring failures against threats that haven't been seen since 1997 and focusing on active viruses--which is exactly what the tests do now--they grin patronizingly, pat you on the head and point out that you'd be vulnerable to threats from anything that you ignored
I'll summon up as much charity as I can and concede that they're well-intentioned. So are the people who want to "improve" the Virus Bulletin results by weighting for geographic location, programs affected, severity of impact or other things. I will merely say that their ideas have not been tested, nor is there any valid reason to think they would improve the quality of protection in any practical way.
I'm not interested in tests with simulated viruses. As you might guess, virus testing is a pain. You have to create infected files and put them on a machine. When a program misses a virus, the machine is infected. That means you need to disinfect the machine, reinstall everything and try again.
Due to lack of time, some groups (usually media outlets) use simulated viruses to test. They create files that (they claim) contain the characteristics of an infected file, and (supposedly) behave like viruses when opened. But they aren't really infected and they don't hose the test machine if the virus protection fails.
How do creators of simulated files know what anti-virus programs look at? How do they know if their results are valid? The answer to both questions is "they don't." You can't trust the quality of test results generated by simulations. When CNet/ZDNet did a simulation-based comparison in April, they incorrectly stated that the program with the best track record in the Virus Bulletin tests offered "mixed results."
I want to know which program is best, not who was the best of the ones you tried. To their credit, the June 11 PC Magazine review used actual viruses to test programs, and they did conduct tests under the supervision of the director of the WildList Organization. But they continued their annoying trend of limiting test scope: only 10 of the 20 commercial programs were reviewed. And one of the program they omitted was the one that performs best in the Virus Bulletin tests.
This is why longtime readers--people who date back to the 80's--think PC Magazine has degenerated into a rag. At one time, they tested everything on the market. They used to give good writeups to programs written by tiny little companies. Those reviews would often generate enough sales for those tiny little companies to add staff, write better software and get big.
By looking only at programs made by big companies, PC Magazine makes it very difficult for startups to gain market share. That means the only way they can get distribution is to get bought by a big company. That's a key reason we don't see more breakthrough software--it's too hard for the next generation of geniuses to get noticed.
But Virus Bulletin still looks at every vendor who has a product for the operating system they're testing. So the company that builds the best mousetrap still has a chance to get the best results.
And the Winner Is...
Norton Anti-Virus has been tested 23 times by Virus Bulletin since January of 1998. It has gotten their 100% award--meaning a perfect score with no errors--17 times. Their last failure occurred in September of 1999; since then Symantec has won 11 consecutive awards.
McAfee's VirusScan, meanwhile, has failed 10 of its last 11 tests. They're 7-17 lifetime. Anyone who suggests that its protection is comparable to Symantec's is making an ongoing visual inspection of the interior of their sigmoid colon.
Trend Micro's PC-Cillin, which is used in Ontrack's System Suite, is 2-7 lifetime. How PC Magazine gave that suite an "Editor's Choice" when the cornerstone program does its main task so poorly is a subject they ought to be required to explain.
InnoculateIT by Computer Associates, is the only well-known program with a comparable track record. Its lifetime score is an uninspiring 12-8, but it has won 7 awards in its last 8 tests. Virus protection is a subject where it is reasonable to ignore history and ask "What have you done for me lately?" CA has been about as good as it gets since September of 2000.
I don't recommend CA products, because the company can never decide whether it wants a share of the consumer/small business market. They've developed outstanding products and then gotten frustrated and orphaned them. Symantec has been a better long-term choice, because they're in the game for keeps. But InnoculateIT is certainly a credible choice (at least for now).
Believe it or not, one company did beat Symantec's 17-6 record. Nod32, by Eset Software, has an astonishing 18-3 record in the Virus Bulletin tests. But I'd still pick NAV.
When the Best Isn't Good Enough
Why am I recommending Norton AntiVirus if another program offers better protection? Because, as Virus Bulletin puts it, you should "not over-emphasize detection rates when making a purchasing decision." Symantec has 11 straight passes; Eset actually has two recent failure (Linus in April, 2002, Windows NT in 11/2000). You could choose to exclude failures for operating systems that you don't use; I look at it as a test of how well the company keeps all their balls in their air.
Besides, there are seven other issues--all subjective tests, but still valid--that you'd want to consider when making a purchase. And Symantec is equal or better on every one:
1. Availability: Where and how you can buy a program isn't a big issue. But it's an indirect measure of the company's stability. You can walk into Wal-Mart and buy Symantec's products. Eset's software is only available for download, or through a scant list of resellers.
2. Cost: They both give you a year of updates. Since Symantec stuff is available everywhere, stores discount it like crazy. You can get NAV for around $20. Eset charges $39 for the first purchase and $27.50 for future years. That's a big difference.
And it can get bigger. Symantec offers NAV as part of a number of different "suites." It's possible to get 2-3 products for only a few bucks more than one. (I paid $30 for Systemworks.) Also, Symantec frequently offers rebates and so do major retailers. A few years ago, Symantec and CompUSA teamed up to offer NAV for free, after you sent in the coupons.
3. Efficiency: Nobody wants a program that slows your system to a crawl. A test lab could tell the difference between system resource utilization of these products. A human can't; they're both under 5%.
4. Updating: If you can't get the most recent version of the virus definitions, the product can't help you. These programs are equally annoying for different reasons.
Symantec's "Live Update" routine is set to check their virus central every four hours. That sounds pretty nifty when you're reading the marketing literature. But if you're on a dial-up (which I am when I'm traveling), or in a video conference (sometimes)--or you're updating a large file, clearing the browser cache, doing an FTP or a slew of other things, Live Update is a royal pain in the butt.
But Nod32's update scheduler has issues if you've got a password-protected screen saver, or power management or just a momentary hiccup in web traffic. It aborts and doesn't come back until the next scan. That's worse.
5. Compatibility: I can't speak for how the programs work with every program on the market-- just the ones I installed. Over the two months I tested, I had four issues with NAV; each time, the mail scanner crashed and I had to reboot. I had five incidents that I could trace to Nod32, but I also had some unexplained problems. Maybe it wasn't Eset, but the new kid on the block is always my first suspect.
6. Usability: It would be hard for a program to be easier to use than Norton AntiVirus. Selecting the default options on install gives you the correct coverage. The program doesn't have many features, but since there's nothing much to do, you can't get into a lot of trouble.
Nod32 was clearly written by geeks. Functions are split between multiple programs, each of which need to be configured. I know it probably improves performance, but it makes installation a 39-step process. Nod32 puts three icons in your system tray (two of which you should never need to start).
7. Support: Symantec gives you a professionally-printed manual; Eset lets you download PDFs. I'm still not sure if the manual is written by a geek or someone to whom English was a second language:
"After restarting your computer with new (Millennium Update) downloaded and extracted, NOD32 Control Center initial setup window is displayed. The user is informed that the program is running on a computer for the first time. Click at OK button"
They both claim to offer phone support. But try finding the phone number in either manual or on their web site. And if you've been virusized--or hosed by the setup program--you might not even be able to get to the web site. If you can get there, Symantec's web site offers much more support information. But it's also constructed like a maze.
The Bottom Line
On one side of the scale, you have 86% perfection against 74% perfection. On the other, you have the features and functions of a mature program and an industry leader against a bunch of guys who pay strict attention to core functions, but haven't gotten around to the frills. To me, that isn't a tough choice.
In recent years, Symantec's bug rate has been rising and their functionality has been decreasing. Their 2002 release is a disaster, as I said earlier, I don't recommend it to anyone who isn't running Windows XP. It may just be the inevitable problems of trying to design for two different operating systems (one of which is very buggy). Or maybe it's a sign that Symantec is losing it.
It's very possible that, 12-18 months from now, I'll need to pull this review. Symantec might not stop the bleeding; Eset might add the components that they need to break through, or get bought by someone who can blast their sales through the roof. (If Ontrack buys or licenses Nod32, Symantec will be in serious trouble.) Maybe Computer Associates will buckle down, use Symantec's problems as a springboard and snap up so much market share that they don't get tempted to bail again.
But until then, if you don't own Windows XP, Norton AntiVirus 2001 is still the protection you need.
Recommended:
Yes
|
|
|
|
Epinions.com ID:
woody_goode
|
|
Member: Woodrow L. Goode IV
Location: Boston, MA
Reviews written: 35
Trusted by: 23 members
About Me:
Woodrow L. Goode, a management consultant, was Dennis Miller in a past life.
|
|
|
- Add to My Yahoo!: 
- Add to Google Homepage: 
© 1999-2009 Shopping.com, Inc.