Review: Norton Internet Security 2005, AntiSpyware Edition

Symantec has added an antispyware component to its Norton Internet Security 2005 suite. But just how useful - or necessary - is it?
Halfway through 2005, Symantec has given users a sneak peek at Norton Internet Security 2006. The company added a new application, Norton Spyware Protection, to its mega suite, which already contained Norton AntiVirus, Norton Personal Firewall, Norton Privacy Control, Norton AntiSpam, and Norton Parental Control. The new package is being called Norton Internet Security 2005, AntiSpyware Edition.

Interestingly, some spyware and malware thought of as spyware — including adware, dialers, and hack tools — were already targeted by earlier editions of Norton AntiVirus (NAV). Symantec claims the detection capability in NAV was rather limited but, with the introduction of Norton Internet Security 2005 AntiSpyware Edition, detection is more robust, and removal capabilities are expanded.

Norton Spyware Protection's forte is protecting against key-logging, screen-shooting, e-mail-grabbing spook-ware.

Norton Spyware Protection's forte is protecting against key-logging, screen-shooting, e-mail-grabbing spook-ware. Unlike some anti-spyware, Norton's doesn't target cookies, which can clog a threat report and encourage people to wipe out useful settings at online stores. Neither does it learn spy behavior and make judgments about what it sees. It simply scans for known signatures against its spy program definitions, which are updated via Symantec's Automatic LiveUpdate, just as Norton AntiVirus definitions are.

The advantage of using signatures is a lack of false positives on files you need to run legitimate programs. In tests, Norton (correctly) did not flag C-dilla, for example, a copy-protection file needed to run the Oxford English Dictionary CD, something another anti-spy program had marked for death.

Configurable — To A Point
NIS lets you configure your scan — to a point. Unfortunately, you cannot exclude viruses, worms, and Trojan horses, so you can't get around the glacial Norton AntiVirus scan if you just want to scan for spyware. On the other hand, if you want to just scan for viruses, you can exclude spyware, adware, dialers, remote access, and hack tools, among others.

When NIS does uncover malware, the software assumes that you want it removed, rather than allowing you to make your own decisions. Fortunately, Norton backs up the "removed" programs in quarantine, in case you disagree with its assessment.

If you prefer control from the start as your default, you must go to Options in the top row of three buttons, choose Norton AntiVirus, then, under Other in the left hand column, choose Security Risks, then Actions. Under "How to respond when a security risk is found," there are three places where you can choose "Ask me what to do." Thereafter, when a scan reveals a threat, you'll see options such as removing, ignoring, and excluding from future scans.

The application's design also makes it a bit unwieldy to learn about what you've found before you remove it. For example, the free anti-spyware product Spybot Search & Destroy offers a list of the risks it found on your system in its left pane. When you click on a risk name, an explanation appears in the right pane. With Norton, you get a list of risks, and clicking each brings up a hot-link of its name.

Click one, and it yanks you online to a sprawling Symantec Web page for information, complete with ads for Symantec products. Since NIS is constantly pulling down threat definitions via its Live Updates feature, if the risk is listed, the information should be immediately available to paying customers, not used as a sloppy marketing opportunity. (Note that customers who are unable to get online can't get the information they paid for.)

Catching Commercial Spyware
In tests, Norton Spyware Protection caught two out of three of the commercial spyware programs I loaded: Guardian Software, Inc.'s Guardian Monitor 8.0, and Spytech Software's SpyAgent 4.4. It did not catch Xelerate Software Inc.'s Spy PC 7.0. That's actually not a bad score. Interestingly, NIS offered no option to remove or quarantine Guardian Monitor, saying, "Norton AntiVirus cannot process this security risk." Norton's Web page gave manual instructions for removal. A spokesperson for Symantec explained that Norton doesn't automatically process Guardian Monitor because it is a "legitimate" spyware program. (Guardian Monitor is marketed to parents who want to keep an eye on their children's computer activity.)

Spyware Protection caught two out of three commercial spyware apps.
(Click on image to expand.)

While NIS does not auto-protect computers across a network, it does scan files and folders across the network and quarantine them.

Symantec doesn't provide free phone support except during installation, but there's free Web and e-mail support. Individual and small-business phone tech support is $29.95 per incident and virus removal support is $39.95 to $69.95 per incident. Enterprise support is by contract. Live updates to virus and spyware definitions are good for 366 days from installation.

Should you go for it? That depends on which components you already have. Spybot Search & Destroy has just come out with a new version of its free, very fast spy killer, and there are other firewalls and components out there. Norton's Spy Protection is good, beating Spybot Search & Destroy by one commercial spy program in our test, but each scan was slowed down tremendously by Norton Anti-Virus.

As a result, if you've already got Norton Ant-Virus, I would suggest assembling the rest of your security spykit on your own, from either paid or free products. However, if you've got a new system and need to get a quick one-size-fits-all security blanket, Norton's new AntiSpyware Edition fits the bill.

Norton Internet Security 2005, AntiSpyware Edition
Symantec, Inc.
Price: $79.95; $49.95 upgrade
Summary: Norton's latest edition includes its new antispyware application, which is effective. If you've already got NIS, however, you should probably wait for the 2006 edition.
Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing