Norton is easier to hack?

Status
Not open for further replies.
I personally have seen malware go past Norton like it was not even there and be stopped by Malwarebyte's Antimalware. And I have seen testing where malware was able to shut down Norton and even supply a fake Norton icon to make people think Norton was still working. I have more confidence in Kaspersky and Bitdefender, but Bitdefender seems kind of buggy.

One good thing about Windows 8 is that as long as the computer has a motherboard that supports it the antivirus can be started up before malware can potentially start up and interfere with the antivirus. Ever notice how long it takes for your antivirus to start up on a Windows 7 computer? What is protecting the computer during that time?

No antivirus is perfect. I am sure there is stuff that can get past Kaspersky. But I would trust Kaspersky plus Malwarebyte's Antimalware plus Hitman Pro before I would trust Norton.
 
We have MWB on both computers too. I just finished a quick MWB scan, all it found was a couple of tracking cookies that must have slipped past my Do Not Track add-on. I am about to do a full system scan with the updated Norton AV now.
 
Originally Posted By: Mystic
I personally have seen malware go past Norton like it was not even there and be stopped by Malwarebyte's Antimalware. And I have seen testing where malware was able to shut down Norton and even supply a fake Norton icon to make people think Norton was still working. I have more confidence in Kaspersky and Bitdefender, but Bitdefender seems kind of buggy.

One good thing about Windows 8 is that as long as the computer has a motherboard that supports it the antivirus can be started up before malware can potentially start up and interfere with the antivirus. Ever notice how long it takes for your antivirus to start up on a Windows 7 computer? What is protecting the computer during that time?

No antivirus is perfect. I am sure there is stuff that can get past Kaspersky. But I would trust Kaspersky plus Malwarebyte's Antimalware plus Hitman Pro before I would trust Norton.


What malware are you talking about that got past Norton but not MBAM? Where did you see this?

Also, what malware was it that gave the fake Norton Icon? Where did you see this test?
 
Here is the biggest best most awesome advise of all. Get a great antivirus program like Norton and others, keep it updated. then stay away from porn sites, file sharing sites don't click on everything your "friends" email, text, facebook, IM, etc. just because they said you gotta see this. And then you will continue to have a trouble free computer.
 
In the most recent testing that I have seen Windows Defender in Windows 8, combined with the Microsoft SmartScreen and of course the Windows 8 firewall, actually did a good job of protecting the computer. But I think I would still prefer Kaspersky and MBAM.

There of course is still nothing better than a computer operator who has common sense and stays away from trouble as much as possible as well. Better to not get anything on the computer in the first place.

At AVComparatives they have an article on antivirus software that can protect Mac Computers. Some free ones like Avast and Avira protected 100% protection from the malware they tested against.
 
Mystic:

What malware are you talking about that got past Norton but not MBAM? Where did you see this?

Also, what malware was it that gave the fake Norton Icon? Where did you see this test?
 
I saw a trojan horse program evade Norton completely on my own computer, but be picked up by a scan by MBAM. Norton detected nothing. And there is testing of antivirus software available in many areas, such as AVTest, VirusBulletin, West Coast Labs and AVComparatives. Various individuals have also done testing of antivirus software. You could check out remove-malware.com. The guy at that website gets paid to remove malware from computers. He uses virtual machines for his testing.

I don't pay much attention to somebody saying that they think Kaspersky is best or Norton is best or whatever. I want to see actual testing. All of the available evidence I have seen indicates that Kasperksy and Bitdefender are pretty darn good. At least if AVTest and AVComparatives have any credibility. And I have not seen anybody question seriously the credibility of AVComparatives.

You can even see testing of antivirus software on YouTube videos. Typically people use virtual machines to load the malware on.

All you have to do is a little research and you can find a lot of information on antivirus testing. Everything from various professional organizations doing testing to individuals.
 
Originally Posted By: Mystic
I saw a trojan horse program evade Norton completely on my own computer, but be picked up by a scan by MBAM. Norton detected nothing. And there is testing of antivirus software available in many areas, such as AVTest, VirusBulletin, West Coast Labs and AVComparatives. Various individuals have also done testing of antivirus software. You could check out remove-malware.com. The guy at that website gets paid to remove malware from computers. He uses virtual machines for his testing.

I don't pay much attention to somebody saying that they think Kaspersky is best or Norton is best or whatever. I want to see actual testing. All of the available evidence I have seen indicates that Kasperksy and Bitdefender are pretty darn good. At least if AVTest and AVComparatives have any credibility. And I have not seen anybody question seriously the credibility of AVComparatives.

You can even see testing of antivirus software on YouTube videos. Typically people use virtual machines to load the malware on.

All you have to do is a little research and you can find a lot of information on antivirus testing. Everything from various professional organizations doing testing to individuals.



"..some trojan horse program.."? You don't know the name?
 
I don't understand you attacking me bubbajoe_2112. If you don't want to believe that a Trojan Horse program got past Norton and was stopped by MBAM that is fine with me. I don't have to prove something to you.

Something I cannot understand is why some people here like to attack other people rather than engage in discussions. I think it would be much more productive if people were able to engage in friendly discussions rather than attack what other people say.

It has been quite a while since that Trojan Horse program got past Norton but I think MBAM identified it as Trojan.Keylogger. I was able to find some information about it at some antivirus websites. I am not totally sure about the name because that was a while back. Many many months ago. I remember it well but I don't know if I remember exactly the name of the Trojan Horse. Is that good enough or do you want to attack me some more?
 
Originally Posted By: bubbajoe_2112
Mystic:

What malware are you talking about that got past Norton but not MBAM? Where did you see this?

Also, what malware was it that gave the fake Norton Icon? Where did you see this test?


I've seen it many times, with many different programs. Norton is just one example.

Used to see the same thing with Spybot back when it was a newer, fresher product. It would find things the mainstream AV's would miss. This is oft seen now with MBAM.

The real fun ones are the ones that walk right by the AV and require a number of tools to fix. A recent example of that for me was one of our physicians managed to get a rootkit on his home computer. It was protected by Security Essentials. Installed ESET NOD32, it found a couple of items and removed them, but then it was constantly blocking an "attack" from a program that kept trying to launch as a service. Their removal tool for this particular infection did NOT work either.

Panda also had a removal tool for the same infection, tried it, no more effective than ESET's.

MBAM found two more malicious items but the "attack" persisted.

Ended up having to use combofix to get it "right". He's now running ESET instead of MSE, as from the looks of things, it probably would have prevented the attack in the first place.
 
Yes, there is no perfect antivirus. If an antivirus program was 99.99% effective there is still some stuff that can get through. So personally I like to use the free version of MBAM as a second line of defence. It does not run in realtime so it will not interfere with the antivirus program.

I wanted to like Norton (and Microsoft Security Essentials). Those are American antivirus programs and I am an American. I do dislike when Norton haters still claim that Norton drags down a system because Norton has been pretty efficient since 2009. But I have personally seen Norton fail and I hate that you have to download special software to completely get Norton off a system. Symantec does not even submit Norton to real world testing by AVComparatives.

I just feel that Kaspersky, Bitdefender, Eset Smart Security, GData, and Avira are better antivirus programs. All of the testing I have seen indicates this.

Actually I really like Eset Smart Security. But I think a person needs to set the Eset firewall to interactive when you first install the program. And I think that MBAM is still a good second line of defence.

I believe that Kaspersky, Eset, Bitdefender, GData and Avira have much better behaviorial detection that Norton. Where I think Norton fails is with detection of zero day malware.

And of course the computer operator has to use common sense on the internet.
 
Last edited:
Originally Posted By: OVERK1LL
.... A recent example of that for me was one of our physicians managed to get a rootkit on his home computer. It was protected by Security Essentials. Installed ESET NOD32, it found a couple of items and removed them, but then it was constantly blocking an "attack" from a program that kept trying to launch as a service. Their removal tool for this particular infection did NOT work either.

Panda also had a removal tool for the same infection, tried it, no more effective than ESET's.

MBAM found two more malicious items but the "attack" persisted.

Ended up having to use combofix to get it "right". He's now running ESET instead of MSE, as from the looks of things, it probably would have prevented the attack in the first place


That was Zero Access(0A). The "attack" was not really an attack, but rather the installed AV detecting an infected services.exe file. If the AV successfully deletes the infected services.exe file, then you will enter into an infinite boot loop because services.exe is essential for boot up. The installed AV should have been disabled to prevent it from removing service.exe and SFC /scanfile should have been run on services.exe to repair it. Then you should be able to reboot (assuming the 0A injector files were already taken care of). (The 0A files reside in either the Recycle bin and the windows/install directory or appdata/local and the windows/install directory). Also, 0A totally tubes 8 different Window services that have to be totally rebuilt. Yeah, I know what I'm doing, I've manually removed hundreds of 0A cases.

At any rate, Norton participated AV-comparatives in 2011 and did outstanding in their tests:

AV-Comparatives 2011 tests

AV-comparatives changed their testing methodology for 2012 and Norton felt it did not properly reflect real world scenarios, so they declined.

Norton did commission one AV-Comparatives test run in early 2012 and did very well:

Norton AV-comparatives 2012 real world mediation testing

In addition, AV-test.org did test Norton in 2012. Again, Norton did very well:

av-test.org 2012 AV tests

It is unfortunate that you choose to come on here and make a blanket statement about Norton based on a very narrow and limited experience with Norton. It is a much, much better AV than you give it credit for.
 
Originally Posted By: bubbajoe_2112
Originally Posted By: OVERK1LL
.... A recent example of that for me was one of our physicians managed to get a rootkit on his home computer. It was protected by Security Essentials. Installed ESET NOD32, it found a couple of items and removed them, but then it was constantly blocking an "attack" from a program that kept trying to launch as a service. Their removal tool for this particular infection did NOT work either.

Panda also had a removal tool for the same infection, tried it, no more effective than ESET's.

MBAM found two more malicious items but the "attack" persisted.

Ended up having to use combofix to get it "right". He's now running ESET instead of MSE, as from the looks of things, it probably would have prevented the attack in the first place


That was Zero Access(0A). The "attack" was not really an attack, but rather the installed AV detecting an infected services.exe file. If the AV successfully deletes the infected services.exe file, then you will enter into an infinite boot loop because services.exe is essential for boot up. The installed AV should have been disabled to prevent it from removing service.exe and SFC /scanfile should have been run on services.exe to repair it. Then you should be able to reboot (assuming the 0A injector files were already taken care of). (The 0A files reside in either the Recycle bin and the windows/install directory or appdata/local and the windows/install directory). Also, 0A totally tubes 8 different Window services that have to be totally rebuilt. Yeah, I know what I'm doing, I've manually removed hundreds of 0A cases.

At any rate, Norton participated AV-comparatives in 2011 and did outstanding in their tests:

AV-Comparatives 2011 tests

AV-comparatives changed their testing methodology for 2012 and Norton felt it did not properly reflect real world scenarios, so they declined.

Norton did commission one AV-Comparatives test run in early 2012 and did very well:

Norton AV-comparatives 2012 real world mediation testing

In addition, AV-test.org did test Norton in 2012. Again, Norton did very well:

av-test.org 2012 AV tests

It is unfortunate that you choose to come on here and make a blanket statement about Norton based on a very narrow and limited experience with Norton. It is a much, much better AV than you give it credit for.


No, that wasn't it.

I've dealt with that one before too, this was slightly different in its methods and didn't actually replace the services executable, but rather was a windows service with a driver component (rootkit). Which required a bit more involvement to remove it. But it was removable.

I've dealt with a few of them myself, having been in the game professionally since the late 90's.

And to be clear, are you targeting me with the your comments about Norton or Mystic? I have my criticisms of all of the mainstream AV's and have chosen my favourite from the bunch based on my (extensive) experience with all of them. None of them are infallible, and I certainly don't condemn Norton for allowing something to slip past it, as that has been my experience with every single one of them.
 
Well being inquisitive as I am and also being unable to ever leave well enough alone, I am doing an experiment just to see what happens. All this week I have been reading a great many AV tests and reviews. Tonight I downloaded the Norton Removal Tool and removed Norton off my computer. Then I downloaded the free version of Avast, and also added the free version of Malwarebytes. I also tried Spybot and Spywareblaster but they seemed old and outdated to me, plus Avast has spyware scanning built in so I removed those.

I also downloaded Private Firewall but removed it because it because I just did not like it very much. I was unsure whether it was really on or not and there was no way for a novice like me to find out so I removed it and now I am running the standard Windows firewall that came with my computer.

One other thing I downloaded that I think is really slick is KeyScrambler, it encrypts my key strokes so it would be much harder for a keylogger to record them. I think that will come in handy to help with online banking and paying bills online. I added that one to my wife's laptop too. After I showed her how it worked she was all for it. I like the little green window that tells me each character I type is encrypted and it all adds up to gibberish.

I like the interface with Avast much better than that of Norton. With Norton is was easy to start a scan but that was about it. It really was difficult to find scan logs and even when I looked at them it was hard to tell what Norton had found or how it had resolved any threats. Norton seems to have a "we will let you know if we think it is important for you to know" type of attitude. Avast is much more user-friendly and a lot easier for me to be involved in what it is doing. For me, the Avast interface is super easy to change settings and really see what is going on with the program.

Avast is said to receive updates on zero day malware faster than updates are sent to Norton. I like the separate shields in Avast. For me it is important that the program shows me what it is doing and what it finds and what it does with what it finds. This tells me the program is working they way it should. With Norton I had a hard time actually seeing results, however Norton did keep me from loading malicious web pages a few times. OTOH, Norton also said that SpyBot was a malicious program too.

I like the streaming updates and cloud based updates that Avast provides and it is really just a lot more hands-on. I can actually change the settings to best fit how I use my computer and the internet in general. I like being able to tweak and tinker with it. The best thing for me about Avast is that it is rated the best free AV program available, and those ratings and reviews are written by a lot of very smart folks who know way more about computers than I ever will. Avast does seem to be a very good program. Earlier tonight I did a quick scan with it and it took about 15 minutes, which is about the same length of time as the same quick scan with Norton, and it did not find any problems or malware either. I like the idea of the faster cloud based and streaming updates. Avast is also not slowing down my computer, if anything it seems to be just a bit faster with Avast than Norton.

I am going to use Avast for a while and see if there are any drawbacks or positive differences between it and Norton. I can always reinstall Norton later if I end up hating Avast. So far I can not tell any difference, other than the user interfaces. Seems to me though that Avast has what I need, and I can augment it with other freeware like MWB and the Keyscrambler and Web Of Trust programs. My Yahoo email has a very good spam filter and most importantly, I have learned to be very careful and cautious about what I do online. I have absolutely no interest in porn or other unsavory web sites and my Windows is set to automatically update every night. I don't open spam "just to see what it is" and I surely do not open any attachments from people I do not know. Often I will not open an attachment from people I do know. I use a great deal of common sense online. I keep my Firefox broswer updated regularly too. FF has an Avast plug-in that can help me judge whether a website in the FF address bar or a link in a Google search is safe, it is very similar to the Norton Safe Web function.

I agree that not all AV's will catch 100% of the bad stuff 100% of the time. I have no way to really know whether Norton is easier to hack into or defeat than Avast or any other program. However I do believe there are individual specific advantages to the free AV programs and paid AV programs and other add-ons to help keep my computer, my identity and my money safe. The best thing about Avast is it is said to be a very good program and it is free. I am going to try it for a while, just because I want to try something different.
 
Overkill: Sorry, Norton comments were for Mystic. Not sure why you replied to my question to him. I totally missed that it was you replying.

And if it wasn't 0A, then it was probably Pihar.b or pihar.c. (I've seen rootkits on computers with every major AV many times.) TDSS killer usually handles either with no problem. NPE will as well.

Jimmy: Kaspersky also has a keystroke scrambler included (you have to enable it IIRC, it's not enabled by default).

And yes, Norton is designed to be "idiot" proof and "plug and chug". Install it and it works. If you want to use non-default settings, then that does involved navigating the menu which can be a bit daunting the first time you try it.

The scan history/log file is readily found under the "Tasks" link. You can view all items or use the drop down box to view a specific item.

At any rate, have fun exploring. I hope a couple of mis/mal-informed individuals haven't unnecessarily scared you away from Norton.
 
Last edited:
Originally Posted By: bubbajoe_2112
Overkill: Sorry, Norton comments were for Mystic. Not sure why you replied to my question to him. I totally missed that it was you replying.

And if it wasn't 0A, then it was probably Pihar.b or pihar.c. (I've seen rootkits on computers with every major AV many times.) TDSS killer usually handles either with no problem. NPE will as well.

Jimmy: Kaspersky also has a keystroke scrambler included (you have to enable it IIRC, it's not enabled by default).

And yes, Norton is designed to be "idiot" proof and "plug and chug". Install it and it works. If you want to use non-default settings, then that does involved navigating the menu which can be a bit daunting the first time you try it.

The scan history/log file is readily found under the "Tasks" link. You can view all items or use the drop down box to view a specific item.

At any rate, have fun exploring. I hope a couple of mis/mal-informed individuals haven't unnecessarily scared you away from Norton.


No worries
smile.gif
I had replied because I wanted to share my experience with a variation of what he was positing, that's all.

And TDSS killer wouldn't take the bugger out either. Combofix seemed to be the only thing that worked. I believe you were right that it was a variant of Pihar.b, as that name rings a bell.
 
Symantec refused to take part in the AVComparatives File Detection Test. Anybody can look this up at AVComparatives. The AVComparatives Admin discussed this in the AVComparatives forum.
 
In case anybody has a hard time finding this here it is:

According the administrator of the AV-Comparatives Forum:

'AV-Comparatives regret to announce that Symantec Norton have decided not to enter its security product in the AV-Comparatives test series for 2012.

In order to ensure that our test results give a complete and accurate picture of a product's capabilities, AV-Comparatives has strict rules about which tests every product must take part in, and which tests are optional. This is to ensure that the aggregated results best reflect the actual protection the tested products provide to their customers.

As Symantec Norton declined to participate in the File Detection Test, we will unfortunately not be able to provide our readers with any test results for Symantec Norton in 2012. Symantec Norton have the option of officially returning to the tests, but only in accordance with the standard conditions, namely that results of all compulsory tests will be published.

AV-Comparatives allowed manufacturers to opt out of the Proactive Protection Test, and have also made participation in the Phishing Test optional. Whilst phishing is an important security issue, it is different from protection against malware, and not all security products include anti-phishing protection.

Symantec Norton have indicated that they do not wish to participate in the File Detection Test. AV-Comparatives, based on feedback from our users, regard this test as still being of fundamental importance in evaluating the overall effectiveness of anti-malware software, second only to the Whole Product "Real World" Protection Test (WPT). A product could score highly in the WPT by e.g. blocking known source URLs for malware code, but fail to protect adequately if the malware is already resident on the target computer or arrives through a different channel (e.g., a USB drive). Consequently, AV-Comparatives require all participating manufacturers to take the File Detection Test. If we did not, the results of the other tests might give a misleading picture as to the overall protection offered by a product.

Should you wish to express your opinion to Symantec Norton in this regard, AV-Comparatives will forward mails which are sent to [email protected]

Symantec Norton is always welcome ro rejoin the public annual test series af AV-Comparatives. '

You can draw your own conclusions.
 
Status
Not open for further replies.

Similar threads

OVERKILL
VPN provider IPany breached, malware pushed to customers
Replies
9
Views
383
ripcord
OVERKILL
  • Locked
Salt Typhoon hacking group gained access to 9 US telecom company networks
Replies
0
Views
243
OVERKILL
OVERKILL
The dumpster fire that is Fortinet
2
Replies
26
Views
1K
OVERKILL
W
Question for Social Media Cyber Security Gurus
2
Replies
22
Views
592
ka9mnx
OVERKILL
Ivanti VPN appliance breach hits critical mass
Replies
5
Views
1K
PandaBear
Back
Top Bottom