Review: Norton AntiVirus 10 for Tiger

[Norm Nager]

Yes, I know that SO FAR there have been no threats in the wild for Macs with OS 10.4.x and other OS X versions, so long as you don't run Virtual PC. But because I have family, friends, and colleagues who use either Virtual PC software or Windows operating systems, I wish to stop cold on my Mac any viruses, worms, and Trojan horses that can infect THEIR computers.

That's why I donated my services as a volunteer external tester of beta versions before the public release of Tiger-compatible NAV 10.

Link to Symantec's NAV 10 "What's New" webpage.

NAV 10 seems much, much faster in doing scans of volumes, including all the compressed files. t scanned at warp speed for my 733-mhz G4 QuickSilver (2001) my 80,000+ files (including more than 50,000 in archives) distributed over 5 volumes. And during that scan, it found and deleted two EICAR virus test files and repaired two others. This all occurred in the space of an hour and a quarter while I was multi-tasking.

Running DiskWarrior 3.0.3 or TechTool Pro 4.0.4 and Office 2004 apps at the same time as NAV 10 doesn't derail any of the processes. The Activity Monitor showed NAV 10 pretty stable among the applications and processes I was running.

One thing that I noticed and appreciated very much as a person with a low technical threshold was the well-written, interpretive clear, concise, comprehensive documentation in the Help component of NAV 10. It beats the heck out of the NAV 9 Help support and, frankly, many of the other applications on my G4.

Auto-protect worked like a charm. Even when auto-protect was de-selected, NAV 10, still offered to repair or quarantine the downloaded EICAR virus test files as different types of dialogue boxes appeared.

Scheduling of scanning daily, weekly, monthly and annually occurred, well, on schedule, except when, ahem, I goofed and set the wrong date.

Application scanning did its job with the different types of EICAR virus test files. Those that ended up in quarantine, were easily deleted.

If you use NAV 10, look for an optional widget installer in the folder on the CD. It has to be installed separately, but it’s more than worth it.

From the Help program I copied this info about the Safari Alert Widget:

“In the Global Threat Assessment widget [which updates every 5 minutes,] click the name of a virus threat. The Global Threat Assessment widget opens your Web browser and displays detailed information about a virus threat from Symantec's Security Response site.

“In the lower-right corner of the widget, click i. The . . . widget displays the version of Norton AntiVirus you have installed, the date you last updated your virus definitions, and whether Auto-Protect is active.”

Not a single hiccup on the G4 since the second beta version! But I didn't (past tense) expect much on my 266-mhz Beige G3, which is not supported by Apple beyond Jaguar. (To install Tiger, I used a beta of XPostFacto 4.0.x.) I was pleasantly surprised to discover that NAV 10 works perfectly with OS 10.4.1 on the old Beige.

Live Update works well in NAV 10, bringing new virus definitions weekly on the day and time I schedule.

Respectfully, Norm

[mclbruce]

Thanks Norm,

There are people out there who want automatic virus protection on their Macs. From what I've read Virex does not work on Tiger and ClamXav is not automatic and doesn't check for Mac viruses anyway. There's always Intego's product as an alternative, but every time they come out with one of their exaggerated, almost gleeful press releases about the latest Mac virus I vow I will never use or recommend them.

So for those clients that want it NAV has been what I recommend. Glad to hear the new version worked well for you.

[blubbernaut]

Norm, I wonder could you tell us if they have included live email scanning in this version?

After much research, I discovered that NAV9 will only pick up a virus in an email once you have saved the attachment. At which point NAV picks it up as a new file being created/copied and dutifully scans it.

[Norm Nager]

Each time I tested NAV 10, it instantly intercepted the EICAR virus test files at the following url the moment I clicked on each, quarantining one and repairing the others.
http://www.eicar.org/anti_virus_test_file.htm

[blubbernaut]

NAV9 does the same...well as soon as its downloaded anyway. But what about email scanning? Could you get someone to email one of those files to you to check? Cheers.

[Norm Nager]

Quote: Originally Posted by blubbernaut NAV9 does the same...well as soon as its downloaded anyway. But what about email scanning?

I sent this question and your earlier question to Nick Uchida at Symantec Tech Support and got the following response:

Quote: Depending on the e-mail client used (and also the settings used on an e-mail client), there may or may not be "LIVE email scanning" by Auto-Protect. Nothing specifically was changed for NAV 10 (from NAV 9) in terms of how we deal with e-mail viruses. For many e-mail programs, the above statement ("I discovered that NAV9 will only pick up a virus in an email once you have saved the attachment. (At which point NAV picks it up as a new file being created/copied and dutifully scans it.)"), is correct. However, there are some e-mail programs that separate out attachments automatically or move e-mail messages in such a way that we will detect any infected attachments. I suppose you could call this, "LIVE" scanning.

[Raven]

So basically the answer is still NO... Thats lousy since live email scanning with NAV exists in Windows versions... Guess they feel its not a necessity on Macs for now

[voldenuit]

I am not sure that things are so comfortably simple.

Mails with attachments are one big blob of MIME when the POP or IMAP-server spits them out.
If the mail client writes that to an mbox file or worse, inside a database, it would take some heavy-handed hacking to scan the data at that point. The easiest trick would be to sniff them off the wire.

Looking at files as they actually hit the HD as such is the first occasion the kext that hooks that call has to take a look at the file.

That said, Norm very detailed review would certainly be enriched by some comment to what extent the kernel extensions have gotten rid of unfriendly interference with standard file I/O they've been known for in the past, how well they handle zip-bombs etc.

[cwtnospam]

Quote: Originally Posted by Norm Nager ...I wish to stop cold on my Mac any viruses, worms, and Trojan horses that can infect THEIR computers.

My feeling is that since they bought the virus platform, they bear some of the responsibility for perpetuating it. It would be counter-productive to help them avoid the consequences of their mistake.
I'll wait until there's a legitimate threat to my system before installing any anti-virus software.

[Norm Nager]

Quote: Originally Posted by cwtnospam My feeling is that since they bought the virus platform, they bear some of the responsibility for perpetuating it. It would be counter-productive to help them avoid the consequences of their mistake. I'll wait until there's a legitimate threat to my system before installing any anti-virus software.

The problem is that "they" are family, friends, and colleagues we may care about. The fact that "they" use Virtual PC on their Macs or Windows does not diminish them.

I don't ask each individual with whom I communicate whether he or she uses VPC or Windows nor do I ask any if they have a good virus-protection program with frequently updated definitions.

Helping your neighbor, even if your neighbor might bear some degree of responsibility for problems, is deeply rooted in the personal philosophies of many contributors to these MacOSXHints.com forums.

When it comes to anti-virus programs, it hurts nobody if some of us choose to run them for reasons other than protecting our own interests.

Respectfully, Norm

[cwtnospam]

Quote: Originally Posted by Norm Nager When it comes to anti-virus programs, it hurts nobody if some of us choose to run them for reasons other than protecting our own interests.

I can agree with most of what you've said, except that part about hurting nobody. By helping them avoid the consequences of their purchases, you encourage their continued support of a system that creates all kinds of problems for everyone, not just those who use it. That hurts them and us.

[blubbernaut]

Quote: Originally Posted by voldenuit Mails with attachments are one big blob of MIME when the POP or IMAP-server spits them out. If the mail client writes that to an mbox file or worse, inside a database, it would take some heavy-handed hacking to scan the data at that point. The easiest trick would be to sniff them off the wire.

You may be right that it would take heavy-handed hacking. But the fact remains that NAV in windows has for many years intercepted mail before it reaches your email app. I don't know how it does it, but suffice to say: it appears to sit as a sentry on the pipe between your ISP and email client and intercept and then pass through all information in both directions. IE: it intercepts viruses you may be sending out as well as receiving! Pretty nifty.

[voldenuit]

If there were elections to be held to attribute the title "nicest guy in the forum", Norm would certainly be among the likely winners.
Him being wiliing to do more than his fair share to keep people out of trouble is probably not somehing one should try to blame him for.

It is the very situation in which AV-software needs to dig so deep that needs fixing.

I just learnt that NAV on Windows actually did what I had thought of as a theoratical option. If there is a need for an OS to rely on countermeasures so deeply rooted in the system, I think we've come to a point where the security model (or complete absence thereof) needs to be addressed rather than to start an arms race of Anti-whatever interfering with the original OS to the point that it routinely gets in the way of normal operations.

It is good to see, that for now, we have been lucky enough not to see any malware (with the notable exception of M$-Office documents) for OS X "in the wild".
Apple should pay close attention though, because there have been some embarassing holes in the proprietary part of OS X opening opportunities to get around the pretty well thought-out security concept of OS X.

There have been several cases where Apple knew about for months, but didn't fix holes which allowed pretty nasty proof-of-concept hacks to work.

[cwtnospam]

Quote: Originally Posted by voldenuit If there were elections to be held to attribute the title "nicest guy in the forum", Norm would certainly be among the likely winners. Him being wiliing to do more than his fair share to keep people out of trouble is probably not somehing one should try to blame him for.

No argument there, I'm not trying to blame him for anything. The problem is, good intentions aren't always enough to get good results. I don't see how helping some one secure their Windows system helps to get rid of the basic problem: Windows.

Quote: Originally Posted by voldenuit It is the very situation in which AV-software needs to dig so deep that needs fixing. I just learnt that NAV on Windows actually did what I had thought of as a theoratical option. If there is a need for an OS to rely on countermeasures so deeply rooted in the system, I think we've come to a point where the security model (or complete absence thereof) needs to be addressed rather than to start an arms race of Anti-whatever interfering with the original OS to the point that it routinely gets in the way of normal operations. It is good to see, that for now, we have been lucky enough not to see any malware (with the notable exception of M$-Office documents) for OS X "in the wild". Apple should pay close attention though, because there have been some embarassing holes in the proprietary part of OS X opening opportunities to get around the pretty well thought-out security concept of OS X. There have been several cases where Apple knew about for months, but didn't fix holes which allowed pretty nasty proof-of-concept hacks to work.

I'm sure there will be several more cases; Widgets for example. Large corporations need time to develop responses to most issues. I'm also sure that Apple will continue to include good security as part of the OS.

Microsoft however, has been having significant security issues since the Word Concept Virus back in 1994 (93?) and their solution? Build a more secure OS? No. Instead, they dump the problem on the users. Now they even want to SELL them solutions! For any of those users to then be protected by Mac users is counter productive because it helps Microsoft convince the masses that their system is no more vulnerable than any other. After all, the Mac has AV on it too!

[voldenuit]

Symantec just posted confirmations of two distinct vulnerabilities caused by Norton AV and its updater:

http://securityresponse.symantec.com...005.10.19.html

http://securityresponse.symantec.com...05.10.19a.html

Being nice to PC users comes at a high price...

[ArcticStones]

Quote: Originally Posted by cwtnospam My feeling is that since they bought the virus platform, they bear some of the responsibility for perpetuating it. It would be counter-productive to help them avoid the consequences of their mistake. I'll wait until there's a legitimate threat to my system before installing any anti-virus software.

Hmmm... I don’t like your logic here. Not at all. Let’s take a moment to compare this to the real world:

HIV is a virus as well. And there are those who claim that contracting this virus, and later the well-known disease, is a consequence of irresponsible actions. That may well be – with the exception of new-born children and those who contract the virus during medical treatment, for instance a blood transfusion.

If I can do anything to help others contract a dangerous virus – even a Windows virus – then I wish to do so. I don’t think it is valid to argue that we should refrain from doing so because "it would be counter-productive to help them avoid the consequences of their mistake".

I think that is a dangerous line of argument, lacking in empathy.

With best regards,
ArcticStones

[voldenuit]

I'd respectfully disagree:

As human beings we get to opt for the computer operating system we feel is best for us, but we have no choice whatsoever as far as the "OS" of our biological function is concerned (at least at this stage of genetic research).

So, in my view, your analogy is flawed.

And as I pointed out in my previous post, the very fact to run Norton AV on a Mac can be a security problem.

So it certainly is nice not to pass on Windows malware knowingly (like in being less nasty than Sony), but putting ones very own security at risk in doing so is probably not what I'd want to do neither.

[ArcticStones]

.
Sorry, Voldenuit, I overlooked your point about how running NAV on Mac might actually cause security problems. That is indeed an excessive price.

We do, however, have many choices in regards to the precautions we take when acting on the basis of "our biological OS" – and those precautions are readily available, in duo or 12-packs. But I do not wish to belabour the point; my analogy was less than perfect.

Best regards,
ArcticStones

[cwtnospam]

...and when it comes to Windoze users, I'm happy to be lacking in empathy, just as I am for SUV drivers who complain about the price of gas. Anytime people's actions cause a problem, they really should act like adults and accept the consequenses.

[Norm Nager]

Quote: Originally Posted by voldenuit Symantec just posted confirmations of two distinct vulnerabilities caused by Norton AV and its updater: http://securityresponse.symantec.com...005.10.19.html http://securityresponse.symantec.com...05.10.19a.html Being nice to PC users comes at a high price...

The facts --which are apparent even on a quick scan at the above two urls-- are that Symantec closed the security holes.

Apple, itself, has created a number of security patches in the short lifetime of OS X.

Respectfully, Norm