Symantec Norton Internet Security 2007 review

If there's one thing we hate about security software, it's when it makes its presence constantly felt. So we're glad to say that Symantec's latest suite has become a good deal quieter. Despite the large number of Norton processes still running in the background, Symantec has successfully reduced their resource drain. And while it still takes an age to load, the scanning engines throttle back depending on application activity.

There's a new minimalist interface and a silent-running firewall. The lack of alert pop-ups doesn't mean a lack of security, though - Norton just gets on with the job in the background. By doing away with the asking if you want to allow a process to access the internet, or act as a server, Symantec has reduced the chances of security being weakened by a bad choice. It works by allowing access to applications it knows are "good" and denying it for those that are known to be "bad" - the unknown quantities are analysed as required and if they exhibit bad behaviour, they're blocked. Our tests showed that the firewall really did know best, and we suffered no false positives at all. All the honest apps, including many niche ones, worked as expected. It blocked all the malware we threw at it too, including those that masqueraded as legitimate applications.

Symantec has also removed some of the bloat of previous suites, by slimming down the component count. By default, there's no anti-spam, parental control or data privacy: you can download an add-in pack that demands an additional 100MB of free drive space, taking the system total to a whopping 450MB. There's not great value in it, though. Parental controls are basic, with no per-user controls, no temporary override and no time-based restrictions. Anti-spam is only average, although it does have some nice touches. In particular, we like the option to block emails containing local images when there's no "meaningful" text, as well as the option to block messages with invisible or nearly invisible text. You can also block messages containing HTML forms or obscured URLs and dangerous emails with scripts, ActiveX objects or Java applets. But you're still better off with ISP-based filtering or a client solution such as Cloudmark Desktop (www.cloudmark.com).

The Symantec Web Caller ID (WCID) technology uses a combination of behavioural technology and block lists to determine if a site is legitimate or likely to be a phishing scam. In practice, it worked well, successfully alerting us to all known phishing sites we tried to visit. What's more, the behavioural technology will analyse web page information from the URL, title, form, page layout, visible text and links in order to root out previously unknown sites as well, providing zero-hour protection. Unfortunately, the otherwise excellent phishing protection toolbar only works with Internet Explorer, so Firefox users are left unprotected. This is a shame, as it's significantly more adept than the IE7 toolbar and McAfee's SiteAdvisor. It physically prevented us from accessing phishing sites rather than just warning about them, with the tiniest of "continue anyway" links hidden out of obvious sight. Spyware was handled very well, including rootkits and commercial keyloggers, which were all detected without hassle. Under the surface, rootkit protection is offered by the same Veritas VxMS technology found in large enterprises, which compares files within a directory to files at volume level. All of which meant that spyware protection is now excellent - almost but not quite on a par with the A-Listed Webroot Spy Sweeper (see p37).