It shouldn't happen to an IT consultant
Spend your time doing business, not IT.
Sunday 5 October 2008, 11:34 PM
Anti-virus reviews make things worse (or Symantec: just say NO)
Several times a month I fix a slow or unstable PC just by removing Symantec's Norton security products. Typically they break the PC's internet connection or slow it to a crawl, and getting rid of them is a miracle cure. That makes me look good, but I'd prefer things to just work. There's no lack of real problems to solve.
When I recommend removing a Symantec product many clients are unhappy. They say that they bought it because it came top in such and such a magazine or web sites' anti-virus test.
It's precisely those reviews which make things worse. Most of them score features and usability highly, giving anti-virus makers an incentive to give in to feature bloat. But the more anti-virus (AV) software tries to do, the more code there is and therefore the more bugs -- and the fewer PC resources are available to other applications.
Instead they should do one thing well: catch and disable as many viruses -- and as much other malware – as possible, while bothering the user as little as possible. It's crucial AV products are well coded, because they're so intimately connected with everything the computer does. They intercept file accesses, network packets, and emails, scanning them before handing the data on to waiting programs. When AV goes wrong, everything else collapses: as it often does.
Worse, reviewers rarely check things like stability. If something goes wrong every so often, how can you pin it on the AV software instead of something else on your setup? And if you can't prove it, how can you write about it?
So if they can't score stability what about actual functionality? Do they catch malware? There are getting on for a million viruses out there, most of them variants of a hard core of a few thousand. Proper testing demands a vast library that reflects this. A significant proportion is fed to each AV under test in a ways that simulate real world use, demanding significant resources including time. It's beyond magazine and web sites budgets for the occasional review. As a result, slow buggy programs with poor detection rates come top in many reviews because they are easy to use and feature 'rich'.
Norton isn't just buggy when it runs. It can refuse to leave. When most other applications fail to uninstall it's not the end of the world. Worst case one can use, msconfig to disable their services and programs, then rename their program directories to hide them: far from optimal but enough to neutralise most apps. Not so with AV programs. Most sensibly refuse to install when they sense a competitors product got there first. That's because when two resident AVs run at the same time, they fight each other with the sort of enthusiasm they should devote to the real threats.
To Symantec's credit they supply an effective downloadable removal tool. It effortlessly roots out every file and registry associated with Symantec products from 2003 onwards. But why isn't it installed as standard? After all one of the reasons to remove Norton is because it has cut off access to the net. Online solutions previously unknown to most users are no good at this point.
Next Installment: My favored AV product and why it's wise to avoid integrated security suites and personal firewalls.
- 10 comments |
- Post a comment |
- TrackBack |
- Clip Link
- | Viewed 1163 times
PreviousComments on this post
With macs it was the always the first thing to turn off when you had any problems too. Not sure if that even make a aversion for OS X ?
Utz
I can echo this story 200 times. It is 100% true. We do the same thing - we uninstall Norton AntiVirus or Internet security and most times it solves the problem. What's embarrassing, however, is that in most cases these are clients to whom we recommended Symantec 5 years ago when Norton Antivirus was a lean and mean product that was unbeatable. So, just as with Adrian Mars, we find ourselves having to explain to the customer : yes, Norton used to be first class, Yes we recommended it to you 5 years ago, but nowadays they no longer are - they create all the problems you have just called me for. Yes, they are still the top company but only because reviewers do not actually test it properly and simply regurgitate the marketing stuff they get from Symantec.
And Adrian and I are not alone. I use a product called Ultimate Troubleshooter from AnswersThatWork.com. When the product recognizes an old virus, it recommends to the user to run a virus scan and recommends Norton Antivirus - it only does that on old viruses. They've changed their tack on the new viruses. So I emailed them once asking them what their position was on Norton Antivirus nowadays and they told me exactly the same thing as Adrian and I mention - more often than not they find themselves having to uninstall it!
I am Product Marketing Director for Symantec’s Norton range and would like to offer my perspective on some of the points you raise in your post.
I am not sure which Norton products you and your customers have had problems with, but I’d encourage you to try our latest releases of Norton Internet Security and Norton AntiVirus 2009 which specifically address your concerns regarding performance, memory utilisation and uninstallation.
We have completely taken on board customer feedback about ‘feature richness’ equating to ‘bloat’ in our older Norton products. In fact our research shows that PC performance is the primary reason why people switch Internet security solutions. Over the past three years, we’ve been steadily improving both the performance and detection of our products, and for the 2009 releases, we focused in minimizing system impact whilst increasing overall protection. We’ve also made the uninstall smooth and seamless. But enough of the Marketing speak, please test the products yourself and let me have your feedback. You can download a free 15-day trial here: http://www.symantecstore.com/dr/v2/ec_Main.Entry17C?SID=27685&SP=10023&CID=213479&PID=969612&PN=61&V1=969612
You raise another important point in your post about product reviews.
Pretty much the whole security industry questions how reviews are conducted by magazines and whether they really examine the most important elements of the software in a detailed and accurate way. The reality though is that few magazines nowadays have fully-specced testing labs to adequately create a realistic environment to test security products in their entirety, hence some reviews focusing on user experience and top-line performance only. However there are security industry specialists like Virus Bulletin (www.virusbtn.com) which produces the VB100 awards, Andreas Marx (AV-test.org) and Andreas Clementi (AV-comparatives.org) who conduct comprehensive testing and who sell their data to publishers. And many media outlets now quote Marx and Clementi as additional third party verification of their reviews conclusions.
Additionally, many of the key players in the security industry have come together to form the Anti-Malware Testing Standards Organization (hwww.amtso.org) which specifically sets out to address the need for and solutions to comprehensive and consistent testing of security products. We all acknowledge that the testing of security products is not what it needs to be, and with the AMTSO, we are on track to improve things.
This comment has been deleted at the users request
I was going to stay out of this, because Adrian and others had already said pretty much everything necessary, and very well. But after these three postings (including the duplicate, doesn't inspire a lot of confidence in technical ability), I feel that I need to speak up.
I absolutely agree 100% with what Adrian said, and what was said in the comments. I personally used Norton Anti-Virus products for a very long time, starting long before they were "Symantec" products, and I realized with dismay that they were getting worse and worse, and more and more bloated, with every annual release. It finally got to the point where I came to the same conclusion Adrian did - if your computers was slowing down, crashing for no apparent reason, and generally behaving very poorly, the first thing to try was removing the Symantec products, and that generally made a big improvement.
At the same time I started to notice that the Symantec products which were included on new computers changed from being a one-year subscription to a 90-day subscription, which I thought was a pretty cheap trick - but at least made it easy for me to tell friends and family not to bother installing it in the first place.
Of course, the "next version" was always going to be SO much better, it was going to fix all the problems of the current version, and a LOT more... except, it never quite seemed to work out that way. For that reason, this latest "try Symantec 2009 products" rings rather hollow...
I hope that what Symantec is learning now, the hard way, is that once you have lost the trust of knowledgeable users, it takes a long time and a lot of hard work to recover, if you ever can at all.
jw 6/10/2008
Whilst you may feel that the comment about 'try the Norton 2009' products might be somewhat hollow', I would really encourage you to do this. Just give me 5 minutes of your time. I think you will be in a for a real surprise: and a very welcome one. We have and are listening. From the radically faster install, to clean unistall, to dramatically reduced scan times, through to free support and inclusion of a recovery CD, we have listened and responded to customers. With Norton 2009 we have put down a marker as to the future of security products and set a new standard by which you and the market can and will judge us.
I absolutely agree every word Adrian Mars wrote. I have had clients who paid to renew Norton AV products, only to find the renewal download location failed, and speaking to a human about it was impossible. I know people who have lost money on this junkware. Not a lot of money, granted, but money better spent elsewhere. I will never recommend Norton products to a client.
@ ConM, I don't think you fully realise just how high a mountain you have to climb here. You guys would have to pay me to test the product, and even then I'd be reluctant - based on past experience - to deal with your organisation.
Ask any IT Manager, system administrator, or helpdesk techie and you'll see what the industry thinks of Norton.
I've tried to keep out of it as well, but I did try the 2008 version last year,as it came as a package with our beloved acer aspire 9300. I left it on there to give it a chance, and yes I ended up booting it off with the help of the mighty unlocker app and opting for avir free spybot, and various comand line scan utilities.
The thing with Nortan as it stands is this; it is letting in well known nasties such as the fake anti virus 2008/2009 variants. I know this because I've had to boot nortan off various systems that have fallen prey to various nasties that even free AV solutions can catch. Mr marketing man, if you are reading this please take note. There is no reason not to have a snazzy user interface on todays hardware, the one I see at present should be able to run on an Atari ST or Amiga 500 and leave room for other work. The problem must be with the coding or error corection systems that are in place
From where I'm standing, it seems as though nortan fights with it self thus taking its eye off the ball and letting in a few badies, although to be fair, I have come across machines with all the major AV brands on them that have ended up infected. Sort these problems out and and your reputation will be restored, more likley by word of mouth.
ConM, thanks for that useful roundup of the state of AV testing labs. I absolutely agree, the best reviews rely on figures from independent labs. Though to anyone outside the industry judging the quality and independence of a lab is less than straightforward.
They should also include measurements of each product’s memory footprint and the amount by which they slow machines down, ideally by testing on a fast PC with plenty of RAM and an older model with no more than 256KB. It’s far from a perfect stability indicator but a good score here suggests well crafted efficient code that will also be well behaved.
As Megamix, JA Watson (JW), BitSmith and Roger Andre’s experiences all echo, Symantc do have a big hill to climb, nonetheless I couldn’t except a better response from them. Dissatisfaction has been growing over the last few years, so it’s extremely encouraging to hear from ConM that this state of affairs (after many years of denial by the press office) is being acknowledged.
It remains to be seen if this is reflected in the product. As Megamix20 experience of embarrassingly removing products he endorsed five years ago demonstrates, not only does the current release have to be good, we need confidence that it’ll remain that way for years to come.
It will take Symantec quite some time regain my confidence. They do though have the sales to fund the resources needed to maintain a good detection rate, counting against that (recent product quality aside) is that being market leader they are the primary target of malware attempts to avoid detection and disable their products.
This comment has been deleted at the users request
