November 24, 2009, 5:11 PM — Symantec's Norton AntiVirus ($40 for a one-year, single-PC license) offers some terrific extra features and a polished user interface. But subpar performance in one detection category prevented it from capturing the top spot in our chart of stand-alone antivirus programs.
In traditional detection tests using known Trojan horses, spyware, worms, and other baddies, Norton successfully detected 99.5 percent of samples from AV-Test.org. That's a good showing, but other apps did even better, leaving Symantec's entry in a middle-tier sixth place in this category.
Norton dropped toward the bottom in heuristic tests designed to simulate a security program's ability to ward off new and unknown malware. It blocked only 42 percent of two-week-old signature files and newer malware, the second-worst showing in the bunch. But it did much better in behavioral analysis (which identifies malware based solely on how it acts), identifying and blocking 9 out of 15 samples, for third place. And it correctly removed the same number of files based on its behavioral analysis--better than any other app.
Norton's throughput of 9.26MB per second for automatic scans of files as they're opened or saved put it squarely in the middle of the pack. But it did a superb job of dealing with rootkits, blocking and removing all ten samples of this type of stealth malware.
While Norton's protection ability is decent (albeit not the best), it is head and shoulders above the rest in features and user interface. For example, the Insight feature lets you see Symantec's assigned reputation for a running program, or for a downloaded or saved file. These reputations are based on such factors as whether the file is digitally signed and how many other Norton users have it. The program uses that information to decide how thoroughly to scan any given download; you can use it to help you decide how much you want to trust a program.
Also impressive is a tool that offers a wealth of information about your PC's performance and history of changes, including when you installed programs, saved new downloads, or ran scans. One easy-to-read graph lists all the events that happened on a given day, while another shows how much of your CPU and memory was in use over time.
These and other features are easy to find in a smooth and polished user interface that includes plenty of quickly available descriptions. Settings are easy to reach, but techies might bemoan the lack of any option to have Norton ask you what to do when it finds a threat. The default action of removing or quarantining a discovered baddie is appropriate, but power users who want maximum control will be out of luck.