Tag Archives: Security

Norton Antivirus for the Mac

A review of Norton Antivirus for the Mac

Introduction

This review is written, because I promised Mike Romo, Symantec’s product manager for the Mac to keep notes of my experiences with Norton Antivirus for the Mac. We came into e-mail contact after he commented on a MacWorld article and participated in some hefty discussions on the topic of the need for antivirus software on the mac. While ultimately this discussion falls outside the scope of this review I think it is worthwhile to review the reasons to install antivirus software.

  • Regulatory compliance
  • Protection against malware/viruses
  • Prevention of spreading malware/viruses and consequential reputation damage

While the first point does not leave much room for discussion (if your company requires the installation of antivirus software you simply have to install it or you’re probably cut off the network), the other two points have been a source of some heated discussions. These discussions stem from the fact that so far, Mac OS X has been mostly free of the problems that Windows has been facing. However contrary to what some people think Mac OS X is not immune to malware/viruses and Apple’s bad reputation for being late with security patches might one day lead to a major Mac OS X malware/virus outbreak. Having said that, I do think that the small installed base of Mac OS X will be a major hurdle for a successful outbreak. Some of the major means of propagation for Windows malware/viruses depend on the almost omnipresence of Windows and though some might regret it, Mac OS X does not come anywhere near to the installed base of Windows. So, where the second point looks at your system, the last of the bullet points takes your environment into consideration. Some people will argue that it is not your responsibility to protect people around from malware/viruses, but I believe that it is your responsibility to keep your own communications clean. Besides you might want to consider what the damage to your reputation will be if you send someone an infected file. For a private person the damage might be minimal, but for a company on the other hand the consequences might be severe.

Installation

Since I downloaded the dual protection version, the product came as two files. The setup.exe file is a windows installer, which I used to install the software on my Window virtual machine. The Mac part of the product is a standard disk image which contains a couple of files. The most important one is of course the installer, but a PDF manual and a support folder with a Read Me file and a Dashboard widget for alerts.

The installation requires you to walk through a couple of pages in the installer, after which it will ask for an administrator password and install the software. At the end of the installation a reboot of the system is required, because the software installs some kernel extensions. In my case the installation was uneventful and after a reboot I could start exploring the software.

Components

Norton Antivirus installs a couple of components, but there are only a few that you will see in your daily use. Most noticeable is the icon that is installed in the menu bar. It gives you quick access to the other parts of the software, LiveUpdate, Symantec Scheduler, AutoProtect, Vulnerability Protection and Norton Antivirus. If you don’t like another icon in your menu bar you can disable it in your preferences.

LiveUpdate

LiveUpdate is the component that will keep your protection up to date. In normal use you won’t notice this tool, since it does it work in the background, but if you want to force an update to the latest version, you can invoke the program manually. During installation a weekly full LiveUpdate is already scheduled to keep you up to date.

Symantec Scheduler

The Scheduler is the place where you go to schedule updates and scans. This application is one of the two places where you can edit the schedule. However for some reason it won’t list the product update schedule that is added during installation, so I would suggest that you use the main Norton Antivirus Program instead. Another bug in this program is that it allows you to change schedules without authentication, while the main program requires authentication to change a schedule.

AutoProtect

AutoProtect is another part that does its work in the background. You can configure it through the main application or you can temporarily disable AutoProtect through the menu. While it is mostly invisible, this is one of the most important parts of the program. When you insert a disk or access a file AutoProtect will scan it before it allows access. When something is wrong it will place the file in the quarantine and notify you of the problem.

Vulnerability Protection

New in version 11 is the vulnerability protection. This is a limited form of IDS which will protect you against network attacks that use known weaknesses in the software. Unfortunately the documentation is a bit vague on the exact nature of the protection.

Norton Antivirus

The main program offers you access to almost all of the components. From here you can change schedules and the preferences for AutoProtect and Vulnerability Protection. It also allows you to manually scan your system or individual files or folders. Most importantly it allows you to quickly see if the software is running and up to date.

Finder Integration

Hidden in the context menu of the finder is an option to scan a file or a folder. This is especially convenient if you forgo the AutoProtect option but want to scan a specific file or device before you use it. Strangely enough Norton did not add the same option to the services menu where seasoned Mac users might expect it.

Dashboard Widget

As final component Norton Antivirus comes with a dashboard Widget that you can use to see if your system is fully protected. It also gives you a Threat level, which is an indication that Symantec gives of the malware/virus activity.

NAV in daily use

I’ve used the program now for more than two weeks, and I must say that it has been mostly a smooth experience. Because I intended to write a review I have tried out the program under different scenarios. In my trials I have found a couple of minor issues and bugs. The most serious ones are the fact that Norton Antivirus might remove the com.apple.quarantaine flag from downloaded archives and another one that necessitates a force quit of Norton Antivirus if you scan a single infected file, but none of the issues is a real show stopper and Norton support was quick to recognise the issues as bugs, so I am confident that these will be fixed in an update.

Overall the program has hardly been an intrusion in my use of my computer. Yes, I do notice the occasional scan dialog when I download a big file or attach an external disk, but my impression is that Norton Antivirus does not affect the performance or the stability of my system. Meanwhile it gave me unexpected notice when I was installing AbiWord through MacPorts. It gave me a popup about a virus infection in one of the files in the archive. Though it is unlikely this file would have caused any real harm, I am happy that Norton Antivirus caught this, because it made the issue visible and gave me a chance to discuss the matter with the MacPorts maintainers. Within 24 hours a new version of the AbiWord port was released which does not contain this virus anymore.

Conclusions

The fact that Norton Antivirus caught an infected file that I had not been aware of otherwise alone is for me reason to keep the software. My overall impression of NAV is one of a very polished and stable product. My previous experience with Norton Antivirus was on OS/2. At that time it was a slow and resource hungry program. Mike Romo said that they had tried to make Norton Antivirus fast and modest in its resources. In my experience they certainly succeeded in that. Since Norton antivirus is available for both Mac and Windows I might even suggest my parents to replace McAfee with Norton Antivirus once their subscription has expired.