19 August 2006

Why I Avoid Norton AV

What's the most important thing about an antivirus scanner?

That it detects 97% rather than "only" 95% of malware in a test?
Nope, not even close.

That you can keep it updated?
Closer, but that isn't it either.

No; the most important thing is that it works.

Norton Antivirus, on the other hand, is deliberately designed to not work - if it "thinks" it's being used in breach of its license conditions.

A while back, I added a new step in the process of disinfecting systems; right at the end of the Bart CDR boot phase, after doing the scans and checking integration points, I rename away all Temp and "Temporary Internet Files" locations so that any missed malware running from there will be unreachable when I boot Windows for the first time.

Over the last few weeks, I noticed several PCs would start Windows with an "Activate Norton Antivirus" nag, usually as "Your trial period has expired". Norton AV would not only not run, but would also not provide access to its quarantine or logs of previous scans.

Generally, I just shrug, uninstall it as the useless PoS it has proven to be, and replace it with a decent free scanner that works. I'm not going to phone clients to query license status, ask for product keys, etc. and as I neither sell nor recommend Norton, I wouldn't bother to troubleshoot it further unless paid clock time to do so.

However, I did do a Google( Norton Activation ) and that was verrry interesting...




...as well as plenty of forum shrieks:





As usual, it's doesn't fully meet the vandor's needs even as it screws the users:


Symantec offers the following hoops to jump through...





...but why should you accept this mission? Why pay scumbags who embed commercial malware within a product ostensibly designed to help you counter malware? Tackling malware is tough enough without having to worry about whether each hidden file or hook is part of Norton's self-serving un-documented user-hostile code, or some other malware.

No comments: