Consumers might suffer a slight confusion over the names of Norman Antivirus and Norton Antivirus. They'll have no such problem with the full-scale security suite products from the two companies. Norman Security Suite PRO 9 ($75.95 direct for three licenses) doesn't sound much like Norton Internet Security. It doesn't act much like Norton either; only one of its components is remotely as effective as the corresponding Norton component.

Lengthy, Troubled Installation
Getting this suite installed was quite a chore. A rather lengthy firewall-configuration wizard identified various types of Internet-aware applications, with an option to let the user manually add more. It needed a reboot at the end, another reboot due to a failed update, and a third reboot after the update finished.

That doesn't mean the installation was complete. I had to separately install the internet protection component, the spam filter, and the parental control system. Naturally, this sequence required yet another reboot.

I compared the free space on disk after installation with free space before and determined that the Norman installation occupied 916MB on disk. That's quite a lot. Of recent suites, only PC Tools Internet Security 9.0 ($49.95 direct for three licenses, 3 stars) and Bitdefender Total Security 2012 ($79.95 direct for three licenses, 4 stars) were larger. PC Tools took over 1,000MB and BitDefender nearly 1,200MB. At the other end of the spectrum, Webroot SecureAnywhere Complete ($79.95 direct for three licenses, 4.5 stars) needed less than one megabyte of disk space.

When it came to installing on malware-infested systems, I ran into serious trouble. Malware completely prevented successful installation on two systems, and Norman's tech support representatives couldn't solve the problem at all. In a nearly-unprecedented move, they simply gave up. On several other systems, free space on disk continuously dwindled, so much so that I had to delete non-essential programs in order to complete the scan.

Poor Malware Protection
The suite's protection against viruses and other malware is the same as what's provided by Norman Antivirus 9 ($45.95 direct for three licenses, 2 stars). In fact, the standalone antivirus is almost identical to the suite except that it includes placeholders for suite-only features. I'll summarize my test results here; for full details, read the antivirus review.

Norman clearly didn't detect or remove any malware from the two test systems on which its installation failed. It detected 76 percent of threats and scored 5.2 points for removal. Only three recent products have scored lower. Every rootkit it detected remained actively running after Norman's supposed removal; its score of 2.1 for rootkit removal is the second-lowest among current products. It did manage 9.5 points for scareware removal, but then, 80 percent of current products scored that well or better. For a full explanation of how I derive these scores see How We Test Malware Removal.

Norman Security Suite PRO 9 malware removal chart

Given a chance to install on a clean system, before any malware arrived, Norman did a better job in my malware blocking test. Its detection rate of 91 percent is slightly above average, though its 8.0-point score for malware blocking runs a little below average. It detected all the rootkits samples and scored 8.6 points for rootkit blocking, a much better showing than its dismal 2.1 points for rootkit removal. Norman's 9.8 points for scareware blocking would be more impressive were it not for the fact that almost half the current products scored a perfect 10 in this test. To understand where these numbers come from, please read How We Test Malware Blocking.

Norman Security Suite PRO 9 malware blocking chart

I was pleased to find that the suite's added Intrusion Guard component didn't cause trouble when I tried installing twenty PCMag utilities that hook deeply into Windows. However, like the standalone antivirus the suite erroneously identified a DLL belonging to one of the tools as Worm:Delf.CAVJ. I triple-checked the file; it is not infected.

The independent test labs also give Norman relatively low ratings, those that don't simply omit Norman. ICSA Labs certifies it for malware detection and cleaning, but it passed Virus Bulletin's VB100 test only six of the last ten times. And it failed to achieve AV-Test.org's certification in all three tests under Windows 7, Vista, and XP. To learn more about the labs and the way I interpret their results, see How We Interpret Antivirus Lab Tests.

Norman Security Suite PRO 9 lab tests chart

Porous Firewall
The first thing I check when testing a firewall is whether it correctly stealths all ports. Doing so makes the computer effectively invisible to hack attack from outside. It's an easy task; the built-in Windows Firewall manages it just fine, as does virtually every third-party firewall.

I'm always surprised when a firewall fails this test—as Norman did. Gibson Research's "Shields Up!" test revealed one significant port open and another merely closed, not stealthed. It failed PCFlank's stealth test, and a basic audit with SecuritySpace revealed two more open ports. Norman's firewall did pass several other tests, but its main screen still said it had "Blocked 0 port scans."

Typically a personal firewall works to control which programs can access the Internet or network. Intelligent firewalls like those found in Norton Internet Security 2012 ($69.99 direct for three licenses, 4.5 stars) and in Kaspersky Internet Security 2012 ($79.95 direct for three licenses, 3.5 stars) take full responsibility for program control. They automatically configure access for millions of known good programs, wipe out known bad programs, and subject any unknowns to extra scrutiny, smacking them down if they try anything suspicious.

Norman puts the user in charge of program control decisions, which is just a bad idea. Few users have sufficient knowledge to make the correct decision. Some will click Allow every time. Others will click Deny… until they manage to disable the browser. Norman apparently recognizes this problem, as the firewall pane includes a link to delete all rules that block access in case "one of your applications is unable to access the Internet." The time for foisting program control decisions off on the user is long past.

On the plus side, Norman's program control did an unusually good job of detecting attempts by leak test programs to gain Internet access without triggering program control. Out of a dozen leak tests, only two got past Norman.

High-end firewalls will detect and block Web-based exploit attempts before they ever reach the protected computer. When I attacked the test system using exploits generated by the Core Impact penetration system, Norman's firewall did nothing. The antivirus did kick in to remove suspicious files dropped on the test system in about a third of the cases. None of the exploits actually penetrated security, as the test system is fully patched. Still, I prefer a firewall that lets me know when I'm under attack. Norton blocked every exploit and identified most of them by name.

As always, I attacked Norman using techniques that could be incorporate in malware code to disable protection. Norman doesn't expose any Registry settings that could be used to turn off protection, and I couldn't terminate its essential processes using Task Manager. However, 13 of the product's 14 Windows services (yes, 14!) yielded to a simple stop command, and setting the lone holdout's startup type to disabled made a clean sweep. You'd get better protection by turning off the firewall and using ZoneAlarm Free Firewall 2012 (Free, 4.5 stars) instead.

Uneven Privacy Protection
The Norman suite works to protect the user's privacy in two ways. First, it blocks access to fraudulent websites that attempt to steal your passwords and other private data. Second, it will wipe out traces of your browsing activity and computer use. The antiphishing component is dismal, while the data privacy protection is just rudimentary.

To test a product's antiphishing ability, I attempt to visit hundreds of newly reported phishing sites. Typically about half of these are either already gone or are not truly phishing sites. I compare the product's protection with that of Norton, the consistent antiphishing champ, and with the SmartScreen Filter in Internet Explorer 8.

Two thirds of recent products weren't even as effective as IE alone, and only one, BitDefender, detected more phishing sites than Norton. Norman's detection rate was 87 percentage points below Norton's, meaning it detected almost nothing. It also scored 42 points below IE alone. If for some reason you install this suite, be sure to leave your browser's phishing protection turned on. The article How We Test Antiphishing explains exactly how I test phishing protection.

Norman Security Suite PRO 9 antiphishing chart

There's not much I can say about the other privacy tools. Either manually or on a schedule you can wipe clean traces of computer and browser use. Which traces? There's no way to know. The tool doesn't report in advance what it's going to delete, nor does it display a log of what it did afterward. I assume it did something, but the only way to find out would be to compare snapshots of the file system before and after cleanup.

Amazingly Accurate Antispam
After the series of failures and flaws documented above, you'll probably be surprised to learn that Norman's antispam protection is among the best of current suites. Configuration is simple—just a slider to set sensitivity and a few options for handling of found spam. I tested it using the default sensitivity setting and found there's no need to switch away from that default.

The time to download 1,000 messages with Norman filtering spam was about half-again the time with no spam filter installed. That's no big deal; you wouldn't notice a slowdown. With all messages received I discarded those over a month old and sorted the rest into undeniable spam, valid personal mail, and valid bulk mail (newsletters and such).

Norman allowed just 2.3 percent of undeniable spam into the Inbox. That's less than any current suite. Even Cloudmark DesktopOne Basic 1.2 (Free, 5 stars), our Editors' Choice for standalone spam filtering, let through 2.6 percent of spam. The next best suites were GFI VIPRE Internet Security 2012 ($49.95 direct, 3 stars) and Norton, which missed 4.1 percent and 6.1 percent respectively.

Norton and Cloudmark do have one virtue that Norman lacks. Neither blocked a single valid personal message or newsletter. VIPRE and Norman also didn't block any newsletters, but VIPRE blocked 0.4 percent of valid personal mail and Norman blocked 0.9 percent. Even so, Norman's antispam protection is very impressive. The article explains how I test and analyze spam filtering accuracy.

Norman Security Suite PRO 9 antispam chart

Pallid Parental Control
Norman's suite offers a bare-bones parental control system that just doesn't do the job. Where most suites and standalone parental control products let parents tie per-user settings to Windows accounts, Norman defines its own user profiles. That means a separate login is required, which is a bit inconvenient for parents who share the family computer with their kids.

Parents can choose to block sites matching four categories: sex, gambling, weapons, and drugs. The average suite's parental control offers about 18 categories while standalone parental control tools average twice that. Worse, Norman just wasn't very good at blocking its limited set of categories. It let through quite a few sites of an undeniably pornographic nature.

If your hormone-crazed teen wants to view naughty sites other than those missed by the filter, he can turn off parental control using a simple three word network command. A secure anonymizing proxy website will also give him unrestricted access to the seamy side of the Web. Most parental control systems at least try to block proxies and other loopholes; not Norman.

Parents can also create a weekly schedule defining when Internet use is and is not permitted using a full-week grid with hourly increments. Awkwardly, the grid doesn't quite fit the window that contains it, and scrolling down to the end of the day scrolls the day-name headings out of view.

On the plus side, the content filter is browser independent and the time-scheduler can't be fooled by fiddling with the system clock. But if you actually need a parental control, skip the suite's and get an effective standalone product like AVG Family Safety ($19.95 direct for three licenses, 4.5 stars) or Net Nanny 6.5 ($39.99 direct, 4.5 stars).

Mixed Effect on Performance
At install time I determined that Norman occupied nearly a gigabyte of disk space, and while checking firewall toughness I found that it relies on 14 Windows services. That sounds like a recipe for slowing system performance. Fortunately my tests showed that it wasn't so bad.

The browsing test times a script that fully loads an eclectic collection of 100 websites, one after another. Averaging multiple runs with and without Norman installed, I found no detectable difference, meaning Norman didn't slow this test at all. Norton, McAfee Total Protection 2012 ($89.99 direct for three licenses, 4 stars), Trend Micro Titanium Maximum Security 2012 ($79.95 direct for three licenses, 3.5 stars), and several others also had no noticeable effect on the browsing test.

To check whether on-access antivirus scanning slows common activities I timed a script that moves and copies a large collection of files between drives. This test averaged just 2 percent longer with Norman installed; users would be hard-pressed to notice the difference. On the other hand, avast! Internet Security 6.0 ($69.99 direct for three licenses, 3.5 stars), K7 Ultimate Security 11.0 ($69.96 direct for three licenses, 2.5 stars), and TrustPort Total Protection 2012 ($89.95 direct for three licenses, 2.5 stars) had no measureable effect on the file move/copy test.

Another test times a script that zips and unzips the same collection of files used in the move/copy test. Norman exhibited a slight performance drag here. With Norman running the test averaged 12 percent longer. PC Tools, avast!, and Norton 360 Version 5.0 ($79.99 direct for three licenses, 4.5 stars) didn't slow this test at all.

Norman did stumble, badly, in the boot time test. This test calculates the elapsed time from the start of the boot process (as reported by Windows) until the system is ready for use. Averaging 100 automated test runs, Norman increased boot time by 41 percent. Only Ad-Aware Total Security 1.0 ($59.95 direct for three licenses, 3.5 stars), with 68 percent, slowed the boot process more.

Overall Norman's effect on performance wasn't too bad. It didn't appreciably slow day-to-day actions like surfing the web, downloading email, or managing files. Yes, it slowed boot time, but for most users that slowdown is significant at most once per day. For details on how I measure security suite performance see How We Test Security Suites for Performance.

Norman Security Suite PRO 9 performance chart

Not a Top Choice
There's just not much to like in this suite. The parental control system is rudimentary, the firewall is porous and noisy, and the phishing protection is almost nonexistent. In testing, it couldn't manage to install on some malware-infested systems and it totally flopped at removing rootkits. Antispam is its one shining feature, but there's no need to afflict your PC with this suite's other component just to get spam filtering.

For a traditional security suite that also includes very good spam filtering, go for Norton Internet Security 2012 ($69.99 direct for three licenses, 4.5 stars). Or choose the super-small cloud-based Webroot SecureAnywhere Complete ($79.95 direct for three licenses, 4.5 stars) and add spam filtering by Cloudmark. Norton and Webroot are both Editors' Choice winners; either will be a much better choice than Norman.

Sub-ratings:
Firewall:
Virus removal:
Virus blocking:
Performance:
Antispam:
Privacy:
Parental Control:

More Security suite reviews: