Does anybody like Norton AntiVirus?

Whenever I have written about Symantec's flagship consumer antivirus application, the response from readers is always the same. Hordes of Symantec's customers write in complaining that Norton AntiVirus (NAV) sucks up their system resources, doesn't clean their computer thoroughly and when they finally decide to ditch the program altogether, they first need to download a special un-installation tool from Symantec's Web site.

Readers have also said that Live Update is difficult to configure when not in administrator mode, which is rather ironic because when the user is logged in as an administrator the application's script blocker is vulnerable to attack.

The least Symantec's customers should expect is real protection. Unfortunately, even that very basic requirement seems beyond the company's development teams -- and so the spin doctors and marketers are brought in to try and soften the blow.

In October, when a researcher discovered a security vulnerability in NAV, Symantec initially denied the problem existed, then admitted that there was a problem but played down its severity. Finally the company admitted that NAV was vulnerable to attack and retracted its earlier statements -- which the company admitted were factually incorrect.

So the situation right now is that Norton AntiVirus 2005 - which costs more than AU$90 from Symantec's Web site and is labelled "The world's most trusted antivirus solution" -- can be fooled by a simple script into turning off its auto-protect functionality and leaving the computer at a malicious user's mercy.

Last week, high-level executives from Symantec's US headquarters said that the company was working on strengthening the product's internal defence mechanisms to make it more resilient to such attacks.

However, these improvements are unlikely to be seen until the next version, which will be Norton AntiVirus 2006 and released in six months time.

Meanwhile, Symantec is hoping that a script kiddie will not find the exploit codes -- which have already started circulating around the Web -- and use them to launch an attack.

Mark Kennedy, architect, product delivery and response, said last week that if a virus writer was to use the exploit code and create a worm, the company would have a signature written to protect customers "within hours".

"Anybody that had not been hit by it and had updated their signatures before the worm infected their machine would be fully protected from it," said Kennedy.

What Kennedy failed to point out is that worms can travel around the world in minutes, which doesn't leave much time for Symantec to create the signature or NAV customers to download and install the update.

Vincent Weafer, the senior director of Symantec's Security Response team, said the reason why so many people complain about its product is that the company has such a large user base.

"We are on far more machines than most other people so you are going to get a lot of feedback," said Weafer.

Unless Symantec brings its NAV product up to date, Weafer is unlikely to be able to make the same claim two years from now. There are already a number of antivirus applications on the market, such as Grisoft's AVG, that are free to use and far less demanding of a computer's resources.

If Symantec really wants to reduce the number of people complaining about Norton AntiVirus, it should be improving the product rather than hiring spin doctors to try and cover up its flaws.