How Much Does Norton AntiVirus Cost?
At $59.99 per year for a single license, Norton is more costly than most antivirus tools. The most common price for a single standalone antivirus license is about $20 lower. More than a dozen of the products I’ve reviewed hit this price point, among them antivirus products from Bitdefender, Trend Micro, and Webroot. Many offer three licenses for $59.99.
With McAfee AntiVirus Plus, you get unlimited protection for the price of one Norton license. You can install McAfee protection on every device in your household, running Windows, macOS, Android, or iOS.
In addition, Norton doesn’t offer multi-license pricing for the antivirus product. If you want to protect two PCs, you buy two individual licenses, costing about $120. Upgrading to Norton 360 Deluxe would be a smarter move. For $15 less than two antivirus licenses, you get five full suite licenses, five unlimited VPN licenses, 50GB of hosted online backup, and more. Trend Micro operates in a similar fashion. You can buy a single antivirus license to protect one PC or Mac, or upgrade to Trend Micro Internet Security for three licenses that cover either platform.
I should point out that you can also use your single Norton AntiVirus license to install protection on a Mac. However, the same situation applies, in that two licenses cost more than a five-license subscription to Norton 360 Deluxe for Mac. Norton 360 also gives you five licenses for Norton Secure VPN. In fact, the presence of the VPN is the only difference feature-wise between Norton’s macOS products.
Norton Antivirus Plus comes with full tech support, along with a Virus Protection Promise. If Norton can’t remove a malware infestation even after you follow all recommended steps, experts will log into your computer remotely and fix the problem. In the unlikely event they can’t sort things out, you can apply for a refund. This promise does require a commitment on your part. It only applies if you’ve signed up for automatic renewal. McAfee and Check Point offer similar guarantees.
All current Norton security products, including this one, come with online backup. With the standalone antivirus, you just get 2GB of online storage, but that may be enough to securely back up your most important files.
Using the Norton Dashboard
The current product line emphasizes the My Norton app, which helps you access all the elements of your Norton protection. A hazy outdoor scene at the left softens the view, somewhat like the nature-scene backgrounds in Panda Dome Essential and the rest of the current Panda product line. For this basic antivirus, there are just three active items: Device Security, Cloud Backup, and Password Manager. Clicking Device Security opens the familiar Norton antivirus interface. I’ll cover the other two components below. You’ll also find a link to purchase Secure VPN, which isn’t part of the basic antivirus package.
The main window of the local antivirus should look familiar to Norton aficionados. It’s mostly white, with text and icons in green and black. Big panels show your status in five areas: Security, Internet Security, Backup, Performance, and More Norton. Rather than opening a new page, clicking one of these options slides the panels down to reveal more options. For example, clicking Security displays icons for Scans, Live Update, History, and Advanced.
After installation, be sure to run a Live Update. Even though the status panel indicated my software was current and up to date, the Live Update found and installed some updates. You should also launch each of the browsers that you use and at least install the Norton Toolbar. You can also add other extensions: Norton Safe Search, which marks dangerous search results; Norton Home Page, which puts Safe Search and a collection of quick links on your home page; and the Norton Password Manager.
Plenty of Scan Choices
When you click the big Security panel and then click Scan, Norton offers the expected Quick, Full, and Custom scan choices—and a lot more. Choosing Smart Scan checks your computer for privacy and performance issues as well as scanning for malware, much like the Smart Scan feature in Avira Free Security and Avast One Essential. Both are free and both belong (or will soon belong, in the case of Avast) to Norton, which has been making a lot of acquisitions lately. I did find that when I tried to resolve trackers found by the scan, Norton took me to an upsell page for Norton AntiTrack. Perhaps it caught the upsell habit from Avast or Avira (both are known for vigorous upselling).
If you think you may have malware even after a scan, you can launch a fresh scan with the aggressive Norton Power Eraser clean-up only antivirus tool. A link in the final report screen for each regular scan takes you to Power Eraser; click it if you suspect the cleanup wasn’t complete.
On my standard clean test system, a full scan took an hour and 26 minutes, almost the same as when I last timed Norton. The time is a bit longer than the current average of an hour and seven minutes, but that isn’t a big worry, as you only need a full scan right after installation to root out preexisting conditions. In addition, Norton performs various optimizations to speed subsequent scans. On that same test system, a second scan needed only 10 minutes. That’s better, of course, but repeat scans with other products that optimize after the first scan have finished even more quickly. Trend Micro finished a repeat scan in about six minutes, and Kaspersky Anti-Virus took less than five minutes.
The Norton Insight scan checks all your files and assigns a trust level to each. It also displays each file’s prevalence among Norton users and how much impact it has on performance. That scan ran in seconds on my test system and flagged 100% of running processes as trusted. I changed the filter to show all files and still got 100%. This is odd because the test systems all have a half-dozen programs that I wrote for testing purposes, programs that should be untrusted because they’re not found anywhere except on my test computers. Norton Insight found those as running processes, but not otherwise.
If you run into any trouble at all with Norton, the Diagnostic Report scan may help you solve the problem. Even if it doesn’t, the details from the report should help when you contact tech support about the difficulty.
Excellent Lab Test Results
Every antivirus claims it will protect you, but how do you know it works? One way to verify that claim is by checking results from independent labs around the world, labs whose research experts do nothing but test and evaluate security programs. The labs choose the products they think are significant, and the security companies decide whether it’s worthwhile to pay the testing fee. When a product appears in reported results, you know it’s worth a look. All four of the labs I follow report on Norton, a clear indicator of its importance.
Testing experts at SE Labs capture real-world malicious websites and use a replay technique to hit each of the selected antivirus products with precisely the same attack. Though it’s a labor-intensive process, recent tests have included more products than in the past. The lab offers certification at five levels: AAA, AA, A, B, and C.
Like all but one of the products in the latest test by SE Labs, Norton received AAA certification. McAfee, Kaspersky, and Microsoft Defender Antivirus were among the others that achieved AAA certification.
Where most of the labs report rating levels or numeric scores, London-based MRG-Effitas uses something closer to a pass/fail system. Unless a product exhibits near-perfect protection, it simply fails. I follow two tests from this lab, one specific to banking Trojans and one covering a wide variety of malware types. Like three-fifths of tested products, Norton passed the banking Trojans test. Avira, Bitdefender Antivirus Plus, and Kaspersky also passed, among others.
In the full-spectrum malware protection test, Norton and ESET NOD32 Antivirus earned Level 1 certification, meaning that they completely fended off all malware attacks used in the test. Bitdefender, F-Secure, and Microsoft succeeded at Level 2. This means that some threats installed at first, but the antivirus fully remediated the infestation within 24 hours. The other tested products simply failed.
Researchers at AV-Test Institute look at antivirus products from three different angles. Naturally, they rate the product’s essential ability to protect against malware attacks. But they also rate each product’s effect on system performance, and they examine how successfully it avoids naming valid programs or websites as malicious (false positives). Products can earn 6 points for each of these criteria, for a maximum of 18 possible points.
In the latest test reported by this lab, just over half the products reached a perfect 18 points, Norton among them. Three products share the lowest total, 15.5 points. Interestingly, PC Matic took a perfect 6 for protection and performance, but many false positives dragged its usability score down to just 3.5 points. Given PC Matic Home’s default-deny strategy, that’s not surprising.
Any product that manages at least 17.5 points gets the designation Top Product from AV-Test. Among the products that reached 17.5 were McAfee, Microsoft, and K7 Antivirus Premium.
A product that passes one of the many tests performed by the AV-Comparatives team receives Standard certification. Those that do better than the basics, or much better, can receive Advanced or Advanced+ certification. Norton participates in all three tests that I follow from this lab. It received one certification at each of the three levels, Standard, Advanced, and Advanced+. In the latest round of reporting, only Bitdefender took Advanced+ in all three tests.
With all the different scoring systems, it’s hard to get an overall feel for a product’s lab results. I’ve devised an algorithm that maps all the results onto a 10-point scale and combines them to yield an aggregate score. Norton’s aggregate score of 9.6 points is among the best. Of products tested by all four labs, only Kaspersky’s 9.9-point score beats Norton. Tested by three labs, AVG and Bitdefender scored 9.8; and F-Secure’s score of 9.7 comes from just two labs.
Very Good Malware Protection
Even when the labs offer positive and plentiful results, I still like to get a feel for each product’s malware protection skills using my own hands-on tests. My basic malware protection test starts when I open a folder containing a collection of samples I collected and analyzed myself. Like most competing products, Norton started examining these samples right away. Rather than frantically popping up a separate notification for each detection, it simply displayed a notification that the Auto-Protect component was busy processing threats.
Some detected samples remained visible in Windows Explorer, but with a size of zero bytes. I verified that these files were effectively gone, though I couldn’t delete them to finish the cleanup. A reboot removed those traces. In all, Norton eliminated 79% of the samples in this initial culling.
Norton caught most of the remaining samples when I launched them, in most cases eliminating files so quickly Windows was left displaying an error message. It did miss a few less risky items, so-called potentially unwanted programs. In the end, it detected 97% of the samples and scored 9.7 of 10 possible points. That’s quite good; only a few security tools have fared better against this current set of samples. Those are Webroot SecureAnywhere AntiVirus, McAfee, and Malwarebytes, scoring 9.8, 9.9, and 10 respectively.
Those hand-analyzed samples from my malware collection necessarily stay the same for quite a while, because it takes me weeks to obtain and curate a new set. For a view on how each antivirus handles the most current malware, I start with a feed of recent malware-hosting URLs supplied by testing lab MRG-Effitas.
Even though the URLs are no more than a few days old, I usually find that quite a few have gone dark since discovery. For those that still work, I note whether the antivirus prevents the browser from visiting the dangerous page, wipes out the malware payload, or does nothing at all. In summing up the results, I give equal credit for URL-blocking and for download-deletion.
Norton blocked some URLs by replacing the browser page with a big, red warning. It blocked others in a way that left the browser displaying an error, with a popup to explain what happened. When the browser protection didn’t prevent all access, the Download Insight component vetted every download. In some cases, it reported the file as dangerous before I even clicked save. For others, it continued analysis after the download finished, announcing its verdict 10-15 seconds later. In small number of cases, it reported a safe download. Careful examination revealed that those cases were indeed safe.
Along with Bitdefender Antivirus Free Edition and McAfee, Norton prevented 100% of the malware downloads. It took out 25% by blocking access to the URL and the other 75% by eliminating the malware download.
There’s a good bit of Norton protective activity that you’ll just never see. AMSI integration means that scripting languages like PowerShell or VBA can call out to Norton to check potentially dangerous actions within a script. A command-line scanner examines commands sent to certain programs, foiling some “fileless” malware attacks. The machine-learning behavioral engine analyzes scripts before execution. These and other deep features work silently to detect and prevent malware attacks.
Phishing Protection Perfection
Writing a malicious program that can steal personal data without triggering antivirus defenses is complicated. Creating a website that looks like Capital One or some other bank and hoovering up the login credentials of hapless netizens who don’t notice the chicanery is simple. Phishing fraudsters put up fake versions of financial sites, online games, and even dating sites, capturing as many passwords as they can before the site gets blacklisted. When one site gets busted, they just spin up another fake.
Because phishing sites are so ephemeral, a successful defense can’t rely solely on blacklists. For testing purposes, I gather reported phishing URLs from sites that track such things, making sure to include some that are too new to have been analyzed and blacklisted. I launch each suspected fraud in a browser protected by the product I’m testing, and simultaneously in Chrome, Firefox, and Internet Explorer, using just the phishing protection built into each browser. I discard any page that doesn’t load correctly in all four browsers, and I verify that each page is a true phishing fraud, a fake version of a secure site that actively attempts to capture login credentials.
In past tests, I’ve seen notifications that Norton blocked a fraudulent page, or that it blocked a suspicious page. This time around, I only saw the same Dangerous Web Page warning that appeared for the malware-hosting URLs. I did run into a warning from Norton’s Scam Insight for one of the sample pages. This type of warning notes that while the page has no known threats, it asks for personal information, and it has suspicious characteristics.
Using one technique or another, Norton detected 100% of the verified phishing frauds, just as F-Secure and McAfee did. Avast One Essential, Bitdefender, and Webroot came very close, with 99% detection.
I tested phishing protection in Norton 360 Deluxe for Mac at the same time I tested this product, using the same sample set. On the Mac, Norton also scored 100%, as did the macOS editions of McAfee and Webroot.
For a much deeper dive into the phishing threat, you can read my piece on how to avoid phishing scams.
Web Protection Extended
Norton encourages you to install the Norton toolbar with Norton Safe Web in all your browsers. That means when you search using any popular portal, you’ll find green, yellow, red, or gray icons next to the links in search results. As you might guess, these identify safe, iffy, dangerous, and unknown URLs. You can point to an icon for a popup with more detail, and click the popup for a full report on the link.
The web markup system also applies to links in Twitter and Facebook feeds, and in web-based email. Norton doesn’t clutter your feeds with icons, but it highlights any dangerous links in red. Pointing at a highlighted link triggers a popup warning.
When Norton warns you not to visit a website, it doesn’t lay down the law. You can still thumb your nose at your protector and click through to the dangerous page. When you do, Norton offers to let you visit in Isolation Mode. In this mode, the page gets rendered on Norton’s server, stripped of any dangerous content, and presented to you in a totally harmless form. It also prevents you from submitting sensitive information to the dangerous page.
Online Banking Protection is another benefit. When you visit a supported financial site, Norton opens it in Isolation mode, for safety. I found that using this feature tends to trigger bank security measures, because it looks like you’re logging in from a computer you never used before. Brush up on your security answers, as you may need them. Note that use of this mode costs Norton a little money toward the servers that it uses. For that reason, you can’t just switch into Isolation Mode and stay there.
Data Protector for Ransomware
Quite a few security products protect against ransomware by preventing all unauthorized programs from modifying protected documents. Panda goes farther, even preventing unauthorized read-only access. Norton’s Data Protector feature prevents malicious programs from modifying documents in specified directories.
That’s an important distinction. The more common protection against all unauthorized programs means you may have to add a new video editor or word processor to the trusted list. Norton leaves them alone, because they’re not malicious. By the same token, it’s hard to test. It didn’t react to my unauthorized tiny text editor or to my file-encrypting test program.
To put Data Protector to the test, I had to use real file-encrypting ransomware. Norton’s real-time protection eliminated all those samples on sight, so I turned off ordinary real-time protection, copied the samples back to the test system, and launched them one by one. The results were better than when I last torture-tested this feature.
Two of the dozen samples just didn’t perform any suspicious actions during the test—that’s not uncommon. Data Protector detected suspicious behaviors for all the remaining 10. For five of those, Norton quashed the ransomware before it could do any damage. Another three managed to encrypt up to 50 files before being caught; a look at those files revealed that they were in locations not protected by Norton.
That leaves two bad boys that Data Protector couldn’t quite handle. Oh, it stopped specific behaviors over and over, but it never terminated the ransomware process itself. During the time I let the samples run, one encrypted 5,000 files and another encrypted 12,000.
Remember, this test takes place with all normal real-time protection turned off. Data Protector normally works alongside other protective layers. The fact that it detected suspicious behavior by all the samples is impressive.
Most security companies reserve firewall protection for their suite products, but Norton doesn’t follow that path. This antivirus includes a full-scale firewall, which both protects against outside attacks and prevents misuse of your internet connection by local programs.
As expected, the firewall correctly stealthed all ports and fended off port scans and other web-based attacks. Given that the built-in Windows Firewall completely handles this task, testing with web-based attacks only becomes relevant when a third-party firewall doesn’t pass the test.
When personal firewall utilities first came on the scene, they totally relied on the user to decide whether a given program should get the privilege of connecting to the network. Typically, they’d bombard the poor user with queries involving too much detail. Should ImaHogg.exe be allowed to connect with 188.8.131.52 using port 8080? Some users just clicked Allow every time. Others clicked Block every time, until doing so broke something important—then they switched to clicking Allow every time.
Relying on the uninformed user for these important security decisions isn’t smart. Instead, Norton uses a huge online database to configure network permissions for a vast number of known good programs. Of course, known bad programs get quarantined on sight.
As for unknowns, programs that don’t fit either category, Norton’s behavior-based detection system puts them under heightened scrutiny. If it finds that the unknown program is misusing its network connection or otherwise misbehaving, it tosses the program in quarantine, where it belongs. Webroot likewise puts unknown programs under enhanced scrutiny, but it also journals all actions by the program and rolls back those actions if the program proves to be a stinker.
In testing, I found that Norton’s firewall does occasionally display an alert when a sketchy program attempts access. For example, my tiny hand-coded test browser got a warning because it’s not digitally signed and because Norton’s vast network has seen it very few times. As with the firewall in Check Point ZoneAlarm Extreme Security, pop-up alerts are rare. If you see an alert from the firewall, pay attention, because it’s an unusual occurrence.
The firewall component in Kaspersky Security Cloud also handles program control internally, but it uses a somewhat different system. Its online database assigns a trust level to each program and restricts system access for those programs that aren’t fully trusted—the lower the trust, the higher the restrictions.
Firewall protection, and security suite protection in general, isn’t much use if a malicious program can turn it off or kill it. I always run a simple sanity check, trying various methods to shut down protection using techniques available to a malware coder. Norton doesn’t expose important settings in the Registry, so I couldn’t just find the protection switch and change On to Off. I got an Access Denied message when I tried to terminate Norton’s three processes. Likewise, I couldn’t stop or disable either of its two Windows services. Protecting essential processes and services makes sense, but not all products manage it. I had no trouble finding ways a malware coder could disable Vipre Advanced Security, for example.
If you dig into the firewall component’s settings, you’ll find them plentiful—and possibly baffling. Most users should leave these strictly alone, but just looking doesn’t hurt. A peek will reveal settings for the Wi-Fi Security feature, which goes way beyond merely informing you when you connect to nonsecured Wi-Fi. Norton actively looks for and foils man-in-the-middle attacks, DNS spoofing, content tampering, and other network-based attacks.
Protection Against Exploits
Alongside firewall protection, Norton gives you exploit protection at the standalone antivirus level. This component monitors network traffic for patterns matching exploit attacks and blocks them below the browser level. By default, it blocks all traffic from the attacking IP address for 30 minutes. I had to dig into firewall settings and turn off that automatic blocking to perform my hands-on exploit testing.
This test uses exploits generated by the CORE Impact penetration tool. I launch about 30 exploits against the test system and note the security product’s response. Norton’s scores have varied wildly. In my most recent previous test, it caught every single sample, but it did so by recognizing them as coming from Core Impact. That’s not much help. In the test before that, it detected 85% of the exploits, identifying more than half by their official numeric tags.
This time, Norton detected just 42% of the exploits, identifying most by their numeric tags. Kaspersky has the best recent score in this test, 84% detection. Note that none of the exploits managed to do any harm to the fully patched system I used in testing.
See How We Test Security Software
Straightforward Online Backup
The current lineup of Norton products gives you online backup at every level, starting with the standalone antivirus reviewed here. Granted, you just get 2GB of online storage with the antivirus, but that may be enough to back up your most essential files. Backup serves as the ultimate security against ransomware and any other destructive attacks that might get past antivirus defenses.
You do have to run through the setup process before you can benefit from the added security of keeping backups. The process starts with choosing what to back up or accepting Norton’s default choices, which include documents, pictures, contacts, and more, for all user accounts. If you’re not sure, you won’t go wrong accepting the defaults.
Next, you choose where to keep your backed-up files. Online storage is the default, but you must click the link and log into your Norton account to activate it. You can also choose any local, removable, or network drive to hold local backups. If you use a cloud storage service that shows up as a drive in Windows Explorer, you can even use that for a backup destination. The backup component in Kaspersky Total Security doesn’t offer online storage, though you can link it to your Dropbox account. Because Norton supports multiple backup jobs, you can save your files in more than one location.
The final step involves defining when to run the backup job. If you’re using online storage, just accept the default setting, Automatic. In this mode, Norton backs up new and changed files any time the computer is idle. For other backup jobs, you can choose a weekly, monthly, or manual schedule. Manual is the best choice if the destination is a removable drive, since you must make sure the drive is ready.
Now that you’ve defined what, where, and when to back up, finish up by clicking Save Settings and Run Backup. The initial backup may take a while, but once it’s complete, Norton will keep things up to date in the background.
The backup system maintains multiple versions of files, giving you the option to go back to an earlier version as needed. The 10 previous versions of each file that it stores don’t count against your 2GB total. Backups older than 60 days get purged, but the system always keeps the latest and next-latest versions.
Restoring backed-up files is just as simple. Choose a backup set, decide whether to restore all files or just some of them, and pick a destination for restored files. By default, they go to their original location, potentially overwriting existing copies, but you can select any folder you like for restored files. The program does warn (sensibly) against restoring into a non-default folder that is itself part of a backup set. When restoring individual files, you can choose a previous version, if available.
Other Norton products offer significantly more storage for your backups. This ranges from 10GB for the little-known one-license Norton 360 Standard suite to 500GB for the top-tier Norton 360 with LifeLock Ultimate Plus. Note, though, that there’s no longer an option to simply buy more storage. If you need more, you must upgrade to the product tier that offers enough for you.
Chances are good that your personal webmail provider filters out spam before you ever see it, and that your business email system filters spam at the server level. If you’re one of those rare few who still need a local spam filter, Norton can help, though. Most companies offer antispam as part of a security suite, but Norton puts it in the antivirus. You will have to dig; there’s no big icon for antispam. Rather, you must open Settings and choose Antispam.
Norton filters out spam from POP3 email accounts and integrates with Microsoft Outlook. In Outlook, it automatically moves spam to the Norton AntiSpam folder. If you use a different email client, you must create a message rule to divert marked spam messages into their own folder. You can whitelist your correspondents, so their mail never gets marked as spam, or blacklist known spammers. It’s a simple system, for those who need it.
When you install Norton AntiVirus, you also get Norton Password Manager. This isn’t precisely a bonus, since you can get Norton Password Manager for free, but it’s nice to have it integrated into My Norton. Read our review of the standalone product for full details. Briefly, Norton Password Manager handles basic password manager tasks such as password capture, password replay, and filling web forms, and it can sync across all your Windows, Android, and iOS devices. It includes an actionable password strength report with automatic password updates for popular sites. However, it lacks advanced features, among them secure password sharing, digital inheritance, and multi-factor authentication.
Many programs configure themselves to launch every time you boot up the computer, and it doesn’t always make sense to have them sucking up system resources while you’re not using them. Norton’s Startup Manager lists those startup programs, along with information about resource usage and prevalence in the Norton community. You can reversibly disable any program, so it doesn’t launch at startup, or let it launch after a small delay. BullGuard Internet Security goes a step further, displaying a detailed analysis of resource usage during startup.
Modern Windows versions work in the background to undo the disk fragmentation that naturally occurs as you create and delete files. Even so, Norton offers its own Optimize Disk feature. When you launch this component, it first analyzes the drive for fragmentation, only proceeding if defragging would be worthwhile.
If your PC seems sluggish, try launching the File Cleanup tool, but don’t expect the thorough cleaning you get with a full-scale tune-up utility. The cleanup component simply deletes Windows temporary files and browser temporary files.
There Are Better Choices From Norton
Norton AntiVirus Plus earns superb scores in lab tests and good-to-excellent scores in our hands-on tests. Unusually for a mere antivirus, it includes a full-blown firewall and exploit protection. Bonus features include spam filtering, password management, and online backup.
Even so, this probably isn’t the Norton product you want. It costs significantly more than competing antivirus products and makes no provision for multiple installations. There’s apparently a contingent of Norton fans who really, really don’t want a full suite; this product is for them. Most users should pay the $45 difference and choose Norton 360 Deluxe. That subscription gets you licenses to install protection on five Windows, macOS, Android, or iOS devices, as well as full VPN protection for five devices and 50GB of online backup storage.
If you’re determined to protect your devices with a standalone antivirus utility, as opposed to going for a full security suite, we have some suggestions. Three licenses for Bitdefender Antivirus Plus or Kaspersky Anti-Virus cost the same as one Norton AntiVirus license, and both get top marks from the independent labs. Webroot SecureAnywhere AntiVirus is the tiniest antivirus we’ve seen, and its unusual behavior-based detection system can even reverse ransomware damage. Protecting one device with Norton costs the same as protecting every device in your household with McAfee AntiVirus Plus. These four are our Editors’ Choice selections for standalone antivirus software.