Norton Internet Security

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the original Norton 360 security suite. The suite was once again rebranded to (a different) Norton 360 in 2019.

Symantec distributed the product as a download, a boxed CD, and as OEM software. Some retailers distributed it on a flash drive. Norton Internet Security held a 61% market share in the United States retail security suite category in the first half of 2007.

History
In August 1990, Symantec acquired Peter Norton Computing from Peter Norton. Norton and his company developed various applications for DOS, including an antivirus. Symantec continued the development of the acquired technologies, marketed under the name of "Norton", with the tagline "from Symantec". Norton's crossed-arm pose, a registered U.S. trademark, was featured on Norton product packaging. However, his pose later moved to the spine of the packaging, and then disappeared.

Users of the 2006 and later versions could upgrade to the replacement software without buying a new subscription. The upgraded product retains the earlier product's subscription data.

Releases were named by year but have internal version numbers as well. The internal version number was advanced to 15.x in the 2008 edition to match the Norton AntiVirus release of the same year. As of the 2013 (20.x) release the product dropped the year from its name, although it still was referenced in some venues.

2000 (1.0, 2.0)
Norton Internet Security 2000, released January 10, 2000, was Symantec's first foray beyond virus protection and content filters. Its release followed an alliance between Internet provider Excite@Home and antivirus vendor McAfee.com to provide Internet subscribers with McAfee's new firewall software, McAfee Personal Firewall. Version 2000s firewall, based on AtGuard from WRQ, filters traffic at the packet level. It could block ActiveX controls and Java applets. Other features included cookie removal, and banner ad blocking. ZDNet found the ad blocker to remove graphics that were not ads, breaking pages. Adjusting the settings fixed the problem, however the process was complicated. ZDNet noted the lack of information presented concerning attacks the firewall blocked. Norton LiveUpdate downloads and installs program updates.

The Family Edition adds parental controls. Parental controls were backed by a quality control team of 10 people who searched the web for inappropriate content. Found content was categorized in subject matter and placed on a blacklist of about 36,000 sites. A designated administrator could add blocked sites, however the pre-supplied blacklist cannot be viewed or edited since it was hard coded. Administrators could block certain subject matter. Another option was to block all sites, then create a whitelist of allowed sites. Family Edition could block transmission of specified personal information. Such information was replaced with the letter "X". However, CNN noted X-rated sites were retrieved when personal information was queried by a search engine.

Version 2.0 was released June 12, 2000

2001 (2.5, 3.0)
Version 2001 (2.5) was released September 18, 2000, adding support for Windows ME in addition to the Windows 9x series, Windows NT, and Windows 2000. Following attacks by the ILOVEYOU and Anna Kournikova script viruses, this version could block malicious scripts without virus signatures, by analyzing behavior.

The firewall scans for Internet-enabled applications and creates access rules during installation based on a knowledge base maintained by Symantec. In PC Magazine testing, the installation took 24 minutes to complete on a 750 MHz Pentium III with 92 Internet-enabled applications. Using the firewall, users could determine whether to accept cookies, Java applets, and ActiveX controls on a global or per-site basis. A new feature, Intrusion Detection with AutoBlock, could detect port scans and block further intrusion attempts. The program provides notifications for intrusion attempts, reporting the severity level and providing access to threat details. Alternatively, the firewall could put the computer in stealth, essentially hiding the system. Users could configure the security level, managing the number of notifications. Testing conducted by PC Magazine using Shields Up and Symantec's Security Check found that the firewall successfully stealthed all ports, hiding the computer from view. A leak test was conducted to see the firewall's ability to detect outbound connections. Each attempt was detected and the suite offered to block the attempts.

The Family Edition, like the prior version, included parental controls and the information filtering feature. Parental controls come with a list of objectionable sites, separated into 32 categories. The list was updated every two weeks by Norton LiveUpdate. Using the list alone, Norton only blocks listed sites. Consequently, Norton may not block sites until the next update. Parents could customize the list, adding or removing sites. A list of allowed sites could be created to restrict children to those specific sites. This version used application blocking rather than protocol or port filtering to control Internet access. Children could be restricted in the applications they used to access the Internet. A parental control profile could be set up for each child, and settings could be automatically configured based on their age group, whether they be a child, :teenager, adult, or administrator. Internet usage and violations were noted in a report presented to parents. PC Magazine found that enabling parental controls added a minute to a computer's boot time.

Version 3.0 was released March 19, 2001.

2002 (4.0, 5.0)
Version 2002 was announced on August 28, 2001. The Family Edition was dropped, so parental controls and information filtering were bundled. The installation was noted as quick and simple by both PC Magazine and CNET. Installation required a reboot, and afterwards the Security Assistant guides users through a questionnaire to best configure the service. CNET encountered a problem when upgrading from the prior release: customized settings were lost. PC Magazine found the default settings, aimed at avoiding frequent notifications, were somewhat permissive. Windows 95 support was dropped.

Running a full scan compiled a list of Internet-enabled applications. Users set permissions or accepted Norton's defaults. The firewall detected and blocked port scans and logged intrusion attempts. This version did not trace attackers. To ensure rogue programs could not masquerade as trustworthy applications, Norton verifies programs against a list of digital signatures for known programs. Update Tracker warned users when hackers attempted to gain access. The firewall blocked all access attempts from Shields Up and Port Checker. This version included a wizard to simplify firewall setup to accommodate multiple computers sharing an Internet connection. With this release, Norton could prevent specified personal information from access by a compatible instant messenger client, e-mail, and websites. Ad-blocking included the Ad Trashcan, where users could place ads that escaped ad-filtering.

A Professional Edition was announced December 11, 2001, aimed towards business owners. This version featured Norton Intrusion Detection, which intercepted suspicious connections and attacks, such as the Code Red worm. Intrusion Detection focused on Windows-based attacks. Central management was available. Administrators configured firewall and productivity settings for client computers. Productivity settings allowed administrators to block newsgroups, websites, and advertisements. The suite integrated with XP user accounts; settings could be personalized.

2003 (6.x)
Version 2003 was announced September 16, 2002. This version added Norton Spam Alert to reduce spam. The filter scanned the whole message and its context, rather than looking for keywords. A POP3 client had to be used. When a message was identified as spam, Norton inserted a phrase, by default "Spam Alert:", in the subject line. Users could create a rule to delete or move flagged messages. Users could create strings of text for Spam Alert screen when classifying messages. In PC Magazine testing, Spam Alert mistakenly classified 2.8 percent of legitimate e-mail as spam. 47 percent of spam slipped past the filter. Although false positive rate was low, the feature did not fare well at finding actual spam.

The updated main interface offered green and red indicators to show which features were active and which needed attention. The firewall updated features. A Block Traffic button in the main interface blocks all incoming and outgoing Internet traffic from an URL. Another new feature, Visual Tracker, graphically mapped attacks to their origin. The firewall blocked all port scans conducted by CNET, stealthing each one.

Following the Nimda and Code Red worms, this version scanned all incoming and outgoing traffic for suspicious data exchanges against a routinely updated database, a feature ported from Norton Internet Security 2002 Professional Edition. Connection to the offending computer was automatically severed if the traffic matches a database item.

Symantec announced a Professional Edition on November 19, 2002. Data recovery tools allow users to recover deleted or malware-damaged files. The inclusion of a data erasure tool allowed users to delete files while minimizing the chance of recovery. Web Cleanup removes browser cache files, history, and cookies. To maintain dial-up connections, Connection Keep Alive simulates online activity during periods of user inactivity. Norton Productivity Control enables users to filter Internet content and block newsgroups. When used with User Access Manager, multiple filtering profiles could be created, assigned to different users.

2004 (7.x)
Announced September 8, 2003, version 2004 adds adware, spyware, and keylogger protection. PC Magazine found the added protection to be weak. Out of the spyware samples Norton detected, a significant number were not removed completely, requiring manual removal. Norton did little to prevent spyware infections.

Norton AntiSpam, the renamed spam filtering feature, has a set of spam rules, which cannot be viewed or edited. Whitelists and blacklists of senders could be created. Users may create their own spam definitions. AntiSpam integrates with Outlook, Outlook Express, and Eudora, allowing users to tag e-mail as spam on-the-fly. E-mail identified as spam were either quarantined by default, however the feature could be configured to delete such messages automatically. In CNET testing, AntiSpam correctly identified 94 percent of spam messages.

Product activation was introduced* ". After installation, users were allowed a 15-day grace period to activate their copy of Norton Internet Security 2004. The program will not work after the deadline without the 24-character product key. The product key used to activate a copy of Norton Internet Security ties in with an alphanumeric code based on a computer's hardware configuration. Users may activate their product five times with the same product key, however licensing terms dictate users were allowed only to install Norton Internet Security 2004 on one computer.

2005 (8.x)
Symantec introduced Version 2005 on August 17, 2004. This version was sometimes referred to with the tagline of AntiSpyware Edition, since spyware detection was integrated with Norton and was by default enabled. Found threats were listed, separating the ones already dealt with and the ones requiring user interaction. More detailed information was provided through a link to Symantec's website. However, PC Pro and PC Magazine noted lengthy scan times. A full scan took 24 minutes to over half an hour, respectively. In PC Pro testing, Norton detected 61 percent of the spyware samples, compared to an average of 68 percent for all the tested products. Removal rates were above average, 72 percent versus the average of 68 percent. Norton blocked reinstallation with a score of 48 percent, compared to the group average of 43 percent. Overall, Norton ranked fifth among the tested products. In PC Magazine testing, Norton installed slowly on infected systems and failed to install on one altogether. Contacting Symantec did not resolve the issue.

Internet Worm Protection could block worms, which scan IP addresses for open ports. It blocks inbound ports based on known and suspected exploits using signatures and heuristics. The addition of the feature follows MSBlast in 2003 and Sasser in 2004, worms that exploited vulnerability in Microsoft Windows' operating systems. In response to emerging privacy threats — 75 percent of the threats in the last 12 months attempted to steal confidential information — this version adds phishing protection. Using the firewall component, users could create a whitelist of sites where confidential information could be transmitted. Users were alerted when information was transmitted to a site not on the list. The Outbreak Alert feature warns users of major threats as classified by Symantec, and users could press the Fix Now button to apply a set of changes to close vulnerabilities, such as blocking necessary ports used by a propagating worm. Browser Privacy could suppress information website generally receive about its visitors, such as the browser and operating system used. The feature could block advertisements.

Privacy Control could warn users when sending confidential information. It could be configured to block the transmission. It allowed users to specify how the information could be sent, such as via IM or e-mail. Item-specific exceptions allow users to control where there data could be sent. However, PC Pro found a flaw in the information filtering feature. The format of information on the list of confidential information could limit its effectiveness. For example, entering the last six digits of a credit card number will not stop the numbers from leaking if they were grouped in four digits. PC Magazine noted the fact anyone who could login to the computer could view the database of private information. For that reason, Symantec recommends entering only the last portion of sensitive information.

Norton AntiSpam now scanned e-mails for spoofed URLs and deals with any offending e-mail as spam. E-mails could be blocked based on language, however by default the filter allowed all languages. AntiSpam could sync its own list of allowed senders with POP3 address books. Users could train the spam filter by pointing out valid e-mail marked as spam and vice versa. Support for Yahoo! Mail and Hotmail was added* ".

2006 (9.x)
Norton Internet Security 2006 debuted on September 26, 2005. The new main interface, the Norton Protection Center, aggregates all information in a central location. Security status was shown by how secure the computer was for tasks such as e-mail and Internet browsing, not in the context of which features were enabled. The Protection Center could recognize third-party software protecting the computer. The new interface advertises additional products from Symantec; some categories of protection, such as "Data Protection", will read "No Coverage" until the user purchases and installs Norton SystemWorks. An additional system tray icon was created by the Protection Center.

The installation was noted as lengthy by PC Magazine, especially on malware-infected systems. Spyware detection has been tweaked since the last release. It has been updated to better identify keyloggers. In PC Magazine testing, Norton successfully detected all 11 spyware threats and removed all but two. PC Magazine did give Norton credit even when manual removal was required. The suite removed three of four commercial keyloggers. When attempting to install the spyware on a clean system, Norton blocked all 11 and two of the four commercial keyloggers. In most cases, it did not block the installation, however Norton did call for a scan after the spyware was installed. In PC Pro testing, Norton detected 78 percent of spyware, removed 82 percent, and blocked 65 percent from installing.

Norton AntiSpam was discontinued as a separate product from Symantec, now only available in Norton Internet Security. The feature could block all e-mail from unknown senders, and automatically blocks messages with suspicious elements such as invisible text, HTML forms, and phishing URLs. To improve accuracy, Norton analyzes outgoing e-mails and messages whose categorization was corrected by users by hitting the "This is spam" and "This is not spam" buttons. In PC Magazine testing, the feature marked one in ten valid e-mail as spam and let one in every six spam messages in the inbox. 400 messages were used, and the program was allowed to process the messages for over a week. In PC Pro testing, the feature performed better, blocking 96 percent of spam, with a false positive rate of 0.2 percent.

Norton recommends disabling the Windows Firewall to avoid redundant alerts. The firewall stealthed all significant ports in PC Magazine testing. Attacking the firewall itself was unsuccessful, and PC Magazine was unable to stop its service, terminate its process, or disable the firewall using simulated mouse clicks. The firewall passed PC Pro's tests, successfully stealthing all ports.

Other features included Bloodhound technology, which looks for virus-like behavior to better find zero day viruses. The Security Inspector looks for common vulnerabilities, including insecure user account passwords and browser insecurities. Advertisement blocking rewrites a website's HTML to prevent advertisements from being displayed. Parental controls, an optional component, could block certain programs from accessing the Internet, such as IM clients, and restrict newsgroup access. Restrictions could be assigned to different Windows users accounts. Sites were classified in 31 categories, and the four profiles which could be assigned each block different categories of sites. Supervisors define exceptions, add global blocked sites, or block all access to sites not on a user-created whitelist. Both PC Magazine and PC Pro noted the exclusion of time-based restrictions. Information filtering could be controlled on a per-user basis.

Windows 98 compatibility was dropped from this release.

2007 (10.x)
The 2007 version was announced September 12, 2006. A tabbed interface allowed users to access the Norton Protection Center and the program settings without separate tray icons and windows open. Symantec revised Norton Internet Security and made this version more modularized, which reduced the suite's memory usage to 10–15 megabytes and scan times by 30–35 percent. Another result was that spam filtering and parental controls became separate components. When installed, the features consumed 100 MB of disk space.

Anti-phishing integrated with Internet Explorer. It analyzes sites, examining the website's URL, title, form, page layout, visible text and links, and uses a blacklist to detect phishing sites. Users were blocked access from suspected phishing sites, however were presented an option to continue. In PC Magazine testing, the feature blocked 22 of 24 phishing sites, while Internet Explorer 7 recognized 17 of the 24 sites. In PC Pro testing, the feature successfully blocked access to every phishing site it was tested against. Spam filtering no longer included a language feature, Symantec claimed it was less useful with current spam and created false positives. Tested against 1,500 messages by PC Magazine, Norton let over half of the spam into the inbox. Five percent of valid mail were marked as spam. This version utilized Symantec's Veritas VxMS technology to better identify rootkits. VxMS allowed Norton to find inconsistencies among files within directories and files at the volume level. A startup application manager allowed users to prevent applications from launching at login. This release dropped support for Windows 2000 and was compatible with Windows Vista upon its release with an update.

The firewall made all decisions by itself to lessen the chance of disruption by a misinformed decision. Applications known to be safe were allowed Internet access, and vice versa for malicious applications. Unknown ones were analyzed and blocked if they exhibited malicious behavior. In both PC Magazine and PC Pro testing, the firewall did not incorrectly block any safe applications from Internet access. All malware was blocked by the firewall. PC Magazine testing reflected the same results. The firewall stealthed all ports. Exploits were blocked by the intrusion prevention system, which prevented threats from leveraging vulnerabilities. The system was updated whenever a vulnerability was identified. Attempts to disable the firewall were unsuccessful; registry changes, process termination, and simulated mouse clicks all failed. Disabling Windows services had no effect on the firewall since it worked at the kernel driver level. This version automatically adjusted configuration for different networks based on the physical address of the gateway rather than IP addresses.

In PC Magazine testing, Norton detected 15 of 16 spyware samples. 13 of the 16 were removed. Against eight commercial keyloggers, the suite removed all the samples. On a clean system, Norton blocked 14 of the 16 spyware samples from installing, and stopped seven of the eight keyloggers from installing.

2008 (15.x)
The 2008 version was announced on August 28, 2007, adding support for Windows Vista 64-bit. New features included SONAR, Norton Identity Safe, and Browser Defender. SONAR monitored applications for malicious behavior. Identity Safe superseded the information filtering function; instead of blocking personal information from leaving the computer, it stored personal information to fill webforms. It was password protected and checked a website's authenticity before filling any forms. Browser Defender inspected and blocked suspicious API calls, intended to stop drive-by downloads. Network Map identified networked computers with Norton Internet Security 2008 installed. Remote monitoring allowed checking the status of other installations on different computers; problems were identified with a red "X" icon. Using the feature, users could control traffic between computers. It warned users if they were using an unencrypted wireless network. The startup application manager and advertisement blocking features were dropped from this release. Information filtering, although superseded by Identity Safe in the suite, was available separately. It could be used in conjunction with Identity Safe.

Phishing protection now integrated with Mozilla Firefox. Testing by PC Magazine found that Norton blocked 94 percent of phishing sites, compared to 83 percent for Internet Explorer 7 and 77 percent for Firefox 2. CNET identified an issue with the feature: when anti-phishing was disabled, Identity Safe still offered to automatically submit personal information to websites, including phishing sites. Symantec declined to call it a "flaw", stating it was recommended to use Identity Safe with anti-phishing enabled. Alternatively, Identity Safe could be used with Firefox and Internet Explorer's built-in anti-phishing capability.

PC Magazine found that the firewall put all ports in stealth mode. The firewall blocked ten of 12 leak tests, used to see if malware could evade the firewall's control of network traffic. Previous versions did not identify the tests because none carried a malicious payload. Another test was conducted using Core Impact, which successfully exploited one vulnerability on the test computer. However, other components of Norton stopped the exploit from causing harm. The other attempts were unsuccessful either because the system was invulnerable or Norton's Intrusion Prevention System stopped it. Attempts to disable the firewall were unsuccessful by PC Magazine. On the contrary, PC Pro identified 15 open ports on a computer with Norton installed.

In PC Magazine testing, Norton completely detected most malware. For two-thirds of the samples, all traces were removed. Norton found and removed all the commercial keyloggers. A full scan took nearly an hour to complete though, twice as long as the 2007 version. The suite blocked most of the malware from installing and all the commercial keyloggers, regardless of any modifications made to the samples. PC World noted that Norton removed 80 percent of malware-associated files and Registry entries.

Spam filtering imported users' address books to compile a whitelist of allowed senders. Addresses to which users send mail and e-mail tagged as valid mail could be automatically added to the whitelist. Using several thousand messages, PC Magazine found that Norton marked over 40 percent of valid e-mail as spam. Over 80 percent of valid newsletters were marked as spam. Norton did correctly identify 90 percent of spam e-mail.

2009 (16.x)
The 2009 version was released for sale September 9, 2008. Symantec set several goals while in development: complete installations in under a minute and a footprint of 100 MB. Average installation times ranged from eight to ten minutes, and the previous 2008 version had a 400 MB footprint. Other goals included reducing load time after the computer starts, from 20 to 30 seconds to 10 seconds, and file scanning times with technology that allowed Norton to skip certain trusted files. The technology works on the basis that if a piece of software runs on a significant proportion of computers, then it was safe.

A reduction in memory consumption was made, prompted by the fact 40 percent of people contacting Symantec support had 512 MB of RAM. The beta release used about 6 MB of memory, compared to 11 MB by the prior version. To reduce scan times, Norton Insight used data from Norton Community participants to avoid scanning files that were found on a statistically significant number of computers. Citing a NPD Group study finding that 39 percent of consumers switching antiviruses blamed performance, a CPU usage meter allowed users to find the cause of high CPU usage, whether it be Norton or another program. Updates were more frequent, termed Norton Pulse Updates. Pulse Updates were delivered every five to fifteen minutes (down from every eight hours). Silent Mode automatically suspends alerts and updates when a program enters fullscreen mode and could be manually enabled. Activities took place while the computer was idle, and terminate once user activity was observed. Spam filtering became part of the bundle. This release bundled Norton Safe Web, which identified malicious websites, compatible with Internet Explorer and Firefox. Norton Safe Web color coded search results from search engines such as Google and Yahoo for safety. The Norton Safe Web toolbar included an Ask.com search box. The search box did not share code with the Ask toolbar; instead it redirected queries to the Ask search engine.

Benchmarking conducted by PassMark Software highlighted its 52 second install time, 32 second scan time, and 7 MB memory utilization. Symantec funded the benchmark test and provided scripts used to benchmark each participating antivirus software. Tests were conducted in Windows Vista running on a dual core processor. PC Magazine found the suite added 15 seconds to boot time, with a baseline of 60 seconds. Norton added less than 5 percent to the time it takes to complete file operations. 25 percent more time was taken to unzip and zip a set of files.

Norton was able to remove most commercial keyloggers, beating other tested products. Norton blocked all attempts to install malware on a clean system. Modifications made to the samples did not fool Norton. Norton was not able to block the installation of all the commercial keyloggers.

Phishing protection blocked 90 percent of verified phishing websites in PC Magazine testing. Internet Explorer 7 caught 75 percent, and Firefox caught 60 percent.

Norton stealthed all ports, according to PC Magazine. Port scans were unsuccessful. The firewall blocked all exploit attempts by Core Impact.

Malware blocking and removal garnered good results in PC Magazine testing. All but one malware sample contained within a folder were removed once the folder was opened. The last one was removed when executed. Modifications made to the samples did not affect detection. On a similar test, specifically using commercial keyloggers, Norton did not successfully detect all. In removing threats, Norton almost completely removed 40 percent of the malware samples and related executables.

2010 (17.x)
Version 2010 was released officially on September 8, 2009. This version featured Project Quorum, which introduced reputation-based threat detection to keep up with the 200 million attacks each month, many of which Symantec claimed evade signature based detection. The new approach relied on Norton Community Watch, in which participants supply information about the applications running on their computers. Safe applications exhibit common attributes, such as being of a known origin with known publishers. Conversely, malware may have an unknown publisher, among other attributes. Using the data a "reputation score" was used to infer the likelihood of an unknown application being safe, or malicious.

Other facets of Quorum were parental controls and spam filtering. Norton Internet Security 2010 bundled a free subscription of OnlineFamily.Norton, which PC Magazine found to be an improvement over the parental controls bundled with prior releases. Spam filtering used technologies Symantec acquired from Brightmail. Two filters were used to find spam: a locally installed one and a check against Symantec's servers to see if the message was known spam. In PC Magazine testing, no valid e-mail were marked as spam. However, 11 percent of spam still reached the inbox. This was a significant improvement over prior releases. The improved SONAR 2 heuristic leveraged reputation data to judge if a program was malicious. Norton Insight was expanded, showing users the number of Norton Community participants who have a certain program installed, its impact on system resources, and how long it had been released. Information about the program's origin and a graph of its resource usage was provided. Autospy helped users understand what Norton did when malware was found. The malware's actions and Norton's resolution were presented to the user. Previous releases removed threats on sight and quietly warned users, potentially confusing when users were deceived in downloading rogue security software.

With a compatible graphics card Flip Screen allowed the main display to "flip over" to show the opposite side of the main interface, consisting of a chart of CPU or memory usage and a timeline of security events. Otherwise the Flip Screen link was replaced by a Back link, which opened the back of the windows in a separate window.

Safe Search allowed the user to filter out unsafe sites, get insight on them, and keep track of HTTP cookies. Malware removal and blocking performed well, setting or meeting records in PC Magazine testing. It achieved a detection rate of 98% (highest of 12 antivirus products). The exception was blocking commercial keyloggers, where Norton made an above average score. File operations took 2 percent longer, and the file compression and extraction test took 4 percent longer. The only area where Norton introduced a significant delay was when the system was booting: the beta version added 31 percent to the boot time, significantly longer than prior versions. According to the Norton performance comparison website, Norton Internet Security scanned 31 percent faster, was 70 percent lighter, and installed 76 percent faster than the leading anti-virus product. AV-comparatives awarded Norton Internet Security "Best Product of 2009", Bronze award for 98.6% detection rate in 2010 and Norton Internet Security 2010 blocked 99/100 internet threats.

2011 (18.x)
Norton Internet Security 2011 was released for Beta testing on April 21, 2010. Changes included a new user interface and improved malware scanning. Symantec released an application that "scans" the user's Facebook feed for any malware links. This application does not require a valid subscription. In a test sponsored by Symantec, Norton Internet Security 2011 was the only security suite to achieve a 100 percent protection score in a new third-party test from Dennis Labs. Improved reputation scan provided the user with an easy to understand interface on files stored on the user's computer, marking them as trusted, good, poor, or bad. The production version was released on August 31, 2010. New features included Norton Rescue Tools. These tools included Norton Bootable Recovery tool and Norton Power Eraser.

On December 9, 2010, Symantec released the 18.5 version through Norton LiveUpdate. However, this update was later pulled due to numerous reports on the Norton forums that the update was causing system instability during system scans (both full and quick scans). This issue only affected some customers. Symantec later fixed the bugs and re-released the update.

Following the acquisition of VeriSign Security by Symantec, several VeriSign features were incorporated. A new Norton logo added the VeriSign checkmark formerly seen in VeriSign's own logo, as well as several new icon changes to the Norton Safe Web and Norton Identity Safe features.

2012 (19.x)
Norton Internet Security 2012 was released on September 6, 2011. Download Insight 2.0 monitored files for safety and the stability of a given file. I.e. if a file was stable on Windows 7, but unstable on Windows XP, XP users would be notified of the file's instability.

Enhanced removal tools were tightly integrated for better cleanup of infected systems. Once triggered, the new, more powerful version of Norton Power Eraser restarted the system to locate and remove fake antivirus software and other deeply embedded threats that were otherwise hard to remove. A new tool called Norton Management helped manage different computers and devices from a single location.

Other changes included SONAR 4, Google Chrome compatibility for Identity Safe and Safe Web and the ability to store passwords and notes in the cloud. However, the License Agreement did not guarantee passwords were stored securely and provided no remedy if the cloud vault was compromised.

The user interface was simplified to use only three buttons. The third button opened a more advanced and complicated menu, where the user was able to manage settings and access different product features. The CPU meter that was removed from Norton 2011, returned (only on the "advanced screen").

Combining the netbook and desktop line, Norton Internet Security integrated Bandwidth metering, which controlled the product's traffic usage and reduces it to minimum if necessary. This was ideal for networks with limited traffic., the user interface window adjusted according to the size of the computer screen.

This version of Norton Internet Security included several Easter eggs. Pressing Shift+1, 2, 3 or 4 would change the theme to default background (plain black), ray, animals, and floral respectively. holding Control + Win Key + Alt while pressing "performance button" to activate "Crazy Flip", which made the window flip head over heels. The effect would continue until the main window was closed and reopened.

Scans were scheduled through Symantec's proprietary scheduler, which performed tasks while the computer was idle.

20.x (2013)
Version 20 (2013) began a "Version-less" approach by dropping the 20xx naming convention, and automatically updated itself as new releases become available. Notable changes included a new user interface better suited for touchscreen devices, Social Networking Protection, to protect against threats targeted at social networks, and was the first release to officially support Windows 8.

Version 21.x (2014)
This version, released on October 7, 2013, became the last version to be marketed by Symantec. Norton Internet Security, along with Norton Antivirus and Norton 360, were replaced with Norton Security.

Version 22.x (2015)
A version 22.5 update was released in June 2015. It included a restyled user interface and Windows 10 Support.

Netbook edition
Symantec released a special edition of Norton Internet Security optimized for netbooks. This was available as download from the Symantec website or in a USB thumb drive. Symantec stated that the Netbook edition was optimized for netbooks. The main display was optimized to provide support for the 800 x 480 screen resolution. In addition, non-critical tasks were delayed while the netbook was on battery. Furthermore, the Netbook edition offered complimentary access to Norton's secure online backup and parental control to protect children.

Version 1.0
Norton Internet Security version 1.0 for Mac was released November 1, 2000. It could identify and remove both Windows and Mac viruses. Other features included a firewall, advertisement blocking in the browser, parental controls, and the ability to prevent confidential information from being transmitted outside the computer. Users were prompted before such information was transmitted. The incorporation of Aladdin Systems' iClean allowed users to purge the browser cache, cookies, and browsing history within Norton's interface. Is supported Mac OS 8.1. Hardware requirements called for 24 MB of RAM, 12 MB of disk space, and a PowerPC processor.

Version 2.0
Norton Internet Security version 2.0 for Mac was released on May 10, 2002. Version 2.0 tied in with the WHOIS database, allowing users to trace attacking computers. Users could inform network administrators of the attacking computers for corrective actions. When running under Mac OS 8.1 or 9, a PowerPC processor, 24 MB of RAM, and 25 MB of free space was required. Under Mac OS X 10.1, a PowerPC G3 processor, 128 MB of RAM, and 25 MB of free space was required.

Version 3.0
Norton Internet Security version 3.0 for Mac was released on May 17, 2003. The subsequent release, version 3.0, maintained the feature set found in version 2.0. The firewall now allocated internet access as needed rather than relying on user input using predefined rules. Compatibility with OS 8 was dropped. When running under OS 9.2, a PowerPC processor, 24 MB of RAM, and 25 MB of free space was required. Under OS X 10.1.5 through 10.3, a PowerPC G3, 128 MB of RAM, and 150 MB of free space was required. However, version 3.0 was not compatible with Mac OS X 10.4, or "Tiger".

Version 4.0
Version 4.0 was released on December 18, 2008. Symantec marketed a bundle of Version 4.0 and the 2009 version for Windows, intended for users with both Microsoft Windows and Mac OS X installed. iClean was dropped from this release. The firewall now blocked access to malicious sites using a blacklist updated by Symantec. To prevent attackers from leveraging insecurities in the Mac or installed software, exploit protection was introduced* ". Phishing protection was introduced* " as well. Mac OS X 10.4.11 or higher was supported. A PowerPC or Intel Core processor, 256 MB of RAM and 150 MB of free space were required.

Norton Security
In September 2014 Norton Internet Security was folded into Norton Security, as part of Symantec's streamlined Norton line.

Norton 360 (2019)
In 2019, Gen Digital (previously Symantec) rebranded the streamlined Norton Security products into a new Norton 360 suite.

FBI cooperation
Symantec, in compliance with the Federal Bureau of Investigation (FBI), whitelisted Magic Lantern, an FBI keylogger. The purpose of Magic Lantern was to obtain passwords to encrypted e-mail as part of a criminal investigation. Magic Lantern was first reported on November 20, 2001. Magic Lantern was deployed as an e-mail attachment. When the attachment was opened, a trojan horse was installed on the suspect's computer. The Trojan horse was activated when the suspect used PGP encryption, often used to increase the security of sent e-mail messages. When activated, the trojan horse logged the PGP password, which allowed the FBI to decrypt user communications. Symantec and other major antivirus vendors whitelisted Magic Lantern. Concerns included uncertainties about Magic Lantern's full potential and whether hackers could subvert it for purposes outside the law.

Graham Cluley, a technology consultant from Sophos, said, "We have no way of knowing if it was written by the FBI, and even if we did, we wouldn't know whether it was being used by the FBI or if it had been commandeered by a third party". Another reaction came from Marc Maiffret, chief technical officer and cofounder of eEye Digital Security, "Our customers are paying us for a service, to protect them from all forms of malicious code. It is not up to us to do law enforcement's job for them so we do not, and will not, make any exceptions for law enforcement malware or other tools."

FBI spokesman Paul Bresson, in response to the question of whether Magic Lantern needed a court order to be deployed, said, "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process."

Proponents of Magic Lantern argue the technology would allow law enforcement to efficiently and quickly decrypt messages protected by encryption schemes. Unlike a predecessor, Carnivore, implementing Magic Lantern does not require physical access to a suspect's computer, which would necessitate a court order.

Uninstallation
Older versions of Norton were defective. In the 2009 versions, Symantec added Norton Removal Tool, which removed their products, usually in less than a minute. The tool could be downloaded from Symantec's website.

Windows Service Packs
When Norton Internet Security 2008 was installed, users encountered incompatibilities upgrading to Windows XP Service Pack 3 or Windows Vista Service Pack 1. Users reported invalid registry keys added by a tool named fixcss.exe, resulting in an empty Device Manager and missing devices such as wireless network adapters. Symantec initially blamed Microsoft for the incompatibilities but accepted partial responsibility.

Dave Cole, Symantec's Vice President & General Manager, acknowledged that users running Norton products were experiencing problems, but said the numbers were small. Cole said that Symantec had done "extensive testing" of its products with Windows XP SP3, but this issue was not encountered. Cole blamed Microsoft "This is related to XP SP3." Microsoft recommended that users contact Windows customer support. To resolve the problem, Symantec issued a fix intended for users before upgrading. Symantec recommended disabling the tamper protection component in the 2008 release, dubbed SymProtect. A tool to remove the added registry entries was available from Symantec.

Windows Vista
Sarah Hicks, Symantec's vice president of consumer product management, voiced concern over Windows Vista 64-bit's PatchGuard feature. PatchGuard was designed by Microsoft to ensure the integrity of the kernel, a part of an operating system which interacts with the hardware. Rootkits often hide in an operating system's kernel, complicating removal. Mike Dalton, European president of McAfee said, "The decision to build a wall around the kernel with the assumption it can't be breached is ridiculous", claiming Microsoft was preventing security vendors from effectively protecting the kernel while promoting its own security product, Windows Live OneCare. Hicks said Symantec did not mind the competition from OneCare. Symantec later published a white paper detailing PatchGuard with instructions to obtain a PatchGuard exploit. After negotiations and investigations from antitrust regulators, Microsoft decided to allow security vendors access to the kernel by creating special API instructions.