web analytics

Norton Wi-Fi PrivacyLast year Symantec released an iOS version of Norton Wi-Fi Privacy. It’s a solid app that shields an iPhone or iPad against everyday risks with public Wi-Fi hotspots1.

This year Norton has expanded the product in two ways. First, it now comes in PCs and Macs versions as well as iOS and Android. Second, you can now buy multiple licences to cover five devices. The earlier version covered just one.

A third change is with the price. Norton asks for a lot more than before. Last year a single licence purchased through the app store was NZ$45. This year it is double that amount: NZ$90.

App store price Norton Wi-Fi Privacy
This is the price Norton charged a year ago.

 

Norton Wi-Fi Privacy pricing

A three licence pack is NZ$120 and protecting five devices costs $140.

Better value when buying in bulk

While the multiple packs are better value, NZ$90 for a single device is pushing it. Norton Wi-Fi Privacy is expensive. It’s about twice the price of alternative VPN services.

You can buy arguably better VPN protection for far less money. However, most alternatives require a level of knowledge that many users will find daunting. Norton packages it up, makes it easy to install, use and pay for. You pay more for the convenience.

I tested the software on two iPads, an iPhone and a MacBook. The apps are similar in each case.

An icon show on the MacOS menu bar when it is working. The MacOS app user interface is tiny. That makes it hard to see. It is on a par with what you might see on an iPhone screen. It works fine as a full screen on an iPhone, but it huge and chunky on an iPad. At this price you might expect Norton to do a better job tailoring the user interface.

Most of last year’s comments still apply:

Easy:

Norton’s Wi-Fi Privacy software is easy to install and use. Most of the time it stays out of the way. There are few settings to worry about. Most of the time, you don’t need to do anything after you have installed the software.

Settings:

The setting that may interest you is choosing the end point of your VPN. You can choose from 28 overseas destinations to set as your virtual location. This is more than most alternative VPNs offer. New Zealand is not an option.

If you set the software to auto-select it chooses Australia. I’ve used the VPN to make it look as if my device is in the UK and the US in order to buy services in those countries which are geo-locked for New Zealand. I also use the VPN to force some websites to show a specific country version when the one served up for New Zealanders isn’t my first choice.

Ad-blocking:

Norton says the app also blocks the ad-trackers used by online advertising companies to spy on your web activity. Apart from the report, see below, there’s no way of checking if this works. We’ll have to take Norton’s word on this.

Performance hit:

There’s a noticeable line speed overhead. Running the software on a Mac, connecting to VDSL over a a home Wi-Fi connection the speed drops by at least 10Mbps. That’s a lot when the overall line speed is in the range of 50 to 60Mbps. Line speed drops on iOS are similar. The software is awful when it comes to latency, ping times can take almost twice as long, this may be in part because of the roundabout route.

In practice the performance hit is far worse. I run a cloud back-up app, when Norton Wi-Fi privacy is switched off, the back-up chugs along at around 20Mbps. With the VPN switched on, the back-up speed drops to around 4Mbps.

Reason not to buy:

Norton Wi-Fi Privacy comes with a potential deal-breaker. It doesn’t work with BitTorrent. Either Norton assumes you’d only use BitTorrent and nanny-like takes this option away or it can’t cope with the protocol. Whatever the reason, the software switches off when you start a BitTorrent client.

Another negative:

BitTorrent aside, in practice the VPN sometimes disconnects for no apparent reason. This happens mainly on iOS, I only saw it happen once on MacOS.

There is a clear indication that the software is or isn’t working on the Mac – the menu bar icon shows a green tick. While the iOS version also has a small menu bar icon at the top of the screen, it is more ambiguous. When the VPN is not active, no icon shows. That’s not as helpful as a VPN-is-off indicator.

Useful for some, imperfect VPN

Norton has done a good job making it easy for non-technical users to get VPN protection. At the same time, it gives big brand-name confidence for those who need it. Many alternative VPNs are from companies you’ve never heard of.

Yet the high price, performance overhead and BitTorrent restriction make it hard to recommend Norton Wi-Fi Privacy to anyone tech-savvy enough to find a better alternative. If you’re confident with security and privacy you’ll do better looking elsewhere.


  1. At the time a number of readers pointed out that public Wi-Fi hotspots are not as risky as Norton would have us think. ↩︎

NotPetya

Victims of the NotPetya ransomware attack can’t get at their own computer data even if they pay the ransom.

NotPetya is an attack on a grand scale causing a huge amount of disruption. Many victims are large companies in Europe. It has also hit American businesses. You may see this referred to elsewhere as Petya.

At the time of writing the impact on New Zealand doesn’t appear to be major. But then, unlike other countries, there is no compulsory attack notification here. That gives local companies lee-way to paper over their security cracks.

CertNZ offers advice for New Zealand. It includes the usual, but always wise, call to make sure everything is patched up-to-date.

Give us your Bitcoins

Computers hit with the malware show a message demanding a ransom payment of around NZ$500 in Bitcoin. There’s a mail address for victims to use when confirming their payment. The mail service provider has since shut-down the account.

Whatever the rights and wrongs of that action, it makes life even harder for the victims. They can no longer contact the attacker to get the decryption key needed to unlock their data.

NotPetya first emerged in Ukraine. Early reports there say it hit the nation’s government, banks and utilities. It appears that country has suffered more than elsewhere.

Russians fingered

This may, or may not be coincidence. Ukraine blamed earlier attacks on the nation’s infrastructure on Russian organisations. There’s some evidence of Russian state involvement. There is a slow-burn war between the two countries.

Some analysts say the recent attack uses a revamped version of an earlier ransomware. Others suggest it is a new form of ransomware not seen before.

NotPetya is the second huge ransomware attack in as many months. It won’t be the last. These look set to be a regular feature of modern life. Think of it as a new normal.

Last month’s WannaCry ransomware affected 230,000 computers. Among other things it damaged the UK’s National Health Service computers. Spain’s main telco and German state railways were also on the receiving end.

A Symantec press release says the new attack uses the same EternalBlue exploit as WannaCry. America’s National Security Agency developed EternalBlue and used it for five years.

WannaCry used mail systems to infect computers. It appears that’s not the way NotPetya is spreading. It is what security people describe as a worm. That is, a program that makes copies of itself to spread to other computers.

NotPetya, not kill switch

Defenders saw off WannaCry when researchers found a software kill switch. This meant they could turn it off. There is no kill switch in NotPetya.

As you’d expect Symantec says its software protects its customers against the attack. The company says it is not yet clear if this attack targets specific victims. Worms are hard to target, the criminals set them up and let them wreak havoc.

Ransomware is big business for the criminal gangs behind the attacks. It also fuels the computer security industry which grown 30-fold in the past ten years. Today it has an annual turnover of more than $100 billion.

If you wrangle a handful of devices and need extra security software1, Norton Security Premium from Symantec will help.

It protects your computers from malware. Yet that’s only part of the story.

There are different versions of the software depending on the devices you use and the licences you buy.

Each version includes identity protection and blocking software to keep your browser away from risky websites.

After that, the feature list varies.

When you buy Norton Security Premium you get a sealed licence card. You then download the software as needed from the web. The product key is inside the card.

There a complex web of what’s in or out for each version and device. To make it easier, I scanned this table from the back of the product card.

Norton Security Premium

Five, three, one

The most expensive licence costs NZ$135. It covers five devices in a single household. There’s a NZ$105 three device licence. A $70 version protects a single device.

Norton Security Premium includes apps for Windows, MacOS, Android and iOS devices. Your devices don’t need to have the same operating system. You can mix and match, say, Windows PCs, Android phones and iPads.

The Windows protection is the most comprehensive. In comparison the iOS components don’t do much.

Cloud back-up for Windows devices

The three and five device licences include 25GB of cloud back-up for one year, but only for Windows devices. The single licence gives you 2GB of Windows cloud back-up.

If you don’t have a Windows computer, you can’t use the back-up. So, the software is better value for Windows owners than for others.

Typically you might pay NZ$15 to $20 for 25GB of cloud back-up from other service providers.

Norton’s cloud back-up isn’t closely tied to the rest of the security software and it is average compared with specialised back-up alternatives. There’s no file sync, which is a disappointment.

Norton Security Premium default choices

It comes with a default choice of what gets backed up and when. The software doesn’t back-up video files or mail. You can change these setting to suit your needs. You can also use the back-up software to make local back-ups to, say, a hard drive.

Norton’s initial back-up runs at a slow pace even if you have a fast internet connection. Later back-ups are speedy.

Restoring is easy. You can pick individual files or the lot. One nice touch is that you can browse through the back-up as you would through a local drive.

There’s a password manager in the Windows, Android and iOS editions, but not the MacOS version.

Software to protect children from unsafe content2 is in the Windows and Android package. MacOS or iOS users don’t get it.

Antivirus in practice

It’s hard to judge if antivirus is effective without throwing malware at it in a laboratory. After two months of running the software at home it has yet to spot a live virus or any other malware in everyday use.

That goes for my MacBook and my HP Spectre. Nothing has turned up. Not a sausage. It did find some malware on an old, archived back-up drive. That was some Windows malware downloaded harmlessly onto a Mac by the Apple mail app. But that was it.

That’s not to say protection is a waste of time for everyone.

Slow down

The problem is that the software slows computers. I benchmarked the Spectre with and without Norton Security Premium installed. The overhead is between three and five percent depending on what’s going on. That’s acceptable if you want to stay safe.

Norton’s firewall is easy to use, but redundant for most users. It offers extra features compared to, say, Windows Firewall. That can be dangerous in the wrong hands. Still Symantec designed the firewall to need next to no user involvement. Another advantage is that it integrates well with other Norton components.

SafeWeb browser protection keeps bad websites from loading rubbish on to your computer. It pings often, especially if you go down clickbait rabbit holes.

Norton Security Premium does a fine job minding the security gaps on your behalf. There are cheaper alternatives but I’ve yet to see one as polished.

Symantec has a wealth of experience building security products for non-experts to use. That alone is a reason for everyday users to buy. It also makes Security Premium a good option to put on workplace computers.


  1. Not everyone does. Read Staying safe online is about more than buying security. ↩︎
  2. This used to be controversial. Some parents see it as creepy. Others are keen to keep their children away from nastiness. ↩︎

Symantec wants you to know public Wi-Fi is risky — see below. This is not news. But the company says it has your back with an app to keep you safe. Norton Wi-Fi Privacy comes in versions for Android and iOS.

Both are free downloads. You get a one week trial at no charge. After that, it’s NZ$45 for a year’s subscription.

Norton say the app encrypts your data then sends it through a virtual private network or VPN.

Experts agree this combination is a good first-line defence against Wi-Fi dark arts.

Although if you’re worried, you might be better off avoiding free Wi-Fi. After all, it’s not so free if you need to spend $45 a year to use it.

It may not stop determined, expert crooks, or state sponsored agencies, but Norton Wi-Fi Privacy will keep you safe from opportunistic, everyday criminals.

The app also includes links to a free built-in ad blocker and a free password manager. At the time of writing the ad blocker is not available to New Zealanders. Symantec says it may be added later. The password manager is part of the local deal.

Bank-grade encryption

Norton’s marketing material promises WiFi Privacy has bank-grade encryption.

We’ll have to take Norton’s word on this. There is no easy way to check the app encrypts data before it leaves the phone.

Whether bank-grade encryption is necessary or valuable to the ordinary user is debatable. It sounds good though.

Norton promises

Another promise that you’ll have to trust Norton on is that your data is not tracked or stored. If it was, it could be a bigger security risk than using public Wi-Fi networks in the first place.

Norton is a well-known brand. Symantec has much to lose if anyone found it was cheating.

If Symantec was cheating, you’d soon know. Security experts pull Norton’s technology apart looking for flaws all the time. They found whoppers earlier this year.

Virtual private network

Running sensitive mobile data through a VPN makes sense.

In simple language a VPN is a secure tunnel through the internet from your device to a server. The tunnel’s other end can be anywhere.

Businesses use VPNs to keep traffic private. It’s not impossible to snoop on VPN traffic, but it’s hard. There’s so much low-hanging fruit that criminals can do better elsewhere.

Consumers use VPNs to hide where they are coming from and what they are up to. So they can watch geo-locked video or browse geo-locked websites. And a VPN means ISPs and others can’t see if you’re downloading pirated material.

Your own internet tunnel

You could, say, set up the VPN tunnel so the other end is in the UK. That way you’ll be able to watch episodes of BBC shows like Doctor Who. Or get the US version of Netflix — although Netflix has recently cracked down on VPN activity.

While VPNs are useful, they come with strings attached. A VPN will slow your connection. There are few, if any, phone apps where this matters. Nevertheless, keep it in mind.

To test how much Norton’s VPN slows traffic I ran Speedtest on my phone with and without the Norton VPN. I did this in a handful of locations on Auckland’s North Shore. The tests used 3G and 4G cellular, home Wi-Fi and a Spark Wi-Fi hotspot.

Slower

In each case download speeds are slower with the VPN. Downloads reach 40 to 45 Mbps without the VPN and 25 to 32 Mbps with it on. Upload speeds stay stable.

Norton’s VPN allows you to choose from one of 14 international destinations. There’s an automatic mode as well. In Auckland it chooses the Sydney region by default. If you want another you can pick one using the manual settings.


The VPN means you can make it look as if your phone is calling from the US, Germany or anywhere else.

London calling

With a VPN, if you choose, say, the UK region, your tunnel will end at a UK server. The map on the Norton app shows there’s a ‘secure connection’ somewhere in the City of London.

You can check where your VPN connects to the rest of the internet by using ipaddress.com. During the test this confirmed the UK address as being in the City of London and belonging to Digital Ocean.

Norton Wi-Fi Privacy map
Norton Wi-Fi Privacy keeps personal or business information safe from prying eyes. It is also a handy way of watching geo-blocked streaming video. During testing I used it to see Euro 2016 football on UK television channels. It worked well and maybe worth buying for this as much as for the privacy.

Do you need Norton Wi-Fi Privacy?

Norton’s app defends you from public Wi-Fi snoops. Unless you use public Wi-Fi often or download large amounts of data, there may be better options.

Post-paid mobile phone contracts in New Zealand include cellular data. It’s harder for criminals to tap into 4G mobile than intercept public Wi-Fi traffic.

So, instead of worrying about Wi-Fi snoops, consider making more use of cellular data. It is simpler and maybe cheaper. You could spend the $45 Norton subscription on buying more mobile data.

If you make regular video calls or run data-heavy apps, Norton Wi-Fi Privacy makes more sense.

Verdict – Norton Wi-Fi Privacy

There’s not much in Norton Wi-Fi Privacy a medium grade geek couldn’t do themselves. Encryption isn’t hard. Nor is setting up your own VPN.

Yet Norton has packaged this to make it easy for non-experts. The language and jargon of network security is often enough to scare everyday users off.

At NZ$45 a year it is expensive, but then it is less than many commercial VPNs charge for a subscription. Norton’s app is a less trouble and some will feel comforted by the brand name.

Less likeable is Norton’s mean one device licence. If, like me, you run a phone and a tablet, Norton would like you to pay twice for the app. Of course you could tether that second device to your phone, but that’s not the point here.

One extra thing to think about. Norton Wi-Fi Privacy will go a long way to protect you, but don’t fall into the trap of thinking it’s all you need to stay safe on public networks. Whether you have the software installed or not, you need to keep your wits about you when using public services.

How risky is public Wi-Fi?

While you need to take scary messages from security vendors with a pinch of salt, there is evidence public Wi-Fi is often insecure. Mind you, this activity is still relatively rare in New Zealand. It’s hard to find reported cases of it happening here.

Crooks can sniff traffic on the network. They can intercept email, read direct messages, even listen in on VoIP conversations.

They can steal or copy your cookies then log-in to sites with your identity. If you use unencrypted sites, they can even get your passwords and log-ins. It’s possible to watch your online banking sessions and take your money.

Another threat is the Man-in-the-Middle attack. This can load malicious code on your devices or servers. The crooks might be looking for a way into organisational systems.

This article by Maurits Martijn has more gory detail.

While all this sounds scary, you can cut the risks by using HTTPS instead of HTTP to log-on to sites. If you use encrypted connections and verify sites using certificate, you remove most of the remaining risk.

Keep all of this in mind. Knowing the risks is the first step to staying safe.

Bill's Security story image (2Bill Bennett went to five IT security experts to find the five easiest, most affordable, steps you can take now to secure your business.

Online criminals can attack from anywhere in the world and at any time. New Zealand is in their sights. Like all criminals, they look for easy targets – which means the technology equivalents of unlocked doors, unprotected buildings and unguarded valuables.

The scale of the problem is enormous. Security specialist Symantec reports cyber crime cost New Zealanders $257 million in 2015. The online attacks affected 856,000 people – roughly one in five of the population. And these are just the crimes we know about, many more go undetected.

All businesses are vulnerable. PwC Research found over half of all New Zealand businesses face an online attack at least once a year. Most businesses, especially smaller companies, don’t have an IT security strategy of any description.

Read the full story by Bill Bennett at NZ Business magazine (no longer online).