Norton Internet Security 2010 ($70 for 3 users as of 3/10/2010) took the top spot in our 2010 roundup of security suites, edging out Kaspersky's offering. Norton has a comprehensive set of features, top-notch malware detection, and reasonable speed. Symantec has been investing in technology that detects malware by its behavior, and it shows in this release, further bolstering this historically strong performer.

The Norton interface is nicely laid out, but its peculiar use of color (a black main window with orange accents) makes it tough to read. The left panel displays a CPU performance gauge, which may or may not be useful to you. The middle column has three sections: Computer (for desktop operations), Network (for connections to the Internet or other PCs), and Web (for browser protection settings). The right column shows configuration options for each of the three subsections. The problem is that the notifications, in green and red text, were sometimes hard to see against the black background. Norton was one of the top performers in detecting and cleaning up active malware infections on a PC. It found all the bad software, disabled 93 percent of it and removed all traces of two-thirds of the software--the best scores of any product we tested.

Norton detected 93 percent of inactive rootkits, but detected and removed all active rootkits. This is a very solid score for this test, but rivals McAfee and Kaspersky both achieved perfect scores across the board here.

On the other hand, Norton was the only suite we tested that achieved a perfect score in detecting, disabling, and removing malware using behavioral scanning (detecting new and unknown malware based solely on how it acts on a PC). This is a good test for judging how well a product can detect and disable brand new, unknown malware.

Norton did well in our tests for old-style signature-based malware detection, finding 98.4 percent of samples. By comparison, however, McAfee Internet Security, the top performer on this test, detected 99.9 percent of samples. Signature-based detection is useful for detecting older malware, but it's less important than it once was given the huge number of new malware outbreaks.

Despite improvements over the years in performance, Norton did slow our test PC at boot, taking 3.9 seconds longer than the average startup time. But we experienced minimal drag in day-to-day desktop operations. Norton's scan speeds were decent, but not outstanding; it took 4 minutes, 14 seconds to scan 4.5GB of data in our on-access scanner test that judges how quickly the scanners work when you're opening or saving a file. The top performer in this test, PC Tools, completed the scan in 2 minutes, 51 seconds.

One annoyance with Norton's suite is its use of proprietary names like Quorum, Sonar, Insight for security technologies that it doesn't explain very well. For example, on the Symantec knowledge base search page we received this message: "Our search engine was unable to find any pages related to quorum." For the record: Quorum is Symantec's cloud-based detection engine that assigns a reputation to programs based on several factors; Sonar is Symantec's behavioral-detection technology; and Insight provides up-to-the-minute data on malware collected from other Symantec users.

Norton is clearly a top-notch product. The differences this year between the Norton and Kaspersky suites--our two highest-scoring contenders--are very slight. No matter which you choose, each offers quality protection and cutting-edge tools to combat the malware yet to come.