• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

how does it work?

Regarding blocking worms and virus? I use Norton AntiVirus2008. So lets take the example of

W32.Waledac

I see today that Norton/Symantec has been able to detect this and that it usually comes via an e-card.

So lets say I just updated the defs for my NAV2008. So now I get an ecard with this attachment. So like an idiot I open it. But the fact that my defs are updated to block this (assuming it hasn't mutated), tehn i most likely would not get infected?

Replies

Kudos0

Re: how does it work?

Regarding blocking worms and virus? I use Norton AntiVirus2008. So lets take the example of

W32.Waledac

I see today that Norton/Symantec has been able to detect this and that it usually comes via an e-card.

So lets say I just updated the defs for my NAV2008. So now I get an ecard with this attachment. So like an idiot I open it. But the fact that my defs are updated to block this (assuming it hasn't mutated), tehn i most likely would not get infected?

Kudos0

Re: how does it work?

I use a yahoo based email rather than outlook. would that work the same?
Kudos0

Re: how does it work?


BinHock wrote:
I use a yahoo based email rather than outlook. would that work the same?
Yes.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: how does it work?

and my original attempt using this example was to confirm that if bad item xyz version 1.0 is out there and Norton has added it to their updates and I added the update, then in theory I should not be infected or even be able to download through stupidity bad item xyz version 1.0. that the updated defs should protect me
Kudos0

Re: how does it work?


BinHock wrote:
and my original attempt using this example was to confirm that if bad item xyz version 1.0 is out there and Norton has added it to their updates and I added the update, then in theory I should not be infected or even be able to download through stupidity bad item xyz version 1.0. that the updated defs should protect me

That is right.

Even if the E-mail Scanner does not Detect it, Auto-Protect probably will.  And, even if they both Miss it, you have got your on-demand, Norton Scanners.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: how does it work?

so keep updates updated :)

Message Edited by BinHock on 12-23-2008 04:47 PM
Kudos0

Re: how does it work?

sorry somewhat new to this what would be the on-demand, Norton Scanners?
Kudos0

Re: how does it work?

But please remember that, even if you do Download and Install Virus Definitions (V.D.s) for X.Y.Z.Z. Virus, for example, it may have changed to X.Y.Z.E. Virus, for example.  For example: If V.D.s are Released on Thursday, December 25, 2008, at 1500, and you Install the V.D.s at 2000, the Virus could have Modified it-self by that time, so it is really important customers Install V.D.s and other Signatures as soon as they become available.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: how does it work?

thanks and of course I wouldn't purposely download stuff like that. Just thinking extreme situations and how Norton protects us
Kudos0

Re: how does it work?


BinHock wrote:
sorry somewhat new to this what would be the on-demand, Norton Scanners?
Open Norton Product > Click on N.AV. tab > Tasks & Scans (I think it is!) > Run a Scan.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: how does it work?

Oh you mean run a manual scan I gotcha
Kudos0

Re: how does it work?


BinHock wrote:
thanks and of course I wouldn't purposely download stuff like that. Just thinking extreme situations and how Norton protects us

You're welcome.  :D

And of course customers should never Download stuff like this on purpose or visit Known Phishing Web Sites on purpose.  :)

I just wanted to give an example.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: how does it work?

Red I notice on the bottom you have

 

Tuesday, December 23, 2008: ThreatCon Changed to Level 01: Normal | Monday, December 22, 2008: Microsoft has Released Security Advisory 961040 for S.Q.L. Server Vulnerability which was dis-closed on December 09. Install the Updates Microsoft Released this month immediately. Make sure you keep your Anti-Virus Product up-to-date. I thought the threat con according to symantec is still yellow? And the 12/22/08 update you are referring to from Microsoft, is that for the average desktop user?
Kudos0

Re: how does it work?


BinHock wrote: 
...how Norton protects us

Norton AntiVirus 2008 has the following Features:

- Auto-Protect.

- In-coming and Out-going E-mail Scanning.

- In-bound Firewall.

- Intrusion Prevention.

N.I.S. has more Features than Norton AntiVirus.  =D  So I would Recommend using N.I.S. for that reason.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: how does it work?


BinHock wrote:

Red I notice on the bottom you have

 

Tuesday, December 23, 2008: ThreatCon Changed to Level 01: Normal | Monday, December 22, 2008: Microsoft has Released Security Advisory 961040 for S.Q.L. Server Vulnerability which was dis-closed on December 09. Install the Updates Microsoft Released this month immediately. Make sure you keep your Anti-Virus Product up-to-date. I thought the threat con according to symantec is still yellow? And the 12/22/08 update you are referring to from Microsoft, is that for the average desktop user?

Hi BinHock,

It was Changed to Level 01 a few hours' ago.

Yes, that is for everyone.

Just a tip: This is not related to the Thread Topic, so please start a New Message when wanting to ask a question that is not related to the Thread Topic.  Thank you!

Microsoft Security Bulletin M.S.08-078:

http://www.microsoft.com/technet/security/Bulletin/MS08-078.mspx .

Microsoft Internet Explorer X.M.L. Handling Remote Code Execution Vulnerability:
http://www.securityfocus.com/bid/32721.


Microsoft Security Advisory (961040) Vulnerability in S.Q.L. Server Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/advisory/961040.mspx.

Microsoft S.Q.L. Server "sp_replwritetovarbin" Remote Memory Corruption Vulnerability:
http://www.securityfocus.com/bid/32710.

Message Edited by Floating_Red on 12-24-2008 01:08 AMMessage Edited by Floating_Red on 12-24-2008 01:11 AMMessage Edited by Floating_Red on 12-24-2008 01:21 AM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: how does it work?

Oh so there was not a microsoft update on 12/22/08 just a bulletin?Message Edited by BinHock on 12-23-2008 05:09 PM
Kudos0

Re: how does it work?


BinHock wrote:
Oh so there was not a microsoft update on 12/22/08 just a bulletin?Message Edited by BinHock on 12-23-2008 05:09 PM

That is correct.; it is called a Security Advisory also.  Microsoft plan to Release the Update in the coming few weeks.

Message Edited by Floating_Red on 12-24-2008 01:13 AM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: how does it work?


BinHock wrote:

Regarding blocking worms and virus? I use Norton AntiVirus2008. So lets take the example of

W32.Waledac

I see today that Norton/Symantec has been able to detect this and that it usually comes via an e-card.

So lets say I just updated the defs for my NAV2008. So now I get an ecard with this attachment. So like an idiot I open it. But the fact that my defs are updated to block this (assuming it hasn't mutated), tehn i most likely would not get infected?


If you have e-mail Scanning on, it should Remove it from the e-mail as soon as you open it.  In some cases, it will Remove it before it even hits your In-box.

If you do not have E-mail Scanning on, you would get Infected, but Norton would Dectect it via Auto-Protect and hopefully it should Remove it.  If it does not, you can Ran a Manual Full System in Normal Mode and in Safe Mode.

You should have E-mail Scanning In-coming and Out-going Turned On.

Message Edited by Floating_Red on 12-24-2008 12:21 AM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

Replies are locked for this thread.