Not what you were looking for? Ask our experts!
Reply
Regular Contributor
NY1986
Posts: 1,173
Registered: ‎06-27-2008
Accepted Solution

Internet Worm Protection Updates

I just ran live update and there was some update regarding kernal thing. Any way it required reboot. When I rebooted I noticed that my internet worm protection is monitoring 1251 sigantures which is the same amount from back in early december.

But what concerns me is that my protection shows

 

Internet Worm Protection Signature File Version: 20081220.001.
Internet Worm Protection Engine Version: 4.1.0.61.

 

shouldn't my signature file be newer than 12/20/08? Am I not getting worm protection update?

I know in December it updated 12/1, 12/4, 12/11, then 12/20. But nothing since then. I'm getting updates of virus defs and all and just ran live update

Regular Contributor
NY1986
Posts: 1,173
Registered: ‎06-27-2008

Re: Internet Worm Protection Updates

wasn't there a new worm detected late december?
Regular Contributor
NY1986
Posts: 1,173
Registered: ‎06-27-2008

Re: Internet Worm Protection Updates

[ Edited ]

I guess what I'm meaning here is on 12/30/08 there was a rapid release issued for

W32.Downadup.B

 

so shouldn't that have generated a new IWP file signature version? Would that mean that I'm not yet protected against this?

 

Or do initial releases get added to my protection, but the IWP file signature version doesn't change as a big file right away, thus leaving me initial protected until the big file comes?

Message Edited by NY1986 on 01-06-2009 03:48 PM
Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Internet Worm Protection Updates

I think you must meant Intrusion Prevention Signatures?  If so, there have been no Intrsuion Prevention Signatures Released since then, and there should be an Update fourthcoming.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Regular Contributor
NY1986
Posts: 1,173
Registered: ‎06-27-2008

Re: Internet Worm Protection Updates

 

No when I went to my logs it showed

Internet Worm Protection Signature File Version: 20081220.001.
Internet Worm Protection Engine Version: 4.1.0.61.

 

 

is this the same as intrusion signatures?

Symantec Employee
ChristopherA
Posts: 121
Registered: ‎06-28-2008

Re: Internet Worm Protection Updates

Don't worry, NY1986. Norton uses layered protection, so more than one component can help protect against the same threat. Your virus definitions, which are updated frequently, protect you against viruses, worms, and many other forms of malware. Updates to the virus definitions (including pulse updates) give you protection against new internet worms. The intrusion prevention (internet worm protection) signatures that you are looking at provide another form of defense against internet worms. This is a different type of signature, which, by its nature, simply does not require frequent updates to remain effective. The 20081220.001 signatures are up-to-date.

 

Regular Contributor
malwareman
Posts: 206
Registered: ‎01-04-2009

Re: Internet Worm Protection Updates

I see you have a lot of questions NY. Why don't you just upgrade to NAV 2009 or NIS 2009. Better off.
Regular Contributor
NY1986
Posts: 1,173
Registered: ‎06-27-2008

Re: Internet Worm Protection Updates

thanks Christopher Let me see if I understand

 

so the Internet Worm Protection Signature File Version: 20081220.001.Internet Worm Protection Engine Version: 4.1.0.61.is the latest one.

 

1. I did notice many Internet Worm Protection Signature File Version updates in early December, is that just a random thing?

2.  I mean the updtes don't come in any pattern like very week. It could one every week for 3 weeks then not another until a month later?

 

3. So if a new worm or a new variant is detected by Norton and they issue a def say on 12/30/08. Then as soon as I update after the def is created I’m protected. Even though my Internet Worm Protection Signature File Version has not changed? The protection comes at another level or actually the many levels Norton has? 

 

 

 

Symantec Employee
ChristopherA
Posts: 121
Registered: ‎06-28-2008

Re: Internet Worm Protection Updates

NY1986, I'll try to give a more thorough explanation.

 

The various types of definitions/signatures (I will uses these term interchangeably) form, as a whole, a database of information used by Norton to determine how to best protect against various threats. When a new threat comes out, such as an internet worm, our response team would take look at the threat and determine whether Norton requires new information to fully deal with that threat. If the threat did not require new definitions, none would be published. If the threat does require new definitions , they would be put into one or more of the definitions files, to be downloaded by LiveUpdate. Which precise definition sets are updated is a purely technical decision. Definitions for a new internet worm are usually placed in the virus definitions package. Most of the time, new information in that definition set is all that Norton requires to fully update its protection. Occasionally, it may prove desirable to also update the intrusion prevention signatures (the Internet Worm Protection). Again, this decision is based on what are essentially obscure technical considerations. From the user's point of view, the updates to this particular file come at unpredictable times and intervals, while the virus definition updates come rather regularly. Which exact files get updated is not really important to the user. What is important is that the response team will make sure that the complete current set of all definitions, as a whole, has what is necessary to protect the user, and LiveUpdate will bring those definitions down to the user's machine.

 

I'm on the devlopment team so I can't speak to the exact worm you are referring to, only how the product works in general. But you are probably correct when you say that the protection comes at another level. When you hear that we issue a new definition, this usually means it is put in the virus definitions package. You would have the new definition as soon as that is updated (often sooner, if you have 2009 and pulse updates are turned on).

 

 

Regular Contributor
NY1986
Posts: 1,173
Registered: ‎06-27-2008

Re: Internet Worm Protection Updates

Thanks Christopher

So in general, protection "tweaks" (Meaning Norton has a handle on the problem already from previous updates) come as def updates, but if there is a need for a big modification that gets updated via the Internet Worm Protection Signature File?