Intrusion Prevention and Browser Protection

swordbyte · ‎06-18-2011

I see that these are two different features in NIS 2011.

Am I correct in thinking that although Browser Protection is limited to IE and Firefox, Intrusion Prevention applies generally whatever Browser is is use?
However the purpose of these features appears to be fairly similar - so what is the real difference?
Also it seems odd that vulnerabilities applying to particular 3rd party software products aren't generally getting patched by their own manufacturers?

SendOfJive · ‎02-07-2009

Hi swordbyte,

You are correct that the general Intrusion Prevention System offers protection regardless of the browser in use by monitoring all network traffic. Whenever an attack that matches an IPS signature is detected, IPS will block it. These attacks target vulnerabilities in the operating system as well as in applications such as Adobe Reader, Java and many others. The browser-specific component of IPS is able to detect attacks launched through the browser which are obfuscated and difficult to detect without Norton having a presence in the browser itself. You can read a good article on the Browser Protection feature here:

http://community.norton.com/t5/Norton-Protection-Blog/Norton-Browser-Protection-Protecting-you-from-...

Software vendors do routinely issue patches to fix the vulnerabilities in their products. Microsoft releases security updates on the second Tuesday of each month, and program vendors generally release fixes as they become available. Norton will protect you against newly discovered attacks in the period before a vendor issues a patch, but will also continue to block any exploits after a patch has been released, since many users may neglect to keep their programs up-to-date. A good way to check your system for vulnerable software is to run Secunia's Online Software Inspector (or you can install their Personal Software Inspector if you prefer an onboard application).

http://secunia.com/vulnerability_scanning/online/