One of the lesser known capabilities in our Norton protection products is a feature that protects you from attack when you surf the web. We call this feature Norton Browser Protection and I thought I’d spend a few minutes sharing with you what it does and why we believe it has become a critical part of protecting you from attack as you surf the web.
What’s the problem that Browser Protection addresses?
Well think about how much time you spend surfing the web every day. I bet it’s a lot more that it was five years ago. As more and more of our activities migrate into cyberspace, we find ourselves increasingly relying on a web browser to surf sites, to shop, to pay our bills and to interact socially. This has unfortunately created a new opportunity for cybercriminals. Two things contribute making this a big problem:
1) It’s no longer just bad sites that serve up malicious code. While it used be that if you stayed clear of the darker corners of the internet (e.g. adult content sites or sites offering pirated software) you were far less likely to encounter malware online, today that is no longer the case. The regular day to day websites that we all interact with have become more and more complex, and while large corporations have sufficient resources to oversee the security of their web operations, typically smaller sites do not. Consider your local pizza shop or neighbourhood school website. You may interact with such sites on a frequent basis and certainly wouldn’t expect them to infect you with malware, but the reality is that today they just very well might. How do you know they have not been compromised by a cybercriminal? Realizing that such sites are often poorly protected, cybercriminals actively search out such sites looking for weaknesses to find their way in. Once inside (unlike the highly visible hacker attacks of yesteryear) they don’t announce their presence, but stealthily install malicious code which sits there attempting to infect the visitors of the compromised sites, in other words you and me. Think about it, using such stealthy techniques, the local pizza store owner never even knows their site has been compromised…
2) The software we use on our PCs has gotten ever more complex. Adding to the problem is the growing complexity of our PCs. We all use a piece of software called a web browser to surf the web, but the simple web browser is no longer just that. Today’s browser has evolved into a multitude of moving parts (including many plug-ins) that enable you and I to engage in rich web interactions such as viewing movies and automatically rendering PDF documents. Unfortunately complexity brings with it a higher likelihood of software bugs and many of these bugs (called vulnerabilities) can allow an attacker to inject malicious code into your system simply as a side effect of you simply visiting a compromised website, even if you don’t click or download anything from that side. Of course software vendors are quick to release patches to fix these bugs, but realistically how many of us are diligent enough to keep our web browser (and all of the plug-ins) patched and up to date. Our data tells us that many users don’t. In fact of the visitors that visit this website each day, more than 20% are still using Internet Explorer version 6, yet version 8 has been available for over a year now.
Together these two factors have increased the likelihood that you will come under attack as you surf the web.
So what’s our solution?
Well our Intrusion Prevention System (IPS) is part of the solution. I wrote about this in a previous blog entry. In many cases it can spot attempts to leverage software bugs in the browser by just watching the HTTP network traffic as it enters your machine. Cybercriminals however are learning to hide their tracks and are starting to go to great lengths to obfuscate their attacks.
Anticipating this trend in the threat space, over the last few years we have been investing in technology to strengthen the defences of popular browsers. This technology, called Norton Browser Protection, watches your web browser as you surf the web and looks out for attempts by remote web sites to exploit known software bugs (vulnerabilities) in your web browser to inject code onto your PC. Unlike our IPS which focuses on examining network traffic, Norton Browser Protection sits inside the browser and watches each webpage as it is displayed on your screen. This makes it much harder to hide the malicious code.
The nice thing about this is that, Norton Browser Protection technology is signature driven. This means that when you update your Antivirus definitions (which our Norton products do automatically for you many times throughout the day) you also get updated signatures to prevent against any newly discovered bugs (vulnerabilities) in your web browser (and plug ins) from being exploited. These signatures protect against the underling vulnerability and just one signature can protect against thousands of variants of malware including ones we have never seen before! Our security response team monitors for new vulnerabilities in browsers and browser plug-ins on a 24x7 basis. So even if you are not good about patching and keeping the software on your PC up to date, you can still surf the web safe in the knowledge that Norton Browser Protection is looking out for you.
So what about performance, will this slow me down as I surf the web?
No, one nice advantage of Norton Browser Protection is that, it protects against “real” attacks. It only applies its defences to vulnerable systems and browsers (i.e. it focuses on monitoring known software bugs that have not yet been patched). If your system has been patched for a particular vulnerability, the Norton Browser Protection does not block attempts to exploit it. This ensures higher performance on fully patched systems.
What happens when this Browser Protection blocks an attack?
In most cases Browser Protection filters only the malicious portion of a web page, while allowing the rest of the web content to be displayed without change. This allows you to still access a compromised website (e.g. your local pizza store or neighbourhood school website) but it keeps the malicious content off your machine. You will see a pop-up letting you know that Norton Browser Protection has kept you safe. In other cases where websites are highly infected Norton Browser Protection will take you to a warning page (like the one shown here).
This gives you the opportunity to decide for yourself whether you want to continue browsing the infected website. In a few rare cases, where the remote website is dangerously infected Norton Browser Protection may have to abruptly terminate your local web browser to ensure your safety.
What sort of results are we seeing with Norton Browser Protection?
Based on our statistics, Norton’s Browser Protection has prevented close to 25 Million attack attempts on our users over the last twelve months and it did this while still maintaining the high performance protection that Norton users have come to expect. We’re continue to monitor the threat landscape looking for new bugs in the browsers that we all use and keep Norton Browser Protection updated to protect against attempts to exploit those bugs.
So there you have it. Norton Browser Protection has been a part of our NAV/ NIS/ N360 shipping products for the last three years. It’s available today for the most popular browsers like Internet Explorer and Firefox and we are continuing to add support for newer browsers as our users (like you) demand. If you’ve any questions about this technology, drop me a note and I’ll be happy to provide more detail.