Satnam Narang, Symantec Security Response expert, takes a broader look at the Heartbleed bug, and breaks down what you what you really need to know to feel protected in a rapidly changing cyber landscape.Read more...
With so many great devices to choose from, it's hard to know where to start. Even the decision between Andorid or iOS can be a difficult conundrum. Expert advice on mobile security gives you the tools to understand the pros and cons of the two leading mobile operating systems.
Symantec is continuing to track this OpenSSL bug discovered recently and its implications for consumers. Read on to learn what "Heartbleed" is, how it works, and security tips to protect consumers and businesses.Read more...
From mobile malware apps to social media spam, learn more about common mobile scams and how to protect yourself. Read on.Read more...
Don't want to be an April Fool? While it only happens once a year, scammers make a living off fooling users 365 days a year. Learn more about their tricks and protect yourself. Read on..Read more...
March 31 marks World Backup Day, and while it's best to backup your files regularly now is as good a time as ever. Here are a few more tips for digital spring cleaning! Read on..Read more...
After April 8 2014, Microsoft will no longer release updates designed to fix bugs that cybercriminals use to gain access to the operating system (OS). Any newly discovered vulnerabilities in the operating system will effectively become an open invitation to an attacker to gain control of a computer running Windows XP. Symantec strongly recommends that Windows XP customers upgrade to a current OS as soon as possible, but will continue to support Windows XP SP3 systems for the foreseeable future.Read more...
The rise of the smartphone has brought countless technological benefits that make our daily lives easier in so many ways, and one of the biggest has been the freedom of mobile banking. Gone are the days of waiting in a busy branch on a Saturday afternoon to transfer money into your savings account, or calling an automated number to check your balance.
But having your bank accounts within such close reach does bring its dangers, and it shouldn’t simply be assumed that logging in and doing your banking can now be done at any time and in any place. Here are five quick tips to keeping your money safely where it should be.Read more...
The world of business has to move with the times, and right now that means it makes a lot of sense to allow staff to use whatever devices they have for work. BYOD – bring your own device – is here to stay, and if implemented properly can be a real boon to the productivity and happiness of your employees. They get to use a device they’re comfortable with, and you get to slash your hardware deployment costs.
But BYOD brings with it new risks to the security of sensitive company data, with employees taking their main work systems out of the office with them at the end of the day. Rather than fearing the worst and avoiding BYOD altogether, here are five simple steps to making a BYOD approach work.Read more...
It's Credit Education Month, a great time to be sure your online habits are keeping financial information secure. Protecting your financial information is important, and it doesn’t have to be difficult. Read on for a few easy tips to practice safe online habits.Read more...
The clock is ticking down on Windows XP. Microsoft will end technical assistance for the 12-year-old operating system on April 8 and effectively stop delivering automatic updates and security patches to Windows XP users. Symantec’s Norton products will continue to support Windows XP systems for the foreseeable future, but we strongly recommend Windows XP users upgrade to a more current operating system as soon as possible and protect it with a robust security solution. Read on to learn more...Read more...
We’ve recently seen hackers take over the Twitter accounts of media outlets and large corporations, using them for anything from basic spam to drawing attention to global issues. Your own accounts might seem too small to tempt scammers, but even with just a few followers your information is a valuable commodity in the wrong hands. Read on for tips to stay safe on social networks.Read more...
GPS devices have made driving so much simpler in recent years, and it’s hard to find a driver today who does not use one for long journeys. But what are the downsides to being constantly connected when driving? While you’re getting vital information to help you reach your destination, what vital information of yours is flowing the other way? Your privacy is something you can take control of right now, and the best place to start is the smartphone in your pocket.
Expert tips from Symantec to protect your data while traveling abroad for the 2014 Winter OlympicsRead more...
Top 5 tips around social media privacy and security, plus insights from Symantec's Scams and Spam to Avoid on Facebook whitepaper. Read on..
Check out this Lunar New Year Security Checklist for tips to stay connected safely while traveling, protect your transactions online, and more. Read on to view the full infographic!Read more...
Mobile technologies sure-to-trend in 2014 include "smart" connected devices and wearable gadgets. Watch this best-of video from Norton at CES, including a hacker in action and mobile security tips.Read more...
While new mobile trends are in fashion for 2014, mobile cybercrime threats are trending also. More than 1/3 of smartphone users have experienced mobile cybercrime (2013 Norton Report). That means, resolution number one on your list should be to security protect your shiny, new mobile devices and tablets. Read on for how-to tips!
The holidays provide scammers with an opportune time to sweep up valuable personal data as well as lost or stolen devices. That's why Norton has captured security tips to protect your presents. Don't fa-la-la-la-fall for cybercriminals' tricks, check out the Holiday Survival Guide.
Read more to see the full infographic!Read more...
Each year millions of consumers spend millions of hard earned money online over the Holiday Season. But do you know how to shop online safely? This infographic reveals some of the most important facts and advice for shopping online over the holidays.Read more...
Today, we are excited to announce the release of the latest versions of our award-winning Norton core security products, which keep consumers safe from evolving threats in their daily online lives. The latest versions improve on the industry’s leading protection and performance, and are designed for compatibility with the new features of Windows 8.1.
In our 2013 products, many changes/enhancements were added to the Norton IdentitySafe Toolbar. Now that we have just released our first update to the 2013 product we wanted to summarize all of the changes we introduced starting with the 20.1 release.Read more...
In part four of this four-part blog series, we continue to delve into specifics of the chatter around the new security features being introduced with Windows 8. Our key takeaway has been that we don’t see technology that will significantly move the needle in terms of protecting users in this new Windows 8 environment. Continue reading here to find out more.Read more...
In this four-part blog series, I briefly review some of the myths we’ve heard about Windows 8 security improvements and point out where deficiencies lie. Today I'll cover Myth #3: Changes to the Windows 8 boot sequence make it secure. We believe security should still very much be a concern for anyone running the new Windows 8 OS. Continue reading here to find out why.Read more...
In part two of this four-part blog series, I'll explore Myth #2: Windows 8 is safer because all apps are sandboxed from the rest of the system. We believe security should still very much be a concern for anyone running the new Windows 8 OS. Continue reading to find out why.Read more...
In this four-part blog series, I briefly review some of the myths we’ve heard about Windows 8 security improvements and point out where deficiencies lie. We believe security should still very much be a concern for anyone running the new Windows 8 OS.Read more...
Everyone here at Norton is extremely excited about this new release of the Norton security products! This is the first time we are launching all three products at once: Norton AntiVirus, Norton Internet Security, and Norton 360. In this two-part blog post, I plan on going through some of the new features and improvements we have made. The first part will cover some of the things we’ve done on the protection side, while the second part will cover the performance and experience side of things. Hopefully this will explain how some of these technologies will make your computing life safer and easier.
We know that when you jump on your computer, you’re looking to do specific things. Whether you’re working, playing some games, or browsing the Web, you’re on your computer to do the things you want to do. Security should not be a worry. Our main goal is to provide you with that security and peace of mind so you can do your stuff with confidence – that’s what you hired us to do right?
For the September 2012 update, here are some of the things we have been working on!
The Norton products fully support the upcoming Windows 8 consumer OS, delivering the fastest and most secure performance on the OS. Windows 8 introduces a whole new user interface and a new apps model similar to iOS and Android apps. Norton will protect you in this new mode, as well as in the traditional “desktop” mode that everyone is accustomed to.
Microsoft has made strides to tighten the security hatches, but there still remain attack avenues that can be exploited. Windows Defender, Microsoft’s security technology, is now enabled by default upon installing Windows 8. (From here on out, mentions of Windows 8 will mean Windows 8 with Defender). While improvements have been made from previous Defender versions, it still trails Norton significantly in real-world tests – the ones that matter to you. Installing the Norton products replaces Windows Defender. The result is that your Windows 8 device will run safer and faster!
The following chart shows our score versus Windows Defender 4.0.
“The test was designed to challenge the products against 0-day attacks from the internet, which includes the most common infection vectors these days… Out of 100 possible points Norton achieved 100. Windows Defender managed to block 44 threats out of 50 completely and blocked some components of another threat. 5 threats were not blocked, resulting in a score of 79.”
*(Source: A commissioned test performed by av-test.org which compared the Windows 8 with Defender against the latest Norton Internet Security)
Along with the standard host of technologies that protect you, here are a couple of Windows-8-specific protections:
As the Web has become a central point of people’s computer habits, Web browsers are a prime target for attackers. Exploits and phishing attacks are significant threats and Norton has brought full browser protection to Norton AntiVirus. As a Norton AntiVirus user, you’ll have the protection offered by the Norton Safe Web system. A few highlights include:
With multiple logins and passwords needed on so many Web sites, it is very easy to forget them. Norton AntiVirus now includes Identity Safe, which is a password manager that securely stores and fills in your logins so that you can quickly browse your favorite sites. Identity Safe includes browser support for Internet Explorer, Firefox, and Chrome, and app support for Windows, Mac, iOS, and Android. This means you have access to your login and password information no matter which of those devices you use. You can also browse to the Identity Safe Web site (http://identitysafe.norton.com) to access your info from any Web browser. Never forget a password again!
To create the best multi-device and multi-platform experience for everyone, your information is now always stored in the cloud, available to you at all times. For users who have previously created a local vault, it will still be available along with the online vault.
You may be wondering, “How about the security of my info?” Security is our primary concern and we take it very seriously. Your entire vault is encrypted using 256bit AES encryption and with a password that you create. We require that you create a “very strong” password to keep your vault as safe as possible. All vault data transfers are encrypted during transit to ensure no one can access your data using “man-in-the-middle” attacks. To get started, click the “home” button on your Norton browser toolbar:
Phishing attacks are a popular way for bad guys to steal your information by tricking you into providing it. These attacks focus on getting you to enter your important personal information (logins, passwords, credit card numbers, social security number, etc.) by pretending to be a site that you trust. For example, you may receive an email that looks like it came from your bank. You click a link in the email and “your bank” is asking you to update your personal information. In reality, the attacker has put up a temporary Web site that looks just like your bank’s site. These sites are typically brought up and down quickly (sometimes within hours), to avoid being caught.
If you weren’t paying attention, you might have typed in your login and password information and clicked submit. The attackers now have your information and can access your bank account, change your password, lock you out of your account, and withdraw your money.
The scary thing is, in today’s world, this isn’t done just by email anymore. The phishing attempt can be a Facebook message, an instant message, an SMS message, or any other new method. I have had first-hand experience that really highlights what can happen. A few years ago I received an instant message from a known friend on my contact list. The chat started off casually and didn’t seem suspicious at first. The friend then said they had a photo to share with me from a recent event and sent a link. I hadn’t met up with this friend in a long time so I became suspicious. I copied the link to a safe virtual machine and opened it. The page showed the login page of a large, popular online photo sharing site. If I had entered my login information, the attacker would have been able to capture it. From there he easily could have accessed my email and branched out to any other online accounts I may have had. Luckily I noticed the funny behavior and didn’t fall for it. I later confirmed that my friend’s instant message account (and email) was hacked. She had to go through a lot of trouble to clean up her online and credit card accounts.
Now imagine if I wasn’t careful or hadn’t noticed that odd behavior. Imagine if it was one of my less tech-savvy family members or friends? That could have been big trouble. The Norton antiphishing technology would have protected me even if I hadn’t been careful.
Other scam attacks have been appearing that trick users into signing up (unwittingly) for premium SMS services, promising gift cards for filling out surveys, or selling fake counterfeit goods. As with phishing sites, these sites have a short life span to avoid being caught. The new Norton Scam Insight feature will warn you if you’re about to enter personal information into a site that looks to be new or is not well established in the Norton user community.
How is Scam Insight better than traditional blacklisting technology? The problem with blacklisting technology is that the site needs to be identified, confirmed “bad”, added to the blacklist, then distributed to our millions of users. As mentioned before, the sites don’t live for very long. It is nearly impossible to maintain such a list that’s effective within that short timeframe. With Scam Insight technology, we are leveraging the power of the Norton community to provide the most up-to-date information. As with files, apps, (and even people!), it takes time to build trust. This is the idea behind Scam Insight.
If you click a link and see the warning below, you should think twice before continuing!
Attackers go where the people and (potential) money are. Since Facebook now has more users than some countries have people, there have been a variety of attacks popping up. With the combination of the Norton Facebook Wall Scanner, our Intrusion Prevention Systems, and other technologies, you will be protected from:
To highlight a few recent scam trends:
Where there’s money, there will be bad guys trying to steal it. The Norton products will protect you from these and other scams -- Please make sure you’re protected!
To ensure your Facebook wall is safe from some of these threats, you can run the Facebook Wall Scanner. While you may never willingly post bad links, an infected friend can still post on your wall and affect others! You can access the wall scanner from the main UI -> Scan Now -> Scan Facebook Wall
Similarly, if you want to share something with a friend, you also want to make sure you are sharing a safe site. The Norton toolbar gives you convenient access to share the page with a friend. It will check with the Norton Safe Web system and make sure the site is safe before allowing you to share it.
The Norton suite of products contains a wide variety of technologies to help protect you and your activities. From antivirus, to antispyware, to firewall, to intrusion prevention and many others, each individual technology serves a specific purpose. But working together, here is where the sum is greater than the parts.
The firewall has been a venerable part of Norton Internet Security and Norton 360 for a long time. (Note: Norton AntiVirus does not include firewall). In the past few years, the number of threats has exploded. Our Insight system has given us tremendous power to find these threats by leveraging our large numbers of Norton Community users – you! By being a part of this community, you are helping out other Norton users. Based on Insight data analysis, files can be determined to be “good” or “bad.” There are still apps for which we don’t have enough information; we will call these “gray” apps.
The firewall already worked together with our antivirus and behavioral detection engines to automatically make the right decision for an app. With the latest update, it is now also capable of tapping into the Insight system to help make its decisions. When the firewall automatic program control is set to “Aggressive,” the firewall will automatically allow the good apps, and provide you with more information for the “gray” apps.
Normal firewall prompts don’t give you much information about the app requesting network access. With the new reputation firewall, these prompts will include Insight information that can help you make a more informed decision. On the left side in the above screenshot, you will be able to hover over each icon and see the various Insight ratings.
This Insight information provides you with extra knowledge so you can make the best informed decision. For example, if you don’t recognize the app, it is brand new, and it doesn’t have many users, you may want to think twice before allowing it to connect to your computer.
There are some very sophisticated threats out there that require more aggressive methods of detection and cleanup. Norton Power Eraser is a tool that is built for this job.
The new version of Norton Power Eraser includes a few noteworthy improvements:
Norton Power Eraser can now be launched directly from Norton AntiVirus, Norton Internet Security, and Norton 360 after a scan. Clicking the link highlighted below will download (via LiveUpdate) and launch the latest Norton Power Eraser.
And that’s it for part 1! Hope you have found this useful and stay tuned for part 2 where I’ll cover the performance and user experience side of things…
Now that the latest version of Norton Internet Security and Norton 360 are released, you may have noticed some improvements to the Norton Toolbar - the Share button and the Online Vault. Below is an explanation of the changes, and why we wanted them in the product.
Why Online Vaults?
The Online Vault is Convenient.
- It provides access to your most sensitive data from any iOS, Android, PC, or Mac device and from *any* device with a web browser.
- It automatically synchronizes data across devices.
The Online Vault is Secure.
- Norton uses 256bit AES encryption to encrypt the data. This is a leading industry standard for encryption.
- Using a very “strong” password is mandatory when creating an online vault – not just encouraged.
- On the server side, Norton has security zones and firewalls between each zone to make sure only intended traffic is allowed access.
- Encrypted vaults on PC, Mac, and Mobile clients are only ever decrypted on your local computer, never at Norton facilities, so no Symantec employee ever has access to any vault data.
- Vault contents are encrypted both in transit as well as at Norton data centers to ensure that no one can access a user’s data via a “man-in-the-middle” attack.
Why is Share part of the toolbar?
Share is Convenient.
- Share enables one click content sharing through email and social networks directly from the Norton toolbar.
- Often times, users have the urge to share something, but can’t find the email or share function. Share solves this by providing very quick access to the most popular sharing mechanisms.
Share is Secure.
- Share leverages Safe Web technology to warn users of unsafe websites, and it will prevent them from passing on potentially harmful content.
EDIT: below is information from dconn's reply in to a forum thread. We felt this was relevant to add to this blog post.
We are continuing to take note of all the comments on Identity Safe and how it has impacted everyone both in a practical sense and an emotional sense. We really did not expect the changes to invoke such passion but then of course it became clear that the value of our Forums lies in the passion of the participants and the feedback they gave us.
We've learned from this that we need to do a better job up front of explaining our changes so that there is clear information available for you to consider at the same time as you experience the changes.
Now that we have clarified our plans to make the Share feature configurable there seems to be a few remaining key issues that folks feel strongly about. Let me try to clarify our thinking.
We understand your concerns about storing your vault data in the cloud. Let me explain how we do this securely and hopefully alleviate those concerns.
All of your vault data is encrypted using a secure algorithm (SHA256) on your local machine using your vault password, before it is sent to Symantec servers. Symantec does not have access to your unencrypted vault data or to your vault password which is used to decrypt it. In addition, both your Norton Account password and your vault password are required to download your encrypted vault. If somehow the Identity Safe online vault was compromised all that hackers would get would be an encrypted blob that is of no value to them
The Norton team strives to provide you with the best security and the best functionality. We take your data security and privacy very seriously. We hope you will all come to like the convenience of our cloud storage.
We understand the importance of the data being available when you cannot access the online vault. The vault data is cached locally and is always available whether you have access to the online vault or not.
There's nothing bad about the local vault. Instead of continuing to split development and testing in both local and online vaults, we believe it is in the best interests of our users to invest all of our energy in to the online vault as that offers the best immediate, long term value and security.
Hopefully this helps clarify things. Are there any other aspects of the Online Vault that we can provide more clarity on? For those of you who are upset or concerned about the online vault we want to know why. We want this to be a constructive conversation, and better understand your concerns. Any feedback you have about it is appreciated.
We are excited to announce the Beta launch of Norton Identity Safe Standalone. Norton Identity Safe takes away the pain of having to remember multiple passwords and securely stores important information such as credit cards numbers, addresses, and phone numbers. Please visit https://identitysafe-beta.norton.com/ to try the Beta.
Passwords have become a way of life for every computer user. They are one of the most popular methods of user authentication on the Internet. They are used to check emails, access bank accounts, watch movies, play games, and a lot more.
The world would be lot simpler if we could safely use the exact same password across all Web sites. Unfortunately with the rise of phishing attacks, having a single password is very dangerous. In a phishing attack, a fake Web site can impersonate your email provider. If you provide your password thinking that it’s business as usual, you have just given your email password to a hacker . If that password is also your bank password it can be used tocause financial damage. Another way hackers get your passwords is to use a lot of computing power to guess it--a brute force method of trying out various combinations of letters and numbers.
Web sites that realize these risks have deployed measures to protect their users from such attacks. The use of a strong password is encouraged, and is in some cases mandatory. Typically Web sites define strong passwords as having a certain length and a mix of upper- and lowercase letters and special characters. Some Web sites force users to change their passwords on a periodic basis. A few deploy methods where you have to select a picture that you recognize, so that you can ensure you are really on the correct Web site. These are very good measures that help protect their users.
The challenge with such efforts is there are no standards rules across Web sites. Users are left with trying to figure out how to cope with the variety of rules and may feel forced to take a few shortcuts, like using the same strong password on several Web sites. Another challenge with strong passwords is actually remembering them. Lots of users actually write down the passwords on a sticky note and keep it around their computers for easy access. This obviously is not a safe practice, but is understandable.
At Norton we have been helping users solve this exact challenge with our Norton Identity Safe feature. Users of Norton Internet Security and Norton 360 have been using this feature on their PCs to keep their passwords and identity safe.
With the introduction of the standalone version of Norton Identity Safe, we are not only providing a way to access your securely stored passwords and personal information from any computer, but are providing a means to do so from your tablets and mobile phones. The mission of Norton Identity Safe is to travel with you and continuously remember complicated passwords whenever and wherever you need them.
How does it work?
As you are browsing the Internet on your PC, tablet, or mobile phone, Norton Identity Safe will automatically fill in your user name and password to log you in to your email, bank, etc. Here are few details of how Norton Identity Safe works internally.
On a PC, browser plugins/extensions for Internet Explorer, Firefox and Chrome are installed. This browser presence allows Identity Safe to see what website users go to & help fill the passwords automatically. When a user logs into a website for first time after installing Norton Identity Safe, these plugins/extensions detect that and prompt the user to save the login information into the database (aka vault).
Mobile Apps are able to download the vault and make them available to the users. In the current incarnation, Mobile Apps will not beable to capture any new logins. You need to setup the product on a PC and then use the product on Mobile Apps.
It’s all about the vault
The vault is a database where all your passwords and confidential information and notes are securely stored. With Norton Identity Safe Standalone, your vault is created in the cloud and automatically made available on mobile devices. Once you have a vault created, you have password freedom.
Getting password freedom starts with installing NortonIdentity Safe on your PC and creating a vault. It’s a simple process of providing a Norton Account and creating a strong password for access to your stored passwords.
1. Download the PC software from https://identitysafe-beta.norton.com/ and start the Install.
2. Provide the email address you use for your Norton Account. If you don’t have a Norton Account, enter the email address you want to use to create one.
a. If you already have Norton Account, the installer will ask for your password.
b. If you don’t have a Norton Account, to the installer will provide a screen where you can create one.
3. Create a strong vault password. A simple list shows if you have met the criteria.
When you first get started, you will not have any passwords stored into your vault. As you normally visit Web sites where you log in, Norton Identity Safe will ask your permission to save your user names and passwords in your vault. Once they are saved in the vault, you will not have to remember them anymore. Let’s look at a scenario:
1. User visits gmail.com on a PC and provides a user name and password.
2. Norton Identity Safe asks the user if they want to save the user name and password for gmail.com.
3. If the user says Yes, Norton Identity Safe saves them securely in the vault.
4. The next time the user goes to gmail.com, Norton Identity Safe fills in the user name and password for gmail.com automatically.
5. The user never has to remember their gmail.com login again.
Passwords anytime, anywhere
Once you are have your passwords saved by Norton Identity Safe, you can fully realize the convenience it provides when you browse on your mobile devices.
I want my passwords on my phone and tablet
Norton Identity Safe provides an App for the Apple iPhone and iPad as well as for Android phones and tablets. All you have to do is download them from the Apple or Android App store and set them up using thesame account you used on your PC. This links the App with the vault that you have created and immediately downloads all the passwords to your mobile device. You can start using them without typing a single additional password.
I am at my friend’s place
Say you are visiting a friend and you need to check your emails; you are not carrying a device that has Norton Identity Safe installed on it. No reason to worry because Norton Identity Safe travels with you. All you have to do is log on to https://identitysafe-beta.norton.com/ and you will be able to access your passwords.
Other important features
Your Norton Identity Safe home page is where all of your logins, cards, and notes are visually represented. It’s a good place to see what you have saved and change any settings to the product. It’s recommended that you set this as your browser’s home page so that your logins are readily available every time you open the browser. If you choose not to make it your homepage, it can be easily accessed from the Norton Toolbar menu.
Additionally, the home page has quick links to get to the sites from which you can download the mobile Apps. It’s highly recommended that you download these Apps if you own an iPhone, iPad, or Android device.
Safe Web – Safe browsing
Norton Identity Safe also includes Safe Web--a feature that protects you from going to malicious Web sites. As you are browsing, it shows you whether the Web site is safe or not. This protects you from phishing attacks and Web sites that might be trying to steal your passwords.
iOS and Android Apps provide a full blown browser. It provides a safe browsing environment making sure users are protected from malicious websites and makes sure that the search results show the safety rating so users know if a site is bad even before they visit it.
If you share URLs, you can use Share Via to do so with the confidence that you are not accidently sharing something with your friends and family that will potentially infect their computers. With one click you canshare a Web site via popular social networks and email providers right from the toolbar.
Norton Internet Security Customers
Norton Internet Security 2012 customers have access to the cloud-based Norton Identity Safe and which means you already have the PC client of Norton Identity Safe already installed. If you do not have the 2012 version installed, you can download it from http://updatecenter.norton.com/ManualUpdate/Index?
We are looking forward to your feedback. You can post it on the Norton Forum. You can download the product from https://identitysafe-beta.norton.com/.