• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Kudos4 Stats

What are the changes to the Norton Toolbar?

Now that the latest version of Norton Internet Security and Norton 360 are released, you may have noticed some improvements to the Norton Toolbar - the Share button and the Online Vault. Below is an explanation of the changes, and why we wanted them in the product.

Why Online Vaults?

 

The Online Vault is Convenient.

- It provides access to your most sensitive data from any iOS, Android, PC, or Mac device and from *any* device with a web browser.

- It automatically synchronizes data across devices.

The Online Vault is Secure.

- Norton uses 256bit AES encryption to encrypt the data. This is a leading industry standard for encryption.

Using a very “strong” password is mandatory when creating an online vault – not just encouraged.

On the server side, Norton has security zones and firewalls between each zone to make sure only intended traffic is allowed access.

Encrypted vaults on PC, Mac, and Mobile clients are only ever decrypted on your local computer, never at Norton facilities, so no Symantec employee ever has access to any vault data.

Vault contents are encrypted both in transit as well as at Norton data centers to ensure that no one can access a user’s data via a “man-in-the-middle” attack.

Why is Share part of the toolbar?

Share is Convenient.

- Share enables one click content sharing through email and social networks directly from the Norton toolbar.

Often times, users have the urge to share something, but can’t find the email or share function. Share solves this by providing very quick access to the most popular sharing mechanisms.

Share is Secure.

Share leverages Safe Web technology to warn users of unsafe websites, and it will prevent them from passing on potentially harmful content.

EDIT: below is information from dconn's reply in to a forum thread. We felt this was relevant to add to this blog post.

We are continuing to take note of all the comments on Identity Safe and how it has impacted everyone both in a practical sense and an emotional sense. We really did not expect the changes to invoke such passion but then of course it became clear that the value of our Forums lies in the passion of the participants and the feedback they gave us.

We've learned from this that we need to do a better job up front of explaining our changes so that there is clear information available for you to consider at the same time as you experience the changes.

Now that we have clarified our plans to make the Share feature configurable there seems to be a few remaining key issues that folks feel strongly about. Let me try to clarify our thinking.

    • Security of the Online Vault

We understand your concerns about storing your vault data in the cloud.  Let me explain how we do this securely and hopefully alleviate those concerns.

All of your vault data is encrypted using a secure algorithm (SHA256) on your local machine using your vault password, before it is sent to Symantec servers.  Symantec does not have access to your unencrypted vault data or to your vault password which is used to decrypt it.  In addition, both your Norton Account password and your vault password are required to download your encrypted vault. If somehow the Identity Safe online vault was compromised all that hackers would get would be an encrypted blob that is of no value to them

The Norton team strives to provide you with the best security and the best functionality.  We take your data security and privacy very seriously.  We hope you will all come to like the convenience of our cloud storage.

    • Availability of Vault Data when Offline

We understand the importance of the data being available when you cannot access the online vault.  The vault data is cached locally and is always available whether you have access to the online vault or not.

    • Is Local Vault now considered Bad? Why can't we keep both the Online and Local Vault?

There's nothing bad about the local vault. Instead of continuing to split development and testing in both local and online vaults, we believe it is in the best interests of our users to invest all of our energy in to the online vault as that offers the best immediate, long term value and security.

Hopefully this helps clarify things. Are there any other aspects of the Online Vault that  we can provide more clarity on? For those of you who are upset or concerned about the online vault we want to know why. We want this to be a constructive conversation, and better understand your concerns. Any feedback you have about it is appreciated.

Comments

Kudos0
Moved to NIS board for better exposure
Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
Kudos5 Stats

I am a little confused by what is meant by the statement concerning "encrypted vaults on the PC..." because there is no local vault on the PC any longer.  And then the next statement refers to the data being encrypted "at the Norton data centers" which would seem to imply that the local PC is not involved in the encryption/decryption.  Could you elaborate a bit on the encryption process used for storing the data?

Kudos2 Stats

I've posted some additional comments to the Symantec, Please Explain thread. Please let me know if you have any other questions. Thanks.

Kudos1 Stats

I've been corresponding with Symantec to add more information to this Blog which will hopefully address the additional questions.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos0

Hi everyone. I've added dconn's comments to the Symantec, Please Explain forum thread to the initial blog article. Thank you.

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
Kudos4 Stats

Symantec, please take a look into this thread: http://community.norton.com/t5/Norton-Toolbar-Norton-Identity/Symantec-Please-Explain/td-p/808728 and put back the local vault in IDSafe, and add an option to disable the share button in the Norton Toolbar.

Kudos0

need a option  to create any password not what norton asks for able to use idenitysafe without loggin to masterpassword

Kudos3 Stats

Sorry - I just don't buy Symantec's rationale on this one...

What about those times when the online vault is for whatever reason not accessible?  The inability by Symantec to maintain consistent, reliable, online vault access has been an ongoing issue since its inception.  If you are going to forcefully insist that an online cloud solution be mandatory, then the very least "you must do" to "mitigate" those times of inaccessibility is to provide a locally cached vault copy as a fallback alternative.  And if "you must do that", then "we must question" why are you forcing the online requirement onto your customers to begin with.

Please take a lesson from your business competitors and restore your customers with the freedom of personal choice on this (while they are still "your customers").

Kind Regards,

John

Kudos3 Stats

I won't toiuch upon the Identity Safe issue since I don't use it although I more than understand the discontent and the lack of explanation. Norton are not stupid so they must have a valid reason for them to do this and if it is not connected with a security risk in house then why not share with the users, especially those who put in so much time testing the betas?

On the Share addition I really do not understand, however desirable the feature may be, why Norton do not make it a customizable feature of the toolbar -- even Google lets us enable and disable the toolbar features.

I've not yet tried with 2013 totally disabling the Norton Toolbar, as I can with 2012,  yet retaining the SafeWeb features. I do this because I value the extra screen space.

Hugh
Kudos0

Now that the latest version of Norton Internet Security and Norton 360 are released, you may have noticed some improvements to the Norton Toolbar - the Share button and the Online Vault. Below is an explanation of the changes, and why we wanted them in the product.

Why Online Vaults?

 

The Online Vault is Convenient.

- It provides access to your most sensitive data from any iOS, Android, PC, or Mac device and from *any* device with a web browser.

- It automatically synchronizes data across devices.

The Online Vault is Secure.

- Norton uses 256bit AES encryption to encrypt the data. This is a leading industry standard for encryption.

Using a very “strong” password is mandatory when creating an online vault – not just encouraged.

On the server side, Norton has security zones and firewalls between each zone to make sure only intended traffic is allowed access.

Encrypted vaults on PC, Mac, and Mobile clients are only ever decrypted on your local computer, never at Norton facilities, so no Symantec employee ever has access to any vault data.

Vault contents are encrypted both in transit as well as at Norton data centers to ensure that no one can access a user’s data via a “man-in-the-middle” attack.

Why is Share part of the toolbar?

Share is Convenient.

- Share enables one click content sharing through email and social networks directly from the Norton toolbar.

Often times, users have the urge to share something, but can’t find the email or share function. Share solves this by providing very quick access to the most popular sharing mechanisms.

Share is Secure.

Share leverages Safe Web technology to warn users of unsafe websites, and it will prevent them from passing on potentially harmful content.

EDIT: below is information from dconn's reply in to a forum thread. We felt this was relevant to add to this blog post.

We are continuing to take note of all the comments on Identity Safe and how it has impacted everyone both in a practical sense and an emotional sense. We really did not expect the changes to invoke such passion but then of course it became clear that the value of our Forums lies in the passion of the participants and the feedback they gave us.

We've learned from this that we need to do a better job up front of explaining our changes so that there is clear information available for you to consider at the same time as you experience the changes.

Now that we have clarified our plans to make the Share feature configurable there seems to be a few remaining key issues that folks feel strongly about. Let me try to clarify our thinking.

    • Security of the Online Vault

We understand your concerns about storing your vault data in the cloud.  Let me explain how we do this securely and hopefully alleviate those concerns.

All of your vault data is encrypted using a secure algorithm (SHA256) on your local machine using your vault password, before it is sent to Symantec servers.  Symantec does not have access to your unencrypted vault data or to your vault password which is used to decrypt it.  In addition, both your Norton Account password and your vault password are required to download your encrypted vault. If somehow the Identity Safe online vault was compromised all that hackers would get would be an encrypted blob that is of no value to them

The Norton team strives to provide you with the best security and the best functionality.  We take your data security and privacy very seriously.  We hope you will all come to like the convenience of our cloud storage.

    • Availability of Vault Data when Offline

We understand the importance of the data being available when you cannot access the online vault.  The vault data is cached locally and is always available whether you have access to the online vault or not.

    • Is Local Vault now considered Bad? Why can't we keep both the Online and Local Vault?

There's nothing bad about the local vault. Instead of continuing to split development and testing in both local and online vaults, we believe it is in the best interests of our users to invest all of our energy in to the online vault as that offers the best immediate, long term value and security.

Hopefully this helps clarify things. Are there any other aspects of the Online Vault that  we can provide more clarity on? For those of you who are upset or concerned about the online vault we want to know why. We want this to be a constructive conversation, and better understand your concerns. Any feedback you have about it is appreciated.

Kudos3 Stats

Well I have 40 days left with Norton.  This is the straw that broke the Camels Back.  Not only did they do this without concent they lost all my login information and the old back up and restore info they took with it.  I guess I will be seeing Norton going tghe way of chapter 11 because if this has pissed that many people off they will have no customers left.  I have seen in the past that Norton doesn't give a crap about what its customers think or want so adios Norton you have just lost a 17 year customer.

Kudos3 Stats

How does removing the Local Vault option improve the Online Vault? Its great that Sysmantec has an Online Vault for those that want that feature, but why take away the Local Vault that a lot of us use? Half way through Beta testing 2013, we still had the Local Vault but it was removed. I understand that if you had a Local Vault in 2012 and updated to 2013 the Local Vault was retained. Apperently the Local Vault will still function in 2013 and does not break the Online Vault. So why kill the Local Vault? Does Symantec think their custormers are too stupid to safely use a Local Vault and Symantec knows whats best for us?

Jim

Kudos4 Stats

I think the word "improvement" has been used a little loosely. It may be seen as an improvement by some and a GIANT step backwards by other's.

A little bit of knowledge is... well a little bit of knowledge.