Norton, In-Depth - Part 1
Everyone here at Norton is extremely excited about this new release of the Norton security products! This is the first time we are launching all three products at once: Norton AntiVirus, Norton Internet Security, and Norton 360. In this two-part blog post, I plan on going through some of the new features and improvements we have made. The first part will cover some of the things we’ve done on the protection side, while the second part will cover the performance and experience side of things. Hopefully this will explain how some of these technologies will make your computing life safer and easier.
We know that when you jump on your computer, you’re looking to do specific things. Whether you’re working, playing some games, or browsing the Web, you’re on your computer to do the things you want to do. Security should not be a worry. Our main goal is to provide you with that security and peace of mind so you can do your stuff with confidence – that’s what you hired us to do right?
For the September 2012 update, here are some of the things we have been working on!Protection
Making Windows 8 Safer!
The Norton products fully support the upcoming Windows 8 consumer OS, delivering the fastest and most secure performance on the OS. Windows 8 introduces a whole new user interface and a new apps model similar to iOS and Android apps. Norton will protect you in this new mode, as well as in the traditional “desktop” mode that everyone is accustomed to.
Microsoft has made strides to tighten the security hatches, but there still remain attack avenues that can be exploited. Windows Defender, Microsoft’s security technology, is now enabled by default upon installing Windows 8. (From here on out, mentions of Windows 8 will mean Windows 8 with Defender). While improvements have been made from previous Defender versions, it still trails Norton significantly in real-world tests – the ones that matter to you. Installing the Norton products replaces Windows Defender. The result is that your Windows 8 device will run safer and faster!
The following chart shows our score versus Windows Defender 4.0.
“The test was designed to challenge the products against 0-day attacks from the internet, which includes the most common infection vectors these days… Out of 100 possible points Norton achieved 100. Windows Defender managed to block 44 threats out of 50 completely and blocked some components of another threat. 5 threats were not blocked, resulting in a score of 79.”
*(Source: A commissioned test performed by av-test.org which compared the Windows 8 with Defender against the latest Norton Internet Security)
Along with the standard host of technologies that protect you, here are a couple of Windows-8-specific protections:
- Some threats start very early in the startup process, to hide and do bad things before security software has a chance to run and catch them. The Norton products have had excellent start-time protection for many years. This protection continues in this year’s products. In addition, Windows 8 introduces the Early Load Anti-Malware feature, which puts your security product earlier in the startup order – before any malware has a chance to run. The Norton products fully support this feature to better protect your system.
- The Windows 8 app space is a new ecosystem and it remains to be seen what threats will emerge. In the case of malicious Windows 8 apps, we will detect them and notify Windows to take action for remediation.
Norton AntiVirus now includes full browser protection and Identity Safe
As the Web has become a central point of people’s computer habits, Web browsers are a prime target for attackers. Exploits and phishing attacks are significant threats and Norton has brought full browser protection to Norton AntiVirus. As a Norton AntiVirus user, you’ll have the protection offered by the Norton Safe Web system. A few highlights include:
- It protects you against known malicious Web sites. These Web sites come and go very quickly, but the system is very effective at identifying them and protecting you from attacks that aim to steal your confidential data and logins.
- Safe Web also marks your search engine results with icons that denote whether the sites listed are safe, bad, or suspicious.
With multiple logins and passwords needed on so many Web sites, it is very easy to forget them. Norton AntiVirus now includes Identity Safe, which is a password manager that securely stores and fills in your logins so that you can quickly browse your favorite sites. Identity Safe includes browser support for Internet Explorer, Firefox, and Chrome, and app support for Windows, Mac, iOS, and Android. This means you have access to your login and password information no matter which of those devices you use. You can also browse to the Identity Safe Web site (http://identitysafe.norton.com) to access your info from any Web browser. Never forget a password again!
To create the best multi-device and multi-platform experience for everyone, your information is now always stored in the cloud, available to you at all times. For users who have previously created a local vault, it will still be available along with the online vault.
You may be wondering, “How about the security of my info?” Security is our primary concern and we take it very seriously. Your entire vault is encrypted using 256bit AES encryption and with a password that you create. We require that you create a “very strong” password to keep your vault as safe as possible. All vault data transfers are encrypted during transit to ensure no one can access your data using “man-in-the-middle” attacks. To get started, click the “home” button on your Norton browser toolbar:
Antiphishing and Scam Insight
Phishing attacks are a popular way for bad guys to steal your information by tricking you into providing it. These attacks focus on getting you to enter your important personal information (logins, passwords, credit card numbers, social security number, etc.) by pretending to be a site that you trust. For example, you may receive an email that looks like it came from your bank. You click a link in the email and “your bank” is asking you to update your personal information. In reality, the attacker has put up a temporary Web site that looks just like your bank’s site. These sites are typically brought up and down quickly (sometimes within hours), to avoid being caught.
If you weren’t paying attention, you might have typed in your login and password information and clicked submit. The attackers now have your information and can access your bank account, change your password, lock you out of your account, and withdraw your money.
The scary thing is, in today’s world, this isn’t done just by email anymore. The phishing attempt can be a Facebook message, an instant message, an SMS message, or any other new method. I have had first-hand experience that really highlights what can happen. A few years ago I received an instant message from a known friend on my contact list. The chat started off casually and didn’t seem suspicious at first. The friend then said they had a photo to share with me from a recent event and sent a link. I hadn’t met up with this friend in a long time so I became suspicious. I copied the link to a safe virtual machine and opened it. The page showed the login page of a large, popular online photo sharing site. If I had entered my login information, the attacker would have been able to capture it. From there he easily could have accessed my email and branched out to any other online accounts I may have had. Luckily I noticed the funny behavior and didn’t fall for it. I later confirmed that my friend’s instant message account (and email) was hacked. She had to go through a lot of trouble to clean up her online and credit card accounts.
Now imagine if I wasn’t careful or hadn’t noticed that odd behavior. Imagine if it was one of my less tech-savvy family members or friends? That could have been big trouble. The Norton antiphishing technology would have protected me even if I hadn’t been careful.
Other scam attacks have been appearing that trick users into signing up (unwittingly) for premium SMS services, promising gift cards for filling out surveys, or selling fake counterfeit goods. As with phishing sites, these sites have a short life span to avoid being caught. The new Norton Scam Insight feature will warn you if you’re about to enter personal information into a site that looks to be new or is not well established in the Norton user community.
How is Scam Insight better than traditional blacklisting technology? The problem with blacklisting technology is that the site needs to be identified, confirmed “bad”, added to the blacklist, then distributed to our millions of users. As mentioned before, the sites don’t live for very long. It is nearly impossible to maintain such a list that’s effective within that short timeframe. With Scam Insight technology, we are leveraging the power of the Norton community to provide the most up-to-date information. As with files, apps, (and even people!), it takes time to build trust. This is the idea behind Scam Insight.
If you click a link and see the warning below, you should think twice before continuing!
Attackers go where the people and (potential) money are. Since Facebook now has more users than some countries have people, there have been a variety of attacks popping up. With the combination of the Norton Facebook Wall Scanner, our Intrusion Prevention Systems, and other technologies, you will be protected from:
- Clickjacking & likejacking (http://en.wikipedia.org/wiki/Clickjacking)
- Survey scams
- Rogue applications
- Malicious links
To highlight a few recent scam trends:
- We’ve noticed scams that convince people to give their cell numbers and then trick them into signing up for “premium SMS services” for around $10/month. Some of these sites are getting thousands of hits each day, which means the scammers are making some very good (illegal) money!
- There’s another excellent blog entry that talks in good detail about survey scammers moving to Pinterest: http://www.symantec.com/connect/blogs/survey-scammers-moving-pinterest. Rest assured that the Norton products will protect you from these scams.
Where there’s money, there will be bad guys trying to steal it. The Norton products will protect you from these and other scams -- Please make sure you’re protected!
To ensure your Facebook wall is safe from some of these threats, you can run the Facebook Wall Scanner. While you may never willingly post bad links, an infected friend can still post on your wall and affect others! You can access the wall scanner from the main UI -> Scan Now -> Scan Facebook Wall
Similarly, if you want to share something with a friend, you also want to make sure you are sharing a safe site. The Norton toolbar gives you convenient access to share the page with a friend. It will check with the Norton Safe Web system and make sure the site is safe before allowing you to share it.
The Norton suite of products contains a wide variety of technologies to help protect you and your activities. From antivirus, to antispyware, to firewall, to intrusion prevention and many others, each individual technology serves a specific purpose. But working together, here is where the sum is greater than the parts.
The firewall has been a venerable part of Norton Internet Security and Norton 360 for a long time. (Note: Norton AntiVirus does not include firewall). In the past few years, the number of threats has exploded. Our Insight system has given us tremendous power to find these threats by leveraging our large numbers of Norton Community users – you! By being a part of this community, you are helping out other Norton users. Based on Insight data analysis, files can be determined to be “good” or “bad.” There are still apps for which we don’t have enough information; we will call these “gray” apps.
The firewall already worked together with our antivirus and behavioral detection engines to automatically make the right decision for an app. With the latest update, it is now also capable of tapping into the Insight system to help make its decisions. When the firewall automatic program control is set to “Aggressive,” the firewall will automatically allow the good apps, and provide you with more information for the “gray” apps.
Normal firewall prompts don’t give you much information about the app requesting network access. With the new reputation firewall, these prompts will include Insight information that can help you make a more informed decision. On the left side in the above screenshot, you will be able to hover over each icon and see the various Insight ratings.
This Insight information provides you with extra knowledge so you can make the best informed decision. For example, if you don’t recognize the app, it is brand new, and it doesn’t have many users, you may want to think twice before allowing it to connect to your computer.
Norton Power Eraser
There are some very sophisticated threats out there that require more aggressive methods of detection and cleanup. Norton Power Eraser is a tool that is built for this job.
The new version of Norton Power Eraser includes a few noteworthy improvements:
- The new advanced options UI allows expert users to:
- Run a Norton cloud reputation scan on specified files or folders
- Run a standard scan on the current Windows OS
- Run a scan on a multi-boot computer, allowing you to specify which Windows OS installation to scan
- The new Norton Power Eraser engine allows sophisticated new repair mechanisms to tackle hard-to-kill rootkits such as Trojan.ZeroAccess (see http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99). This engine will give us future power in dealing with similar sophisticated threats.
Norton Power Eraser can now be launched directly from Norton AntiVirus, Norton Internet Security, and Norton 360 after a scan. Clicking the link highlighted below will download (via LiveUpdate) and launch the latest Norton Power Eraser.
And that’s it for part 1! Hope you have found this useful and stay tuned for part 2 where I’ll cover the performance and user experience side of things…