• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton 2009 Streaming Definitions

Do these S.D.s add New Internet Threats, or just variants' changes?
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

Replies

Kudos0

Re: Norton 2009 Streaming Definitions

Do these S.D.s add New Internet Threats, or just variants' changes?
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton 2009 Streaming Definitions

Manual LiveUpdate and Automatic LiveUpdate pull down exactly the same updates. Please see the following post by ChristopherA for more information on the subject:

http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=7699#M7699

Thanks!

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
Kudos0

Re: Norton 2009 Streaming Definitions

This does not answer my question as I am not asking about Norton LiveUpdate; I am asking about the Streaming Definitions and what they do, i.e. do they add New Internet Threats, do they just Modify Internet Threats, or does S.V.D.s do both of these?
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton 2009 Streaming Definitions

The pulse updates (streaming definitions) do both of these.
Kudos0

Re: Norton 2009 Streaming Definitions

If this is the case, then how do symantec know which Internet Threats to Modify for the Norton 2009 Virus Definitions?  And, if this is the case that S.V.D.s add New and Modified Threats, then why is there Norton 2009 Virus Definitions every-six-hours rooughly?
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton 2009 Streaming Definitions


Floating_Red wrote:
If this is the case, then how do symantec know which Internet Threats to Modify for the Norton 2009 Virus Definitions?  And, if this is the case that S.V.D.s add New and Modified Threats, then why is there Norton 2009 Virus Definitions every-six-hours rooughly?

I could've sworn that there was post that already discussed the difference between the pulse updates and full updates but I can't find it. This message by Pieter describes some of the different behaviors associated with these updates though.

Because our Response group is always producing updates, around the clock, we now download the little bits incrementally via the pulse updates. The full updates bring down the full set, ensuring that if you missed any of the pulse updates, for whatever reason, you will be completely protected.

I believe that I've answered your second question but I'm not sure what you are asking about for the first.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: Norton 2009 Streaming Definitions

Hi, reese_anschultz,

                How do the Secuirty Response Team know what Virus Definitions to Modify for the Streaming Definitions and for the Norton 2009 V.D.s Update since, if a User installed all the P.U.s, then, there would really only be a very minor change in the V.D.s than if a User did not install any of the S.V.D.s?  If I am not clear on this, please let me know and I will try to explain further.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton 2009 Streaming Definitions

I'm still a little unclear about your question but let me add a little more information. I'm going to provide some times below, please don't hold us to those exact values -- they vary by a bit.

Approximately every six hours, Symantec makes a new, complete set of virus definitions. The pulse updates are all made relative to that set of definition. If you received ALL of the pulse updates during that six hours, you would essentially have the next complete set of virus definitions on your system.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: Norton 2009 Streaming Definitions


reese_anschultz wrote:

I'm still a little unclear about your question but let me add a little more information. I'm going to provide some times below, please don't hold us to those exact values -- they vary by a bit.

Approximately every six hours, Symantec makes a new, complete set of virus definitions. The pulse updates are all made relative to that set of definition. If you received ALL of the pulse updates during that six hours, you would essentially have the next complete set of virus definitions on your system.


What happens if you run Norton LiveUpdate every-two-hours, would you still get all of the Streaming Definitions ever the past two hours, or would you just get the small Modified Viruses over just the five minutes? 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton 2009 Streaming Definitions

If you are asking what happens to the pulse updates if you completely turn off Automatic LiveUpdate and run a manual LiveUpdate every 2 hours:

In this case the pulse update package you receive would contain the last 10 minutes or so of pulse updates. You will still be fully synchronized every several hours with the latest full virus definitions, which contain all of the functionality present in the pulse updates.

Kudos0

Re: Norton 2009 Streaming Definitions


ChristopherA wrote:

If you are asking what happens to the pulse updates if you completely turn off Automatic LiveUpdate and run a manual LiveUpdate every 2 hours:

In this case the pulse update package you receive would contain the last 10 minutes or so of pulse updates. You will still be fully synchronized every several hours with the latest full virus definitions, which contain all of the functionality present in the pulse updates.


Just to make clear: Will the user get all of the Modifications over the past two hours when running Norton LiveUpdate every-few-hours?

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton 2009 Streaming Definitions


Floating_Red wrote:

ChristopherA wrote:

If you are asking what happens to the pulse updates if you completely turn off Automatic LiveUpdate and run a manual LiveUpdate every 2 hours:

In this case the pulse update package you receive would contain the last 10 minutes or so of pulse updates. You will still be fully synchronized every several hours with the latest full virus definitions, which contain all of the functionality present in the pulse updates.


Just to make clear: Will the user get all of the Modifications over the past two hours when running Norton LiveUpdate every-few-hours?


Let me give you an example: Say Virus XYZ, AQZ and RTT S.V.D. were released at 1759.  User runs Norton LiveUpdate at 1959, where Virus SST, EWW, DEE S.V.D.s have been Released; would the user get the Modifications of the Viruses Modified at 1759 in the 1959 S.V.D.s Update with all the other Mod.s from the past two hours, or would the user only get SST, EWW and DEE S.V.D.s when Updating at 1959?
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton 2009 Streaming Definitions

The latter is true. Pulse updates for SST, EWW and DEE will be downloaded at 1959. Definitions for XYZ, AQZ and RTT will be downloaded at, say, 2359, as part of the next full virus definitions update.
Kudos0

Re: Norton 2009 Streaming Definitions

I thought all the S.V.D.s would back-pile, as it were, and, when the User ran LiveUpdate, would get all the Mod.s from the previous two hours, or ten or more hours in some cases...
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton 2009 Streaming Definitions

That's what I thought, Red.  And I think we're right.  Otherwise, users would really be in trouble!
mijN360 2013, v.20.1.0.24; Win7 Pro, SP1 (32 bit), IE 9, Firefox 14, No other active securityware
Kudos0

Re: Norton 2009 Streaming Definitions

Maybe I shouldn't have put ten hours as the Norton 2009 Virus Definitions would cover you.


mijcar wrote:
That's what I thought, Red.  And I think we're right.  Otherwise, users would really be in trouble!
Are we right?  I know I've had an answer already, but just want to make sure as I, as well as other Users, are still un-sure.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton 2009 Streaming Definitions

Chris knows more about this than I do so he may correct me, but what he said is correct.

Another way that you can think of this is like a conveyor belt. The Symantec Response engineers are constantly working and providing definitions updates. Every little bit that they get finished gets put onto the conveyor belt. The belt ultimately goes to a big box that wraps up all of the updates into a complete update that gets released about every six hours. Meanwhile, the customers' machines are also watching the conveyor belt and copying each of the updates that go past to their own systems. If the machines aren't powered on or connected to the Internet they can't be watching the belt and won't see the little pieces that go down the belt during that time. When the full package comes down in less than six hours they'll catch up on whatever was missed.

Message Edited by reese_anschultz on 09-26-2008 11:14 AMMessage Edited by reese_anschultz on 09-26-2008 11:14 AM
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation

This thread is closed from further comment. Please visit the forum to start a new thread.