• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton Internet Security 2009: Intrusion Prevention Updates

This is the second week-in-a-row there have been I.P.S.s Released with not the Date they were Released on, being a few days' out, i.e. I.P.S.s Released on Thursday, April 30, 2009, Dated April 27, 2009.  I want to know why this is.  And this is not to the first time this has happened.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

Replies

Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

Floating_Red, you already brought this issue up before in 16.2.0.7 I.P.S.s Update and it was discussed more thouroghly in Current NIS2009 Intrusion Prevention.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates


reese_anschultz wrote:
Floating_Red, you already brought this issue up before in 16.2.0.7 I.P.S.s Update and it was discussed more thouroghly in Current NIS2009 Intrusion Prevention.

I know, but it keeps on happening, and I thought that this Issue would have been Fixed by now - for good - but it clearly hasn't been, which is why I brought it up again.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

I know that they are working on 'clarifying' the information presented, but I don't know when it'll actually occur. I wouldn't expect anything until a new version of the product, though, since there isn't really a bug here.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

I still don't get why symantec can't Release the I.P.S.s on the Day they were Created.  Why is this?

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

What makes you believe that they aren't released the day they were created?

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

Because the I.P.S.s that were Released on April 30, 2009, were Dated April 27, 2009 as mentioned in the First Post.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

And that was addressed in the original threads that I referred you to. The 'date' that you are looking at isn't really a date, more of a sequence number.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

There are always two sets of IPS definitions, the newest and the former in my folder. There is simply no problem here.

 

Windows 7 Ultimate x64 SP1 -- NIS 21
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates


TomiRed wrote:

There are always two sets of IPS definitions, the newest and the former in my folder. There is simply no problem here.

 


That's because symantec Released an Update today a few hours' ago.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

Yes, that's right, but did you consider the possibility that the 'date' that can be seen here is the date when the definitions were compiled and after that, I guess, relayed to be tested and certified, not the date of their intended release on Live Update?
Windows 7 Ultimate x64 SP1 -- NIS 21
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates


TomiRed wrote:
Yes, that's right, but did you consider the possibility that the 'date' that can be seen here is the date when the definitions were compiled and after that, I guess, relayed to be tested and certified, not the date of their intended release on Live Update?

But in the Versions before 2009, the Date would be the Date they Released it on.  And I don't know the reason behind symantec waiting a few days before Releasing the I.P.S.. for Norton 2009.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

Well, it seems they didn't wait today, did they?

Maybe sometimes they have some reasons to wait.. 

Windows 7 Ultimate x64 SP1 -- NIS 21
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates


TomiRed wrote:

Well, it seems they didn't wait today, did they?

Maybe sometimes they have some reasons to wait.. 


Only because I mentioned it in the Forum, because the I.P.S.s were Released shortly after Reese Commented on it, and there was only one Intrusion Prevention Signature that was Modified.

And if there are reasons why they "have" to wait, it'd like to hear them - if possible.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates


Floating_Red wrote:

And if there are reasons why they "have" to wait, it'd like to hear them - if possible.


I can think of at least one:

A "signature" is like a partial fingerprint.  It may be enough to identify an actual person or it may yield false positives.

On the other hand, since the "fingerprint" is partially extrapolated from data, it also may not actual fit the right person.

Signatures need to be tested.  And if they don't pass the test, they need to be recreated.  And it needs to be packaged correctly in tandem with other signatures and the delivery mechanism always has to be retested.

So the gap in time all this causes might produce what we perceive of as a delay.

mijN360 2013, v.20.1.0.24; Win7 Pro, SP1 (32 bit), IE 9, Firefox 14, No other active securityware
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

- Update Intrusion Prevention Signatures to 20090506.001.

- Shortly after that, I Update I.P.S.s to 20090508.002.  In the Web Link to the 20090508.002 I.P.S.s, it says it "Provides Updated Coverage" for one I.P.S., yet, in the Norton Product History, it shows one less I.P.S. being Monitored.  If it Provided Updated Coverage, then why is there one less Signature being Monitored?

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

Just speculating, one signature was probably improved and another removed because the improved one could now handle it.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

When you Click on the Web Link (below) to find out what Signatures had been Added, Modified or Removed, No Information has been Posted.

http://www.symantec.com/en/uk/business/security_response/securityupdates/detail.jsp?fid=nis&pvid=nis2009&year=2009&suid=cNDC_Consumer_09-SU167-20090623.001

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

I just received some information from the team: the SU contained a metadata change but no did not contain any content or detection updates.  This has no impact to IPS detection, functionality, or performance. We are working to improve the information displayed on the Web page so that it is more clear in the future.
Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
Kudos0

Re: Norton Internet Security 2009: Intrusion Prevention Updates

Hi, Tony,

Thanks for the Update and thanks for letting me know!


Tony_Weiss wrote:
I just received some information from the team: the SU contained a metadata change but no did not contain any content or detection updates. 

I don't quite understand what you mean here; please enlighten me! 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

This thread is closed from further comment. Please visit the forum to start a new thread.