• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton Virus Definitions: Reduced Modified Signatures

Dear Community,

Recently, there has been a change to how many Virus Definitions are Added and Modified on each Release.  Before this change happened, there were, on average, around 100 Detections Modified For This Release, with maybe one or two New Detections; however, recently, there has been, on average, 10-to-20 Detections Modified-Per-Release.  Why has this change taken place?  The protection offered to just Modifying 10-to-20 Detections is smallerbecause you are reducing the number of threats modified, than Modifying 100-plus.  Even if the number of actual Signatures doesn't change with each release, the protection is still reduced as just mentioned, so, again, why has Symantec decided to reduce the protection from Virus Defitnitions?  There is a Setting in Symantec Products, Norton Smart Definitions, for people who want only the "Critical" Definitions for protection, so to see the Definitions decrease for people/users who want the most protection is a concern.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

Replies

Kudos0

Re: Norton Virus Definitions: Reduced Modified Signatures

Dear Community,

Recently, there has been a change to how many Virus Definitions are Added and Modified on each Release.  Before this change happened, there were, on average, around 100 Detections Modified For This Release, with maybe one or two New Detections; however, recently, there has been, on average, 10-to-20 Detections Modified-Per-Release.  Why has this change taken place?  The protection offered to just Modifying 10-to-20 Detections is smallerbecause you are reducing the number of threats modified, than Modifying 100-plus.  Even if the number of actual Signatures doesn't change with each release, the protection is still reduced as just mentioned, so, again, why has Symantec decided to reduce the protection from Virus Defitnitions?  There is a Setting in Symantec Products, Norton Smart Definitions, for people who want only the "Critical" Definitions for protection, so to see the Definitions decrease for people/users who want the most protection is a concern.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Virus Definitions: Reduced Modified Signatures

Hi,

There no longer is a Smat Defintion option there is only a full definition and thus, no need for an option. 

It is explained in this post.

Hope that helps.

Kudos0

Re: Norton Virus Definitions: Reduced Modified Signatures


Floating_Red wrote:

...why has Symantec decided to reduce the protection from Virus Defitnitions?  There is a Setting in Symantec Products, Norton Smart Definitions, for people who want only the "Critical" Definitions for protection, so to see the Definitions decrease for people/users who want the most protection is a concern.


Hi Floating_Red:

Please see Rainbow_2's thread here for a discussion on why Symantec is only offering the smaller Smart Definition Set (now simply called the Virus Definition set) in NIS 21.x.  That thread includes a link to a post in the NIS 21.x beta-testing forum here by Symantec employee PieterV explaining that decision.

EDIT:

Sorry , yank.  Didn't realize that you'd already replied.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Norton Virus Definitions: Reduced Modified Signatures

Does this change also effect the 2012 and 2013 versions of NIS?
Kudos0

Re: Norton Virus Definitions: Reduced Modified Signatures


lmacri wrote:
Hi Floating_Red:

Please see Rainbow_2's thread here for a discussion on why Symantec is only offering the smaller Smart Definition Set in NIS 21.x.  That thread includes a link to a post in the NIS 21.x beta-testing forum here by Symantec employee PieterV explaining that decision.

EDIT:

Sorry , Yank.  Didn't realize that you'd already responded.

------------
 


Hi Imarci,

No reason to apologize,  it was a toss up to reference Rainbow_2's post or the one I did reference. Always good to provide more information and background.

Kudos0

Re: Norton Virus Definitions: Reduced Modified Signatures

Hi, folks,

Thanks for all your Replies.  Just to clarify, I was referring to the reduced Set of Definitions in Versions 20.x.x.x and Earlier Versions. 

I have been keeping a watch on how many detections are modified, looking out for Heuristics Detections, and, so far, there hasn't been many of these detections modified with each release.  If the Virus Definitions were all Heuristics, and a few specific Definitions, then I would understand the reduced size of Detections Modified as Peter has mentioned in the Thread you Linked me to, but there are still a "alot" of Specific Detections being modified, hence why there has been a drop in coverage from Virus Definitions.  I hope over the coming weeks there will be more Heuristics' Detections modified, e.g. 90% of Detections, with each release.  I also don't understand why it is just limited to 10-to-15 Modifications on each Release.  I have caught Threats via the Virus Definitions when all the other Technologies missed the File(s) Detected, which is why I'd also like to see more than just 10-to15 Detections modified with each Release.

-----------------

Edit:

With regards to the new Version 21.x.x.x: I would hope that more Signatures are Modified, as well as Heuristics' Detections with Each Release, as noted in the Paragraph above.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Norton Virus Definitions: Reduced Modified Signatures


Floating_Red wrote:

Hi, folks,

Thanks for all your Replies.  Just to clarify, I was referring to the reduced Set of Definitions in Versions 20.x.x.x and Earlier Versions. 

I have been keeping a watch on how many detections are modified, looking out for Heuristics Detections, and, so far, there hasn't been many of these detections modified with each release.  If the Virus Definitions were all Heuristics, and a few specific Definitions, then I would understand the reduced size of Detections Modified as Peter has mentioned in the Thread you Linked me to, but there are still a "alot" of Specific Detections being modified, hence why there has been a drop in coverage from Virus Definitions.  I hope over the coming weeks there will be more Heuristics' Detections modified, e.g. 90% of Detections, with each release.  I also don't understand why it is just limited to 10-to-15 Modifications on each Release.  I have caught Threats via the Virus Definitions when all the other Technologies missed the File(s) Detected, which is why I'd also like to see more than just 10-to15 Detections modified with each Release.

-----------------

Edit:

With regards to the new Version 21.x.x.x: I would hope that more Signatures are Modified, as well as Heuristics' Detections with Each Release, as noted in the Paragraph above.


Are you by chance referring to the Pulse updates? They would only include a few new definitions, as they are released as they are developed. Then released every 10 minutes or so.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Norton Virus Definitions: Reduced Modified Signatures

Hello, peterweb,

Many thanks for your response.

I am referring to the "Norton Virus Definitions" as listed in Norton LiveUpdate; I am not referring to "Norton Pulse Updates".  I understand that Norton Pulse Updates are Released every five-to-fifteen minutes.  The numbers noted, as you Highlighted, as the number of Threats Modified with each Set released, e.g. 09/16/2013, Revision 003.  I hope this clears things up. 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos1 Stats

Re: Norton Virus Definitions: Reduced Modified Signatures


Floating_Red wrote:

I am referring to the "Norton Virus Definitions" as listed in Norton LiveUpdate


Hi Floating_Red:

Sorry about the earlier confusion.  I use the "full" set of definitions in NIS 20.x (i.e., Smart Definitions are turned OFF).  Just by coincidence, I've had Automatic LiveUpdates and pulse updates turned off for the past few weeks (just for the purpose of troubleshooting).  I've only been doing manual LiveUpdates once every day or so, so I almost always receive an update for the ~ 3.35 MB Norton 2013 Virus Definitions with every manual LiveUpdate.

Are you concerned that the total number of signatures that your system is monitoring does not always increase signficantly even when the version number of the definition set changes?  I think the number of signatures added to your virus definition set would only increase significantly if there had been a large number of "new" viruses released into the wild with a unique pattern of behavior.  Most of the variants that are released on a day-to-day basis would already be detected by the lastest definition set / heuristics algorithm on your system.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 23.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Norton Virus Definitions: Reduced Modified Signatures

Hi, Imacri,

3.00M.B. has been the usual Size for a number of months, so it is normal for you to get that size for Virus Definitions-per-Update.  My concern relates to the number of Threats modified per Update.  If you Modify a smaller number of Threats, then the coverage drops overall, but for the small number of Threats that are Modified, the coverage goes up.  However, if Heuristics' Definitions are modified more frequently, then the coverage overall should go up.  Definitions do still play a part in Security Software, however, it is more Heuristics' Definitions than Exact Definitions that are needed for Protection due to the frequency that Threats change nowadays.  My other concern is that Symantec are now only offering a Reduced Smart Virus Definitions as the "Full" Set of V.D.s, and the choice for users to get the Full Set is no longer available.

The Screen Shots you provided are for I.D.S. and not for Norton Virus Definitions.

Hopefully this answers your points in your Message. 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

This thread is closed from further comment. Please visit the forum to start a new thread.