Kudos0

Questions about NAV scan engine and definition protection

Posted: 28-Dec-2008 | 11:49PM · 7 Replies ·

I have a question regarding the NAV for Mac 11 scan engine and definitions protection itself. 

Does the Norton Antivirus for Mac 11 have protections for it own scan engine and virus definition file? What I mean is that does the NAV for Mac 11 protect itself from viruses? For example, if a user happen to download a file with a virus (say, a virus that the current definition cannot detect), will the NAV for Mac 11, (say a week later) after updated to a new virus definition, be able to detect the virus? Assuming that the new definition can detect the virus, of course.

I am mainly concern about the integrity of the NAV for Mac itself. Will NAV for Mac 11 notify a user if it is damaged or inoperable because of a virus infection or attack? Thanks.

Replies

Kudos0

Re: Questions about NAV scan engine and definition protection

Posted: 29-Dec-2008 | 10:20AM · Permalink

Norton Antivirus 11.0 for Mac has a real-time scanner in the form of AutoProtect feature, which gets loaded into memory as soon as the system starts and even before a user logs in.

So its not just the Scan engine, but the AutoProtect also provides the protection from security risks. AutoProtect scans all the files and services that are being accessed and are in memory (RAM) which includes the files and services of Norton as well. Just keep updating your virus definitions regularly and relax. Your Mac is fully protected with Norton AntiVirus 11.0 for Mac.

--Vinod

Kudos0

Re: Questions about NAV scan engine and definition protection

Posted: 29-Dec-2008 | 6:33PM · Permalink

I understand the auto-protect function.

What I referred to was the situation that the NAV for Mac 11 cannot detect the current threat. I.e., the current definition cannot detect the threats. Given that the future definition will, hopefully, detect the threat and able to repair the problem. My question was whether the NAV for Mac 11 protect its engine and definition file against the treats in the first place. Since the previous definition cannot detect the threats, what mechanisms are in place to protect the engine and definition file against the viruses?

This is particularly relevant since NAV for Mac does not have frequent definition file updates as the Windows counterpart. I understand that the viruses for Mac is almost non-exist but the same situation remain a major security threat if the NAV for Mac program cannot protect itself from external alteration from viruses or other threats. An easy to see example is the zero-day attack. If the antivirus have protection from outside modification of its code, then it is just a matter of waiting to get the update from Symantec. But if the antivirus cannot protect itself from an unknown viruses, then the program is, presumably, not trustworthy since we don't really know if the program is still intact and able to detect any future viruses and threats.

Thanks. 

Edit: Typo 

Message Edited by mocca on 12-29-2008 06:34 PM
Kudos0

Re: Questions about NAV scan engine and definition protection

Posted: 30-Dec-2008 | 9:59AM · Permalink

Norton AntiVirus can detect an unknown virus infected or untrusted files that cannot be eliminated with the current set of virus definitions. Norton AntiVirus checks the digital signatures of the files with the current set of virus definitions during scan. If a signature does not match with current set of definitions and Norton AntiVirus finds it suspicious, it automatically quarantines the file.

One more thing to add. The daemons for Scan engine and Autoprotect are different. Scan engine uses SymAVScanDaemon whereas AutoPrtoect uses NortonAutoProtect daemon for its functionality. So AutoProtect can protect the ScanEngine also.

--Vinod

Kudos0

Re: Questions about NAV scan engine and definition protection

Posted: 03-Jan-2009 | 4:42AM · Permalink

What if (assuming) a virus attack the AutoProtect itself. What mechanism does NAV for Mac have to protect the autoprotect?
Kudos0

Re: Questions about NAV scan engine and definition protection

Posted: 07-Jan-2009 | 3:03PM · Permalink

Hi mocca,

NAV does have a lot of measures in place to protect itself from possible attack from malicious programs - the most simple of these is to use the security inherent in Mac OS X. Many of our processes (e.g. our daemons) and files (e.g. our virus defs) are owned by root and cannot be modified unless you authenticate with the correct credentials.

*If* a bad program can authenticate as root, then disabling NAV is probably the least of your worries. ;)

Nick UchidaManager, SQA EngineeringMacintosh Products
Kudos0

Re: Questions about NAV scan engine and definition protection

Posted: 07-Jan-2009 | 8:08PM · Permalink

nuchida wrote:

Hi mocca,

NAV does have a lot of measures in place to protect itself from possible attack from malicious programs - the most simple of these is to use the security inherent in Mac OS X. Many of our processes (e.g. our daemons) and files (e.g. our virus defs) are owned by root and cannot be modified unless you authenticate with the correct credentials.

*If* a bad program can authenticate as root, then disabling NAV is probably the least of your worries. ;)

Does this mean using a non-admin a/c is a good idea? Would it help thwart such attacks? All knowledgable replies would be appreciated.

Kudos0

Re: Questions about NAV scan engine and definition protection

Posted: 08-Jan-2009 | 12:16PM · Permalink

As Nick has explained, most of the NAV settings are locked by default. Unless you authenticate and unlock, the settings cannot be changed. So it doesn't matter if the user account is administrator or non-administrator. You have to authenticate to unlock and change the settings in NAV.

--Vinod

Message Edited by pore_vinod on 01-09-2009 01:47 AM

This thread is closed from further comment. Please visit the forum to start a new thread.