Community watch

can anyone tell me what these letters are under 'Submission Details' ?

Message Edited by Shridhar on 12-08-2008 12:29 PM
Message Edited by Shridhar on 12-08-2008 12:30 PM

anyone…?

I think these are hashes oy your *.dll Windows system files, hashes being something like digital footprints. I think they are sent over Community Watch in order to have a basis to check if any of these have been changed or tampered with, and for Symantec to have a database of the hashes of healthy and common files that exist on their users' systems.

 

It is definitely not something you should be worried about, but Symantec could document this better.

anymore help on this ?

 

I am not worried about that but definitely want to know what is that ?

Wow your impatient. Just relax and I am sure somebody from Symantec wil answer.

I also get loads of these send to Symantec.  Really what are they? Is it personal info involved in this?

 

Would nice to know.

 

Thanx

can I have anyone’s reply …It’s been quite a long since I posted


Dieselman743 wrote:

 Wow your impatient. Just relax and I am sure somebody from Symantec wil answer.

 


doesn't anybody have answer.....or just avoiding to give the reply.......

 

 

Dieselman743......you were talking about patience, right ???

3 days ........are these many days required for a single reply ???:smileymad:

 

I think you should now forget the word  'patience' and try something else

 

Hi Shridhar,

 

It would nice to know what all these, that are being sest to Symantec, are indeed.  I have many of these as well.

 

Now, I have also noticed and noted, that certain topics do not get answered by none of the experts.  It's a bit strange, this eclectic topic reply politics by the people who may know.  I have a topic since 12/8, that none seemed to care about, and another one today.

 

We'll see.

 

TrDo.

As noted in an earlier reply, those are "MD5" hashes of files. Basically a fingerprint of a file, in digital terms. Any file or bit of text can be "hashed" in this manner. Often used to verify the integrity of file downloads.

http://en.wikipedia.org/wiki/MD5

 

As for personally identifiable data, I doubt it, but that's for Symantec to reply to. Very little info noted in the Help on "Community Watch."

I went back to this blogpost, which seems to be he answer:

 


Watching the Community – What is out there?


The Norton Community Watch feature provides security data about applications and submits it to Symantec. The data is then analyzed to determine new threats and their sources, helping Symantec provide more efficient solutions. So, when Norton customers enable the Norton Community Watch feature, the client software collects information about interesting program files on the user’s system. This is done without exposing any personally
identifiable information to Symantec.


The following are deemed interesting files: running processes, modules loaded in running processes, registered drivers, registered services, browser helper objects registered with Internet Explorer, and registered startup files in the startup group or the run registry key. Basically, this group includes all files that run or can run on the system.


For each of the interesting files the software computes a SHA256 cryptographic hash. The SHA256 hash value uniquely identifies that file, and any modification to the file, regardless of how small it is, will change the SHA256 value of the file.


The client submits the file name, along with the file version information and the SHA256 hash of the file, to Symantec. Only static information about the file is submitted to Symantec. A copy of the file is not submitted. The SHA256 value uniquely identifies that file, allowing Symantec to perform statistical analysis on the presence and distribution of that particular file across all systems participating in Norton Community Watch.



Statistical Analysis – What is good?


The information provided to Symantec via the Norton Community Watch feature allows Symantec to build statistical models of file distribution and file trustworthiness. The proprietary algorithms allow us to identify trustworthy files and then assign the Community Trusted rating to these files.


By sorting the millions of SHA256 values by prevalence, Symantec also analyzes the static attributes of the most common files.  By analyzing the version information and file names, potential matching vendors and applications are identified.  Symantec acquires original distribution media of these applications, and installs them in a clean environment where no external contamination or infection is possible. The installed binaries are then analyzed, including computing the SHA256 values of the files, and if the computed SHA256 value matches the reported SHA256 value, the cataloged
application is a match for the reported file.


All binaries included in the application are thoroughly analyzed, and if all binaries are deemed safe and clean, and the vendor is considered trustworthy, Symantec assigns the Norton Trusted rating to these files.


So, these numbers and letters should actually be SHA256 hashes.

Aha! Great find!