Maybe this is a stupid question, but am I being unnecessarily paranoid by not trusting any files, that is, not using the Norton Internet Security 2009 insight thingie, and instead having the Full Scan occur every time? Wouldn't it be possible for a virus to modify a trusted file, and if the file isn't scanned, then how would Norton know that the virus was there?

Am I overlooking something obvious, like does Norton have some other way of telling if a file was modified without actually scanning it - but dates wouldn't work for that because I've read that viruses can re-set the file-modification date back to what it was before the virus changed it, so how does Norton determine that trusted files haven't been tampered with? Please forgive me for my ignorance but this is something that I don't understand. I've also disabled the cache thing, for the same reason. I don't want things cached or not scanned. I want it to scan everything that could possibly contain a virus, every time.

(I'm going by memory of what those settings' names are from a while back when I was logged in as Admin to get everything set up ; I can't access any Norton prefs settings right now to double-check that I'm using the correct terminology because I'm surfing under a Limited Account right now, and when trying to view the settings Norton advises me of "Access Denied, You need to be an Administrator to perform this action" which is fine, that's probably as it should be although it would be easier for me right now, for purposes of asking this question here, to at least be able to merely view the settings with having to shut everything down and reboot with Admin rights, but that's no biggie I guess.)

I'd appreciate any information about whether it's really a good idea to trust files, or not. I'm leaning towards "not," right now. At this point I'm not concerned anymore about the speed of the scans themselves; I'm only concerned about having as much absolute security as possible. I don't mind if it takes ten times as long, if it's safer.

FWIW, I only have about 7 Gigs total used space on the main C drive (it's mostly empty and will remain that way, for my uses) and another 4 Gigs on another paritition (D drive) so I don't really have very many files to scan.

Thoughts?

Thanks in advance. 

--

NIS 2009

Win XP SP2

Edited, to add the following:

Slightly OT, but I forgot to mention that even when scanning every single file, NIS 2009 still seems faster than the old NIS 2007 that I'd been using previously, although scan speed doesn't really affect me one way or another - the only speed that I'm concerned with, is that whatever NIS is doing, doesn't mess with my CPU, and so far NIS 2009 has been very very well-behaved in that regard. None of that disruptive LuComServer or whatever the heck it was called (I've blissfully forgotten already) that showed up in the Task Manager whenever my old NIS 2007 would interrupt my work with its frustrating slowdowns even when auto-updates were disabled. NIS 2009 hasn't annoyed me like that, not even once - so 2009 is a huge gigantic improvement.

Hi j2000,

Norton Insight was born as a result of Symantec's research to avoid performance slowdown during file based scanning. Its initial project name was SAPHIRE, which stands for “Scan less by Avoiding Proven High Incident Recurring Entities.” Norton Insight catalogs interesting files on the system, and assigns a SHA256 value to the file. A secure connection is established from the client to the Norton Insight backend system. The client provides the backend with the SHA256 value of the file and a lookup is performed in the backend database. If a match is found, the trust attributes associated with the file are returned to the client. The client then assigns the trust attributes to the file. It’s important to note that a file will lose its trust attributes if it is even slightly modified. (Here comes the SONAR component into action)

Norton 2009 programs have a smart HIPS technology where it will look at all the behaviors of the applications and run certain heuristics on the application to determine if its a good application or a malicious application. If found to be malicious, it will automatically remove the application from the machine without prompting the user with these difficult-to-answer questions. This technology is called SONAR. SONAR uses an algorithm to evaluate hundreds of attributes relating to software that is running on your PC, so it can spot malicious software, whether it's already been identified by Symantec researchers or not. SONAR analyzes applications as they are running and takes action once enough evidence has been gathered to convict the application of being malware, based upon its behavior. Thus it identifies new and unknown threats in files, check the files whenever it gets updated/modified automatically.

Yogesh

That sounds very good! I sure appreciate the detailed explanation. I may go ahead and let Insight do its thing, after all; it sounds like it's safe. Thanks again