Norton 2011 released (early releases only - see new thread)

Discussion in 'other anti-virus software' started by 3GUSER, Aug 26, 2010.

Thread Status:
Not open for further replies.
  1. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Re: Norton 2011 released

    The only truly fail was Norton 2008 which was really bad. But all the other versions were pretty good. Well, unless LiveUpdate component which was problematic all the time. But they have get rid of it it appears (or made it much better).
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    Re: Norton 2011 released

    well norton 2003-2007 were fails. 2009 onwards are great products.
     
  3. begemot64

    begemot64 Registered Member

    Joined:
    Jul 28, 2010
    Posts:
    71
    Re: Norton 2011 released

    Grabbed the trial, tested it out against 50 samples. It did let 2-3 through completely, full scan revealed nothing, though Prevx detected them. Very low resource usage, looks like a great suite for begginer users.
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    Re: Norton 2011 released

    was that for the suite or av only? Is there anything important security-wise missing from using just using the av and windows firewall?
     
  5. ace11

    ace11 Registered Member

    Joined:
    Aug 23, 2007
    Posts:
    98
    Re: Norton 2011 released


    How do you know those 2-3 samples were actually (working) malwares ?
    Was it based on Prevx detection ?
     
  6. begemot64

    begemot64 Registered Member

    Joined:
    Jul 28, 2010
    Posts:
    71
    Re: Norton 2011 released

    NIS 2011, settings different from default:

    Aggressive Heuristics
    Aggressive Sonar
    Aggressive Protect on Boot
    Prompt for low risk threats.

    To answer your question, just Windows firewall and NAV is pretty weak, NIS offers better protection. I would not use NIS as a standalone, as it too isn't foolproof. Layered protection is the answer. What's nice is that it is lightweight, and seems to be more effective than other suites.

    4 samples were let through:

    1. Fake AV. Compromise of system is blatantly evident, access to task manager barred, malicious packets sent (wireshark sniff). Prevx, Malwarebytes detect and remove. No warnings from NIS.

    2. Rootkit. Driver loaded, Prevx, RKU detect and remove. No warnings from NIS.

    3. Two trojans: Both send malicious packets, both active in memory. Prevx, Malwarebytes detect and remove. NIS's Sonar stops one component of one of the trojans, but fails to prevent malicious payload / further download of malware components.

    Full scan of NIS reveals nothing.

    Still, for a suite, it is pretty effective - it did completely stop the rest of the samples.
     
  7. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    812
    Location:
    255.255.255.255
    Re: Norton 2011 released

    @begemot64
    nothing offers 100% protection
    can u upload ur test result via virustotal

    i dont undeerstand that how come MBAM though being very less in size detcts so many malare and give copmpetition to even strong av
     
  8. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Re: Norton 2011 released

    @begemot64
    I believe your results are correct, although it is strange that layered NIS do nothing to catch threats. Symantec will promote 2011 products as the world most powerful and efficient antimalware.
     
  9. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    818
    Re: Norton 2011 released

    Didn't file insight pop up with a warning when you downloaded it? Even if it wasn't in the definitions, it should warn for unknown stuff, shouldn't it?
     
  10. begemot64

    begemot64 Registered Member

    Joined:
    Jul 28, 2010
    Posts:
    71
    Re: Norton 2011 released

    Yes of course nothing offers 100% protection. Some things get closer to it than others though.

    @ King Grub - defeinitely no pop ups.

    3GUSER requested sample URLs, and as I didn't find the originals, I found some new ones that get past NIS 2011. NIS blocks some components, but critically leaves other running in memory (they happily download further exploits). Full scan gives nothing. Here's the Virustotal report:

    ~ Virus Total Results Removed per Policy ~

    As always, layered security is the answer (or Defensewall ;) )
     
    Last edited by a moderator: Aug 29, 2010
  11. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Re: Norton 2011 released

    I went looking for the RAR file that was on that VT report and in three separate instances the download website was blocked by NIS.
     

    Attached Files:

  12. begemot64

    begemot64 Registered Member

    Joined:
    Jul 28, 2010
    Posts:
    71
    Re: Norton 2011 released

    Do you need a working link? PMed. The fact that NIS blocks the server does not in any way imply that it blocks the exploit - a simple repack and new server, and voila, download link not blocked.

    There are currently a large and varied range of malware that NIS 2011 does not deal with.
     
    Last edited: Aug 29, 2010
  13. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Re: Norton 2011 released

    The first one you sent me (spyware something from montezuma.spb.ru)
    Norton AV 2011 kills it thanks to SONAR as soon as it is loaded

    The other one that refers to MS Office 2007 crack - the same. Additionally , the keygen sites you gave are blocked by Norton SafeWeb.

    You say there are things still running in memory - I couldn't find one.

    By the way , thanks for giving me the samples and submitting them. If I was wrong in replication , would you give me a way to replicate . Thank you
     

    Attached Files:

    • 111.png
      111.png
      File size:
      39.5 KB
      Views:
      735
    • 222.PNG
      222.PNG
      File size:
      68.7 KB
      Views:
      740
    Last edited: Aug 29, 2010
  14. begemot64

    begemot64 Registered Member

    Joined:
    Jul 28, 2010
    Posts:
    71
    Re: Norton 2011 released

    That is most bizarre. I just tried the file again, and SONAR is definitely silent. You are using 2011, right? My insight report shows Poor, not high, even now. I have read that Insight is not working properly on a number of other forums for several users - perhaps this has something to do with it, and explains why I get no Sonar... I am using a relatively slow internet connection.

    However, even when clicking "check trust", it comes out with "poor", not "high".

    http://img829.imageshack.us/i/36498039.png/
     
    Last edited: Aug 29, 2010
  15. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Re: Norton 2011 released

    Yes . Norton AV 2011 (18.1.0.37) .
    I restored the file from Quarantine and the cloud rating is Poor.

    What do you mean "I just tried the file" . Did you actually start/run the malicious file ? Do you use utilities like Process Explorer and Process Monitory (by Microsoft) to see what is going on
     

    Attached Files:

    • 333.PNG
      333.PNG
      File size:
      141.6 KB
      Views:
      1
  16. begemot64

    begemot64 Registered Member

    Joined:
    Jul 28, 2010
    Posts:
    71
    Re: Norton 2011 released

    Yes, re-ran the threat. Sonar does not detect keygen, which installs a TDSS variant, and proceeds to download other malware. Sonar blocks some of it.

    It's particularly bizarre how your install blocks it from the beginning (maybe something is wrong with this install of NIS?). Have you scanned with prevx/malwarebytes?

    Process explorer shows a rainbow of modules quietly hiding away....
     
    Last edited: Aug 29, 2010
  17. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Re: Norton 2011 released

    This is fixed in Norton 2011 . I had the same problem with v 2010 long ago for about a month and after several long sessions and many Norton agents, the last one fixed it for me . It is related to settings but as I said it is fixed in v2011
     
  18. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Re: Norton 2011 released

    No ,because I monitored what was going on - I do this everytime I test malware samples. I'll do further check with MBAM , Gmer , NPE and Hitman Pro , TDSS Killer . Just give me some time but I don't think they'll show something.
     
  19. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    818
    Re: Norton 2011 released

    I had too, but the same files that causes issues with 2010 is being handled as intended by 2011. :)
     
  20. begemot64

    begemot64 Registered Member

    Joined:
    Jul 28, 2010
    Posts:
    71
    Re: Norton 2011 released

    Interesting, so did I... Well, if they didn't show, they didn't show - the infection on mine was most evident - 2-3 command prompts, followed by the typical heap of activity in process explorer which you commonly see in TDSS infections. So if you didn't have any of that, it's clear NIS did it's job and you're clean...

    Now the question is why does my install not block it. I'm using Win 7 32bit, what about you? Anyone else with the capacity to verify this file against NIS?

    I noticed that my Safe web did not, unlike yours, flag the download as malicious. My liveupdate is up to date. I wonder what could be going on....
     
  21. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Re: Norton 2011 released

    What about Process monitor ? I scanned my system with the above mentioned programs/tools and nothing was found. It seems SONAR really blocked the threat as it executed.

    Try to uninstall Norton , run Norton Removal tool and install again. If you have an image from the system before, restore to it.

    Do you run on virtual machine ? I am on real system. Some malware act differently when on real or virtual machine. I really have no idea what is going on with your computer .
    I am on Win 7 HP edition 32-bit , too
     
    Last edited: Aug 29, 2010
  22. begemot64

    begemot64 Registered Member

    Joined:
    Jul 28, 2010
    Posts:
    71
    Re: Norton 2011 released

    Yes, I'm sure you would have picked it up had NIS let it through.

    It's one of my live machines, no VM... The only difference is that you are running NAV, and i'm running NIS. I'll do a reinstall (might as well reformat that one) and check again.
     
  23. TomiRed

    TomiRed Registered Member

    Joined:
    Aug 29, 2010
    Posts:
    19
    Re: Norton 2011 released

    I have NIS installed and SONAR killed it off right at the start, as on 3Guser's system. Looking into Process Explorer, the process was killed as soon as it started, the NIS pop-up ensued after a few moments.

    Let me know if it turns out that something in fact gets through, 3Guser :D

    begemot, does the file request elevation if it gets to run succesfully (y'know, UAC)?
     
  24. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Re: Norton 2011 released

    Thanks, zfactor, for answering this question with certainty and correcting my misunderstanding. I am somewhat surprised, only because my (sometimes faulty) memory says that in prior years, the final RTM version has never had the same version number as the last beta release.
     
  25. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    Re: Norton 2011 released

    there may be a update that comes soon from what im told that will update everyone to the nest "version" number.. but otherwise this is def final
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.