Norton Internet Security 2010 Browser Protection

Ok what the heck is it Sandbox, Isolator what ? I have googled a few times cant seem to find out exactly what this feature does other then slow my browser down.

 

FWIW I don't notice any browser performance degradation when Browser Protection is On.

 

The only time I notice the slowdown is when I first open my browser for the first 1-3 sec. After that it runs with no issues. With it off my browser is zippy from the moment it loads. This also happens on the other 2 computers I got it running on. But overall its a awesome product.

Also I understand it protects the browser my main question is How does it sandbox it what ?

 

No , it doesn't sandbox . It integrates into the browser as a BHO and scans browser's traffic . It incorporates very big database of attacks and blocks them when found. It doesn't scan the download of files , however.

In Norton Internet Security and 360 there are two other BHOs - the Safe Web toolbar , and the Log-in protection

 

So kind of acts like a Webshield but for a browser ? If so cool and interesting Idea.

Thanks ASpace.

 

It can be said so.

YAW

 

NIS 2010 doesn't have a web shield and neither did 2009,2008.

 

XPS743
Yes,it has a web shield
https://www.wilderssecurity.com/showpost.php?p=1314800&postcount=161

 

As a side note, features such as “browser protection” actually enhance malware protection -- but, their impact is not reflected in many anti-virus comparatives that simply scan for malware rather than mimicking a person’s real-world interaction with the web.

 

Then why doesn't NIS stop you from downloading the eicar test in a zip. It also fails to detect other malware when downloading. Such as in a RAR file. KIS does. KIS gives me an alert on all 4 eicar tests and doesnt even let me download them. Hence................the lack of a web shield in NIS.

 

In all honesty why does it matter ? As soon as you pull them out of the file they are detected. But then again some people like to stop them in the stream!

 

Because the Download Insight capability of Norton Internet Security 2010 “provides reputation information to give you insight on the executable files you download from the Internet.” A ZIP archive isn’t an executable, and thus is not checked at the time of the download.

 

Yes but recognizing that file is malicious hidden inside a zip or rar is better for most users. I would rather know something is bad even before it downloads.

 

Browser Protection protects against a broad range of browser exploits, including attacks against JavaScript and ActiveX. It integrates into our Intrusion Detection engine. We first introduced it in 2008 and have continued to enhance it. It is a core protection technology - and in fact picks up most attacks long before the virus scanner comes into play.

The technology uses vulnerability signatures - not exploit signatures. So, for example, if there is a known vulnerability with a browser plug-in, it looks for traffic aimed at that vulnerability. This is very different then looking for malware in files or even in looking for known exploits.

So no, it does not have a big database of attacks nor does it sandbox.

This technique allows us to identify even heavily obfuscated attacks. In fact, this technology is the reason we did so well on the much maligned Dennis Labs tests - and in the Cascadia Labs test from last year. Those tests looked at what happens when you to real attacking web site - sites that were designed to evade security products.

Browser Protection is not related to our Insight technology. Insight is file based - BP is looking at traffic directed at known vulnerabilities.

Dan Schrader
Symantec

 

Point is?

 

Hi XPS743,

I think I addressed this question in the posting https://www.wilderssecurity.com/showpost.php?p=1314800&postcount=161

We see no additional value in detecting a malicious exe in the stream, because after all the exe has to hit the disk before it can execute.

Shane
Architect, Symantec Corp.

 

Dan, thank you for taking the time to provide this insightful explanation of the Browser Protection capability within Norton Internet Security 2010.

As suggested previously (post #9) -- and as confirmed by your note -- anti-virus comparatives that more closely mimic the real-world interactions of users with the web will reflect the impact of capabilities such as Browser Protection; and, by contrast, more simplistic anti-virus comparatives will underestimate the degree of protection afforded to the user and thereby fail to distinguish important differences in protection performance among products.

Interested individuals may wish to revisit the Cascadia Labs report which states: “In our testing, Symantec’s Norton Internet Security 2009 blocked 100 percent of all the exploits tested. Norton’s effectiveness was nearly twice that of the nearest competitor.”