NIS2009 - reactivity against a trojan

Discussion in 'other anti-virus software' started by puma_one, Jun 4, 2009.

Thread Status:
Not open for further replies.
  1. puma_one

    puma_one Registered Member

    Joined:
    Sep 25, 2008
    Posts:
    67
    Hello,

    I am testing NIS 2009 (trial version).

    When I go to the website www/dot/dassk/dot/com (Aug San Suu Kyi), the toolbar Norton indicates via the "Norton Safe Web" application that the website is not sure and that a trojan is present on this page. But Norton does not block the site.

    My question is : if Norton Safe Web recognizes a trojan why is there any automatic blocking of the website ?

    For exemple if you go on the mentionned website with nod32, the page is directly stopped.
     
    Last edited: Jun 4, 2009
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I had a look at that site and can't find any evidence of embedded malware.o_O
     
  3. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Norton Safe (in NIS 16.5.x and beyond) like McAfee SiteAdvisor, now only shows a red balloon warning and doesn't block sites it feels are a issue.

    But sites found as phishing by NIS 2009 anti-phishing component will be blocked in the old way.
     
  4. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I dunno how fast or responsive they're as a company, but I discussed their blocking-method with them regarding their Safe Web. Not that I care a lot considering I'm using AVG LinkScanner which always seem to be first overall, but I recall they said they would bring back the old way, which is blocking first, you get a page showing that there are threats present, then you can click a small text to still go on.


    EDIT: No alerts thrown up by LinkScanner or any of my other programs - I would say it's not present, atleast not anymore, maybe it got hacked or something... Tested going to both the page you mentioned and moving on to the main-one.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    The problem with Norton Safe Web, is that, it will check against a database, as far as I know. How old is that database? They sure can't keep up with the rhythm, and personally, that's why I never used SiteAdvisor, as well.

    During the beta period, I've seen a lot of good domains being tagged red, while domains pointing to rogue software, etc, tagged green.

    LinkScanner, as raven211 says reports it clean of exploits. http://linkscanner.explabs.com/link...&SRC=apps.explabs.com&CS=http://www.dassk.com

    Browser Defender, also reports it clean - http://www.browserdefender.com/site/dassk.com/

    Wepawet, also reports clean http://wepawet.iseclab.org/view.php?hash=b31382f98ea544836a7a25170247b4b5&t=1244139459&type=js

    But, as always, it may mean nothing.
     
  6. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I'd seriously always use LinkScanner before Browser Defender. :) It doesn't support Opera (or FF?) anyway...
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Firefox, it does support. Not Opera, though.
     
  8. puma_one

    puma_one Registered Member

    Joined:
    Sep 25, 2008
    Posts:
    67
    Thanks for the replies. Norton seems to me to be a totaly different product that nod32 or Kaspersky not only in his presentation but also in the way that he reacts against viruses.

    Here is the rapport I had with nod32 http://img145.imageshack.us/img145/8361/kyi.jpg
    -------------------------

    Back to NIS2009, I have other remarks to tell :

    1) When I use the eicar test files http://eicar.org/anti_virus_test_file.htm with Internet Explorer 8, Norton blocks something... http://img37.imageshack.us/img37/2988/nortoneicare.jpg (sorry it is in french)

    2) When I use the same eicar test files with Firefox, some test files are not recognized by Norton !!

    3) I do not understand why if you want to suppress the Norton toolbar, there is also a proposition about the suppression of "Symantec prevention intrusion" modul. Wouldn't be more logical to put this choice only into the current Norton interface ?
    http://img37.imageshack.us/img37/9339/nortontoolbar.jpg
     
    Last edited: Jun 5, 2009
  9. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Your problem with EICAR looks very odd as even for me with an unsupported browser (Opera), Norton is blocking things perfectly. Sadly my experience with FF is minimal as I miss features when using other browsers compared to mine (I'll remove Google Chrome from my lists; have one on my system as well :D), atleast because it needs a "wannabe-extension" to exist, or is not as easy to perform or something. I want my operation to be seemless, and Opera is both very featurerich but also easy to use. Therefore I'm sorry, but I don't think I can help you. I'm sure someone with great experience with FF and Norton can do though, and there should be a number here.
     
  10. Michael York

    Michael York Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    56
    Hi puma_one,

    This is Mike from the Norton Authorized Support Team.

    The real-time protection and Advanced Protection features in Norton Internet Security 2009 are used to block infections or remove/quarantine them.

    The Norton Safe Web application service analyzes the security levels of the Web sites you visit and indicates if the Web sites are free from threats. For online shopping Web sites, Norton Safe Web also indicates whether the Web site offers safe online shopping experience. It does this by checking the site against the Symantec servers, which include user submissions, to determine if there are any security threats.

    The Enhanced Search Engine Results feature of Norton Safe Web lets you know that a Web site is malicious even before you visit it. If a site is deemed to have many or deep threats, you will see a red cross in the Norton Toolbar. If a site is what is known as a "Nuisance," such as http://dassk.org/, you will see a yellow exclamation mark in the Norton Toolbar. If you click on the icon and then choose "Full Report" you will see the threats that have been detected on that site but it will not block you from navigating the site.

    The only time a site will be completely blocked is if it has a red X icon on the toolbar. You will also receive a notification on your browser that tells you that the site is unsafe and there will be links to the Full Report as well as a link to the Safe Web site where you can see what other users have found on the site .

    In the case of "http://dassk.org/" Norton Safe Web is reporting that it has found 4 threats that could make their way onto your system if you were to proceed with navigating the site. This is how Norton Safe Web was designed. All security applications that contain a similar feature to Norton Safe Web will operate differently, by design.

    Lastly, the issue you are having with the eicar test file in Firefox is strange, as it is not dependent on the browser, but instead the Auto-Protect and Advanced Protection features of Norton Internet Security. Make sure that both of these features are enabled before trying the eicar test again. If you download the eicar test from Firefox and do not get a notification from Norton, then run a "Full System Scan" on your computer and the file should be flagged.

    I would advise you to make sure that you have all of the Windows Security patches applied to your system, and to also manually run LiveUpdate to make sure you have the latest program and definition files applied to your system. Restart your computer if any updates are installed.

    I hope this answers the questions for you.

    Thank you,
    Mike






     
  11. puma_one

    puma_one Registered Member

    Joined:
    Sep 25, 2008
    Posts:
    67
    Thank you Mike for taking interest about my post. I appreciate.

    If I check today the Norton Safe Web for dassk.org, I find this : http://img145.imageshack.us/img145/3523/nortonsafeweb.jpg

    So, the general threat level is yellow, it means that there is no automatic blocking of the website.

    Further you have a red crossed circle and the trojan JSdownloader is mentionned.

    If I follow your explanations it would means that there is simply the potentiallity to find the mentionned trojan on this website.

    Is it correct ?
     
  12. Michael York

    Michael York Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    56
    Hi puma_one,

    Yes, Norton Safe Web is notifying you that by visiting this particular site you may get infected with one or more of the threats that have been detected, which are shown in the full report. It is advised that when you come upon a page that shows the Yellow check-mark, that you may not want to visit this site or risk infection. As I had stated in my original response though, if you were to visit this site, and Norton internet Security is installed and configured correctly, the real-time protection features would block or quarantine the threats that were detected on this site.


    Thanks,
    Mike
     
    Last edited: Jun 15, 2009
  13. puma_one

    puma_one Registered Member

    Joined:
    Sep 25, 2008
    Posts:
    67
    Thank you Mike
     
  14. Michael York

    Michael York Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    56
    Hi puma_one,

    You are very welcome and I'm glad I was able to clarify how Norton Safe Web works.

    Have a great day,

    Mike
     
Loading...
Thread Status:
Not open for further replies.