Norton Internet Security 2010 Browser Protection

Discussion in 'other anti-virus software' started by Fajo, Nov 21, 2009.

Thread Status:
Not open for further replies.
  1. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    Ok what the heck is it Sandbox, Isolator what ? I have googled a few times cant seem to find out exactly what this feature does other then slow my browser down. :p
     
  2. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    FWIW I don't notice any browser performance degradation when Browser Protection is On.
     
  3. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    The only time I notice the slowdown is when I first open my browser for the first 1-3 sec. After that it runs with no issues. With it off my browser is zippy from the moment it loads. This also happens on the other 2 computers I got it running on. But overall its a awesome product.

    Also I understand it protects the browser my main question is How does it sandbox it what ?
     
  4. ASpace

    ASpace Guest

    No , it doesn't sandbox . It integrates into the browser as a BHO and scans browser's traffic . It incorporates very big database of attacks and blocks them when found. It doesn't scan the download of files , however.

    In Norton Internet Security and 360 there are two other BHOs - the Safe Web toolbar , and the Log-in protection
     
  5. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812

    So kind of acts like a Webshield but for a browser ? If so cool and interesting Idea.

    Thanks ASpace.
     
  6. ASpace

    ASpace Guest

    It can be said so.


    YAW
     
  7. XPS743

    XPS743 Registered Member

    Joined:
    Nov 21, 2009
    Posts:
    24
    NIS 2010 doesn't have a web shield and neither did 2009,2008.
     
  8. rayoflight

    rayoflight Registered Member

    Joined:
    Jun 8, 2006
    Posts:
    180
  9. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    As a side note, features such as “browser protection” actually enhance malware protection -- but, their impact is not reflected in many anti-virus comparatives that simply scan for malware rather than mimicking a person’s real-world interaction with the web.
     
  10. XPS743

    XPS743 Registered Member

    Joined:
    Nov 21, 2009
    Posts:
    24

    Then why doesn't NIS stop you from downloading the eicar test in a zip. It also fails to detect other malware when downloading. Such as in a RAR file. KIS does. KIS gives me an alert on all 4 eicar tests and doesnt even let me download them. Hence................the lack of a web shield in NIS.
     
  11. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    In all honesty why does it matter ? As soon as you pull them out of the file they are detected. But then again some people like to stop them in the stream!
     
  12. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Because the Download Insight capability of Norton Internet Security 2010 “provides reputation information to give you insight on the executable files you download from the Internet.” A ZIP archive isn’t an executable, and thus is not checked at the time of the download.
     
  13. XPS743

    XPS743 Registered Member

    Joined:
    Nov 21, 2009
    Posts:
    24
    Yes but recognizing that file is malicious hidden inside a zip or rar is better for most users. I would rather know something is bad even before it downloads.
     
  14. dschrader

    dschrader AV Expert

    Joined:
    Mar 10, 2009
    Posts:
    54
    Browser Protection protects against a broad range of browser exploits, including attacks against JavaScript and ActiveX. It integrates into our Intrusion Detection engine. We first introduced it in 2008 and have continued to enhance it. It is a core protection technology - and in fact picks up most attacks long before the virus scanner comes into play.

    The technology uses vulnerability signatures - not exploit signatures. So, for example, if there is a known vulnerability with a browser plug-in, it looks for traffic aimed at that vulnerability. This is very different then looking for malware in files or even in looking for known exploits.

    So no, it does not have a big database of attacks nor does it sandbox.

    This technique allows us to identify even heavily obfuscated attacks. In fact, this technology is the reason we did so well on the much maligned Dennis Labs tests - and in the Cascadia Labs test from last year. Those tests looked at what happens when you to real attacking web site - sites that were designed to evade security products.

    Browser Protection is not related to our Insight technology. Insight is file based - BP is looking at traffic directed at known vulnerabilities.

    Dan Schrader
    Symantec
     
  15. XPS743

    XPS743 Registered Member

    Joined:
    Nov 21, 2009
    Posts:
    24
    Point is?
     
  16. shanep

    shanep AV Expert

    Joined:
    Sep 10, 2008
    Posts:
    54
    Hi XPS743,

    I think I addressed this question in the posting https://www.wilderssecurity.com/showpost.php?p=1314800&postcount=161

    We see no additional value in detecting a malicious exe in the stream, because after all the exe has to hit the disk before it can execute.

    Shane
    Architect, Symantec Corp.
     
  17. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Dan, thank you for taking the time to provide this insightful explanation of the Browser Protection capability within Norton Internet Security 2010.

    As suggested previously (post #9) -- and as confirmed by your note -- anti-virus comparatives that more closely mimic the real-world interactions of users with the web will reflect the impact of capabilities such as Browser Protection; and, by contrast, more simplistic anti-virus comparatives will underestimate the degree of protection afforded to the user and thereby fail to distinguish important differences in protection performance among products.

    Interested individuals may wish to revisit the Cascadia Labs report which states: “In our testing, Symantec’s Norton Internet Security 2009 blocked 100 percent of all the exploits tested. Norton’s effectiveness was nearly twice that of the nearest competitor.”
     
Loading...
Thread Status:
Not open for further replies.