Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Norton 2010 got me infected

13 Sep 2010   #41
jav

Windows 7 Ultimate x86 SP1
 
 

Quote   Quote: Originally Posted by Wishmaster View Post
Perhaps Im missing something here, but isn't Nortons SONAR basically a form of HIPS?

I know its purpose is to identify and block new or unknown threats.
No, Sonar is conjunction of cloud-technology and behaviour blocker.
It acts differently from HIPS.
HIPS notifies users about almost all changes software is trying to make. And it is complete up to the user to decide what to do. So basically HIPS can be useless in hands of inexperienced user.

SONAR on the other hands, just examines the behaviour of the software over time (like what it does? what registry keys it creates? does it start in autorun? does it add itself in add/remove programs? was it downloaded from internet? Did download insight give positive feedback on it?) And after analysing this factors it will try to determine if software is malicious or not. And auto blocks it.
As SONAR heavily relies on online network, its detection rate is slightly lower on systems without active internet connection.

Both of them may seem similar, but they are completely different.
Each has its advantages and disadvantages...
Quote   Quote: Originally Posted by Wishmaster View Post
Im also curious about that test result. Was that with Nortons FW set at "Auto" and what Auto settings?

I've used Comodo before, and it is a quite effective FW. So Im not bashing it.
But I tend to think, and Firewall which is set to always notify, unless you have created a rule for that specific app, will be equally effective.

I mean, if you set the Firewall to block all incoming and outgoing activity unless specifically allowed, seems they will all perform the same.

The only difference is COMODO is set that way by default, where as many others are not. What if they are all tested setup the same?
It is common misunderstanding.
Matouse is NOT firewall test.
ok, it has some firewall tests.

But it mostly is Proactive Defence, which is the job of HIPS not Firewall!

If you look at it, you can see that HIPS programs are the only ones that pass it.

I am repeating myself, matousec shouldn't be used to benchmark pure firewalls..
It is HIPS test.


My System SpecsSystem Spec
.
13 Sep 2010   #42
codyw

Windows 7 Ultimate x64 with SP1
 
 

I'm surprised - I thought SONAR just looked at its behavior ONLY and not looking at other factors but it does make perfect sense! So that means then that if you're in an area where you aren't connected to the internet and insert a USB drive that has an unknown virus on it, SONAR may not pick it up?
My System SpecsSystem Spec
13 Sep 2010   #43
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi there
I do all my Internet surfing from a Virtual Machine which performs essentially the same function as your "Sandboxed" system.

Nothing gets moved to the REAL machine until it's been properly checked out.

Incidentally I also go through my OWN proxy to connect to the Internet so if anything untoward gets on to my system I have a decent log of addresses visited (or IP addresses -- better actually) and then I can ensure these sites get permanently blocked.

Cheers
jimbo
My System SpecsSystem Spec
.

13 Sep 2010   #44
jav

Windows 7 Ultimate x86 SP1
 
 

Quote   Quote: Originally Posted by codyw View Post
I'm surprised - I thought SONAR just looked at its behavior ONLY and not looking at other factors but it does make perfect sense! So that means then that if you're in an area where you aren't connected to the internet and insert a USB drive that has an unknown virus on it, SONAR may not pick it up?
ok, let me make my statement more clear.

In may last post when I mentioned "SONAR", I wanted to say "SONAR 2".
Obviously "SONAR 2" is new version of "SONAR" (all Norton products 2010 and above use SONAR 2, as far as I know)

Now, SONAR stands for "Symantec Online Network for Advanced Response".

When first introduced SONAR 1 was pure behaviour blocker as you said. It checked a lot of details and behaviour of the software and tried to decide if it is malicious or not.

When SONAR 2 was introduced, they added new functions such as reputation of the software on the Norton Cloud.

So as you can see "SONAR 2" is superior to "SONAR" due to cloud technologies.
It is not that "SONAR 2" is useless without Internet connection. It still contains improved version of Behaviour blocker from "SONAR".
The thing is that it will just lack its cloud data, which is really useful.

Quote:
So that means then that if you're in an area where you aren't connected to the internet and insert a USB drive that has an unknown virus on it, SONAR may not pick it up?
Yes, of course.
There is a chance that it will not detect it.
But "SONAR 2" will probably detect it even without Internet connection if "SONAR" could detect it.
But there is a still a great chance that it will not detect everything.

On the other hand same can be said almost about everything.
I am totally sure that no blacklisting technology will detect everything. (unless if it actually detects everything as a virus that would be insane)

And I can say same to almost any other technology: behaviour-blocker, policy restriction, virtualisation or even white-listing.

All of them have their theoretical vulnerability, and all of the claim that they are Perfect if used Correctly.
Yes they are...
But there is no chance that average user can use them that way...


I will not go further in fear of starting flame war

As a Last word: Eventhough There is no Panace for computer malware, the situation is not as scary as media and security people try to make it.

If you think about it, we don't have so much security for ourselves as we do have for some heartless metal things

You are still crossing roads, regardless the fact that some driver can hit you with his car, aren't you?
So, life has the same level of dangers as internet. But we are more paranoic on Internet that in our lives.

PS: Just enjoy you life and don't worry too much
My System SpecsSystem Spec
13 Sep 2010   #45
malexous

Arch Linux 64-bit
 
 

SONAR 3 is in the 2011 products and has been deployed to the 2010 products through LiveUpdate.

SONAR 3: A new level of behavioral security in Nor... - Norton Community
My System SpecsSystem Spec
13 Sep 2010   #46
Maxxwire

Windows 7 x64 Home Premium
 
 

Quote   Quote: Originally Posted by jav View Post
I am repeating myself, matousec shouldn't be used to benchmark pure firewalls..It is HIPS test.
Yes that's true, but relying only on a Firewall for security is poor security policy. Adding a well tested and highly regarded HIPS program to the protection that the Firewall offers adds an additional layer of computer security that will not allow any program to run without the user's prior permission. In tests many times HIPS will detect Malware even before the Antivirus does.

~Maxx~
.
My System SpecsSystem Spec
13 Sep 2010   #47
Maxxwire

Windows 7 x64 Home Premium
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Hi there
I do all my Internet surfing from a Virtual Machine which performs essentially the same function as your "Sandboxed" system.

Nothing gets moved to the REAL machine until it's been properly checked out.

Incidentally I also go through my OWN proxy to connect to the Internet so if anything untoward gets on to my system I have a decent log of addresses visited (or IP addresses -- better actually) and then I can ensure these sites get permanently blocked.

Cheers
jimbo
Just excellent! A virtual template for state of the art computer security! I am curious as to whether you might be using Proxomitron as your proxy.

~Maxx~
.
My System SpecsSystem Spec
Reply

 Norton 2010 got me infected




Thread Tools




Similar help and support threads
Thread Forum
Norton Internet Security 2010
Windows tells me that I have no security software installed, but I have NIS 2010 installed and running ok... How do I make Windows 7 recognise NIS?
System Security
Windows 7 with Norton 2010 & Malwarebytes ?
For starters do you think both of those would be good enough for security ? Now on to my issue.. currently I'm trying to download this game CABAL Online... It's a pretty decent free 2 play with the option of buying cash shop items but when ever I finish download, it appears that Norton cannot...
System Security
The reasons why you should stay away of norton 2010
This is my first thread, hope its fine mods. ;) I've been using kaspersky 2010 and last year 2009 (i still have two more years available in my license) however, last night i got tired of it, i was not able to install a wireless adapter because of it and nobody could help me (linksys included)...
System Security
Microsoft: Some Office 2010 torrents infected
Microsoft advises staying clear of some Office 2010 torrents. The torrents distributed by some members of this site have been checked by me personally and did not contain any malware, worms or virus's I wanted to post quickly to acknowledge the information that you have seen today around bits...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:52.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App