Norton 2010 got me infected

Perhaps Im missing something here, but isn't Nortons SONAR basically a form of HIPS?

I know its purpose is to identify and block new or unknown threats.

No, Sonar is conjunction of cloud-technology and behaviour blocker.
It acts differently from HIPS.
HIPS notifies users about almost all changes software is trying to make. And it is complete up to the user to decide what to do. So basically HIPS can be useless in hands of inexperienced user.

SONAR on the other hands, just examines the behaviour of the software over time (like what it does? what registry keys it creates? does it start in autorun? does it add itself in add/remove programs? was it downloaded from internet? Did download insight give positive feedback on it?) And after analysing this factors it will try to determine if software is malicious or not. And auto blocks it.
As SONAR heavily relies on online network, its detection rate is slightly lower on systems without active internet connection.

Both of them may seem similar, but they are completely different.
Each has its advantages and disadvantages...
Im also curious about that test result. Was that with Nortons FW set at "Auto" and what Auto settings?

I've used Comodo before, and it is a quite effective FW. So Im not bashing it.
But I tend to think, and Firewall which is set to always notify, unless you have created a rule for that specific app, will be equally effective.

I mean, if you set the Firewall to block all incoming and outgoing activity unless specifically allowed, seems they will all perform the same.

The only difference is COMODO is set that way by default, where as many others are not. What if they are all tested setup the same?

It is common misunderstanding.
Matouse is NOT firewall test.
ok, it has some firewall tests.

But it mostly is Proactive Defence, which is the job of HIPS not Firewall!

If you look at it, you can see that HIPS programs are the only ones that pass it.

I am repeating myself, matousec shouldn't be used to benchmark pure firewalls..
It is HIPS test. :sarc:
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86 SP1
OS
Windows 7 Ultimate x86 SP1
I'm surprised - I thought SONAR just looked at its behavior ONLY and not looking at other factors but it does make perfect sense! So that means then that if you're in an area where you aren't connected to the internet and insert a USB drive that has an unknown virus on it, SONAR may not pick it up?
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 with SP1Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz8 GBIntel(R) HD Graphics Family, NVIDIA GeForce
Computer Manufacturer/Model Number
ASUSTeK Computer Inc./Q550LF/Laptop
OS
Windows 7 Ultimate x64 with SP1
CPU
Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Motherboard
ASUSTeK Computer Inc.
Memory
8 GB
Graphics Card(s)
Intel(R) HD Graphics Family, NVIDIA GeForce
Hard Drives
Hitachi HTS547575A9E384
Internet Speed
XFINITY
Antivirus
Trend Micro
Hi there
I do all my Internet surfing from a Virtual Machine which performs essentially the same function as your "Sandboxed" system.

Nothing gets moved to the REAL machine until it's been properly checked out.

Incidentally I also go through my OWN proxy to connect to the Internet so if anything untoward gets on to my system I have a decent log of addresses visited (or IP addresses -- better actually) and then I can ensure these sites get permanently blocked.

Cheers
jimbo
 

My Computer My Computer

At a glance

Linux CENTOS 7 / various Windows OS'es and se...Intel i7 Intel i58GB, 16GBOn Motherboard
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom built, several laptops HP/ASUS
OS
Linux CENTOS 7 / various Windows OS'es and servers
CPU
Intel i7 Intel i5
Memory
8GB, 16GB
Graphics Card(s)
On Motherboard
Sound Card
Realtek HD audio
Monitor(s) Displays
Apple Cinema display, Samsung LCD
Screen Resolution
1920 X 1080
Hard Drives
4 X 1TB SATA
Mouse
Toshiba wireless laser
Internet Speed
> 20MB up
I'm surprised - I thought SONAR just looked at its behavior ONLY and not looking at other factors but it does make perfect sense! So that means then that if you're in an area where you aren't connected to the internet and insert a USB drive that has an unknown virus on it, SONAR may not pick it up?

ok, let me make my statement more clear.

In may last post when I mentioned "SONAR", I wanted to say "SONAR 2".
Obviously "SONAR 2" is new version of "SONAR" (all Norton products 2010 and above use SONAR 2, as far as I know)

Now, SONAR stands for "Symantec Online Network for Advanced Response".

When first introduced SONAR 1 was pure behaviour blocker as you said. It checked a lot of details and behaviour of the software and tried to decide if it is malicious or not.

When SONAR 2 was introduced, they added new functions such as reputation of the software on the Norton Cloud.

So as you can see "SONAR 2" is superior to "SONAR" due to cloud technologies.
It is not that "SONAR 2" is useless without Internet connection. It still contains improved version of Behaviour blocker from "SONAR".
The thing is that it will just lack its cloud data, which is really useful.

So that means then that if you're in an area where you aren't connected to the internet and insert a USB drive that has an unknown virus on it, SONAR may not pick it up?

Yes, of course.
There is a chance that it will not detect it.
But "SONAR 2" will probably detect it even without Internet connection if "SONAR" could detect it.
But there is a still a great chance that it will not detect everything.

On the other hand same can be said almost about everything.
I am totally sure that no blacklisting technology will detect everything. (unless if it actually detects everything as a virus :p that would be insane)

And I can say same to almost any other technology: behaviour-blocker, policy restriction, virtualisation or even white-listing.

All of them have their theoretical vulnerability, and all of the claim that they are Perfect if used Correctly.
Yes they are...
But there is no chance that average user can use them that way...


I will not go further in fear of starting flame war :zip:

As a Last word: Eventhough There is no Panace for computer malware, the situation is not as scary as media and security people try to make it.

If you think about it, we don't have so much security for ourselves as we do have for some heartless metal things :p

You are still crossing roads, regardless the fact that some driver can hit you with his car, aren't you?
So, life has the same level of dangers as internet. But we are more paranoic on Internet that in our lives.

PS: Just enjoy you life and don't worry too much ;)
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86 SP1
OS
Windows 7 Ultimate x86 SP1
I am repeating myself, matousec shouldn't be used to benchmark pure firewalls..It is HIPS test.

Yes that's true, but relying only on a Firewall for security is poor security policy. Adding a well tested and highly regarded HIPS program to the protection that the Firewall offers adds an additional layer of computer security that will not allow any program to run without the user's prior permission. In tests many times HIPS will detect Malware even before the Antivirus does.

~Maxx~
.
da59fa57.png
 

My Computer My Computer

At a glance

Windows 7 x64 Home PremiumIntel Core i7 930 @ 2.8 Ghz Socket 1366 LGA8 GB 1366 Mhz DDR3 (PC3-10700) RAMATI Radeon 5770 1 GB DDR5 RAM
Computer Manufacturer/Model Number
HP HPE 270f
OS
Windows 7 x64 Home Premium
CPU
Intel Core i7 930 @ 2.8 Ghz Socket 1366 LGA
Motherboard
Pegatron Truckee v1.04E41
Memory
8 GB 1366 Mhz DDR3 (PC3-10700) RAM
Graphics Card(s)
ATI Radeon 5770 1 GB DDR5 RAM
Sound Card
Realtech High Definition
Monitor(s) Displays
32" Sony Bravia
Screen Resolution
1366 X 768
Hard Drives
Intel 25nm 120 GB Series 320 SSD HD Tune- 265 MBps Read/ 130 MBps Write

LaCie 1TB + 1TB RAID 0 eSATA Drive HD Tune- 160 MBps Read/ 90 MBps Write
Keyboard
Logitech Illuminated
Mouse
Logitech MX Revolution
Internet Speed
36.4 Mbps Maximum on a 37 Mbps Motorola SB501 Modem
Hi there
I do all my Internet surfing from a Virtual Machine which performs essentially the same function as your "Sandboxed" system.

Nothing gets moved to the REAL machine until it's been properly checked out.

Incidentally I also go through my OWN proxy to connect to the Internet so if anything untoward gets on to my system I have a decent log of addresses visited (or IP addresses -- better actually) and then I can ensure these sites get permanently blocked.

Cheers
jimbo

Just excellent! A virtual template for state of the art computer security! I am curious as to whether you might be using Proxomitron as your proxy.

~Maxx~
.
da59fa57.png
 

My Computer My Computer

At a glance

Windows 7 x64 Home PremiumIntel Core i7 930 @ 2.8 Ghz Socket 1366 LGA8 GB 1366 Mhz DDR3 (PC3-10700) RAMATI Radeon 5770 1 GB DDR5 RAM
Computer Manufacturer/Model Number
HP HPE 270f
OS
Windows 7 x64 Home Premium
CPU
Intel Core i7 930 @ 2.8 Ghz Socket 1366 LGA
Motherboard
Pegatron Truckee v1.04E41
Memory
8 GB 1366 Mhz DDR3 (PC3-10700) RAM
Graphics Card(s)
ATI Radeon 5770 1 GB DDR5 RAM
Sound Card
Realtech High Definition
Monitor(s) Displays
32" Sony Bravia
Screen Resolution
1366 X 768
Hard Drives
Intel 25nm 120 GB Series 320 SSD HD Tune- 265 MBps Read/ 130 MBps Write

LaCie 1TB + 1TB RAID 0 eSATA Drive HD Tune- 160 MBps Read/ 90 MBps Write
Keyboard
Logitech Illuminated
Mouse
Logitech MX Revolution
Internet Speed
36.4 Mbps Maximum on a 37 Mbps Motorola SB501 Modem
Back
Top