Norton Insight

Last updated
Norton Insight
Norton Insight Screenshot Nortoninsightgui.png
Norton Insight Screenshot
Norton Insight in Norton Internet Security 2010
Developer(s) Symantec Corporation
Operating system Microsoft Windows
License Proprietary

Norton Insight whitelists files based on reputation. Norton-branded antivirus software then leverages the data to skip known files during virus scans. Symantec claims quicker scans and more accurate detection with the use of the technology.

Antivirus software computer software to defend against malicious computer viruses

Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

A computer virus is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.

Contents

Development

Insight was codenamed Mr. Clean. Its initial aim was to help users determine what programs from the Internet are safe to install. Mr. Clean would provide a risk assessment to discern between safe and malicious files. [1] However, its goal was later changed to making virus scans more efficient; instead of scanning every file, known files are skipped, cutting scanning times. [2]

Internet Global system of connected computer networks

The Internet is the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link devices worldwide. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries a vast range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and file sharing. Some publications no longer capitalize "internet".

Basic introduction & usage

Norton Community Watch, a voluntary and anonymous service, allows a user's Norton product to forward information to Symantec servers. [3] Among the data collected are the processes running and their SHA256 values. A reappearing hash value and its corresponding file are whitelisted, and Norton Insight checks the processes on a user's computer against the whitelist. Matching processes are excluded from scanning.

When a process is "trusted", it has been deemed safe and excluded from risk scanning. There are two trust levels; "standard" and "high". The third option is to disable Norton Insight. In standard trust, processes appearing in the majority of participants' computers are deemed safe. High trust, in addition, excludes digitally signed files from scanning.

Tamper protection

Norton analyzes the NTFS file system upon startup, and if unaccounted changes are found, trust values of the processes on the system are revoked.

NTFS is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of the Windows NT family.

In the case of a mistake, a revocation mechanism was implemented, where clients receive a list of revoked SHA256 values via LiveUpdate. If the client has a file matching a SHA256 and is currently trusting that file, all trust is revoked, and the file is once again scanned. [4] Norton File Insight was a feature released in Norton 2010 products.

Norton file/download insight

The Norton Download Insight feature, provides insight of the files that you download and install in your computer. While the File Insight give you the reputation information, and locates the file on your computer, as well a feature that copies the information to the users clipboard.

It supports the Norton Download Insight Feature, and assizes a reputation about the file. The File Insight window provides the following information:

Issues

Upon release the Download Insight program would erroneously flags a downloaded file as having no Digital Signature and no version number and therefore a potential threat. [5]

Reception

The Tech Herald, which tested Norton Internet Security 2009, found Insight affected system performance while whitelisting files. [6] After scans, the publication also noted total number of files scanned and the number of trusted (skipped) files varied each scan. The average amount of time Insight took to scan a 561 megabyte folder with 21,816 clean files was 0:00:24:41. Despite the oddities, the editor observed Norton Internet Security 2009 was faster than subsequent products. [7]

See also

Related Research Articles

Whitelisting is the practice of explicitly allowing some identified entities access to a particular privilege, service, mobility, access or recognition. It is the reverse of blacklisting.

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a concatenation of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

Symantec company

Symantec Corporation is an American software company headquartered in Mountain View, California, United States. The company provides cybersecurity software and services. Symantec is a Fortune 500 company and a member of the S&P 500 stock-market index. The company also has development centers in Pune, Chennai and Bengaluru (India).

Spybot – Search & Destroy computer program

Spybot – Search & Destroy (S&D) is a spyware and adware removal computer program compatible with Microsoft Windows, which has free and paid versions. Dating back to the first Adwares in 2000, Spybot scans the computer hard disk and/or RAM for malicious software.

Norton AntiVirus anti-virus software

Norton AntiVirus is an anti-virus and anti-malware software product, developed and distributed by Symantec Corporation since 1991 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Norton Internet Security, developed by Symantec Corporation, is a computer program that provides malware prevention and removal during a subscription period and uses signatures and heuristics to identify viruses. Other features included in the product are a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after fourteen years as the chief Norton product. It is superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

Norton Personal Firewall software

Norton Personal Firewall, developed by Symantec, is a discontinued personal firewall with ad blocking, program control and privacy protection capabilities.

Rogue security software is a form of malicious software and Internet fraud that misleads users into believing there is a virus on their computer, and to pay money for a fake malware removal tool. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. Two of the earliest examples to gain infamy were AdDestroyer and VirtualBouncer back in 2004.

Norton 360, which was developed by Symantec, is an “all-in-one” security suite that combined online protection with performance tuning. The thing that distinguished this suite from Norton Internet Security, is the inclusion of optimization and problem solving tools.

SONAR is the abbreviation for Symantec Online Network for Advanced Response. Unlike virus signatures, SONAR examines the behavior of applications to decide whether they are malicious. SONAR is built upon technology Symantec acquired in its late 2005 purchase of WholeSecurity, a developer of behavioral anti-malware and anti-phishing software solutions in the United States.

Kaspersky Internet Security

Kaspersky Internet Security is an internet security suite developed by Kaspersky Lab compatible with Microsoft Windows and Mac OS X. KIS offers protection from malware, as well as email spam, phishing and hacking attempts, and data leaks. Kaspersky Lab Diagnostics results are distributed to relevant developers through MIT.

VirusTotal website

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google Inc. in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Alphabet Inc..

Symantec Endpoint Protection computer security software

Symantec Endpoint Protection, developed by Symantec, is a security software suite, which consists of anti-malware, intrusion prevention and firewall features for server and desktop computers. It has the largest market-share of any product for endpoint security.

Blacklist (computing) criteria to prohibit computer access

In computing, a blacklist or blocklist is a basic access control mechanism that allows through all elements, except those explicitly mentioned. Those items on the list are denied access. The opposite is a whitelist, which means only items on the list are let through whatever gate is being used. A greylist contains items that are temporarily blocked until an additional step is performed.

Norton Safe Web

Norton Safe Web is a service developed by Symantec Corporation that is designed to help users identify malicious websites. Safe Web delivers information about websites based on automated analysis and user feedback.

Norton Family

Norton Family is an American cloud-based parental control service. Norton Family is aimed at "fostering communication" involving parents and their children's online activities. Computer activities are monitored by the software client, and reports are published online.

Norton LiveUpdate

Norton LiveUpdate is a utility developed by Symantec Corporation that downloads and installs security updates and software patches. LiveUpdate can only apply updates for a particular version of Norton; it cannot however upgrade a version of Norton to a later version. To upgrade the product to the latest version, one would have to go to a separate website.

Norton Power Eraser (NPE) is a small portable executable which uses Norton Insight in-the-cloud application ratings to scan a computer system. The program matches an application found on the user's computer with a list of trusted and malicious applications. If it's in the list of trusted applications, Power Eraser leaves it on the system. If it is in the list of bad applications, it is marked for deletion. If it is unknown and not in any list, it is reported as suspicious but not marked for removal. Instead, the program recommends a "remote scan", which will upload the file to Symantec's servers to check it with virus definitions.

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript — sometimes with cross-site scripting (XSS) — sometimes with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.

Norton (Symantec)

Norton, also known as Norton by Symantec, is a division of Symantec, and is based out of Mountain View, California. Since being acquired by the Symantec Corporation in 1990, Norton has offered a variety of products and services related to digital security. In 2014, it was announced that Norton's parent company Symantec would split its business into two units - one focused on security, and one focused on information management, with Norton being placed in the unit focused on security.

References

  1. "Symantec Research Labs to offer 3 new tools", The Hindu Business Line, March 19, 2008, accessed July 10, 2009.
  2. Edwards, Cliff. "Security that won't slow down your PC", ZDNet Asia, August 12, 2008, accessed July 10, 2009.
  3. "Norton Community Watch Privacy Policy", Symantec Corporation, accessed July 10, 2009.
  4. McAllister, Neil. "Norton 2009 to Speed Up Malware Screening", PCWorld, July 15, 2008, accessed July 10, 2009.
  5. "Norton Internet Security Cannot Detect Frap's Digital Signature". Norton Users Discussion Forum. Symantec. Retrieved 2009-06-25.
  6. Ragan, Steve."Review: Norton Internet Security 2009", The Tech Herald, October 2, 2008, accessed July 25, 2009.
  7. Ragan, Steve. "Review: Norton Internet Security 2009", The Tech Herald, October 2, 2008, accessed July 25, 2009.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.