FYI - I was using Norton IS 2010 and today I used another security product since I was having a lot of trouble with my license with Norton. KIS 2011 found at least 5 Trojans, Exploits, Viruses, etc. that Norton never told me about in past scans done with it. 
I couldn't believe it and still can't. KIS 2011 seems really nice - I see quite a bit of improvements on the product.
I couldn't believe it and still can't. KIS 2011 seems really nice - I see quite a bit of improvements on the product.
�� Quote: Originally Posted by codyw 
FYI - I was using Norton IS 2010 and today I used another security product since I was having a lot of trouble with my license with Norton. KIS 2011 found at least 5 Trojans, Exploits, Viruses, etc. that Norton never told me about in past scans done with it.
I couldn't believe it and still can't. KIS 2011 seems really nice - I see quite a bit of improvements on the product.
I couldn't believe it and still can't. KIS 2011 seems really nice - I see quite a bit of improvements on the product.
cody,
Care to elaborate on what your computer protection is currently - & was when you were "let down by Norton."
What is your motive re starting this thread? Do you require help or are you just venting?
Please fill in your system specs also. Instructions for doing so are just below my signature.
Thanks.
Jan.
No, I don't need help, thanks, just letting out the word. Recently, a friend told me that there is some viruses/malware that Symantec just cannot block for some reason. I'm not sure if this was that or not but nothing detected it on my system, not Malwarebytes, Hitman Pro, Spybot - S&D, nothing! I was shocked because SONAR as well as Norton itself seems to be good at detecting that kind of stuff. Very surprised.
Using Windows 7 Home Premium
Using Windows 7 Home Premium
�� Quote: Originally Posted by codyw No, I don't need help, thanks, just letting out the word. Recently, a friend told me that there is some viruses/malware that Symantec just cannot block for some reason. I'm not sure if this was that or not but nothing detected it on my system, not Malwarebytes, Hitman Pro, Spybot - S&D, nothing! I was shocked because SONAR as well as Norton itself seems to be good at detecting that kind of stuff. Very surprised.
Using Windows 7 Home Premium
Using Windows 7 Home Premium
Safe surfing & avoiding the nasties depends on ever so many things.
Do you want / need more information about this?
KIS is a good AV but keep in mind...
If all those programs came up clean as you say, there is a very high probability KIS may be reporting a false positive.
It may be set to agressive for example.
I not saying this is the case, but if every other detection method comes up clean .. it certainly is probable.
Never had any issue with Norton myself.
If theres a problem with activation, calling them up would resolve it. They are usually quite helpful in such matters.
If all those programs came up clean as you say, there is a very high probability KIS may be reporting a false positive.
It may be set to agressive for example.
I not saying this is the case, but if every other detection method comes up clean .. it certainly is probable.
Never had any issue with Norton myself.
If theres a problem with activation, calling them up would resolve it. They are usually quite helpful in such matters.
Here is where all the infections were found:
- documents and settings/cody williams/appdata/local/temp\jar_cache5390507557026593874.tmp/MessageManager.class
- documents and settings\cody williams\appdata\local\temp\jar_cache8302119197927724196.tmp/aa549daeeb4.class
- documents and settings\cody williams\appdata\local\temp\jar_cache5390507557026593874.tmp/WWWManager.class
I believe those are tempory Java Files.
CodyW, cheerup man! I had the same situation when I had Java on my PC, AVG-free Edition, later ESET passed the viruses to temporary folder for Java and that's where .jar files stay. Let me ask you? Do you really need Java on your PC? If yes that you should be prepared for this, if not then uninstall it. I am not using it, and I don't remember the last time I had virus or trojan, KIS 2011 does protect me as well as I protect myself from myself...
So all those threats found in the temporary Java files were harmless?
Im not saying they were entirely harmless. Only that they seem to be java temps.
I can not say if they were truly trojans or not, but If all the other programs show as clean, and KIS was the only one that flagged as a trojan however, it is possible its just being overprotective and giving a false positive.
Perhaps others may be more experienced in such things and can offer more insight.
In any case, being a TEMP file it will hurt nothing by deleting them, even if they were safe. Better safe than sorry.
If you like and want to stick with KIS, I would suggest sending those files to Kaspersky for evaluation and see what they say for curiosity sake.
Most AVs should have a option like this to help determine real threats from false positives.
I can not say if they were truly trojans or not, but If all the other programs show as clean, and KIS was the only one that flagged as a trojan however, it is possible its just being overprotective and giving a false positive.
Perhaps others may be more experienced in such things and can offer more insight.
In any case, being a TEMP file it will hurt nothing by deleting them, even if they were safe. Better safe than sorry.
If you like and want to stick with KIS, I would suggest sending those files to Kaspersky for evaluation and see what they say for curiosity sake.
Most AVs should have a option like this to help determine real threats from false positives.
I just might look into that. Thank you.
Before you switched to Norton, Malwarebytes found some items Kaspersky missed and when installed Norton found more items.
It just reinforces the fact that no anti-virus is 100%.
Did you pursue this any further?
It just reinforces the fact that no anti-virus is 100%.
Did you pursue this any further?
I stopped useing Norton a long time ago anything you do touch or try with-in reason is a virus for Norton
I got sick of norton and all the bull crap it used to say even with legit programs and games i got notifacation
So im sadly surprised there still going because they honestly mess you up more then help you out and that is what we get for useing commercial Anti Virus they might look good but they actually suck ......
I use Webroot Spy sweeper with Anti Virus not the best but way better then Norton this is my fourth year useing Webroot
I got sick of norton and all the bull crap it used to say even with legit programs and games i got notifacation
So im sadly surprised there still going because they honestly mess you up more then help you out and that is what we get for useing commercial Anti Virus they might look good but they actually suck ......
I use Webroot Spy sweeper with Anti Virus not the best but way better then Norton this is my fourth year useing Webroot
In case, you get another Warning and want to find out if it's a real thread or another false positive, just upload the file in question to virustotal.com
There it will be checked against 38 (or so) different AV strings.
Even tho the result technically still gives you no 100% safety, it'll give you a good idea if it's a false positive or not.
BTW : I trust my comp to Avast free (for ~4 years now ) Granted, Avast has its fair share of false positives but it's by no means a pita like NIS
-DG
There it will be checked against 38 (or so) different AV strings.
Even tho the result technically still gives you no 100% safety, it'll give you a good idea if it's a false positive or not.
BTW : I trust my comp to Avast free (for ~4 years now ) Granted, Avast has its fair share of false positives but it's by no means a pita like NIS
-DG
�� Quote: Originally Posted by codyw Here is where all the infections were found:
- documents and settings/cody williams/appdata/local/temp\jar_cache5390507557026593874.tmp/MessageManager.class
- documents and settings\cody williams\appdata\local\temp\jar_cache8302119197927724196.tmp/aa549daeeb4.class
- documents and settings\cody williams\appdata\local\temp\jar_cache5390507557026593874.tmp/WWWManager.class
You need to do two things. First, make sure that you have only the latest release of Java installed on your computer. In Add/Remove programs, uninstall any Java programs with J2SE or Java Runtime Environment in the name that are not Java SE Runtime Environment (JRE) 6 Update 21.
You can obtain the most recent install at this download link: Java SE Runtime Environment 6u21
Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
Next, I suggest you clear temp files. Download TFC by Old Timer from here (direct download): http://www.itxassociates.com/OT-Tools/TFC.exe
- First, save any files as TFC will close ALL open programs including your browser!
- Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
- Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
- Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
I didn't pursue anything further after that. I just stuck with Norton because it seemed to find some hidden viruses. I still have it and am still using it and don't seem to be running into anymore problems. I am running Malwarebytes on a daily basis and noting is being found so that's good. I play some games on my PC but not a whole lot and I do a lot of emailing and browsing and don't hear too much out of Norton but I know that it's protecting me and it's ON. I don't get alert messages about programs launching or asking permission through the firewall like I did with Kaspersky.
�� Quote: Originally Posted by malexous
�� Quote: Originally Posted by malexous Before you switched to Norton, Malwarebytes found some items Kaspersky missed and when installed Norton found more items.
It just reinforces the fact that no anti-virus is 100%.
Did you pursue this any further?
It just reinforces the fact that no anti-virus is 100%.
Did you pursue this any further?
�� Quote: Originally Posted by codyw No, I don't need help, thanks, just letting out the word.
~Maxx~
.
I did hear that the Norton products from 2008 and earlier had a detection that varied. I am still using the 2010 version and I have also seen great reviews on it.
After tasting the freedom of having complete control of whatever runs on the desktop and through the firewall and running my browser in an isolated virtual space where nothing gets into the computer unless I authorize it I just couldn't go back to running Norton on autopilot.
~Maxx~
~Maxx~
�� Quote: Originally Posted by Maxxwire After tasting the freedom of having complete control of whatever runs on the desktop and through the firewall and running my browser in an isolated virtual space where nothing gets into the computer unless I authorize it I just couldn't go back to running Norton on autopilot.
~Maxx~
~Maxx~
The Smart Firewall, or autopilot is just the default setting.
You can change all of this however.
The firewall will alert you to anything coming or going and request permission.
Unless you make a rule for specific applications, it will always ask.
�� Quote: Originally Posted by codyw I did hear that the Norton products from 2008 and earlier had a detection that varied. I am still using the 2010 version and I have also seen great reviews on it.
Norton Internet Security 2011 and Norton AntiVirus... - Norton Community
And they do offer free upgrade for existing customers NIS and NAV (2006 and newer)
Quote:
If you are an existing customer with an active subscription to Norton Internet Security or Norton AntiVirus (2006 or newer), you can update to the latest version for FREE. To do this, simply go to Norton Update Center and select Update Me Now.
If you are still using it I strongly recommend you to upgrade to 2011 version.
Norton Update Center
Wishmaster- The feature in Comodo Firewall Pro that improved the security of my computer the most was its Proactive Defense + HIPS detection that gave me the confidence that I would have even better protection than with UAC in that now no process can run on the desktop without my prior permission and the best part being that it only asks for a permission once and then remembers it. This is what has kept Comodo at the top of the Matousec Proactive Security Challenge with a 100% detection rate for so long while Norton 2010 makes such a poor showing with a 40% pass rate on the same 148 part series of tests.
~Maxx~
.
~Maxx~
.
I tried that with it always asking but it got to be a nuisance. However, that is my plan in the event I ever do get slammed with a bad virus that way, when it attempts to call out, it won't be able to and will have to ask for permission.
�� Quote: Originally Posted by codyw I tried that with it always asking but it got to be a nuisance. However, that is my plan in the event I ever do get slammed with a bad virus that way, when it attempts to call out, it won't be able to and will have to ask for permission.
Whenever you install a program you are familiar with and trust with your life with, you should look at opening the appropriate holes within your firewall for that specific reason.
While being 'nagged' about certain things, it is always important to have that little nag instead of just arbitrarily opening it up and leaving yourself open to attack. I am sure you know this full and well, but just remember, that you aren't completely in the hands of the software you use, and you can manage it to work with you as well.
�� Quote: Originally Posted by codyw I tried that with it always asking but it got to be a nuisance. However, that is my plan in the event I ever do get slammed with a bad virus that way, when it attempts to call out, it won't be able to and will have to ask for permission.
The Firewall stops much more than viruses that try to call out and not just Spyware but almost every program I have ever installed has made a request to phone home during the installation and some of them even before starting the install, but without the Firewall making the program ask for permission you would never know that it had made outside contact over the internet! There are also plenty of Microsoft programs that call Redmond every day like Windows\System32\rundll32.exe and Explorer. Windows Media Player and Sidebar also get chatty and try to call home whenever they are used.
~Maxx~
.
Hmm, interesting tips. However, I also did hear on Thursday that Symantec released the 2011 version of NAV & NIS. I was trying to hold off to see if there were any "leftover bugs" in it but after this last email worm that was going around, I decided to upgrade it right away. Because I get so much spam, this recent attack that was in the wild raised the red flags for me but luckily I didn't have the worm in any spam messages I had...yet...
codyw- I hope that NIS 2011 works out for you. I once used NIS, but as its Matousec Proactive Security Challenge score of 40% shows there is much better computer security software out there and some of the Suites are absolutely free!
~Maxx~
.
~Maxx~
.
Plus Norton does not block certain tests because there is no malicious behaviour.
There are many tests from other organisations where Norton is at the top.
There are many tests from other organisations where Norton is at the top.
�� Quote: Originally Posted by malexous There are many tests from other organizations where Norton is at the top.
I know for sure is what works very well on my computer though and that is running my browser in Sandboxie 3.38 x64 and clearing all downloads at Virus Total before allowing them to be transfered onto my 500 GB Verbatim remote drive. Using Sandboxie has kept my computer from having so much as even a single detection of malware for almost 2 years!
~Maxx~
.
I believe my own experience as well as real-world tests performed by AV-Comparatives, AV-Test.org and PC Security Labs.
Did NIS 2011 have a 40% score in proactive guarding or was that older versions? According to some of the things I have read from PCmag it is OK. But the spam filter still could be better if I read that correctly.
�� Quote: Originally Posted by Maxxwire
�� Quote: Originally Posted by Maxxwire codyw- I hope that NIS 2011 works out for you. I once used NIS, but as its Matousec Proactive Security Challenge score of 40% shows there is much better computer security software out there and some of the Suites are absolutely free!
~Maxx~
.
~Maxx~
.
�� Quote: Originally Posted by codyw Did NIS 2011 have a 40% score in proactive guarding or was that older versions? According to some of the things I have read from PCmag it is OK. But the spam filter still could be better if I read that correctly.
~Maxx~
.
Perhaps Im missing something here, but isn't Nortons SONAR basically a form of HIPS?
I know its purpose is to identify and block new or unknown threats.
Im also curious about that test result. Was that with Nortons FW set at "Auto" and what Auto settings?
I've used Comodo before, and it is a quite effective FW. So Im not bashing it.
But I tend to think, and Firewall which is set to always notify, unless you have created a rule for that specific app, will be equally effective.
I mean, if you set the Firewall to block all incoming and outgoing activity unless specifically allowed, seems they will all perform the same.
The only difference is COMODO is set that way by default, where as many others are not. What if they are all tested setup the same?
I know its purpose is to identify and block new or unknown threats.
Im also curious about that test result. Was that with Nortons FW set at "Auto" and what Auto settings?
I've used Comodo before, and it is a quite effective FW. So Im not bashing it.
But I tend to think, and Firewall which is set to always notify, unless you have created a rule for that specific app, will be equally effective.
I mean, if you set the Firewall to block all incoming and outgoing activity unless specifically allowed, seems they will all perform the same.
The only difference is COMODO is set that way by default, where as many others are not. What if they are all tested setup the same?
�� Quote: Originally Posted by Wishmaster Perhaps Im missing something here, but isn't Nortons SONAR basically a form of HIPS?
The only difference is COMODO is set that way by default, where as many others are not. What if they are all tested setup the same?
The only difference is COMODO is set that way by default, where as many others are not. What if they are all tested setup the same?
Personally speaking I don't use Comodo because it tests better than any other computer security suite but rather because when I was using Norton it allowed my computer to become infected so I replaced it with and continue to use the Comodo Firewall and Proactive Defense+ HIPS and browse the internet within the virtual space of Sandboxie because they have kept both of my computers completely clean without the detection of so much as a single tracking cookie according to several on demand scanners and as far as I am concerned maintaining a clean machine is the bottom line when it comes to computer security.
~Maxx~
.
�� Quote: Originally Posted by Maxxwire It all depends on who you want to believe. PC Magazine which is supported by advertising revenues not only placed Norton at the top of their testing, but went so far as to make an elaborate effort to try to prove that all freeware computer security software is inferior to pay to use shareware programs like Norton.
~Maxx~
.
~Maxx~
.
[QUOTE=Victek;954890] �� Quote: Originally Posted by Maxxwire I was speaking of a particular article in PC Magazine that was published last year in which they set out to prove that freeware was inferior to shareware when it came to computer security and it was a freeware bashfest.
If you are a fan of freeware which uses both a cloud Antivirus and a cloud Behavior Blocker as a bonus you might check the Comodo Forum starting 9-14-2010 because CIS 2011 v5 is scheduled to be released that day.
~Maxx
.
�� Quote: Originally Posted by Maxxwire That seems to conflict with your statement about trying to prove freeware inferior.
If you are a fan of freeware which uses both a cloud Antivirus and a cloud Behavior Blocker as a bonus you might check the Comodo Forum starting 9-14-2010 because CIS 2011 v5 is scheduled to be released that day.
~Maxx
.
[QUOTE=Maxxwire;954919] �� Quote: Originally Posted by Victek
I was speaking of a particular article in PC Magazine that was published last year in which they set out to prove that freeware was inferior to shareware when it came to computer security and it was a freeware bashfest.
If you are a fan of freeware which uses both a cloud Antivirus and a cloud Behavior Blocker as a bonus you might check the Comodo Forum starting 9-14-2010 because CIS 2011 v5 is scheduled to be released that day.
~Maxx
. My point is you appeared to make a blanket statement about PCmag.com implying it's reviews are biased because they are "ad supported" and they bash freeware security software. Generally I feel it's better to look at reviews on an individual basis. Is there something in PCmag's NIS 2011 review that you disagree with? The reviews of security software from pcmag tend to be quite detailed and even when I don't completely agree with the methodology or conclusions I feel there's a lot to be learned. I've used many freeware apps in the past including CIS. CIS in particular is not for the faint of heart and I would only recommend it to people who are already quite knowledgeable about security software - in other words the people who don't need my recommendations 
�� Quote: Originally Posted by Victek I was speaking of a particular article in PC Magazine that was published last year in which they set out to prove that freeware was inferior to shareware when it came to computer security and it was a freeware bashfest.
If you are a fan of freeware which uses both a cloud Antivirus and a cloud Behavior Blocker as a bonus you might check the Comodo Forum starting 9-14-2010 because CIS 2011 v5 is scheduled to be released that day.
~Maxx
.
�� Quote: Originally Posted by Victek My point is you appeared to make a blanket statement about PCmag.com implying it's reviews are biased because they are "ad supported" and they bash freeware security software. Generally I feel it's better to look at reviews on an individual basis.
~Maxx~
.
Hi there
These ratings carry about as much weight as a Stock Exchange "Whisper Number".
People do so many different things on their computers that any "standard" measurement is going to be fraught with errors.
IMO the only AV software that's worth ANYTHING AT ALL is that which is capable of detecting "malware" etc in REAL TIME.
Scanning AFTER the event is fine but all this will tell you that your Computer has been infected at some indeterminate previous time --what its done or what data etc has been compromised in the meantime is impossible to say.
I certainly would NEVER trust a computer that's been infected even if the "Best most sophisticated" product on the planet informs the user that the Virus has been "Quarantined" and / or the relevant files have been deleted.
Only a restore from a Clean image or a fresh install would convince me that the computer was OK to use again.
Slightly OT -- Why should Freeware or Open Source be inferior -- I can think of some GREAT freeware applications which can more than hold their own with commercial paid for products.
To name just a few :
LINUX (most distros)
Open Office
The GIMP
VLC dvd / media player
MySQL
Apache Web server (especially in conjuction with WAMP / LAMP
(Windows/Linux, Apache, MySQL,Php for those a bit mystified).
etc etc.
Don't discount freeware or Open Source products as always being inferior. In some cases they can be BETTER for home users since any defects can often be fixed quicker and you don't have to go through the whole rigmarole that a commercial organisation has to do when releasing a new version of a paid for product.
Cheers
jimbo
These ratings carry about as much weight as a Stock Exchange "Whisper Number".
People do so many different things on their computers that any "standard" measurement is going to be fraught with errors.
IMO the only AV software that's worth ANYTHING AT ALL is that which is capable of detecting "malware" etc in REAL TIME.
Scanning AFTER the event is fine but all this will tell you that your Computer has been infected at some indeterminate previous time --what its done or what data etc has been compromised in the meantime is impossible to say.
I certainly would NEVER trust a computer that's been infected even if the "Best most sophisticated" product on the planet informs the user that the Virus has been "Quarantined" and / or the relevant files have been deleted.
Only a restore from a Clean image or a fresh install would convince me that the computer was OK to use again.
Slightly OT -- Why should Freeware or Open Source be inferior -- I can think of some GREAT freeware applications which can more than hold their own with commercial paid for products.
To name just a few :
LINUX (most distros)
Open Office
The GIMP
VLC dvd / media player
MySQL
Apache Web server (especially in conjuction with WAMP / LAMP
(Windows/Linux, Apache, MySQL,Php for those a bit mystified).
etc etc.
Don't discount freeware or Open Source products as always being inferior. In some cases they can be BETTER for home users since any defects can often be fixed quicker and you don't have to go through the whole rigmarole that a commercial organisation has to do when releasing a new version of a paid for product.
Cheers
jimbo
jimbo- "I certainly would NEVER trust a computer that's been infected"... Right on!
I had an epiphany the day I went to the Tom's Hardware site and the Antivirus program I was running at the time informed me that I had been hit with a driveby Trojan and it wanted to know if I wanted to quarantine it. Not wanting the Malware in my computer I simply shut the browser and overwrote the virtual sandbox it had been running in with 7 passes of Schneier's Algorithm and it was Malware no more!
Since that day I have never run an Antivirus program because as you said "the only AV software that's worth ANYTHING AT ALL is that which is capable of of detecting "malware" etc in REAL TIME". So far Sandboxie has been very good to my computers allowing no infections and no detections for almost 2 years. Now days nothing gets in to my computer unless Virus Total and/or my on-demand scanners sign off on it before it leaves the virtual sandbox...
~Maxx~
.
I had an epiphany the day I went to the Tom's Hardware site and the Antivirus program I was running at the time informed me that I had been hit with a driveby Trojan and it wanted to know if I wanted to quarantine it. Not wanting the Malware in my computer I simply shut the browser and overwrote the virtual sandbox it had been running in with 7 passes of Schneier's Algorithm and it was Malware no more!
Since that day I have never run an Antivirus program because as you said "the only AV software that's worth ANYTHING AT ALL is that which is capable of of detecting "malware" etc in REAL TIME". So far Sandboxie has been very good to my computers allowing no infections and no detections for almost 2 years. Now days nothing gets in to my computer unless Virus Total and/or my on-demand scanners sign off on it before it leaves the virtual sandbox...
~Maxx~
.
�� Quote: Originally Posted by Wishmaster Perhaps Im missing something here, but isn't Nortons SONAR basically a form of HIPS?
I know its purpose is to identify and block new or unknown threats.
I know its purpose is to identify and block new or unknown threats.
It acts differently from HIPS.
HIPS notifies users about almost all changes software is trying to make. And it is complete up to the user to decide what to do. So basically HIPS can be useless in hands of inexperienced user.
SONAR on the other hands, just examines the behaviour of the software over time (like what it does? what registry keys it creates? does it start in autorun? does it add itself in add/remove programs? was it downloaded from internet? Did download insight give positive feedback on it?) And after analysing this factors it will try to determine if software is malicious or not. And auto blocks it.
As SONAR heavily relies on online network, its detection rate is slightly lower on systems without active internet connection.
Both of them may seem similar, but they are completely different.
Each has its advantages and disadvantages...
�� Quote: Originally Posted by Wishmaster Im also curious about that test result. Was that with Nortons FW set at "Auto" and what Auto settings?
I've used Comodo before, and it is a quite effective FW. So Im not bashing it.
But I tend to think, and Firewall which is set to always notify, unless you have created a rule for that specific app, will be equally effective.
I mean, if you set the Firewall to block all incoming and outgoing activity unless specifically allowed, seems they will all perform the same.
The only difference is COMODO is set that way by default, where as many others are not. What if they are all tested setup the same?
I've used Comodo before, and it is a quite effective FW. So Im not bashing it.
But I tend to think, and Firewall which is set to always notify, unless you have created a rule for that specific app, will be equally effective.
I mean, if you set the Firewall to block all incoming and outgoing activity unless specifically allowed, seems they will all perform the same.
The only difference is COMODO is set that way by default, where as many others are not. What if they are all tested setup the same?
Matouse is NOT firewall test.
ok, it has some firewall tests.
But it mostly is Proactive Defence, which is the job of HIPS not Firewall!
If you look at it, you can see that HIPS programs are the only ones that pass it.
I am repeating myself, matousec shouldn't be used to benchmark pure firewalls..
It is HIPS test.
I'm surprised - I thought SONAR just looked at its behavior ONLY and not looking at other factors but it does make perfect sense! So that means then that if you're in an area where you aren't connected to the internet and insert a USB drive that has an unknown virus on it, SONAR may not pick it up?
Hi there
I do all my Internet surfing from a Virtual Machine which performs essentially the same function as your "Sandboxed" system.
Nothing gets moved to the REAL machine until it's been properly checked out.
Incidentally I also go through my OWN proxy to connect to the Internet so if anything untoward gets on to my system I have a decent log of addresses visited (or IP addresses -- better actually) and then I can ensure these sites get permanently blocked.
Cheers
jimbo
I do all my Internet surfing from a Virtual Machine which performs essentially the same function as your "Sandboxed" system.
Nothing gets moved to the REAL machine until it's been properly checked out.
Incidentally I also go through my OWN proxy to connect to the Internet so if anything untoward gets on to my system I have a decent log of addresses visited (or IP addresses -- better actually) and then I can ensure these sites get permanently blocked.
Cheers
jimbo
�� Quote: Originally Posted by codyw I'm surprised - I thought SONAR just looked at its behavior ONLY and not looking at other factors but it does make perfect sense! So that means then that if you're in an area where you aren't connected to the internet and insert a USB drive that has an unknown virus on it, SONAR may not pick it up?
In may last post when I mentioned "SONAR", I wanted to say "SONAR 2".
Obviously "SONAR 2" is new version of "SONAR" (all Norton products 2010 and above use SONAR 2, as far as I know)
Now, SONAR stands for "Symantec Online Network for Advanced Response".
When first introduced SONAR 1 was pure behaviour blocker as you said. It checked a lot of details and behaviour of the software and tried to decide if it is malicious or not.
When SONAR 2 was introduced, they added new functions such as reputation of the software on the Norton Cloud.
So as you can see "SONAR 2" is superior to "SONAR" due to cloud technologies.
It is not that "SONAR 2" is useless without Internet connection. It still contains improved version of Behaviour blocker from "SONAR".
The thing is that it will just lack its cloud data, which is really useful.
Quote:
So that means then that if you're in an area where you aren't connected to the internet and insert a USB drive that has an unknown virus on it, SONAR may not pick it up?
There is a chance that it will not detect it.
But "SONAR 2" will probably detect it even without Internet connection if "SONAR" could detect it.
But there is a still a great chance that it will not detect everything.
On the other hand same can be said almost about everything.
I am totally sure that no blacklisting technology will detect everything. (unless if it actually detects everything as a virus
that would be insane)And I can say same to almost any other technology: behaviour-blocker, policy restriction, virtualisation or even white-listing.
All of them have their theoretical vulnerability, and all of the claim that they are Perfect if used Correctly.
Yes they are...
But there is no chance that average user can use them that way...
I will not go further in fear of starting flame war
As a Last word: Eventhough There is no Panace for computer malware, the situation is not as scary as media and security people try to make it.
If you think about it, we don't have so much security for ourselves as we do have for some heartless metal things
You are still crossing roads, regardless the fact that some driver can hit you with his car, aren't you?
So, life has the same level of dangers as internet. But we are more paranoic on Internet that in our lives.
PS: Just enjoy you life and don't worry too much
SONAR 3 is in the 2011 products and has been deployed to the 2010 products through LiveUpdate.
SONAR 3: A new level of behavioral security in Nor... - Norton Community
SONAR 3: A new level of behavioral security in Nor... - Norton Community
�� Quote: Originally Posted by jav I am repeating myself, matousec shouldn't be used to benchmark pure firewalls..It is HIPS test.
~Maxx~
.
�� Quote: Originally Posted by jimbo45 Hi there
I do all my Internet surfing from a Virtual Machine which performs essentially the same function as your "Sandboxed" system.
Nothing gets moved to the REAL machine until it's been properly checked out.
Incidentally I also go through my OWN proxy to connect to the Internet so if anything untoward gets on to my system I have a decent log of addresses visited (or IP addresses -- better actually) and then I can ensure these sites get permanently blocked.
Cheers
jimbo
I do all my Internet surfing from a Virtual Machine which performs essentially the same function as your "Sandboxed" system.
Nothing gets moved to the REAL machine until it's been properly checked out.
Incidentally I also go through my OWN proxy to connect to the Internet so if anything untoward gets on to my system I have a decent log of addresses visited (or IP addresses -- better actually) and then I can ensure these sites get permanently blocked.
Cheers
jimbo
~Maxx~
.
Không có nhận xét nào:
Đăng nhận xét