Q&A Do you think Avira and/or Avast technologies will be integrated into Norton products?

Anthony Qian

Level 3
Apr 17, 2021
117
That's not true. AVAST/AVG responds to new threats on average within 30 minutes (MAX), Norton takes ages to respond.
For instance, NetWalker Ransomware (.ps1) is not detected by any signatures or clouds, and you open it Norton cannot stop it since it injects itself into explorer.exe, making the PC unusable during encrypting, CPU 100% (SONAR doesn't activate).
It's no problem for AVG/AVAST to block, for example.
Agree. I submitted three samples to Norton almost four hours ago. Not surprisingly, Norton is still unable to detect any of them.:cry:
40a71220b876aa90ac01ba9c62496a415f2e4a799e391fa9c0cfb11ea6edfea0
7e9c5763bf74c892d2d38458972eaf91efce287b15719501c8d249c3e3634b24
88522397129ffb1ec2536f0bbc03d50d2d0f2a6447fa345153e088b6f99ba676
 

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
587
That's not true. AVAST/AVG responds to new threats on average within 30 minutes (MAX), Norton takes ages to respond.
For instance, NetWalker Ransomware (.ps1) is not detected by any signatures or clouds, and you open it Norton cannot stop it since it injects itself into explorer.exe, making the PC unusable during encrypting, CPU 100% (SONAR doesn't activate).
It's no problem for AVG/AVAST to block, for example.
That's the problem with signature based security solutions in general. You find most and miss some. Avast too is not a 100% it too misses samples here and there.
 

plat1098

Level 25
Verified
Sep 13, 2018
1,455
I don't see how a lot of cherry-picked technology would NOT be integrated, along (they hope) with the loyal user base and choice personnel. For example: when Sophos acquired SurfRight, HitmanPro.Alert was integrated into Sophos' InterceptX but SurfRight still maintained its brands and a lot of its autonomy. Mark Loman, co-founder of SurfRight , is now chief engineer at Sophos, they say

This autonomy seems is still in effect when Sophos was acquired by Thoma Bravo holdings for almost 4 billion USD. It also owns part of McAfee.

But that's Sophos. At this point, we're speculating about Norton et al.

Edit: off topic

I just happened to look thru the various companies Thoma Bravo owns a stake in and one jumped out: SolarWinds. Didn't that get majorly hacked some time ago? Made the news. Probably lawsuits are ongoing.
 
Last edited:
Jun 22, 2020
26
That's not true. AVAST/AVG responds to new threats on average within 30 minutes (MAX), Norton takes ages to respond.
For instance, NetWalker Ransomware (.ps1) is not detected by any signatures or clouds, and you open it Norton cannot stop it since it injects itself into explorer.exe, making the PC unusable during encrypting, CPU 100% (SONAR doesn't activate).
It's no problem for AVG/AVAST to block, for example.
Forgive me for what I will say, but do you really think that a small company like Avsst is superior in protection to a giant like Norton? If so, Avast would have bought Norton.
It shows with REALEAS tests, that Norton is not able to detect this ransomware. Sonar is much more robust than Avast's behavior blocker.
 

Andrew3000

Level 8
Verified
Malware Tester
Feb 8, 2016
375
I sent some samples to Avast about 2 weeks ago and they have not been detected either ...

I just checked and the 3 samples you post are detected by Norton (Symantec).
Size of a company ≠ technical capabilities.

Example: Compared to Facebook WhatsApp, Telegram is a small company, but it is clearly superior in terms of functionality (please ignore the security feud since both are poorly placed, etc.).
Norton/Symantec aim is to acquire both technology and a user base by making acquisitions.

Would you be able to share the hash of the samples?
Note: Broken samples will not be added to the database or cloud.
 
Jun 22, 2020
26
Size of a company ≠ technical capabilities.

Example: Compared to Facebook WhatsApp, Telegram is a small company, but it is clearly superior in terms of functionality (please ignore the security feud since both are poorly placed, etc.).
Norton/Symantec aim is to acquire both technology and a user base by making acquisitions.

Would you be able to share the hash of the samples?
Note: Broken samples will not be added to the database or cloud.
Of course, Greetings.
hash sample: fd765103cd948bd0099cc05782348f2b425441a87a7f38f1bfcdb185aecca84d
ab63fe3355304293e22988a124e6c1bbbd169153f51511bc3c98275228d7c810
 

Anthony Qian

Level 3
Apr 17, 2021
117
I sent some samples to Avast about 2 weeks ago and they have not been detected either ...

I just checked and the 3 samples you post are detected by Norton (Symantec).
Of course, Greetings.
hash sample: fd765103cd948bd0099cc05782348f2b425441a87a7f38f1bfcdb185aecca84d
ab63fe3355304293e22988a124e6c1bbbd169153f51511bc3c98275228d7c810

Avast's threat analysis is basically automated.
fd765103cd948bd0099cc05782348f2b425441a87a7f38f1bfcdb185aecca84d - This sample is signed, which may cause it to bypass Avast's analysis system. Also, since it is a Trojan downloader, I am not sure if it still did its job and displayed malicious behaviors at the time of your submission.
ab63fe3355304293e22988a124e6c1bbbd169153f51511bc3c98275228d7c810 - Not detected by ESET and Kaspersky and I guess it might not be 100% malicious.

Well, it is quite unusual for Norton to respond to entirely new threats and add them to the threat definition in less than an hour. Norton's normal processing time is 12 to 36 hours, according to my experience. But Avast rarely fails to respond to new threats in a timely manner.
 

Andrew3000

Level 8
Verified
Malware Tester
Feb 8, 2016
375
Of course, Greetings.
hash sample: fd765103cd948bd0099cc05782348f2b425441a87a7f38f1bfcdb185aecca84d
ab63fe3355304293e22988a124e6c1bbbd169153f51511bc3c98275228d7c810
ab63fe3355304293e22988a124e6c1bbbd169153f51511bc3c98275228d7c810 It's just an FP. It's windows.exe packed in UPX (read more here: https://www.mrg-effitas.com/research/machine-learning-evasion-contest-the-av-testers-perspective/)

fd765103cd948bd0099cc05782348f2b425441a87a7f38f1bfcdb185aecca84d seems to be whitelisted by CrowdStrike (Free Automated Malware Analysis Service - powered by Falcon Sandbox)
 
Jun 22, 2020
26
IDP is inherently a more robust but FP prone behavior blocker while SONAR is more like a cloud whitelist on steroids. That's the case from what I have seen so far.
SONAR is much better than IDP. EVERYONE knows how bad Avast is as an antivirus, I don't know why they defend it so much. I just tried AVAST, I ended up unlinking it due to the slowness it produces, especially at the beginning.
 

Anthony Qian

Level 3
Apr 17, 2021
117
SONAR is much better than IDP. EVERYONE knows how bad Avast is as an antivirus, I don't know why they defend it so much. I just tried AVAST, I ended up unlinking it due to the slowness it produces, especially at the beginning.
Well I respect your idea and agree that Avast IDP is not as good as SONAR in some cases. But you seem to compare a free anti virus product with a paid one. It is unfair.

I tried Avast Premium last month and I didn’t notice any annoying ads and performance issues….
 
Last edited:

Moonhorse

Level 30
Verified
Content Creator
May 29, 2018
1,959
I actually like avast as it has a modern UI, and a lot of features. But I hate that it has ad everywhere.
You can remove ads, and there is really not that many ads out there wich will bombard you continiously

Only thing wich drives me away is scareware inside their antivirus ui '' get full protection from HACKERS'' might make some person think they are vulnerable at the moment even they are not
 

SeriousHoax

Level 38
Verified
Mar 16, 2019
2,720
Overall, Avast is faster than Norton at responding to new threats. This is a fact. Norton's cloud and machine learning algorithm is more prone to false positives.
Avast and Norton both may not add signatures for items that are threat artifacts meaning malware related files which are not malicious itself, while some other AVs are much more aggressive at adding signatures. Bitdefender for example kind of add everything I submit to them while Avast, Norton, ESET don't always do that.
For submitting files to Norton, better use this Symantec page instead of Norton's own. Their response is faster this way, and they also reply attaching a nice PDF report of the submitted threat.
 

peterfat111

Level 8
Mar 25, 2021
354
You can remove ads, and there is really not that many ads out there wich will bombard you continiously

Only thing wich drives me away is scareware inside their antivirus ui '' get full protection from HACKERS'' might make some person think they are vulnerable at the moment even they are not
well...... When I try a smart scan it tells me my computer is slow and tell me to buy their system speedup. Also, there will be a huge banner down there telling to buy their vpn.
Edit: I recall my memory... I also got pop up telling I am at risk so I have to buy their hack check and stuff.
 
Last edited:

plat1098

Level 25
Verified
Sep 13, 2018
1,455
As of about 2 yrs ago, Symentec gave you a tracking number with your submissions. In this case, the item was whitelisted in about 3 hours. Despite the automation, you can tell people are looking at these closely and "triaging" the submissions. In this case, it was a compoenent of the Edge DEV build--something that maybe got priority over more esoteric submissions.

symfp.png

Has this turn-around time improved any since 2019? Three hours for a mainstream browser component seems a little high. If AVAST can whitelist in 15 min, that would be an asset for sure.
 
Top