New Update The New Norton for Mac: First Look Exclusively for MalwareTips

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
714
To answer the questions, yeah. Same Norton is coming to Windows. There will be no IPS.
It does query the cloud to confirm safety, though the large set of definitions (Avast recently got a patent on clustering and reducing them) provide very high detection even offline.
Also, Web Shield is fully cloud-based.
Hmm...so, will the heavy lifting remain cloud when online?
Will the sandbox be cloud?
Sandbox – allowing you to open suspicious apps and files in a secure environment (Windows only).
https://us.norton.com/new-norton-app
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
The New Norton experience is rolled out slowly whilst the old one is still being updated actively.
The new experience combines certain Norton features like SafeCam, Script Control, Backup, Password Manager and others but gets rid of the entire STAR (Security Technologies and Research) platform. All that, is getting replaced with Avast’s technology.

When Gen Digital got sued over the emulator patents
They said clearly they intend to stop using this technology (they’ve infringed patents on baiting malware during dynamic analysis in virtual environment, tricking malware to reveal its real behaviour). So probably from 2022, Gen has been planning to migrate to the Avast engines. They later on commissioned anti-phishing test on AVC, which was another clear evidence that they are “choosing” the right technology.

Hmm...so, will the heavy lifting remain cloud when online? Will the sandbox be cloud?
Sandbox – allowing you to open suspicious apps and files in a secure environment (Windows only).
Yes, this is how Avast works. But the Avast behavioural blocking, unless optimised by Gen, is a lot less optimised than SONAR and almost constantly draws some CPU time (3-4% when not doing much and as high as 10% when there is heavy usage). Again, Gen may optimise that, if they haven’t already.
Sandbox is local, it also powers Avast DeepScreen.
Not sure if CyberCapture will be included in Norton products.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Unfortunately as of now (I tried today), I am not getting the Avastified Norton for Windows. As soon as I do, I will dissect it here in depth 😅

Right now I am unable to comment on the deep technicalities.
 

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
714
Do you know if Norton Safe Web will remain Symantec/Broadcom? and have any influence re Norton 360 v24.x? for example: WebPulse Site Review?
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Do you know if Norton Safe Web will remain Symantec/Broadcom? and have any influence re Norton 360 v24.x? for example: WebPulse Site Review?
It looks like Norton wants to be “more premium”, or in other words, have advantage over Avast on Mac, so they give you both the Web Shield (which was many years ago developed by a company called Exploit Preventions Labs, acquired by AVG and rebranded as LinkScanner), and SafeWeb. I would expect the Windows version to be the same.

Web Shield includes DNS and whois reputation analysis, real time script and page heuristics, as well as botnet control and anti-exploit functionalities, apart from blocking malicious connections from all apps. It is perfectly capable of replacing the Symantec IPS.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
The benefit of IPS is that one signature, once created, will cover hundreds, even thousands of different sites or pieces of malware.

But the benefit of Web Shield is that, all C&Cs can be automatically extracted through telemetry, static analysis and automated malware analysis. Additional correlational logics can be performed to link one C&C server to many more.

So overall, Web Shield has quicker reaction times than Symantec IPS.

Edit: yes, IPS signatures are very accurate but they are signatures. They take time for researchers to create manually and you can’t have too many, as the whole traffic is scanned bit by bit against them. Web Shield allows for high volume of malicious sites and IP addresses to be blacklisted in less than a second.

Web Shield all in all seems like the right way to go.
 
Last edited:

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
714
Same Norton is coming to Windows. There will be no IPS.
I see N360 v24.x for Mac has Intrusion Signatures.
regarding: Same Norton is coming to Windows. There will be no IPS.

So, N360 v24.x for Mac has IPS / Intrusion Signatures?
N360 v24.x for Windows will not have IPS / Intrusion Signatures?
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I see N360 v24.x for Mac has Intrusion Signatures.
regarding: Same Norton is coming to Windows. There will be no IPS.

So, N360 v24.x for Mac has IPS / Intrusion Signatures?
N360 v24.x for Windows will not have IPS / Intrusion Signatures?
The IPS for Mac was developed by Norton, it’s not the Broadcom/Symantec one. It’s got 4-5 signatures that block common attacks like port scanning and others. The Windows version will eventually have the same, but the full-fledged IPS with the thousands of signatures against exploits, infections, scam websites and others, is going away.
 

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
714
Under Browser Protection, we've got the typical Avast Web Shield, which seems to have been combined with the Norton extension. It now takes care of HTTPS connections, as well as checks downloads instantly (most probably against Avast's massive database). Some websites are blocked by Norton SafeWeb, others by web shield, third by both. For those who don't know, SafeWeb is a Norton Patent and never belonged to Symantec. No idea why content is not fed to the Avast system.
regarding: "seems to have been combined with the Norton extension". Does "combined with" mean that Norton Safe Web rating is baked-in with Norton v24.x Website Scanning/Web Shield or Norton Safe Web extension will remain as a standalone Norton offering/extension?
 

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
714
The Windows version will eventually have the same, but the full-fledged IPS with the thousands of signatures against exploits, infections, scam websites and others, is going away.
Ahh...okay. going away because Norton v24.x Website Scanning/Web Shield is more robust engine/technology.
Thanks again!
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
regarding: "seems to have been combined with the Norton extension". Does "combined with" mean that Norton Safe Web rating is baked-in with Norton v24.x Website Scanning/Web Shield or Norton Safe Web extension will remain as a standalone Norton offering/extension?
it is a bit nonsensical here. Avast Web Shield examines connections from all processes, like Anti-Bot from Check Point. It would’ve made a lot more sense to add the SafeWeb data to Web Shield. But no, Norton wants to “add value”. So they take the Avast Web Shield and on top as extension add SafeWeb but do not “improve” web shield by enriching it with data. Thus, Norton would come out as a better product on tests and will be the Premium of the family.
Ahh...okay. going away because Norton v24.x Website Scanning/Web Shield is more robust engine/technology.
Thanks again!
That and until they use Symantec technology, they have to operate the STAR team alongside Symantec, which they don’t want. And frankly, after paying $9 bln, it doesn’t make much sense.
 

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
714
it is a bit nonsensical here. [...] But no, Norton wants to “add value”. So they take the Avast Web Shield and on top as extension add SafeWeb but do not “improve” web shield by enriching it with data.
Norton Safe Web is slow sorting false positives. Safe Web - Caution rating feels useless. If I understand you. Correct me. Safe Web remains as a standalone extension. Norton v24.x Website Scanning/Web Shield won't be enriched nor detracted by Safe Web data & Safe Web won't be enriched by Norton v24.x Website Scanning engine/technology. Norton luvs pushing their extensions. Users complain over on Norton Community re Norton popups promoting Norton extensions. Norton extensions must be revenue source...gathering user data/telemetry. Presuming, data will overlap. Hopefully, Website Scanning n' Safe Web will share false positive fixes. Feels a bit (to use your words) nonsensical.
 
Last edited:

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Safe Web won't be enriched by Norton v24.x Website Scanning engine/technology.
Yes, you will get cases where Web Shield will block website as malicious, as it uses real time heuristics, reputation, automated blacklists… very powerful.

Upon excluding a site from Web Shield manually let’s say, Safe Web wouldn’t know the site is malicious and will display it as safe. So you got 2 guys trying to do the same, but they do it differently. And they produce 2 different verdicts on the same site.

Similarly, SafeWeb (confirmed from my tests) would block a website, Web Shield won’t. This is not how it works in Avast products. In Avast, there is one component dealing with the web blocking, and it blocks every connection deemed malicious, from every process.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top