Acadia
Level 2
- Sep 25, 2020
- 60
Is there a link to read to about this? or do you glean from another forum postings...
The New Norton for Mac: First Look Exclusively for MalwareTips
- Thread starter Trident
- Start date
- May 17, 2015
- 704
Hmm...so, will the heavy lifting remain cloud when online?
Will the sandbox be cloud?
https://us.norton.com/new-norton-app
- Feb 7, 2023
- 2,351
The New Norton experience is rolled out slowly whilst the old one is still being updated actively.
The new experience combines certain Norton features like SafeCam, Script Control, Backup, Password Manager and others but gets rid of the entire STAR (Security Technologies and Research) platform. All that, is getting replaced with Avast’s technology.
When Gen Digital got sued over the emulator patents
www.bankinfosecurity.com
They said clearly they intend to stop using this technology (they’ve infringed patents on baiting malware during dynamic analysis in virtual environment, tricking malware to reveal its real behaviour). So probably from 2022, Gen has been planning to migrate to the Avast engines. They later on commissioned anti-phishing test on AVC, which was another clear evidence that they are “choosing” the right technology.
Sandbox is local, it also powers Avast DeepScreen.
Not sure if CyberCapture will be included in Norton products.
The new experience combines certain Norton features like SafeCam, Script Control, Backup, Password Manager and others but gets rid of the entire STAR (Security Technologies and Research) platform. All that, is getting replaced with Avast’s technology.
When Gen Digital got sued over the emulator patents
NortonLifeLock Told to Pay Columbia $185M for Patent Theft
A federal jury has ordered NortonLifeLock to pay Columbia University $185.1 million after finding the company infringed on two patents. Jurors decided Monday that
www.bankinfosecurity.com
Yes, this is how Avast works. But the Avast behavioural blocking, unless optimised by Gen, is a lot less optimised than SONAR and almost constantly draws some CPU time (3-4% when not doing much and as high as 10% when there is heavy usage). Again, Gen may optimise that, if they haven’t already.
Sandbox is local, it also powers Avast DeepScreen.
Not sure if CyberCapture will be included in Norton products.
- May 17, 2015
- 704
Okay...Googled > Avast DeepScreen & CyberCapture. Thanks
Last edited:
- Feb 7, 2023
- 2,351
Unfortunately as of now (I tried today), I am not getting the Avastified Norton for Windows. As soon as I do, I will dissect it here in depth 
Right now I am unable to comment on the deep technicalities.
Right now I am unable to comment on the deep technicalities.
- May 17, 2015
- 704
Do you know if Norton Safe Web will remain Symantec/Broadcom? and have any influence re Norton 360 v24.x? for example: WebPulse Site Review?
- Feb 7, 2023
- 2,351
It looks like Norton wants to be “more premium”, or in other words, have advantage over Avast on Mac, so they give you both the Web Shield (which was many years ago developed by a company called Exploit Preventions Labs, acquired by AVG and rebranded as LinkScanner), and SafeWeb. I would expect the Windows version to be the same.
Web Shield includes DNS and whois reputation analysis, real time script and page heuristics, as well as botnet control and anti-exploit functionalities, apart from blocking malicious connections from all apps. It is perfectly capable of replacing the Symantec IPS.
- May 17, 2015
- 704
Wow! ....aren't Norton IPS detections...signature based...therefore less false positive?
Last edited:
- Feb 7, 2023
- 2,351
The benefit of IPS is that one signature, once created, will cover hundreds, even thousands of different sites or pieces of malware.
But the benefit of Web Shield is that, all C&Cs can be automatically extracted through telemetry, static analysis and automated malware analysis. Additional correlational logics can be performed to link one C&C server to many more.
So overall, Web Shield has quicker reaction times than Symantec IPS.
Edit: yes, IPS signatures are very accurate but they are signatures. They take time for researchers to create manually and you can’t have too many, as the whole traffic is scanned bit by bit against them. Web Shield allows for high volume of malicious sites and IP addresses to be blacklisted in less than a second.
Web Shield all in all seems like the right way to go.
Last edited:
- May 17, 2015
- 704
- May 17, 2015
- 704
I see N360 v24.x for Mac has Intrusion Signatures.
regarding: Same Norton is coming to Windows. There will be no IPS.
So, N360 v24.x for Mac has IPS / Intrusion Signatures?
N360 v24.x for Windows will not have IPS / Intrusion Signatures?
- Feb 7, 2023
- 2,351
The IPS for Mac was developed by Norton, it’s not the Broadcom/Symantec one. It’s got 4-5 signatures that block common attacks like port scanning and others. The Windows version will eventually have the same, but the full-fledged IPS with the thousands of signatures against exploits, infections, scam websites and others, is going away.
- May 17, 2015
- 704
regarding: "seems to have been combined with the Norton extension". Does "combined with" mean that Norton Safe Web rating is baked-in with Norton v24.x Website Scanning/Web Shield or Norton Safe Web extension will remain as a standalone Norton offering/extension?
- May 17, 2015
- 704
Ahh...okay. going away because Norton v24.x Website Scanning/Web Shield is more robust engine/technology.
Thanks again!
- Feb 7, 2023
- 2,351
it is a bit nonsensical here. Avast Web Shield examines connections from all processes, like Anti-Bot from Check Point. It would’ve made a lot more sense to add the SafeWeb data to Web Shield. But no, Norton wants to “add value”. So they take the Avast Web Shield and on top as extension add SafeWeb but do not “improve” web shield by enriching it with data. Thus, Norton would come out as a better product on tests and will be the Premium of the family.
That and until they use Symantec technology, they have to operate the STAR team alongside Symantec, which they don’t want. And frankly, after paying $9 bln, it doesn’t make much sense.
- May 17, 2015
- 704
Norton Safe Web is slow sorting false positives. Safe Web - Caution rating feels useless. If I understand you. Correct me. Safe Web remains as a standalone extension. Norton v24.x Website Scanning/Web Shield won't be enriched nor detracted by Safe Web data & Safe Web won't be enriched by Norton v24.x Website Scanning engine/technology. Norton luvs pushing their extensions. Users complain over on Norton Community re Norton popups promoting Norton extensions. Norton extensions must be revenue source...gathering user data/telemetry. Presuming, data will overlap. Hopefully, Website Scanning n' Safe Web will share false positive fixes. Feels a bit (to use your words) nonsensical.
Last edited:
- Jun 24, 2016
- 2,483
- Feb 7, 2023
- 2,351
Yes, you will get cases where Web Shield will block website as malicious, as it uses real time heuristics, reputation, automated blacklists… very powerful.
Upon excluding a site from Web Shield manually let’s say, Safe Web wouldn’t know the site is malicious and will display it as safe. So you got 2 guys trying to do the same, but they do it differently. And they produce 2 different verdicts on the same site.
Similarly, SafeWeb (confirmed from my tests) would block a website, Web Shield won’t. This is not how it works in Avast products. In Avast, there is one component dealing with the web blocking, and it blocks every connection deemed malicious, from every process.
lokamoka820
Level 21
- Mar 1, 2024
- 1,060
- May 17, 2015
- 704
