Norton Insight whitelists files based on reputation. Norton-branded antivirus software then leverages the data to skip known files during virus scans. Symantec claims quicker scans and more accurate detection with the use of the technology.

Norton Insight
Developer(s)Symantec Corporation
Operating systemMicrosoft Windows
LicenseProprietary

Development

edit

Insight was codenamed Mr. Clean. Its initial aim was to help users determine what programs from the Internet are safe to install. Mr. Clean would provide a risk assessment to discern between safe and malicious files.[1] However, its goal was later changed to making virus scans more efficient; instead of scanning every file, known files are skipped, cutting scanning times.[2]

Basic introduction & usage

edit

Norton Community Watch, a voluntary and anonymous service, allows a user's Norton product to forward information to Symantec servers.[3] Among the data collected are the processes running and their SHA256 values. A reappearing hash value and its corresponding file are whitelisted, and Norton Insight checks the processes on a user's computer against the whitelist. Matching processes are excluded from scanning.

When a process is "trusted", it has been deemed safe and excluded from risk scanning. There are two trust levels; "standard" and "high". The third option is to disable Norton Insight. In standard trust, processes appearing in the majority of participants' computers are deemed safe. High trust, in addition, excludes digitally signed files from scanning.

Tamper protection

edit

Norton analyzes the NTFS file system upon startup, and if unaccounted changes are found, trust values of the processes on the system are revoked.

In the case of a mistake, a revocation mechanism was implemented, where clients receive a list of revoked SHA256 values via LiveUpdate. If the client has a file matching a SHA256 and is currently trusting that file, all trust is revoked, and the file is once again scanned.[4] Norton File Insight was a feature released in Norton 2010 products.

Norton file/download insight

edit

The Norton Download Insight feature, provides insight of the files that you download and install in your computer. While the File Insight give you the reputation information, and locates the file on your computer, as well a feature that copies the information to the users clipboard.

It supports the Norton Download Insight Feature, and assizes a reputation about the file. The File Insight window provides the following information:

  • The file type and the file name
  • The date on which file was installed
  • The date on which file was last used
  • The lineage details of the file
  • The actions that the file performs on your system
  • The level at which the file uses the resources of your computer
  • The performance impact that it has
  • The stability of the file for the specific operating system
  • The version of the file
  • Who developed the file?

Issues

edit

Upon release the Download Insight program would erroneously flags a downloaded file as having no Digital Signature and no version number and therefore a potential threat.[5]

Reception

edit

The Tech Herald, which tested Norton Internet Security 2009, found Insight affected system performance while whitelisting files.[6] After scans, the publication also noted total number of files scanned and the number of trusted (skipped) files varied each scan. The average amount of time Insight took to scan a 561 megabyte folder with 21,816 clean files was 0:00:24:41. Despite the oddities, the editor observed Norton Internet Security 2009 was faster than subsequent products.[7]

See also

edit

References

edit
  1. ^ "Symantec Research Labs to offer 3 new tools", The Hindu Business Line, March 19, 2008, accessed July 10, 2009.
  2. ^ Edwards, Cliff. "Security that won't slow down your PC", ZDNet Asia, August 12, 2008, accessed July 10, 2009.
  3. ^ "Norton Community Watch Privacy Policy", Symantec Corporation, accessed July 10, 2009.
  4. ^ McAllister, Neil. "Norton 2009 to Speed Up Malware Screening", PCWorld, July 15, 2008, accessed July 10, 2009.
  5. ^ "Norton Internet Security Cannot Detect Frap's Digital Signature". Norton Users Discussion Forum. Symantec. Retrieved 2009-06-25.
  6. ^ Ragan, Steve."Review: Norton Internet Security 2009", The Tech Herald, October 2, 2008, accessed July 25, 2009.
  7. ^ Ragan, Steve. "Review: Norton Internet Security 2009", The Tech Herald, October 2, 2008, accessed July 25, 2009.
edit