SONAR is the abbreviation for Symantec Online Network for Advanced Response. Unlike virus signatures, SONAR examines the behavior of applications to decide whether they are malicious. SONAR is built upon technology Symantec acquired in its 2005 purchase of WholeSecurity.
How it works:
An algorithm is used to evaluate hundreds of attributes relating to software running on a computer. Various factors are considered before determining that a program is malicious, such as if the program adds a shortcut on the desktop or creates a Windows Add/Remove programs entry. Both of those factors would indicate the program is not malware. The main use of SONAR is to enhance detection of zero day threats. Symantec claims SONAR can also prevent attackers from leveraging unpatched software vulnerabilities.
Ed Kim, director of product management at Symantec, expressed confidence in SONAR, "We've done extensive testing on emerging threats, and it catches early threats and variants of existing threats."
SONAR
May 29, 2010Feedback option
Email messages in the email client might sometimes get wrongly classified as spam. The Feedback option lets you send the misclassified email message as feedback to Symantec for analysis.
Email program toolbar
Norton AntiSpam adds a drop-down list or a few options to the toolbar of supported email programs.
Identifying senders of spam
If you do not want to receive any email messages from a specific address or domain, you can add it to the Blocked List. Norton AntiSpam marks all email messages from this address or domain as spam.
Note: |
Always add unknown email addresses and domains to the Blocked List, so that you do not receive unsolicited email messages from such addresses or domains. |
Phishing and Spam in the Economic Downturn
About podcast:
This podcast will cover the Phishing and Spam trends, providing analysis and discussion of the data gathered by Symantec between January 1 and December 31, 2008.
Dr. Ramzan discusses about the latest research
About podcast:
Symantec Security Technology & Response identifies new, emerging threats and maps technology solutions to address them using the vast intelligence of the Symantec Global Intelligence Network. Dr. Ramzan discusses the latest research on which he and the team have been working and how they are working to develop solutions that address new threats in the areas of spear phishing and the large-scale Google-China cyber-attack.
Identifying authorized senders
When you know that you want to receive any email messages from a specific address or domain, you can add it to the Allowed List.
Norton AntiSpam automatically imports the address book entries once in a day when your computer is idle.
If you have added a new supported email program, you can import its address book manually to your Allowed List immediately or at any time. You can also add names and domains to the Allowed List individually.
Address Book Exclusions list
When you add an email address to the Address Book Exclusions list, Norton AntiSpam does not import the address into the Allowed List. If you delete an email address from the Allowed List, Norton AntiSpam automatically adds the address to the Address Book Exclusions list. However, when you delete an email address that you manually added to the Allowed List, Norton AntiSpam does not add the address to the Address Book Exclusions list.
You cannot add a domain name to the Address Book Exclusions list. When you delete a domain name from the Allowed List, Norton AntiSpam does not add the domain name to the Address Book Exclusions list.
Client Integration
The Client Integration window lists the supported email programs, or clients, that are installed on your computer and their associated address books. When you select an email program, Norton Internet Security adds a Norton AntiSpam drop-down list or a few options to the toolbar of the supported email program. You can use the Norton AntiSpam drop-down list or the options to classify the email messages as spam or legitimate.
You can also use these options to empty the spam folder and to open the Settings window to configure the Norton AntiSpam settings. If your email program does not have a Junk folder, it also adds a Norton AntiSpam folder in the folders area. You can use the Norton AntiSpam folder to sort and store spam messages. However, if your email client has a Norton AntiSpam folder from the previous version of Norton Internet Security, Norton AntiSpam uses the Norton AntiSpam folder and not the Junk folder.
Norton AntiSpam settings
May 28, 2010With the increase in usage of email, many users receive a number of unwanted and unsolicited commercial email messages that are known as spam. Not only does spam make it difficult to identify valid email messages, but some spam contains offensive messages and images.
Norton AntiSpam incorporates several powerful features to reduce your exposure to unwanted online content.
Norton AntiSpam
Norton AntiSpam lets you categorize the email messages that you receive in your email programs into spam email and legitimate email. It filters legitimate email into the Inbox folder and spam email into the Junk folder or the Norton AntiSpam folder.
Norton AntiSpam uses the enterprise-class, spam-filtering technology of Symantec to classify the spam email messages from legitimate email messages. Norton AntiSpam uses a real-time filter delivery mechanism and filters email messages using various local filters at different levels. The local filters classify the email messages as spam or legitimate. If the local filters classify the email message as legitimate, Norton AntiSpam collects information such as signature and URL hashes of the email message. Norton AntiSpam then sends this information to the Symantec Web server for additional scrutiny.
Check Antispyware settings
May 26, 2010While the default settings provide maximum protection from spyware, adware and other security risks, these settings are customizable.
Types of security risks
Security risks, such as spyware and adware, can compromise your personal information and privacy. Spyware and adware programs are closely related. In some cases, their functionalities might overlap; but while they both collect information about you, the types of information that they collect can differ.
Spyware programs might put you at risk for identity theft or fraud. These programs might log your keystrokes, capture your email and instant messaging traffic. These programs also steal sensitive personal information such as passwords, login IDs, or credit card numbers. These programs can then send your compromised data to other people.
View details about a vulnerable application
The Vulnerability Protection window displays the list of the programs that are susceptible to malicious attacks. In addition, you can view details of the vulnerabilities that a program contains. The Program Vulnerability Details window displays the names of the attack signatures that Intrusion Prevention uses to detect the vulnerabilities in the program.
You can click an attack signature to get additional information about the signature in the Symantec Security Response Web site.
View the list of vulnerable programs
The Vulnerability Protection window lets you view the extensive list of programs with the known vulnerabilities that Norton Internet Security protects you against.
For each of these programs, you can view details such as the name of the program, its vendor, and the number of vulnerabilities that the program contains.
Vulnerability Protection
Vulnerability Protection is a component of Intrusion Prevention System. Vulnerability Protection provides information about the susceptibility of the programs that may be on your computer against malicious attacks. It also provides information about the known attacks that they are protected from.
Vulnerabilities are flaws in your programs or your operating system that can create weaknesses in overall security of your system. Improper computer configurations or security configurations also create vulnerabilities. External attackers exploit these vulnerabilities and perform malicious actions on your computer. Examples of such malicious attacks are active desktop monitoring, keylogging, and hacking. Such attacks can slow down the performance of your computer, cause program failure, or expose your personal data and confidential information to the hackers.
Permanently block a computer that has been blocked by AutoBlock
You can permanently block a computer that AutoBlock has blocked. The permanently blocked computer is removed from the AutoBlock list and added as a Restricted computer in the Network Security Map.
Unblock AutoBlocked computers
In some cases, AutoBlock may recognize normal activity as an attack. The list of computers that AutoBlock has currently blocked may include the computer that you should be able to communicate with.
If a computer that you need to access appears on the list of blocked computers, you can unblock it. You may want to reset your AutoBlock list if you have changed your protection settings. To reset the AutoBlock list, you can unblock all of the computers that are on the list at one time.
Turn on or turn off AutoBlock
May 25, 2010When an attack is detected, the connection is automatically blocked to ensure that your computer is safe. If the attack comes from a computer that has previously tried to access your computer by using another attack signature, it can activate AutoBlock. AutoBlock blocks all traffic between your computer and the attacking computer for a set amount of time. During this period, AutoBlock also blocks the traffic does not match an attack signature.
Exclude or include attack signatures in monitoring
In some cases, benign network activity may appear similar to an attack signature. You may receive repeated notifications about possible attacks. If you know that the attacks that trigger these notifications are safe, you can create exclusion for the attack signature that matches the benign activity.
Each exclusion that you create leaves your computer vulnerable to attacks. If you have excluded the attack signatures that you want to monitor again, you can include them in the list of active signatures.
Turn off or turn on Intrusion Prevention notifications
You can choose whether you want to receive notifications when Intrusion Prevention blocks suspected attacks. Whether or not you receive notifications, Intrusion Prevention activities are recorded in Security History. The Security History entries include information about the attacking computer and information about the attack.
You can choose whether you want to receive notifications when Intrusion Prevention blocks suspected attacks based on a particular signature.
Intrusion Prevention
May 24, 2010Intrusion Prevention scans all the network traffic that enters and exits your computer and compares this information against a set of attack signatures. Attack signatures contain the information that identifies an attacker's attempt to exploit a known operating system or program vulnerability. Intrusion Prevention protects your computer against most common Internet attacks.
Configure Download Insight Full Report
May 23, 2010The Download Insight Full Report settings let you specify whether you want to receive Download Insight alerts.
Turn off or turn on Download Insight notifications
May 22, 2010You can choose whether you want to receive Download Insight notifications when you download an executable file. Turning off Download Insight notifications does not turn off analysis of the executable file that you download.
Turn off or turn on Download Intelligence
Download Insight analyzes any executable file that you downloaded and notifies you about its reputation level. By default, Download Insight prompts you to select an action that Norton Internet Security must perform on a file of unknown reputation level. In the case of unsafe files, Auto-Protect removes them from your computer without alerting you. In the case of safe files, Auto-Protect allows the execution of the safe files. This way, Norton Internet Security protects your computer against any unsafe file that you may run or execute after you download it using a Web browser.
You can use the Download Intelligence option to turn on or turn off Download Insight. By default, this option is turned on. You can turn it off and then specify the amount of time it should remain turned off. After that time limit, the Download Insight feature turns on automatically. To ensure that your computer remains protected, you can turn on this feature manually before the specified time frame concludes. When Download Insight is turned off, Auto-Protect does not analyze any executable file that you download. Turning off Download Insight reduces your computer's security.
Download Insight
May 18, 2010Download Insight provides the reputation information of any executable file that you download using the Internet Explorer 6 or Firefox 3.0 browsers or later. Download Insight supports only downloads using the HTTP protocol. The reputation details that Download Insight provides indicate whether the downloaded file is safe to install. You can use these details to decide whether you want to install the executable file.
Smart Firewall Advanced Settings
Smart Firewall Advanced Settings let you activate advanced protection features of Smart Firewall.
Smart Firewall Trust Control settings
You can use the Smart Firewall Trust Control settings to view the devices on the network to which your computer is connected.
Smart Firewall Program Control settings
Smart Firewall Program Control settings let you control options for the programs that access the Internet.
In the list of programs, you can modify Internet access for each program. You can also add a program to the list or remove a program from the list.
Smart Firewall settings
The Smart Firewall options let you customize how the firewall monitors and responds to inbound communications and outbound communications.
Remove a firewall rule
You can remove some of the firewall rules if necessary. However, you cannot modify some of the default General rules that appear in the list. You can view the settings of these rules by using the View option.
Note: |
Do not remove a General rule unless you are an advanced user. Removing a General rule can affect firewall functionality and reduce the security of your computer. |
Turn off a General rule temporarily
You can temporarily turn off a general rule if you need to allow specific access to a computer or a program. You must remember to turn on the rule again when you are done working with the program or computer that required the change.
Note: |
You cannot turn off some of the default firewall rules that appear in the list. You can only view the settings of these rules by using the View option. |
Change the order of firewall rules
Each list of firewall rules is processed from the top down. You can adjust how the firewall rules are processed by changing their order.
Note: |
Do not change the order of the default General rules unless you are an advanced user. Changing the order of default General rules can affect firewall functionality and reduce the security of your computer. |
Modify General rules and Program rules
May 16, 2010You can change an existing firewall rule if it does not function the way that you want. You can use the Modify option to change the settings of an existing firewall rule. When you change a rule, the firewall uses the new criteria of the modified rule to control network traffic.
You cannot modify some of the default rules that are locked. However, you can view the settings of these rules by using the View option.
Add Rule Wizard
The Add Rule Wizard leads you through the steps that are necessary to create firewall rules.
Add General rules and Program rules
Program Control automatically creates most of the firewall rules that you need. You can add custom rules if necessary
Note: | Only experienced users should create their own firewall rules. |
Customize Program Control
May 11, 2010After you use Norton Internet Security for a while, you might need to change the access settings for certain programs.
Removing a program from Program Control
You can remove programs from Program Control if necessary. The firewall settings for the programs are not migrated from previous versions of Norton Internet Security. If you removed any programs in the previous version and do not want them in the current version, you must remove them again.
Add a program to Program Control
You can add programs to Program Control to control their ability to access the Internet. Manually configured Program Control settings override any settings that Automatic Program Control makes.
Turn off Automatic Program Control
Automatic Program Control automatically configures Internet access settings for Web-enabled programs the first time that they run. When a program tries to access the Internet for the first time, Automatic Program Control creates rules for it.
Automatic Program Control configures Internet access only for the versions of programs that Symantec recognizes as safe. An alert occurs when an infected program tries to access your computer.
If you want to determine the Internet access settings for your programs, you can turn off Automatic Program Control. When a program tries to access the Internet for the first time, an alert prompts you to configure access settings.
Program rules
Program rules control Internet access for the programs that are on your computer. You can use the Program Control feature to create and modify rules for programs.
General rules
May 7, 2010The Smart Firewall processes General rules before it processes Program rules. Within the list of General rules, rules are processed in order of appearance, from top to bottom. Program Control entries are not processed in order. The rules within each Program Control entry, however, are processed in order of appearance, from top to bottom.
For example, you have a Program rule that blocks the use of Symantec pcAnywhere with any other computer. You add another rule that allows the use of Symantec pcAnywhere with a specific computer. You then move the new rule before the original rule in the program rule list. Norton Internet Security processes the new rule first and lets you use Symantec pcAnywhere with that specific computer. It then processes the original rule and prevents its use with any other computer.
Firewall rules
A firewall is a security system that uses rules to block or allow connections and data transmission between your computer and the Internet. Firewall rules control how the Smart Firewall protects your computer from malicious programs and unauthorized access. The firewall automatically checks all traffic that comes in or out of your computer against these rules.
Smart Firewall
The Smart Firewall monitors the communications between your computer and other computers on the Internet.
Responding to risks detected during a scan
At the end of a scan, the Results Summary tab tells you what was found during the scan. You can use the Attention Required tab to resolve any items that were not automatically resolved during the scan. You can also view more information about the detected items on the Detailed Results tab.
Respond to Worm Blocking alerts
May 3, 2010If a program tries to email itself or a copy of itself, it could be a worm trying to spread through email. A worm can send itself or send a copy of itself in an email message without any interaction with you.
Worm Blocking continually scans outgoing email attachments for worms. If it detects a worm, you receive an alert telling you that a malicious worm was found.
Worm Blocking alert appears only when you enable the Ask me what to do option under How to respond when an outbound threat is found in the Email Antivirus Scan window. If the Ask me what to do option is disabled Norton Internet Security automatically quarantines the detected worm and notifies you.
Review Auto-Protect notifications
Auto-Protect scans files for viruses, worms, and Trojan horses when you perform an action with them, such as moving them, copying them, or opening them.
It also scans for spyware, adware, and other security risks.
If Auto-Protect detects suspicious activity, it logs a notification in Security History that tells you that a risk was found and resolved.
Detecting viruses, spyware, and other risks
Viruses and other security threats can be detected during a manual or scheduled scan. Auto-Protect detects these threats when you perform an action with an infected file. Threats can also appear during an instant messenger session, when you send an email message, or during a manual or scheduled scan. Security risks, such as spyware and adware, can also be detected when these activities are performed.
Remove programs from User-Specified Programs
You can remove a program from the Quiet Mode Programs list. After you remove a program, Norton Internet Security does not turn on Quiet Mode the next time when it detects a running instance of the program.
You can also remove a running program from the Quiet Mode Programs list. However, if Quiet Mode is turned on, it turns off only after the running instances of all the programs in the list are complete. You cannot turn off Quiet Mode by removing a program from the list when it runs.
Add Programs to User-Specified Programs
You can manually add the programs for which you want Norton Internet Security to turn on Quiet Mode to the Quiet Mode Programs list. When you execute the program that you added to the list, Norton Internet Security detects the program and turns on Quiet Mode.
You can also add a running program to the Quiet Mode Programs list. However, when you add a running program, Norton Internet Security does not detect the current running instance of the program to turn on Quiet Mode. Norton Internet Security turns on Quiet Mode the next time when you execute the program.
User-Specified Programs
May 1, 2010Norton Internet Security automatically turns on Quiet Mode when it detects a TV program recording session or a disk-burning session. In addition, you can manually add the programs for which you want Norton Internet Security to turn on Quiet Mode to the Quiet Mode Programs list. When Norton Internet Security detects a running instance of a program that you added in the list, it automatically turns on Quiet Mode. When Quiet Mode is turned on, Norton Internet Security suspends the background activities but does not suppress alerts and notifications.
You can also add a running program to the Quiet Mode Programs list. However when you add a running program, Norton Internet Security does not detect the current running instance of the program to turn on Quiet Mode. Norton Internet Security turns on Quiet Mode the next time when you execute the program.
Turn on or turn off the Quiet Mode options
You can turn on the Quiet Mode options, such as IMAPI 2.0 Disk Burn or Media Center TV Recording in the Settings window. If you perform a task for an option that you turned on, Norton Internet Security detects the task and automatically turns on Silent Mode. For example, you turn on the IMAPI 2.0 Disk Burn option and start burning a disk using a Media Center application. In this case, Norton Internet Security detects the disk-burning session and turns on Quiet Mode.
Norton Internet Security turns on Quiet Mode as soon as you start recording a TV program or burning a CD or a DVD. Once Quiet Mode is turned on, it turns off only after the TV program recording session or disk-burning session is complete. You cannot turn off Quiet Mode during the sessions by using the options in the Settings window.
Quiet Mode
Norton Internet Security automatically turns on Quiet Mode when you perform a few tasks that require higher utilization of your system resources. When Quiet Mode is turned on, Norton Internet Security suspends the background activities and lets the task use the maximum resources for better performance.
Turn on or turn off Full Screen Detection
You can use the Full Screen Detection option in the Settings window to turn on or turn off Silent Mode automatically when Norton Internet Security detects a full-screen application. By default, the Full Screen Detection option remains turned on after you install Norton Internet Security.
Silent Mode: turns on automatically
When you watch a movie, play games, or make a presentation, you run the application in the full-screen mode. Norton Internet Security detects the application that you run in the full-screen mode and automatically enables Silent Mode. When Silent Mode is enabled, Norton Internet Security suppresses most of the alerts and suspends background activities. Only those activities run that are involved in protecting your computer from viruses and other security threats. Minimum background activities also ensure high performance of your computer. The activities that are suspended run after you finish using the application in the full-screen mode.