Ok, this is a work in progress, but I wanted to share my NIS 2012 review outline. This post will be updated until it’s finished. I may or may not get to all of the items listed in this post on the video, we’ll see. Normally I never post my outlines, but I thought “what the hell”… hope you guys enjoy
Sonar 4 – uses behavior analysis to stop malware from installing or executing. Sonar4 uses 500+ individual vectors used in groups to determine if a file or process is malicious.
For example, If a program gets downloaded from the internet, creates a startup entry for itself, tries to access the Windows folder BUT doesn’t register and uninstaller in add/remove programs (programs and features). Sorta a lame example, but I’m sure you get it.
Insight – Checks to see if a file is known to be whitelisted by the Norton community. Norton will not scan whitelisted files unless the file has been changed since the last approval by insight. This decreases the active and on-demand scan time drastically.
Norton’s Whitelist (Insight) is maintained by anonymous submissions of SHA256 hash values of each file from Norton user and software developers. Once a file has been modified (like patched) it’s SHA256 value is new and it has to go through the “trust process” once again (meaning it’ll be scanned as a possible threat).
Download Insight 2 – is like Insight except that it’s for…well…downloads. It works like this. You download a file, Norton scans it’s hash value and tells you it’s safe, not safe or unknown. You have the option of marking it safe if you want to run it, however it’s still subject to SONAR and the Signature scanner.
Download Insight 2 has two major improvements.
- Download Insight 2 collects data on how many times an application has crashed or hanged and then rates the app as “Reliable” to “Very Unstable”
- Download Insight 2 now scans all downloads, not just ones from your web browser (HTTP/HTTPS). This is great for IM or P2P users.
Norton Power Eraser – is now accessible via the Norton Bootable Recovery Tool. According to Symantec, Norton Power Eraser targets and removes “deeply embedded” malware. I’m not sure why I would want to run power eraser from the bootable environment when I can run Norton Antivirus (from the bootable environment) unless Power Eraser disinfects MBR’s or drivers better than the AV scanner.
Special Tools Integration – If you have an infection that can’t be cleaned by NIS it will tell you were to get a “specialized” removal tool. Kinda pointless IMO. I’d just breakout the Norton bootable rescue disk and remove it that way. I guess this feature is handy for those people who are too scared to use a bootable AV (yes, there are people like this).
Performance Improvements – Symantec basically states that performance has been improved particularly in network file transfer scan time. Not too many specifics here as usual.
Google Chrome Support – NIS 2012 fully supports Google Chrome now. Safe Web is fully integrated into Chrome, so you’ll have access to website ratings (like when you do a Google Search) and Identity Safe (which safely stores password and form info). It’s a welcome feature for me since I’m such a huge Chrome user.’
Norton Safe Web – shows you if a site is safe or not while doing Google searches. Norton safe web classifies sites as safe, caution, warning and untested. Basically if you just stick with sites that are marked as Safe then you should be all good.
UI changes – the UI has been cleaned up and simplified for your average home user, however advanced options are just a single click away. There are 3 main sections of the interface (Scan Files, Live Update and Advanced).