Norton Insight

Norton Insight
Norton Insight in Norton Internet Security 2010
Developer(s) Symantec Corporation
Operating system Microsoft Windows
License Proprietary

Norton Insight whitelists files based on reputation. Norton-branded antivirus software then leverages the data to skip known files during virus scans. Symantec claims quicker scans and more accurate detection with the use of the technology.

Development

Insight was codenamed Mr. Clean. Its initial aim was to help users determine what programs from the Internet are safe to install. Mr. Clean would provide a risk assessment to discern between safe and malicious files.[1] However, its goal was later changed to making virus scans more efficient; instead of scanning every file, known files are skipped, cutting scanning times.[2]

How it works

Norton Community Watch, a voluntary and anonymous service, allows a user's Norton product to forward information to Symantec servers.[3] Among the data collected are the processes running and their SHA256 values. A reappearing hash value and its corresponding file are whitelisted, and Norton Insight checks the processes on a user's computer against the whitelist. Matching processes are excluded from scanning.

When a process is "trusted", it has been deemed safe and excluded from risk scanning. There are two trust levels; "standard" and "high". The third option is to disable Norton Insight. In standard trust, processes appearing in the majority of participants' computers are deemed safe. High trust, in addition, excludes digitally signed files from scanning.

Tamper protection

Norton analyzes the NTFS file system upon startup, and if unaccounted changes are found, trust values of the processes on the system are revoked.

In the case of a mistake, a revocation mechanism was implemented, where clients receive a list of revoked SHA256 values via LiveUpdate. If the client has a file matching a SHA256 and is currently trusting that file, all trust is revoked, and the file is once again scanned.[4]

Reception

The Tech Herald, which tested Norton Internet Security 2009, found Insight affected system performance while whitelisting files.[5] After scans, the publication also noted total number of files scanned and the number of trusted (skipped) files varied each scan. The average amount of time Insight took to scan a 561 megabyte folder with 21,816 clean files was 0:00:24:41. Despite the oddities, the editor observed Norton Internet Security 2009 was faster than subsequent products.[6]

References

  1. "Symantec Research Labs to offer 3 new tools", The Hindu Business Line, March 19, 2008, accessed July 10, 2009.
  2. Edwards, Cliff. "Security that won't slow down your PC", ZDNet Asia, August 12, 2008, accessed July 10, 2009.
  3. "Norton Community Watch Privacy Policy", Symantec Corporation, accessed July 10, 2009.
  4. McAllister, Neil. "Norton 2009 to Speed Up Malware Screening", PCWorld, July 15, 2008, accessed July 10, 2009.
  5. Ragan, Steve. "Review: Norton Internet Security 2009", The Tech Herald, October 2, 2008, accessed July 25, 2009.
  6. Ragan, Steve. "Review: Norton Internet Security 2009", The Tech Herald, October 2, 2008, accessed July 25, 2009.

External links