Norton Insight
Encyclopedia
Norton Insight whitelists files based on reputation. Norton-branded antivirus software
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...

 then leverage the data to skip known files during virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...

 scans. Symantec claims quicker scans and more accurate detection with the use of the technology.

Development

Insight was codenamed Mr. Clean. Its initial aim was to help users determine what programs from the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...

 are safe to install. Mr. Clean would provide a risk assessment to discern between safe and malicious files. However, its goal was later changed to making virus scans more efficient; instead of scanning every file, known files are skipped, cutting scanning times.

How it works

Norton Community Watch, a voluntary and anonymous service, allows a user's Norton product to forward information to Symantec servers. Among the data collected are the processes running and their SHA256 values. A reappearing hash value and its corresponding file are whitelisted, and Norton Insight checks the processes on a user's computer against the whitelist. Matching processes are excluded from scanning.

When a process is "trusted", it has been deemed safe and excluded from risk scanning. There are two trust levels; "standard" and "high". The third option is to disable Norton Insight. In standard trust, processes appearing in the majority of participants' computers are deemed safe. High trust, in addition, excludes digitally signed files from scanning.

Tamper protection

Norton analyzes the NTFS
NTFS
NTFS is the standard file system of Windows NT, including its later versions Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, and Windows 7....

 file system upon startup, and if unaccounted changes are found, trust values of the processes on the system are revoked.

In the case of a mistake, a revocation mechanism was implemented, where clients receive a list of revoked SHA256 values via LiveUpdate. If the client has a file matching a SHA256 and is currently trusting that file, all trust is revoked, and the file is once again scanned.

Reception

The Tech Herald, which tested Norton Internet Security 2009, found Insight affected system performance while whitelisting files. After scans, the publication also noted total number of files scanned and the number of trusted (skipped) files varied each scan. The average amount of time Insight took to scan a 561 megabyte folder with 21,816 clean files was 0:00:24:41. Despite the oddities, the editor observed Norton Internet Security 2009 was faster than subsequent products.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK