2010/04/30補充:Sorry! NIS2011、NAV2011皆以發佈Beta測試版本,在下方補上載點:

剛剛發完KIS2011開放公測的文章,緊接著上了AVPClub又發現Norton的產品也有動作了,Norton 發佈了NIS2011的產品介紹新聞稿、截圖,


《What’s new in Norton Internet Security 2011》

What’s new in Norton Internet Security 2011

The new Norton AntiVirus 2011 and Norton Internet Security 2011 beta products include several new and improved features which I’m going to detail here.

Security Features

Reputation Scan

In our 2009 products, we introduced Norton Insight which dramatically improved performance by not scanning known good files.

In 2010 products, we went one step further by using reputation data to mark files as good, bad or unknown.

With 2011, we are enhancing this even more by providing fine-grained reputation information about files and by allowing users to perform a Reputation Scan of their files. You can choose to do a quick or full scan or a custom scan of a folder or a drive. Once the scan is done, you will see how your files are rated based on their Trust Levels, Age and Prevalence. Reputation Scan will also compare your results against the rest of the Norton Community. It is an excellent tool to give you an idea of your machine’s risk profile.

For example, in the screenshot above, my files have better Trust Levels, Age and Prevalence values compared to the rest of the community. I did this test on a clean computer, and your results will vary depending on what you have running on your computer.

You can also filter the results and choose to look at only files with low prevalence or files that are very new or have unproven or poor trust rating.

Norton Safe Web for Facebook

Facebook has become a top social site on the web. More and more people spend a lot of time on Facebook, and this gives cybercriminals the opportunity to use Facebook to propagate malware. We hear about these scams everyday – like the Farm Town scam that happened a few days ago.

This feature lets users scan their feed for malicious URLs using Norton Safe Web. You get a report of the scan, which you can choose to share on your Facebook Wall.

We are making this feature available to everyone for free even if you do not have Norton AntiVirus or Norton Internet Security by visiting http://apps.facebook.com/nortonsafeweb/. Go ahead and run the scan and post the results on your wall.

New and Improved Download Insight

In Norton Internet Security2010, Download Insight analyzed downloads from Internet Explorer and Firefox. In 2011, we have expanded the number and types of applications that will be monitored by Download Insight. In addition to Internet Explorer and Firefox, the list of supported applications includes browsers like Chrome, Opera, and Safari; instant messengers like Yahoo Messenger, AOL Messenger, and MSN Messenger; email clients such as Outlook and Outlook Express; download managers and FTP clients like FileZilla;and P2P clients like Bittorrent and Limewire.

Furthermore, we have added the ability to dynamically expand coverage of many more applications.

For most of these applications, when you download an executable file, you will see the familiar Download Insight notification telling you if the file is safe or unknown, or if it is a threat. If it is a threat, it will be remediated automatically. For some download applications, you may not see the Download Insight notification during the download but if you try to run the downloaded file and the file is unknown or bad, Download Insight will alert you before allowing the file to run.

Norton Rescue Tools

Norton Rescue Tools are a set of tools that help you recover a badly infected computer. In addition to the familiar Norton Bootable Recovery Tool, this year we are introducing Norton Power Eraser. These tools complement each other and can be used in various situations.

Norton Bootable Recovery Tool

We come across many computers that have been so badly infected that it is virtually impossible to install any security product on them. The only way to clean up these computers is to use the Norton Bootable Recovery Tool. Since the Norton Bootable Recovery Tool loads its own clean boot environment, it is not affected by malware on the system. Even though we had made the ISO image for this tool available, it was not easy for users to burn a CD or DVD from it. You had to download the ISO and then find an application to help you burn a CD or DVD. To add to that, many recent Netbooks do not have a CD or DVD drive. We needed to provide a way to get access to this tool on media that will work on your computer and make it very easy to use!

In 2011, we have made it really easy to create the Norton Bootable Recovery Tool  on a CD or DVD, or install it on a USB drive. All you need to do is to go to the “Start” menu, locate the Norton Internet Security or Norton AntiVirus folder and select the “Norton Bootable Recovery Tool” link. That link will take you to a Web page where you can download a wizard that will walk you through the process of creating your custom copy of the Norton Bootable Recovery Tool, as shown in the following screens.

It is really easy to burn the Norton Bootable Recovery Tool on media that you can use – CD, DVD, or USB–or just create an ISO image.

The Norton Bootable Recovery Tool Wizard also allows you to automatically update the threat definitions with the latest version, and it allows you to add drivers required to access storage or network devices on your particular system.

Norton Power Eraser

This brand new tool is rescue tool that is used in slightly different circumstances. Norton Power Eraser will be a free tool available to anybody. It will detect and repair new malware threats that are not typically detected by Norton product scanners. The focus for this tool will be detecting and fixing “0-day" malware and top threats like Fake AV (also known as rogue ware or crime ware).

Here is a screenshot of the tool’s UI – again very simple to use:

You can start scanning just by clicking on the “Scan” button.

Performance Alerts

Performance of security products continues to be a concern amongst users. Every year, Norton takes great strides in improving our product’s performance. This year we have made significant improvements that will make our products the fastest yet. In a lot of cases though, there is some other application that is slowing your computer down to a crawl. Ever wondered if you could somehow know what that application was? Enter Performance Alerts.

In our 2009 products, we put the CPU and Memory meter on our UI. The reason was to show the world that Norton is lean and mean, and let our users measure it. In 2010, we introduced the performance graph, which lets you track your computer’s CPU and memory consumption over time, and also tracks installation of other products on your computer.

In 2011, we have taken it one step further by adding real time proactive Performance Alerts. We measure the four broad metrics of performance: CPU usage, memory usage, disk IO, and handle counts. If a particular process is taking too many resources, you will get a notification like this:

You can click “Details & Settings” to get more information. For example, in this case cpuhog.exe was consuming too much CPU.

We expect our users to run legitimate resource-hungry applications knowing that they will consume a lot of resources, so we have given you the ability to exclude certain apps from being monitored. Once you exclude those apps, you will not see performance alerts for them.

We did a lot of research on exactly how much an application can consume before we should alert you. We don’t want to alert you too many times, but still want to provide you with details if you think your computer is running slow for some reason. We came up with three different levels based on your sensitivity to system performance. The default is the medium level but you can make Performance Alerts less or more aggressive by changing its levels to high or low respectively.

We have also considered battery-powered computers and automatically lowered our thresholds so that we tell you if an application is consuming too much of something that will drain your battery faster.


This is really a short summary of some of the key new features in 2011. There are several other changes to enhance the usability, quality, performance, and lastly–but most importantly,–protection. Give the Beta a try and let us know what you think. We will have our eyes and ears open for your feedback.

《SONAR 3: A new level of behavioral security in Norton 2011》

SONAR 3: A new level of behavioral security in Norton 2011

This year we have some innovative changes that build upon the successful, effective, and efficient SONAR 2 behavioral security engine. For those who are not familiar with SONAR technology, here is a link to an article that describes it. With SONAR 2, we have a proven track record of being able to convict malware and secure Norton users from malware designed to evade most other security features. In the last nine months alone we prevented upward of 4.2 million infections out of about 140 million incidents that we analyzed for Norton users. Most of these incidents were never-before-seen malware and infection scenarios, thus truly providing “zero-day" protection! The effectiveness of our technology was repeatedly confirmed by external 3rd-party tests and reviews (specifically behavioral security tests and reviews), where we performed at or near 100% detection rates. Behavioral security is a critical security solution, especially in this era of server-side polymorphic malware where each and every infection can have a unique piece of malware file (unique from the file fingerprint perspective) downloaded on the victim’s machine. We are very excited about our next SONAR 3 release outperforming SONAR 2!

What’s next?

We believe that security is a journey and not a destination.  Over the last year, we have taken note of a couple of interesting trends in the malware world, such as a surge in the misleading application threat category and targeted, sophisticated attacks like Hydraq. It was gratifying to see that SONAR 2 detected Hydraq without any changes to our classifier. We have further fine-tuned the classifier to deal with these trends. We have also added about 60 new features to our classifier and have seen significant improvement in threat detection rates in our internal lab testing. This brings our set of features to about 400!

This large number of features give us the advantage that, with SONAR tracking and inspecting so many aspects about a file, a process, or its related activity for classification, it becomes that much harder for a malware variant to get past our classification engine or for a clean sample to be misclassified. Of course the challenge is in analyzing all this information almost instantaneously without impacting system performance, while making decisions automatically for the user. And SONAR 3 is proof of how all of this is possible.

Having analyzed more than 140 million incidents for millions of Norton users, in SONAR 3 we have added many more features and provisions for identifying clean samples so that we can specifically focus on suspicious scenarios. This is what enables us to continue to add to our feature set for an even more accurate classifier. The quicker we can ignore a sample and classify it as clean, better the user experience.

In addition to the changes we have made to add many more attributes, the SONAR team has been very busy adapting and creating new classifiers as the world of malware and clean software evolves. The team has been busy updating our classifiers and releasing seven definition updates in the last nine months since shipping SONAR 2. The SONAR team generated and evaluated over 200 different classifiers since we shipped SONAR last year, addressing the feedback we have gotten from our Norton users to convict more malware and reduce the infrequent false-positive incidents that have occurred.

One major threat category that we have focused on with SONAR 3 is misleading applications. This class of threat has gotten much attention and we are glad to be able to provide significant improvements for detecting it in SONAR 3.

We have also made further improvements in the area of behavioral signatures, where we can quickly react to new and upcoming threats by writing behavioral signatures that leverage specific features. While our classifier has been quite successful at detecting new and emerging threats and their variants, we believe in a layered security model. In some specific threat scenarios it is more effective and worthwhile to target the threat with its specific characteristics than to leave it to a classifier.

As has been detailed in the SONAR 2 posts,  SONAR aggregates and correlates information from a number of engines within the product like the Firewall, AV Engine, Intrusion Prevention Engine, etc. All this information is then used by the classifier to improve efficacy. We feel this is a big differentiator for Norton over other vendors. Most other security products simply don’t have this depth and breadth of information to make a good classifier. In SONAR 3 we have further enhanced our integration with the network component in order to classify, convict, and remediate malware on the basis of its malicious network activity. With this feature in place, we will continue to block and remove many new variants of malware that leave their network footprint unchanged.

With these and all the improvements we are continuing to work on, we believe we are taking behavioral security to a whole new level. We hope that these new improvements will prove to be invaluable in dealing with the fast-evolving threat landscape and in keeping you safe. We cannot wait to ship SONAR 3 out to millions of Norton users. All the Norton 2010 and N360v4 users will also benefit from these advances, thanks to the ability to use Live Update for SONAR enhancements that we adopted with SONAR 2.

So that’s what we are up to! Let us know what you think–the SONAR team values your feedback and we hope you see all the improvements in the public Beta. Your feedback helps us know where we need to improve and we take your comments and suggestions as our most important barometer of success!



新的諾頓防病毒軟件2011和諾頓互聯網安全2011 試用版產品包括幾個新的和改進的功能,我要去詳述。



在我們2009年的產品,我們推出諾頓洞察,大大提高 了,沒有文件掃瞄已知的良好性能。

在2010年的產品,我們則更進一步利用聲譽數據文件 標記為好,壞或未知。

隨著2011年,我們正在加強這項提供更精細的有關文 件資料和聲譽,通過允許用戶執行他們的信譽檔案掃瞄。你可以選擇做一個快速或完整掃瞄或自定義掃瞄的文件夾 或驅動器。一旦完成掃瞄,你會看到你的文件被評為如何根據他們的 信任水平,年齡和患病率。掃瞄聲譽也將比較反對的諾頓社區的其他結果。這是一個很好的工具,讓您對您的計算機的風險狀況的想 法。

例如,在上面的截圖,我的檔案有更好的信任級別,年齡 和患病率值相比,社會的其餘部分。我做一個乾淨的計算機上這個考驗,你的結果會有所不同 在什麼您在您的計算機上運行而定。

您還可以過濾和選擇的結果看,低流行或文件是很新的或 未經證實或貧窮的信任等級的文件。


Facebook已經成為一個熱門的社會網絡站點。越來越多的人花了很多時間在Facebook上,這讓 網絡罪犯有機會使用Facebook傳播惡意軟件。我們每天都聽到這些騙局,如農場鎮騙局,在數天前發生 的事情 – 。

此功能允許用戶使用諾頓安全掃瞄惡意網站的網址飼料。你得到的掃瞄,您可以選擇在你的Facebook牆份 額報告。

我們正在這個自由,即使你沒有訪問 http://apps.facebook.com/nortonsafeweb/諾頓防病毒軟件或諾頓網絡安全功能提供給每個人。繼續運行掃瞄並貼在你的牆的結果。


在諾頓網絡Security2010,下載洞察分析從 Internet Explorer和Firefox的下載。 2011年,我們已擴展的數量和將由下載洞察監視的應 用程序類型。除了IE和Firefox,支持的應用程序列表中包含 了像瀏覽器,Opera和Safari瀏覽器,即時信使如雅虎通,AOL的即時通和MSN信使;如Outlook和Outlook Express電子郵件客戶端,下載管理器和FTP客戶端如FileZilla中,像BitTorrent的 P2P客戶端和Limewire。


對於這些應用程序,當您下載一個可執行文件最多,你會 看到熟悉的下載Insight的通知,告訴你,如果該文件是安全的或未知的,或者如果它是一個威脅。如果它是一個威脅,將自動補救。對於一些下載的應用程序,你可能看不到下載過程中下載 洞察通知,但如果你嘗試運行下載的文件,該文件是未知的或壞,會提示下載Insight的文件之前,允許您運行。


諾頓救援工具是一個工具,幫助您恢復一個嚴重感染的計 算機上設置。除了熟悉的諾頓恢復工具可啟動,今年我們推出諾頓電力 橡皮擦。這些工具相互補充,可以在各種情況下使用。


我們遇到的許多計算機已被嚴重感染,這幾乎是不可能對 他們安裝任何安全產品。唯一的辦法清理這些計算機是使用諾頓開機恢復工具。由於諾頓恢復工具可引導加載自己的乾淨引導環境,它不 會影響系統上的惡意軟件。儘管我們作出了這個工具可用的ISO映像,卻是不容易 為用戶從它刻錄在CD或DVD。你必須下載ISO,然後找到一個應用程序來幫助你刻錄 CD或DVD。要補充,最近許多上網本都沒有CD或DVD驅動器。我們需要提供一種方式來獲得這種對媒體表示將在您的計 算機,並非常容易使用的工具!

2011年,我們已真的容易地創建CD或DVD上,或 安裝在USB驅動器開機的諾頓恢復工具。所有您需要做的是去「開始」菜單,找到諾頓網絡安全或 Norton AntiVirus文件夾,選擇「開機諾頓恢復工具」鏈接。這種聯繫會帶你到一個網頁,你可以下載一個嚮導,將步 行通過創建可引導的諾頓恢復工具自定義複製過程中你,如下面的屏幕顯示。

這是很容易燃燒傳媒,你可以使用 – 光盤,DVD或USB開機的諾頓恢復工具 – 或者只是創建一個ISO映像。

開機的諾頓恢復工具嚮導還允許您自動更新最新版本的威 脅的定義,它可以讓你添加需要訪問您的特定系統或網絡存儲設備的驅動程序。


這家全新的工具,是拯救工具,以稍微不同的情況下使 用。諾頓電力橡皮擦將是一個免費的工具提供給任何人。它會偵測和修復的新的惡意軟件,通常不是由諾頓產品掃 瞄儀檢測的威脅。此工具的重點是檢測和修復「0天」惡意軟件和頂級影音 也像假流氓犯罪瓷餐具或已知的(威脅)。

下面是該工具的用戶界面截圖 – 再使用非常簡單:



安全產品的性能仍然是用戶之間的關注。每年,諾頓需要在提高我們產品的性能有很大的進展。今年,我們取得了重大的改進,這將使我們的產品最快的 呢。在很多情況下,雖然,有一些其他的應用程序,從而使得 你的計算機到一個檢索。有沒有想過,如果你能在某種程度上知道是什麼應用程序 是什麼?輸入性能警報。

在我們2009年的產品,我們把我們的UI的CPU和 內存米。原因是為了向世界表明,諾頓是精簡,意思是說,讓我們 的用戶衡量它。 2010年,我們推出了性能曲線圖,它可讓您隨時跟蹤 您的計算機的CPU和內存消耗,並跟蹤您的計算機上安裝的其他產品。

在2011年,我們已選定了一步,加入實時主動性能警 報。我們衡量績效的四個大的指標:CPU使用率,內存使用 率,磁盤IO和處理計數。如果一個特定的進程正在太多的資源,你會得到這樣的通 知:

你可以點擊「詳細資料和設置」,以獲取更多信息。例如,在這種情況下cpuhog.exe消耗太多的 CPU。

我們希望我們的用戶運行合法的資源飢渴的應用知道他們 會消耗大量資源,所以我們給你的能力,排除某些應用程序從被監視。一旦你排除這些應用程序,你不會看到他們的表現警報。

我們做到底有多少應用程序可以使用之前,我們應該提醒 您大量的研究。我們不想要提醒你過很多次,但仍希望您提供詳細資料, 如果你認為你的計算機運行的是由於某種原因,進展緩慢。我們來到了與您的系統性能敏感的三個不同的層次。默認為中等水平,但你可以表現更積極的警示減少或改變 其水平分別高或低。

我們還考慮電池供電計算機和自動降低了我們的門檻,讓 我們告訴你,如果一個應用程序消耗太多的東西會耗盡你的電池更快了。


這的確是一個關鍵的一些新功能在2011年的簡短摘 要。還有其他一些變化,以提高可用性,質量,性能,最後 – 但最重要的 – 保護。給測試嘗試,讓我們知道您的想法。我們將得到我們的眼睛和耳朵打開您的意見。


今年,我們有一些創新的變化,建立在成功的,有效和高 效率的聲納2行為的安全引擎。對於那些誰不與SONAR技術熟悉,這裡是一個以一篇 文章,介紹了它的鏈接。隨著聲納2,我們有一個犯人能夠從旨在逃避其他大多數 惡意軟件惡意軟件的安全功能和安全的諾頓用戶的良好記錄。在過去9個月裡,我們阻止了420萬感染上升了約 140萬起,我們為諾頓用戶進行了分析。這些事件大部分是以前從未見過的惡意軟件和病毒感染情 況,從而真正提供「零日」保護!我們的技術的有效性再三確認由外部第三方的測試和評價 (具體行為安全技術檢驗和評價),在那裡我們達到或接近100%,檢出率執行。行為安全是一個關鍵的安全解決方案,特別是在服務器端 多態性惡意軟件在每一個感染可有一個惡意文件(從文件指紋的獨特視角)對受害人的機器下載了一塊獨特的時代。我們非常興奮,我們的下一個超越聲納聲納3 2發佈!


我們認為,安全是一個旅程,而非終點。在過去的一年,我們已經注意到一個有趣的惡意軟件的世 界趨勢,夫婦,如在申請誤導威脅類別和有針對性的,像Hydraq複雜的攻擊急劇增加。這是令人欣慰地看到,聲納2我們發現沒有任何變化 Hydraq分類。我們進一步微調的分類處理這些趨勢。我們還增加了大約60個新的功能,我們的分類,並看到 威脅檢出率顯著改善,我們內部的實驗室測試。這使我們的功能集,以約400!

這大量的功能給我們的優勢,隨著聲納跟蹤和檢查有關文 件,進程,或分類及其相關活動的許多方面,它變得這麼多的惡意軟件的變種更難過去我們的分類引擎或一個乾淨的樣品被錯誤分類。當然,挑戰是在分析這些信息,幾乎所有的瞬間,而不會 影響系統性能,同時使自動為用戶決定。和聲納三是如何讓這一切是可能的證明。

在分析了超過140萬起數百萬用戶的諾頓在聲納3,我 們已經增加了更多的功能和確定清潔樣本,以便我們能夠集中在可疑情況具體規定。這是使我們能夠繼續我們的功能添加到一個更準確的分 類設置。越快我們可以忽略一個樣本,列為清潔,更好的用戶體 驗。

除了我們所作出的改變,添加更多的屬性,聲納團隊一直 非常忙碌的適應和創造世界的惡意軟件和清潔新分類的演變。該小組一直忙於更新我們的分類和釋放在過去9個月以來 航運聲納2 7定義更新。聲納產生的團隊和超過200種不同的分類評估,因為我 們去年出貨聲納,解決我們從諾頓的用戶得到更多的定罪不常見的惡意軟件和減少假陽性已發生的事件的反饋。

一個主要的威脅類別,我們的重點是與聲納3誤導應用。這種威脅階層得到重視,我們很高興能夠為3聲納探測它 顯著的改善。

我們也取得了簽名的行為,在這裡我們可以迅速作出反 應,以書面簽名行為和即將到來的新威脅方面進一步改進,利用特定的功能。雖然我們的分類一直很成功的新發現和新出現的威脅及其 變種,我們相信在一個分層安全模型。在某些特定的威脅的情況是較為有效和有價值的目標與比 其具體特點的威脅留給一個分類器。

由於已經有詳細的聲納2個員額,聲納碎石和關聯引擎的 數目從內部的信息,如防火牆,殺毒引擎,入侵防禦引擎,等等這一切,然後由分類器用於改善效能信息產品。我們覺得這是一個諾頓超過了其他廠商最大的不同。大多數其他安全產品根本就沒有這種深度和廣度的信息, 使一個很好的分類。在聲納3我們進一步加強與網絡組件的整合,以便分類, 定罪,並就其惡意網絡活動的基礎上修復惡意軟件。隨著這一功能,我們將繼續阻止和刪除的惡意軟件許多 新變種離開自己的網絡覆蓋範圍不變。

所有這些和我們正在繼續改進工作,我們相信我們正在採 取安全行為的一個全新的水平。 ,我們希望這些新的改進將會被證明是與快速變化的威脅 環境方面的寶貴和保持你的安全。我們不能等待船舶聲納3至諾頓數百萬用戶。所有的諾頓2010和N360v4用戶也將受益於這些 進步,以能力增強使用聲納與聲納2,我們通過實時更新的感謝。

所以這是我們所到!讓我們知道您的想法 – 你的聲納團隊價值觀的反饋,我們希望你看到所有的改進在公開測試版。您的反饋可以幫助我們知道我們需要改進,我們把你的意 見,並作為我們最重要的成功指標建議!


看來諾頓也不是省油的燈: )