先看看norman对Norman Security Suitever7.0的介绍:
Norman Security Suite 7
Norman Security Suite is a new suite of security products that will protect your computer against hackers, computer viruses, and other malware. The beta of Norman Security Suite includes; Virus & Spyware protection, Personal Firewall and Parental Control.
Virus & Spyware Protection
The Virus & Spyware Protection module provides state of the art protection against adware, spyware, trojans, viruses, worms and other malware threats that flourishes out there. Through a unified and intuitive user interface, you can view status information, configure the installation and execute tasks. By activating the Norman Screensaver scanner, you will add an extra security layer at times when your computer is idle. Norman’s award winning SandBox technology for proactive detection of malware is of course also included in this version.
Norman Personal Firewall
In the new version of Norman Personal Firewall, we have emphasized to give the product a user friendly interface without removing options that are appreciated by the advanced user. The modes for inexperienced users and experienced user are equally secure, but in order to offer both user categories a pleasant experience, which mode to use is configurable.
Connection security
Norman Personal Firewall will detect and block unauthorized incoming connections to the computer, and it will only allow outgoing connections that you have authorized. Through a step-by-step installation wizard, a pop-up assistant and a rule wizard/editor you will be guided through the process of creating a secure environment for your Internet applications.
Port scan detection and logging
In order to prevent unauthorized remote access and hacking, port scans will be blocked and logged.
Expert tools
Through the new Real-time log utility you can monitor connections in details, and create firewall rules on-the-fly. In cases where your configured firewall rules are too restrictive, you will also be able to track which rule(s) that must me modified to obtain the preferred level of security. Among the Expert tools you will also find a handy Advanced Ports Viewer tool.
Norman Parental Control
Norman Security Suite 7 offers a new Parental Control product. Among the features you will find group configuration for “Teenager" and “Child", and Internet browsing may be restricted through category configuration for sex, gambling, weapons and drugs. It is also possible to schedule Internet access for the different users and groups. In other words you will be able to establish a safe environment for all family members.
Important information
To ensure system stability, make sure you uninstall all other antivirus and security software before proceeding with the installation. This also includes Norman’s NVC v5 and earlier versions of Norman Personal Firewall.
English is currently the only available language version.
Help buttons are available in different parts of the product, but no manual is yet available for Norman Security Suite 7. You should therefore not install this beta version unless you are familiar with antivirus, personal firewall, and parental control products.
System Requirements
Norman Security Suite 7 currently supports Windows 2000, Windows XP and Windows Vista 32 bit.
Windows 2000
CPU
Any 450+ MHz Pentium based platform
RAM
256
Other requirements
Service pack 4
Update Rollup 1 for Windows 2000 SP4
Internet Explorer 6 or newer
100 MB of available disk space
Windows XP
CPU
Any 450+ MHz Pentium based platform
RAM
256 (At least 512 recommended)
Operating system and browser details
Service pack 2
Internet Explorer 6 or newer
100 MB of available disk space
Windows Vista
CPU
1 GHz 32-bit (x86) or 64-bit (x64) processor
RAM
512 (At least 1GB recommended)
Operating system and browser details
32 bit Windows Vista
Internet Explorer 7
100 MB of available disk space
How to install and update Norman Security Suite 7
Register for and download the install package from the link below.
Run the install package.
Complete the Norman Personal Firewall wizard.
In the License wizard that will pop up shortly after installation, insert the authentication key which you receive in an email after registration.
Open the Norman Security configuration panel from the N tray icon menu or the Start menu, go to Parental Control and work through the configuration wizard.
The default configuration in Norman Security Suite 7 ensures automatic update of the installation. If you want to check for updates manually, you can do this by selecting Internet Update from the tray icon menu. The updates will be installed automatically within few minutes after download is complete. If you want to change update mode for you installation, you can do this from the Install and Update section in the Norman Security configuration panel.
Note:
Virus definition files may not be as frequently updated for the Norman Security Suite beta version as for the released version of Norman Virus Control.
More often than with current release version of Norman Virus Control, updating the beta may require that you restart the computer in order to take effect. The program will instruct you when a restart is needed.
To uninstall Norman Security Suite 7, run the program Delnvc5 that you will find in the folder ...\Norman\Npm\Bin and select Remove.
Disclaimer:
Norman is under no circumstances responsible for any loss - financial or other - that may occur from using beta software from Norman. I accept this and want to DOWNLOAD A BETA.
安装界面就不贴了,安装完后norman要安装一些组建,安装组建完后就重启,重启必须按Nomrna提供的重启,不能强制重启,否则会造成Norman不能启动,因此要重新安装。
重启后,要进行一次初始化设置:
 这里新手一般选择Inexperienced User,如果你是高手就选择Experienced User,当然我选择的是Inexperienced User。
 Web Browsers浏览器设置,当然如果Norman没有发现其它的浏览器,你可以手动添加。
 Email Client如果没有你所使用Email Client,那就Add ohter email client吧!
 Network Resources网络资源设置,这个简单把连个都选上就Ok了!
 other know applications这个没有什么可以设置的把Allow this applications选上就可以了。
 最后就Enjoy吧!
资源占用:
12个进程,快赶上FS了,是一个吃资源的老虎。
主界面:
 从主界面我们可以得知此安全套装有其反病毒.间谍,防火墙,家长控制3大组件。
Virus&Spyware Protection:
 上面是24小时内扫描文件的统计图,红色就表明扫描文件感染的Virus,红色柱越高表明感染越严重。On_access file scanning 是启用或关闭实时监控的设置,Quarantined files显示当前隔离区的有多少隔离文件。
 点击scan computer后Norman就开始对你的系统进行彻底查杀了。
 扫描完后Norman会统计扫描了多少文件,以及有多少文件被病毒感染了。
 这是计划任务扫描。点击后就可以设定,这个很简单就不多说了。
 这里是隔离区。
 这里是设置,跟Norman以往一样,设置很简单,不需怎样设置,但我们还去看看Norman的设置。
Scanners设置总的来说很简单,无需任何设置,按照默认就足以发挥Norman;Internet Protection也就是一下Email等设置;Spyware protection我觉得这个很多余,直接融入到Scanners里面不就可以了,还多一个选项;Quarantine就是隔离区文件物理设置;Enable screen saver scanner就是屏保是扫描系统,这个东西是新Norman里的一个新功能,相信大家用KV的屏保的scan吧,都是一样的道理。简简单单就可以把Norman设置里的东西说完,那是因为Norman太好设置了,我觉得Norman的易用性是我用了很多AV中最易用的AV之一。
事实监控测试:
当我解压了一个病毒后,过了一两秒钟,Norman才开始提示
 Norman的监控很简单发现病毒直接隔离没有任何选项,你只需要安close,虽然这简化了思考怎样处理的时间,但是这有可能会造成很大的麻烦,因此这做的不是很完美。
Sandbox:
这是Norman对一个virus的sandbx扫描报告
Scanning files matching: F:\v\123.zip
21484 ms F:\v\123.zip : 123.exe Virus W32/Hupigon.gen67 ( [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Creating several executable files on hard-drive.
* File length: 83968 bytes.
[ Changes to filesystem ]
* Deletes directory C:\WINDOWS\TEMP\IXP0.TMP.
* Creates directory C:\WINDOWS\TEMP\IXP0.TMP.
* Creates file C:\WINDOWS\TEMP\IXP0.TMP\TMP4351$.TMP.
* Creates file C:\WINDOWS\TEMP\IXP0.TMP\b-PEavp.exe.
* Creates file C:\WINDOWS\TEMP\IXP0.TMP\b-mie.exe.
* Deletes file C:\WINDOWS\TEMP\IXP0.TMP\b-mie.exe.
* Deletes file C:\WINDOWS\TEMP\IXP0.TMP\b-PEavp.exe.
* Deletes file C:\WINDOWS\TEMP\IXP0.TMP\TMP4351$.TMP.
* Deletes directory C:\WINDOWS\TEMP\IXP0.TMP\.
* Creates file C:\WINDOWS\winllogon.exe.
* Creates file C:\WINDOWS\Deleteme.bat.
[ Changes to registry ]
* Creates key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce".
* Sets value "wextract_cleanup0"="rundll32.exe C:\WINDOWS\SYSTEM32\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TEMP\IXP0.TMP\"" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce".
* Deletes value "wextract_cleanup0" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce".
* Creates key "HKLM\System\CurrentControlSet\Services\IE_WinServerName".
* Sets value "ImagePath"="C:\WINDOWS\winllogon.exe" in key "HKLM\System\CurrentControlSet\Services\IE_WinServerName".
* Sets value "DisplayName"="Windows CreaterIE" in key "HKLM\System\CurrentControlSet\Services\IE_WinServerName".
[ Process/window information ]
* Attempts to access service "IE_WinServerName".
* Creates service "IE_WinServerName (Windows CreaterIE)" as "C:\WINDOWS\winllogon.exe".
)
0 ms F:\v\123.zip
16 ms F:\v\123.zip:Zone.Identifier
- File F:\v\123.zip quarantined.
分析的很全面!
刚才有几个人说,要看看Norman的查杀能力,这里就简单说说!
例一:样本在下地址:http://bbs.kafan.cn/viewthread.php?tid=118771&pid=1530996&page=1&extra=page%3D1#pid1530996
===================================================================================================
Norman Virus Control On-demand scanner 7.0.0.9
NSE revision 5.91.04
nvcbin.def revision 5.90.00 of 2007/08/09 20:07:15 (824384 variants)
nvcmacro.def revision 5.90.00 of 2007/08/06 19:46:49 (20358 variants)
Total number of variants: 844742
===================================================================================================
Time Filename Virus name
---------------------------------------------------------------------------------------------------
- Scanning drive: F:\
- Scanning system areas of drive: F:\
- Scanning files in the directory: F:\v\v1\
47 ms F:\v\v1\13d003.exe Trojan Smalltroj.gen5 ()
- File F:\v\v1\13d003.exe quarantined.
- File F:\v\v1\13d003.exe deleted.
16 ms F:\v\v1\14d003.exe Trojan Smalltroj.gen5 ()
- File F:\v\v1\14d003.exe quarantined.
- File F:\v\v1\14d003.exe deleted.
7407 ms F:\v\v1\a.exe
15 ms F:\v\v1\alsmt.exe Trojan W32/Agent.AMHW ()
- File F:\v\v1\alsmt.exe quarantined.
- File F:\v\v1\alsmt.exe deleted.
0 ms F:\v\v1\AVIStream_API.dll
5485 ms F:\v\v1\b.exe
8078 ms F:\v\v1\Chajian_201.exe Virus W32/Malware ( [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing PEC2.
* Accesses executable file from resource section.
* Creating several executable files on hard-drive.
* File length: 208430 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\TEMP\Chajian_201.exe.
* Creates file C:\WINDOWS\Chajian_201.dll.
* Creates file C:\WINDOWS\SYSTEM32\system.dat.
[ Network services ]
* Connects to "98032.com.cn" on port 80 (IP).
* Opens URL: 98032.com.cn/count/data_add.aspx?filename=Chajian_201.exe.
[ Network ]
* Hooks into Shell explorer.
[ Process/window information ]
* Creates an event called .
* Attemps to open C:\WINDOWS\TEMP\Chajian_201.exe .
* Enumerates running processes.
* Enumerates running processes several parses....
)
- File F:\v\v1\Chajian_201.exe quarantined.
- File F:\v\v1\Chajian_201.exe deleted.
1093 ms F:\v\v1\dodolook451.exe
16 ms F:\v\v1\inin.exe Trojan W32/Malware.AEHD ()
- File F:\v\v1\inin.exe quarantined.
- File F:\v\v1\inin.exe deleted.
15 ms F:\v\v1\KB908224.dll Trojan W32/Smalltroj.gen5 ()
- File F:\v\v1\KB908224.dll quarantined.
- File F:\v\v1\KB908224.dll deleted.
187 ms F:\v\v1\my_70204.exe
344 ms F:\v\v1\netdde32.exe
16 ms F:\v\v1\ntsvc.exe Trojan W32/Lmir.ALV ()
- File F:\v\v1\ntsvc.exe quarantined.
- File F:\v\v1\ntsvc.exe deleted.
15 ms F:\v\v1\WinForm.dll
===================================================================================================
The scanning started: 2007/08/15 15:41:11
ended: 2007/08/15 15:41:34
Logged on as : Administrator
on hostname : 2FF87FC2B9AB46F
Scanning results:
Total number of files found..............................: 15
Number of files scanned..................................: 14
Number of files/directories skipped due to exclude list..: 0
Number of files that could not be opened.................: 0
Number of archive files unpacked.........................: 0
Number of archive files not unpacked.....................: 0
Number of infections.....................................: 7
Copyright (c) 1993-2005 Norman ASA.
例二:误报测试:样本在下地址:http://bbs.kafan.cn/viewthread.php?tid=118772&extra=page%3D1
===================================================================================================
Norman Virus Control On-demand scanner 7.0.0.9
NSE revision 5.91.04
nvcbin.def revision 5.90.00 of 2007/08/09 20:07:15 (824384 variants)
nvcmacro.def revision 5.90.00 of 2007/08/06 19:46:49 (20358 variants)
Total number of variants: 844742
===================================================================================================
Time Filename Virus name
---------------------------------------------------------------------------------------------------
- Scanning drive: F:\
- Scanning system areas of drive: F:\
- Scanning files matching: F:\v\v1\DIY_Y1.6.exe
16 ms F:\v\v1\DIY_Y1.6.exe
===================================================================================================
The scanning started: 2007/08/15 15:37:51
ended: 2007/08/15 15:37:51
Logged on as : Administrator
on hostname : 2FF87FC2B9AB46F
Scanning results:
Total number of files found..............................: 1
Number of files scanned..................................: 1
Number of files/directories skipped due to exclude list..: 0
Number of files that could not be opened.................: 0
Number of archive files unpacked.........................: 0
Number of archive files not unpacked.....................: 0
Number of infections.....................................: 0
Copyright (c) 1993-2005 Norman ASA.
Norman并没有误报!
[ 本帖最后由 woai_jolin 于 2007-8-15 15:48 编辑 ] |
发表于 2007-8-15 13:42:33
楼主
这就是FW的主界面。
这个做的还比较人性化,详细的说明的当前防火墙的状态。
这个页面没有什么,点击Rule Editor,这个是个Norman new FW中最让我满意的地方。
此时你点击任何一个应用程序后,点击Next
如果你允许此应用程序联网,就选择Allow
如果你相信这exe程序就选择yes,最后next,就Finish,此应用程序的规则就设置成功了是不是很简单,这是NormanF FW惯用的设置,只不过7.0改变了一哈方式。
看到那个xp an me only没错那个就是针对不同的系统所设置的!
同上!
Norman这个针对不同系统所设置的规则蛮不错的说很人性化!
MAC绑定!
偶的E文。。。刚及格的水平
发表于 2007-8-15 16:26:34