Norman Security Suite for Workstations Version 7 User’s Guide
ii z Norman Security Suite - User’s Guide Limited warranty Norman guarantees that the enclosed CD-ROM and documentation do not have production flaws. If you report a flaw within 30 days of purchase, Norman will replace the defective CD-ROM and/or documentation at no charge. Proof of purchase must be enclosed with any claim. This warranty is limited to replacement of the product.
z iii Norman Offices Norman Data Defense Systems AS Blangstedgårdsvej 1, DK-Odense SØ, Denmark Tel. +45 6311 0508 Fax: +45 6313 3901 email: normandk@normandk.com Web: http://www.norman.no/dk Norman France 8 Rue de Berri, 75008 Paris, France Tel: +33 1 42 99 94 14 Fax: +33 01 42 99 95 01 email: info@norman.fr Web: http://www.norman.fr Norman Data Defense Systems GmbH Zentrale, Gladbecker Str. 3, 40472 Düsseldorf, Germany Tel.: +49 0211 / 5 86 99-0 Fax: 0211 / 5 86 99-150 email: info@norman.
iv z Norman Security Suite - User’s Guide Norman Data Defense Systems Inc. 9302 Lee Highway, Suite 950A, Fairfax, VA 22031, USA Tel: +1 703 267 6109, Fax: +1 703 934 6367 email: norman@norman.com Web: http://www.norman.com Training and Technical Support For training or technical support, please contact your local dealer or Norman ASA. System requirements This version supports installation of Norman Security Suite v7 on Windows 2000, XP and Vista machines.
zv About this version The current release is available in several languages. New languages are added at irregular intervals. Contact your Norman dealer for information about the Security Suite in your language. Check Norman’s web sites for details, or contact your local dealer for more information about language versions. About this manual This manual presents an overview of products, features and key functions in Norman Security Suite.
vi z Norman Security Suite - User’s Guide Copyright © 1990-2007 Norman ASA
Contents z vii Contents System requirements................................................................................ iv About this version ..................................................................................... v About this manual ..................................................................................... v Technical support...................................................................................... v About Norman Security Suite .....................................
viii z Norman Security Suite - User’s Guide Exclude list.............................................................................................. 27 Create an exclude list .....................................................................27 Scanning statistics ..............................................................................28 Internet protection ................................................................................... 28 Advanced settings ....................................
Contents z ix Appendix A .................................................................................................56 What is a sandbox? .................................................................................
x z Norman Security Suite - User’s Guide Copyright © 1990-2007 Norman ASA
About Norman Security Suite z 9 About Norman Security Suite What is Norman Security Suite? Norman Security Suite (NSS) is a software security package made up from three different security applications: • Virus & Spyware Protection • Personal Firewall • Parental Control Norman Security Suite is ready for use once you’ve installed it. The default configuration settings provide the protection you need, and you don’t have to run through the configuration options to make the program operational.
10 z Norman Security Suite - User’s Guide it’s activated. When you resume work and a scan is aborted, it continues where it left the next time the screen saver kicks in. For regular manual scans, you can use the task editor and scheduler to define what area of the machine to scan and when. This product is shipped with pre-selected settings that we consider sufficient to protect you against virus attacks. The modules can be configured so that you can set up the application to suit your exact needs.
Installing Norman Security Suite z 11 Installing Norman Security Suite 1. Download the installer file from Norman’s web site. The file is called NormanSecuritySuite_SU_RxXXX.exe, where ‘x’ represents the release number and ‘XXX’ the language version. In other words, NormanSecuritySuite_SU_R1ENG.exe is the English version of the first release of Norman Security Suite. 2. Double-click the file to start the installation and follow the instructions on the screen.
12 z Norman Security Suite - User’s Guide sure that there are no blank spaces included. Note: If you don’t have a key, you can leave this field blank and still install the entire suite. However, the License Wizard will regularly prompt you for a key and the product(s) will not be updated.
Installing Norman Security Suite z 13 4. When you have entered a valid license key and pressed Next, this dialog appears: Note: If you didn’t enter a license key in the previous step, the default option is called Complete rather than Typical. 5. If you select Typical installation, all products covered by your license will be installed to c:\Program Files\Norman.
14 z Norman Security Suite - User’s Guide 7. Click Next to complete the installation of the Security Suite. 8. When installation is complete, you will be asked to restart your computer. Don’t restart until you’re instructed to. Wizards Norman Security Suite has three different wizards. The License Wizard (mentioned in step 3 above) that keeps track of the products you have a valid license for. The others are relevant if you have installed the Personal Firewall and/or Parental Control.
Virus & Spyware Protection z 15 Virus & Spyware Protection Installing and updating products Go to Install and Update | Configure | Products for a list of all available products. If and when new products/components are added to the Security Suite they are downloaded automatically. You must however install new products manually by selecting them from this dialog. All selected products are automatically updated through the Security Suite’s Internet Update.
16 z Norman Security Suite - User’s Guide Note well:If you remove the check mark for a product, it will be uninstalled and therefore never updated. Update method New malware appears every day, and Norman provides frequent updates to the virus definition files, as well as regular program updates of the Security Suite. You don’t have to worry about the nature of the updates, as the Security Suite’s agent handles everything and informs you if a restart of your computer is necessary, for example.
Virus & Spyware Protection z 17 3. Select Update manually if you prefer to start the update mechanism manually from the tray or Start menu to check for updated packages, or use Windows’ Scheduled Tasks utility (located in Control Panel). If you select this option, your installation is not updated automatically. You must run Internet Update manually, either from the tray menu or by selecting Install and Update | Update now.
18 z Norman Security Suite - User’s Guide Note that the options in this menu will look different depending on which NSS products are installed. The items in the list with an icon in front of them are copies of the items that at any time appear on the Start | Programs | Norman Security Suite menu. This is a shortcut to Norman Security Suite’s main modules, as well as some typical tasks. You can Start/stop the on-access scanner or Disable/enable the Personal Firewall by a simple mouse click.
Virus & Spyware Protection z 19 Windows that something is wrong. The Security Center symbol appears, and you can click on it to view and edit the Windows settings. If the warning triangle icon appears in the system tray, it signifies that one of these situations have occurred: 1. The On-access scanner is installed, but has been manually disabled. To start the On-access scanner, select the shortcut from the right-click menu, or go to the Virus & Spyware Protection main console.
20 z Norman Security Suite - User’s Guide increases somewhat when the Sandbox is active, but it is not likely to affect the overall system performance significantly. If a scanner detects a virus or other type of malware, it will try to clean the infected file or—if the file has no other than destructive purposes— delete it entirely. The On-access scanner The On-access scanner is working in the background and offers automatic protection of your system.
Virus & Spyware Protection z 21 2. From the Virus & Spyware Protection main page, click Disable for On-access file scanning is enabled. 3. Note well that the configuration has now changed. Disabling the On-access scanner from here is the same as removing the check mark for Enable On-access scanner under Virus & Spyware Protection | Configure | Scanners | On-access scanner. The scanner remains disabled until you manually enable it again. 4.
22 z Norman Security Suite - User’s Guide Editor, and enable the Screen Saver Scanner. Thus on-demand scans are performed automatically during periods of low activity. Finally, the Ondemand scanner can be launched by right-clicking a file system object. Scan now From the Virus & Spyware Protection main console, click Scan computer. The On-demand scanner launches a scan of all hard drives on the system. Setting up a scheduled scan 1. Select Task Editor from the Virus & Spyware Protection main page. 2.
Virus & Spyware Protection z 23 5. Select the drive and folder(s) to scan and click Add selected.The area you just selected appears in a list at the top. 6. Click OK. 7. You’re returned to the previous dialog. Click Next. 8.
24 z Norman Security Suite - User’s Guide 9. Click Next. 10. The last dialog displays a summary of the newly created task. Click Back to change your settings, Cancel to abort or Finish to save the task. 11. All scheduled tasks are displayed in a list in the Virus & Spyware Protection | Task Editor dialog. Enable the Screen saver scanner When your select the Screen Saver scanner, a virus scan of your system is performed during idle periods.
Virus & Spyware Protection z 25 2. Select Norman Screensaver as “Screen saver”. When you’ve made possible desired changes to the settings, click OK. 3. In the next system idle period, the On-demand scanner will start scanning your hard drives—displaying the progress continuously. Note that a screen saver scan employs the settings specified under Virus & Spyware Protection | Configure | Scanners | On-demand scanner.
26 z Norman Security Suite - User’s Guide Right-click scanning You can also launch the On-demand scanner by right-clicking a file system object in Windows Explorer or on the desktop, for example, and then selecting Scan for viruses from the menu. The Command line scanner The Command line scanner is an alternative to the GUI-based scanner and offers the possibility of running batch jobs and other scanning tasks from the command line.
Virus & Spyware Protection z 27 Simply select the combination of parameters that you wish to use and specify them on the command line. 3. For a list of available parameters, enter nvcc /? Exclude list You may want to speed up the scanning process by excluding certain files from scanning. Note that excluding files or areas from scanning is a decision at the expense of security. Files on the Exclude list are not scanned.
28 z Norman Security Suite - User’s Guide Scanning statistics At the top of the Virus & Spyware Protection “home” page there is a graphical representation of scanned files and detected infections over the past 24 hours. The current hour is at the far right, i.e. the example below covers the period since 3 PM yesterday till 2 PM today. The statistical numbers represent the activity of the On-demand and the Onaccess scanner. Place the cursor on a column to view details for that particular hour.
Virus & Spyware Protection z 29 incoming and outgoing mail and news—stripping or blocking all infected attachments for undesired content. NIP is both capable of scanning e-mails for known viruses and block file attachments, depending on content and file extensions. All scanning options in the Internet Protection module are preselected: The option Use Sandbox activates Norman’s sandbox functionality to detect new, unknown viruses.
30 z Norman Security Suite - User’s Guide Incoming / Outgoing e-mail scan all e-mail that you receive and send to others. Even your best friend, closest business associate or yourself may be ignorant of a virus infection. The option Newsgroups scans the traffic generated between your computer and the other participants in the group/forum you are active in. Instant messaging (received files) scans file transfer traffic during instant messaging sessions with MSN Messenger and Windows Messenger.
Virus & Spyware Protection z 31 Advanced settings Click the Advanced settings button to view this dialog: This is a short explanation of the available configuration options: Block all attachments: all attachments are blocked. Block any attachment with double extensions: many worms and email viruses apply a technique where an additional extension is added, for example .jpg.vbs. Most e-mail clients will hide the last extension so that the attachment appears to only have the extension .jpg.
32 z Norman Security Suite - User’s Guide makes it possible to replace an .exe extension with a{...} extension and thus evade blocking of .exe files. Since there is no reason for legitimate attachments to use this type of extension, this behavior is blocked by default. Block encrypted attachments: depending on the tools used, compressed and encrypted files are generally harder to scan for viruses than plain file attachments. Therefore NIP offers the option of blocking such attachments altogether.
Virus & Spyware Protection z 33 Ports Among the numerous protocols for communication between computers, there are a some that are vital for Internet use. For standardization reasons, protocols have pre-assigned port numbers. Port numbers In the section ‘Internet protection’ on page 28, you selected which Internet traffic you wish to scan. This dialog identifies the protocols needed for sending and receiving e-mails, for example, and the corresponding port number on the PC, according to industry standards.
34 z Norman Security Suite - User’s Guide Quarantine The Virus & Spyware Protection application will try to clean infected files before they are deleted and/or quarantined (depending on your configuration). Quarantined files are either infected or have been blocked by the Internet Protection feature. When you select Virus & Spyware Protection | Quarantine, you can view all quarantined files: Note: A copy of a deleted or blocked file is quarantined by default.
Virus & Spyware Protection z 35 2. Select if you want to Back up all files to quarantine before repair and Move unrepairable files to quarantine. Both options are preselected and recommended. 3. Then specify minimum and maximum time files should be held in quarantine, and how much disk space they are allowed to occupy. A file which hasn’t reached the minimum time will not be deleted though—then the reserved disk space allocated for quarantined files will be expanded. 4. Click Apply when you’re done.
36 z Norman Security Suite - User’s Guide Personal Firewall When you install the Personal Firewall, you must run the installation wizard which establishes basic rules for NPF automatically, such as granting Internet access for the relevant applications. You can always change automatically generated rules later, using the Rule Editor. It is highly recommended that you run the installation wizard, which offers different steps for experienced and less experienced users.
Personal Firewall z 37 “experienced” wizard. Clear the check mark for this option to change level to inexperienced user. The difference between the two categories is the degree of assistance you get when you create new rules or change existing rules. As inexperienced user a rule wizard will guide you through the rule handling.
38 z Norman Security Suite - User’s Guide Disable/Enable Personal Firewall You can disable/enable the Personal Firewall by right-clicking the tray icon. Select Disable Personal Firewall. This entry changes to Enable Personal Firewall when the application is disabled. Note: This option is not available on Windows Vista, where you must disable and enable the Personal Firewall from the console. Windows’ Security Center also issues a warning when the firewall is disabled.
Personal Firewall z 39 The Personal Firewall does not allow you to create incoming rules. Incoming rules are handled by the firewall’s Server Mode awareness, which dynamically and automatically creates incoming rules based on Server Privileges. This is an intelligent mechanism in the firewall that evaluates attempts from the outside to listen on a set of ports. Legitimate requests are granted access only for the relevant ports, and they are automatically closed when they are no longer needed.
40 z Norman Security Suite - User’s Guide 4. Select an application by clicking on it, or select Show My Computer if the program you’re looking for is missing from the list. Click Next. 5. Decide if this application should be Allowed or Denied access to the Internet. Click Next. 6. Determine if this is a server application or not. Server applications make your computer behave as a server by holding ports open, allowing other computers to connect to yours. If in doubt, select No. Click Next. Tip: 7.
Personal Firewall z 41 Create a rule - experienced mode 1. Select Personal Firewall | Configure | Rule Editor. A dialog listing existing rules and their status appears: 2. Click the Create New button. 3. Complete the required fields and click OK. Tip: There’s a detailed description of all fields in the online help. View traffic on your computer Real-time log The Personal Firewall employs advanced stealthing techniques that make your computer invisible and undetectable from the Internet.
42 z Norman Security Suite - User’s Guide applications and key information for these: 2. Right-click an entry to view details and possibly change the configuration for this application. 3. From the drop-down menu you can change between the following views: Outgoing traffic, Incoming traffic, Server privileges requests and Status messages from the firewall. Tip: If you select Incoming traffic, you can see attempts to connect to your computer that were denied, and why. Ports viewer 1.
Personal Firewall z 43 2. The bottom half of the screen contains explanations of the different status types. 3. You can highlight an entry and stop the application by clicking the Terminate Application button.
44 z Norman Security Suite - User’s Guide To change an application’s configuration from allow to deny, remove the check mark and click OK. Alternatively, insert a check mark to allow a denied application access to the Internet. Note that Terminate Application and Edit Associated Rule only apply to entries “handled by rule”. The Open Advanced Configuration option is only available for rules handled by “advanced configuration”.
Parental Control z 45 Parental Control The purpose of Parental Control is to shield the young ones from the shady sides of the Internet. It’s no secret that there is an abundance of bizarre web sites inappropriate for kids (and most adults too, for that matter). The Internet is not censored, but you can introduce your own censorship to protect your children from viewing web sites with undesired content—deliberately or not.
46 z Norman Security Suite - User’s Guide 4. Now select default profile. Parental Control will fall back on this profile after the specified idle time. Idle time is a period where there is no activity on the system, i.e. no keyboard strokes and no mouse movements. When you’ve completed the wizard, you can log in as administrator and decide when Parental Control should fall back on default profile when the PC is idle.
Parental Control z 47 6. Click OK in the next dialog, and the administrator login appears. Log in with the password you entered in Step 1, and you are ready to configure the product as you like. Users, Groups and Categories When you create a user, you must complete a couple of mandatory steps where you assign group and password for the new user. There are three groups: Adult, Teenager and Child. Adult: No restrictions - the user can access any web site.
48 z Norman Security Suite - User’s Guide belonging to a category. The terms that the categories are based on are not accessible for viewing or editing. There are four categories for the group Teenager that will block access to web pages with contents of the types sex, gambling, weapons and drugs. All categories are by default on, but the administrator can uncheck the one(s) that should be allowed.
Parental Control z 49 4. You’ll receive a confirmation that a new user is created. Click OK. Configure groups Since the group Adult has no restrictions, only Child and Teenager can be configured. If a user who is assigned to group Child should be able to access the Internet at all, you must specify which web pages this user is allowed to access. How to configure group Child 1. Select Parental Control | Group configuration | Child. 2. Click Configure allowlist.
50 z Norman Security Suite - User’s Guide 3. Type in the web address you wish to allow in the Add to list box and click Add. Valid formats are: http://www.newspaper.com www.newspaper.com newspaper.com Wildcards (*/?) are not supported. Tip: 4. If you grant access to http://www.newspaper.com/kidsstuff it does not permit access to http://www.newspaper.com. If newspaper.com is added, all sub domains of this web address are allowed, like news.newspaper.com, cartoon.newspaper.com etc.
Parental Control z 51 deactivate both the allowlist and the blocklist by selecting/ deselecting the option Use blocklist, alternatively Use allowlist. 4. Click Apply when you’re done and then OK to return to the previous dialog. 5. Click Select categories and the following dialog appears: 6. By default all categories are selected, i.e. users in the group Teenager are denied access to web sites with content of this nature.
52 z Norman Security Suite - User’s Guide to mark a period and left-click again. The selected field(s) are marked in red, denoting that this period is blocked for surfing. You can drag the cursor upwards/downwards or sideways right/left to extend the period you wish to block. 4. To edit blocked periods, place the cursor in a red field, click and drag the mouse over the area you wish to change. 5. When you are done configuring this user, click Apply to save your work.
Support Center z 53 Support Center If you need more assistance than the product documentation and online help can supply, you should go to the Support Center: Help and troubleshooting Clicking the Help and troubleshooting link brings you to Norman’s web, which offers a range of useful resources that in most cases will help you out.
54 z Norman Security Suite - User’s Guide • search facilities If you cannot solve your problem with these tools, then try: Contact information This page provides phone numbers and addresses so you can get in touch with your local Norman office/representative. Automatic repair If you are experiencing any problems with your installed version of the Security Suite, you could always try to run an automatic repair before you contact support personnel.
Support Center z 55 Uninstalling the Security Suite You can uninstall the product using Windows’ Control Panel’s Add/ Remove programs (on Vista, from Programs and Features), or running delnvc5.exe from c:\Program Files\Norman\nvc\bin and choose the Remove option. When the program is removed, restart the computer.
56 z Norman Security Suite - User’s Guide Appendix A What is a sandbox? Sandbox is the term that best describes the technique that is used to check if a file is infected by an unknown virus. The name is not randomly picked, because the method allows untrusted, possible viral code to play around on the computer – not in the real computer, but in a simulated and restricted area within the computer. The sandbox is equipped with everything a virus expects to find in a real computer.
