Norton Internet Security 6.0 Technical Notes - August 7, 2002 Copyright 1999-2002 Symantec Corporation All rights reserved This document contains technical information about some features of Norton Internet Security. Note that the release notes may refer to features that are not in the product you have installed, as it covers three products with different features. Cookie Blocking ~~~~~~~~~~~~~~~ Norton Internet Security blocks cookies created using the most common methods. It does not block the creation of cookies by JavaScripts, ActiveX controls, or Java applets. As a result, you may see cookies in your cookie folder. However, Norton Internet Security prevents Web sites from reading these cookies without your permission, so you are still protected. Earlier versions of Norton Internet Security blocked only the outbound cookies. Content Filtering ~~~~~~~~~~~~~~~~~ In version 4.0 of Norton Internet Security, Symantec moved http filtering from the device drivers to a service named SymProxySvc. This has resulted in fewer device drivers being loaded and a common architecture for both Web content filtering and email scanning. This service is utilized as a transparent proxy for http, MSN Messenger, and AOL Instant Messenger traffic. After installing Norton Internet Security, you will see connections from your web browser and other programs to localhost. This is an indication that the programs are communicating with the proxy. A second proxy, NAVAPW32.EXE, is used for filtering POP3 and SMTP traffic. Program Scan ~~~~~~~~~~~~ During a Program Scan, you may receive an alert that says ALESCAN.EXE is attempting to connect to the Internet. The communication may be a DNS lookup, or an http communication (usually to crl.microsoft.com). This communication is needed to verify scanned programs' digital certificates and to check for revoked certificates. It is not a security risk. Intrusion Detection System ~~~~~~~~~~~~~~~~~~~~~~~~~~ Norton Internet Security includes a new Intrusion Detection System (IDS). By default, the IDS monitors a small number of signatures that Windows users are most likely to encounter. If you test the IDS with an enterprise-level IDS testing tool, you may be concerned that it is not responding to all of the attacks. This is because the IDS only monitors attacks that can be used to exploit Windows computers. Even if the IDS does not notify you of an attack, the Norton Personal Firewall component of Norton Internet Security protects you from those attacks. This design choice was made for performance reasons.