Norton and the Heartbleed vulnerability

This article answers many of the questions that are currently being asked about the Heartbleed bug and the role that Norton plays in defending against this attack. You may have received an email from Norton notifying you about this vulnerability.

Was Norton affected by the Heartbleed vulnerability?

  • The 21.0.x.x - 21.2.x.x versions of Norton AntiVirus, Norton Internet Security, and Norton 360 did include the OpenSSL library that contained the vulnerability. However, in order for people to exploit the OpenSSL vulnerability in the affected Norton products, they would have to get Norton to connect to a malicious server which is not an easy thing to do. Norton is configured to only communicate with Norton servers, so in practice the impact of Norton products containing the vulnerable OpenSSL library is minimal.

    There is however a theoretical possibility (albeit a very remote one) that a user's network can be attacked and their network traffic redirected to a remote server, for example by DNS spoofing. In such a case it is conceivable that the vulnerability can be exploited. Even if such an attack was possible, the exposure would only be to information exchanged between Norton products and Norton servers about possible malicious files.

    As a mitigation measure against this remote possibility, an Intrusion Prevention Signature was released on April 10th. This signature detects malformed payload lengths in the heartbeat request communications that are sent between Norton products and servers. This signature stops and blocks the Heartbleed vulnerability from affecting your Norton product.

    Latest versions of Norton AntiVirus, Norton Internet Security, and Norton 360 contain a permanent fix for the Heartbleed vulnerability.

Were Norton websites affected by the Heartbleed vulnerability?

  • No, Norton websites were not affected by the vulnerability.

Were Norton accounts affected by the Heartbleed vulnerability?

  • No, Norton accounts were not affected by the vulnerability. Although it is not necessary to change your password, we encourage you to consider doing so. It is always good practice to change passwords from time to time.

What is the Heartbleed bug?

  • Heartbleed is a name that security researchers have given to a serious bug found in a very common piece of software used by many websites. The software in question is called OpenSSL and is used to encrypt the information that you send to and from websites, such as your login name and password or other sensitive information. You can usually recognize when websites encrypt information when you see a little closed padlock near the address of the website in your browser.

    OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are vulnerable. Unfortunately there are many different software implementations used to implement this encryption and there is no easy way to know whether or not a given website is running the particular version of OpenSSL that this bug is present in. We believe that most large websites reacted quickly to the news of the Heartbleed bug and fixed it. However, it will likely take a very long time for every website to do so.

Is there a way for me to check if a site still has the Heartbleed vulnerability in it?

  • Yes, Norton has provided the following webpage where you can enter the address of a website that you want to check.

    http://safeweb.norton.com/heartbleed

    You must enter the full https address of the website.

    This page will return a result indicating whether or not the website is still vulnerable to the Heartbleed attack.

Can Norton products protect my computer from the Heartbleed attack?

  • Norton products can protect your computer from attack when you are communicating with third-party websites. On April 10th, a new Intrusion Prevention Signature was released for all Norton security products. This signature detects malformed payload lengths in the heartbeat request communications that are sent between clients and servers. This signature stops and blocks the Heartbleed vulnerability from affecting your Norton product.

    It is important to bear in mind however that the Heartbleed vulnerability is primarily exposed on third-party websites. Such websites can be potentially attacked at any time of the day or night by an attacker. Such an attack would likely take place when you are not connected to the website. In such situations your personal information stored on the third-party websites may be compromised. Because of this, it is important that you take additional measures to protect yourself.

What can I do to protect my personal data?

  • The following are some tips to keep in mind over the coming weeks and months to help ensure the safety of your sensitive information as you surf and interact online:

    • Change your passwords: On any website that has sensitive information about you, you should change your password as soon as possible. You should also confirm that the site does not contain the Heartbleed vulnerability, by using the following Norton webpage: http://safeweb.norton.com/heartbleed. You must enter the full https address of the website.

    • Do not use the same user name and password across multiple sites: Using the same user name and password for every website you use is the online equivalent of having the same key for the door to your house, your car, your office, etc. Losing that one key to a criminal would also mean that they can potentially freely access every online account you have. If you need to access many websites, as most of us do these days, we recommend using a secure password manager to help you create, manage strong and unique passwords

    • Make sure you avoid simple passwords: Use a combination of upper and lower case letter with a few numbers sprinkled in is a good start. Also, the longer the better a password is.

    • Pay particular attention to email accounts: Many websites use email to reset your password. This means that if an attacker has access to your email account, they can easily gain access to many of your other website accounts. We recommend that you take this opportunity to reset your email password. Consider enabling two-factor authentication, if your email provider offers this service.

    • Be especially on the watchout for scams: News like that of Heartbleed is music to a scammer's ears. They take advantage of events like this by sending out fake email messages asking unsuspecting users to change your password because of the Heartbleed bug. Such messages are known as phishing messages. They can be very hard to spot. Although Norton products are good at detecting and blocking them if you do get a message asking you to reset a password, we recommend that you don't click on any of the links in the email but rather navigate to the website by manually typing the address into your browser.

    • Keep an eye on your sensitive online accounts: It's always a good practice to this anyway, but particularly now, pay special attention to online accounts (banks, email, and so on), as well as bank and credit card statements to check for any unusual transactions.

Need more help?

Thank you!

Thank you for using Norton Support.

< Back

Was this information helpful?

DOCID: v98431836_EndUserProfile_en_us
Operating System: Windows
Last modified: 09/12/2017