Questions:
What is malware?
How do I know if my Web site is free of malware?
What does the service scan?
What happens if malware is detected on my Web site?
How much bandwidth will the scan require?
When does the scanning service begin?
Do I have to activate malware scanning for every SSL Certificate?
Can I customise the Web site malware scan
How does my customer know my Web site is free of malware?
Does this replace my enterprise scanning solution?
What does blacklisted mean?
How can I protect my site from malware?
What does Norton™ Secured Seal mean to my customers?
Answers:
What is malware?
Malware is short for malicious software and also known as malicious code. Hackers exploit security weaknesses on your server to gain access to your Web site and install malicious code. They use your Web site to spread viruses, hijack computers and steal sensitive data such as credit card numbers or other personal information. Malware code is not easily detected and may infect your customers' computers when they visit your Web site.
Back to Top
How do I know if my Web site is free of malware?
Malicious code is hidden in the source code of your Web site and can be difficult to detect without line-by-line analysis. Some malware is activated by the display of a page and may not be detected without behavioural analysis of your code using a browser simulator. When you protect your Web site with a Symantec SSL Certificate, we include a free daily malware scanning service for your public Web pages. If malware is detected, you will be directed to a list of infected pages and notified of the code causing the problem. Once you have deleted all instances of the code, you can request that your site be rescanned within 24 hours
Back to Top
What does the service scan?
Symantec Web site malware scanning service scans the Web site code located at the hostname used in the SSL Certificate, including javascript and iframes. The service completes a static analysis of Web site code as well as behavioural analysis through a browser simulation to find code that may be activated by display of a page. The service does not scan every Web page on your Web site, but reviews an optimal number of pages to identify malicious activity. It does not scan your network or search for malware on internal desktop computers, or scan attachments or internal Web pages that require sign-in.
Back to Top
What happens if malware is detected on my Web site?
If malware is discovered and you are an SSL customer, Norton Secured Seal deactivates and is replaced by the Norton Secured Seal. You receive an email alert warning you of the malware infection with instructions to access the scan results within your the Symantec™ Trust Centre account. Go to the Trust Seal Services tab to see a list of infected pages and the code causing the problem. You or your Web site administrator can find and delete all instances of the malware and request that your site be rescanned within 24 hours. When the scan confirms that all instances of malware are removed, Norton Secured Seal displays again.
Back to Top
How much bandwidth will the scan require?
The scan is not like a vulnerability scan, searching for an exploit and consuming bandwidth. It works more like a search engine crawler that reviews your html code. As such, scanning is equivalent to a few people accessing your Web site at any given time and should not affect your site performance or take your site offline.
Back to Top
When does the scanning service begin?
Web site malware scanning is automatically activated when your business has been authenticated and you have been issued a valid SSL Certificate. There is nothing to download or install for you or your customers. If you decide that you do not want your Web site protected by a daily malware scan, simply sign in to the Symantec™ Trust Centre to deactivate scanning.
Back to Top
Do I have to activate malware scanning for every SSL Certificate?
Scanning occurs by hostname. You may have many servers, each one secured by a unique SSL Certificate and all of them providing content to a single hostname. The scan is of the html pages located at the hostname, not the servers themselves. As long as you have one active SSL Certificate with the hostname, malware scanning is activated. If you decide that you do not want your Web site protected by a daily malware scan, simply sign in to the Symantec™ Trust Centre to deactivate scanning of the hostname.
Back to Top
Can I customise the Web site malware scan?
Malware scanning may be turned on or off by signing in to your Symantec Trust Centre account and clicking the Trust Seal Services tab. Specific pages or sections of your Web site cannot be targeted. Note: Norton Secured Seal only displays on Web sites and in search results with malware scanning activated. Norton Secured Seal will display if malware scanning is deactivated.
Back to Top
How does my customer know my Web site is free of malware?
Norton Secured Seal only displays after a successful malware scan. If your site fails a malware scan, the seal switches to the Norton Secured Seal, which indicates that encryption is available on your site and authenticates your business entity. When customers see Norton Secured Seal, they know you are committed to keeping them safe and they can click the trust mark to see the status of your malware scan. Many large companies have malware scanning solutions today, but their customers do not know that they are protected. Now they have assurance through Norton Secured Seal.
Back to Top
Does this replace my enterprise scanning solution?
No. Symantec's Web site malware scan is designed to provide additional assurance to business owners and their customers that the site is regularly checked for malicious code. Traditional anti-malware software focuses on the end point: the desktop. Most enterprise scanning solutions are designed to protect employees from downloading or installing malware rather than protecting the company's Web site from distributing malware.
Back to Top
What does blacklisted mean?
Because of the potential damage caused by malware, Google, Yahoo, Bing and other search engines scan and then blacklist or exclude any site found with malware. If your site is blacklisted, it may be blocked entirely or flagged with a security alert to discourage click-through. In addition, anti-virus plug-ins to popular browsers can detect malware and block access to infected sites.
Back to Top
How can I protect my site from malware?
Like most thieves, malware hackers look for easy targets, such as a Web site where malware will go undetected for as long as possible. Posting Norton Secured Seal on your Web site is like posting an alarm security sign in your front window. It shows hackers that your site is scanned daily to detect malware.
Back to Top
What does Norton™ Secured Seal mean to my customers?
As consumers become more concerned about identity theft, they look for signs that a site is safe before doing business. By posting Norton Secured Seal, you show customers that you care about their safety and that your site has passed the Symantec malware scan within the past 24 hours. Learn more: What Norton Secured Seal Means
Back to Top
| Call +61 3 9674 5500 | Request information online. |
Feedback