Symantec buys antiphishing firm WholeSecurity

Symantec has agreed to acquire privately held WholeSecurity, which makes products to fight phishing scams and detect malicious code attacks.

Venture-backed WholeSecurity is based in Austin, Texas, and employs about 60 people. Its customers include eBay, Deutsche Bank and Visa, according to the company's Web site. The acquisition is expected to be completed in October, Symantec said Thursday. Financial details were not disclosed.

Symantec currently offers limited antiphishing capabilities through its Brightmail antispam products. The WholeSecurity deal will expand Symantec's lineup that handles phishing fraud and detects worms and other attacks, said Enrique Salem, senior vice president for security products and solutions at Symantec.

Symantec is keen on WholeSecurity's threat detection, Salem said. The behavioral-based technology analyzes the characteristics and actions of viruses, worms and other malicious code to safeguard networks. In the past, detection software has typically used signatures, or recognition of specific threats.

"We already had a range of behavior-based capabilities, but the WholeSecurity technology is incredibly accurate," Salem said. The patent-pending software looks at malicious behavior as well as good behavior to assess the risk, he said. "Most behavior-based technologies only look at malicious behavior," he said.

Symantec plans to integrate WholeSecurity's technology into its own products, Salem said.

WholeSecurity also maintains a list of phishing sites, known as the Phish Report Network. The list is used by eBay and Microsoft browser add-ons that aim to defend against fraud.

The announced acquisition of WholeSecurity is Symantec's second in as many months. In August, the Cupertino, Calif.-based security software giant said it planned to buy compliance specialist Sygate Technologies. In July, Symantec completed the takeover of Veritas Software, which sells backup and management software.

[hadaso]

The only real protection from phishing is ...

The only real protection from phishing is to not use the same email address to receive email from your bank/credit union etc. for anything else (like receiving jokes, nephew's photos etc.)

If the adress your bank sends to is known only to you and your bank, then you always know whether the email that claims to be "from" your bank is really from your bank or not.

No other method can come close to that (except some encryption based methods).

There are plenty of services that would allow you to have all the email addresses you want deliver to your one mailbox (or few mailboxes). One way to do it is to buy your own domain name for less than $10 a year. Another is to use an email service that allows the user to use all the addresses in a subdomain (e.g. fastmail.fm). I see no real reason why ISPs don't provide this service free of charge. If a customer can use username@comcast.com, why not anything@username.comcast.com? There's no real additional cost to the ISP if all these addresses deliver to the same mailbox as username@comcast.com. It's just a matter of a little bit configuration. Finally, there are "disposable email addresses" services (e.g. sneakemail.com) that redirect email sent to many addresses to the user's protected address. Their advantage is that they usually include organization tools that organize the user's several email addresses and allow the user to control them and annotate them. (BTW, I don't see why ISPs don't offer this kind of service as a paid option. spamgourmet.com is opensource and any ISP can replicate the service. It would probably not be to hard to replicate the functionality of sneakemail).

[hadaso]

The only real protection from phishing is ...

The only real protection from phishing is to not use the same email address to receive email from your bank/credit union etc. for anything else (like receiving jokes, nephew's photos etc.)

If the adress your bank sends to is known only to you and your bank, then you always know whether the email that claims to be "from" your bank is really from your bank or not.

No other method can come close to that (except some encryption based methods).

There are plenty of services that would allow you to have all the email addresses you want deliver to your one mailbox (or few mailboxes). One way to do it is to buy your own domain name for less than $10 a year. Another is to use an email service that allows the user to use all the addresses in a subdomain (e.g. fastmail.fm). I see no real reason why ISPs don't provide this service free of charge. If a customer can use username@comcast.com, why not anything@username.comcast.com? There's no real additional cost to the ISP if all these addresses deliver to the same mailbox as username@comcast.com. It's just a matter of a little bit configuration. Finally, there are "disposable email addresses" services (e.g. sneakemail.com) that redirect email sent to many addresses to the user's protected address. Their advantage is that they usually include organization tools that organize the user's several email addresses and allow the user to control them and annotate them. (BTW, I don't see why ISPs don't offer this kind of service as a paid option. spamgourmet.com is opensource and any ISP can replicate the service. It would probably not be to hard to replicate the functionality of sneakemail).