News Blog

A few weeks ago there were two interesting announcements involving encryption technologies. First, SafeNet acquired application and database encryption leader Ingrian while Symantec announced that it will partner with GuardianEdge to provide Full Disk Encryption (FDE) for PC security.

Why did SafeNet buy Ingrian rather than simply partner? Because SafeNet has made its mark selling security widgets not security solutions. This business model holds less appeal when large organizations fold security into their global governance, risk management, and compliance requirements. With Ingrian in hand, SafeNet can compete on these kind of enterprise deals and become a more strategic vendor to customers.

SafeNet-Ingrian is pretty straightforward, but why wouldn't Symantec simply buy GuardianEdge? Symantec certainly has the money and the industry precedent was set when Check Point purchased PC encryption vendor PointSec while McAfee grabbed SafeBoot.

Symantec looked at the market and saw a very short runway to make money. Hardware-based FDE is clearly on the horizon, led by Intel, Hitachi, and Seagate Technology. Pretty soon, laptops will ship with encryption already baked in, so the market for software solutions can be measured in the 12-to-24-month timeframe. With so little time to make an acquisition accretive, Symantec decided that partnering with an industry leader was a better business decision.

There are a lot of encryption and key management start-ups available and I expect a lot of acquisitions, partnerships, fire sales, and bankruptcies over the next few years. One way or another, users want to encrypt their confidential data sooner rather than later. Which vendors win and which lose is another story.

(Credit: Symantec)

Symantec's Norton Ghost is a super tool for backing up your PC. The latest version, 12.0 (wow, is that like the first 12.0 version of anything, ever?), normally sells for $69.99, but you can get it free, kinda, from Buy.com.

You start out paying $50 (free shipping!), then get back a $30 Visa debit card as part of Rebate #1. To qualify for Rebate #2, a $20 Visa debit card, all you need is proof of ownership of just about any semi-related utility: "A stand-alone, retail (boxed or downloaded) version of any Norton or Symantec software or another company's antivirus, firewall, antispam, antispyware, utility, or backup software product."

That brings your total cost down to zero, as the debit cards are pretty much like cash. This deal's good from now until Saturday, December 1.

Just last week I wrote a blog that described the ongoing market consolidation around data loss prevention (DLP) and its effect on market leader Vontu.

The blog titled, "High noon for Vontu?", was generally accurate but I got the details wrong. Rather than high noon, it turned out to be midnight on New Year's Eve for the Vontu team: investors got to party like it was 1999 this week when Symantec acquired Vontu for $350 million.

It was a pretty sure bet that Symantec would buy a DLP company, but why Vontu? After all, other security leaders--for example, EMC/RSA, McAfee, Trend Micro, and Websense--went "bottom fishing" and grabbed DLP technologies instead of well-established sales, marketing, and customers.

Symantec decided to swim against the tide because it valued the Vontu enterprise installed base. Like Veritas, Vontu opens enterprise doors for Symantec. The difference is that Vontu opens a door on the security side of the house, making it easier for Symantec to pitch its other IT risk-management and governance products and services.

Aside from DLP, Symantec gains a whole bunch of other complementary product and business opportunities. So all in all, it looks like a good deal. The biggest challenge for Symantec will be reining in Vontu's cowboy culture without squashing its aggressiveness and sales execution. If Symantec can do this, it should get the ROI and synergy it is looking for.

Finally, from a philosophically perspective, this deal is a microcosm of the state of the technology industry today. Last Friday, industry pundits were still criticizing Symantec for missing the DLP market. On Monday, Symantec bought Vontu and became the DLP market leader.

PCLive.com, a service offered by SecurityCoverage, is attempting to upstage security giants Symantec and McAfee by offering a complete suite of security tools for your desktop--for free. Included within the basic PCLive Security package is a firewall, the open-source ClamAV antivirus product, antispyware capabilities and a pop-up blocker. What's more, PCLive will take out the trash (clean out old temp files) and check for the latest Microsoft Windows updates that haven't yet been applied to your PC. PCLive will also e-mail you a monthly report of any changes it has made on your computer.

SecurityCoverage offers users of their free PCLive service instant 24-7 technical support for a flat fee of $49.95 per session. That's less than what Symantec and McAfee charge. Short of that, there is a built-in forum link that allows users to surface questions and answers about the product. There's also a limited FAQ available online as well.

For a mere $4.95 a month, PCLive Premium Security includes all the basic PCLive Security along with Web content filtering, parental controls, disk maintenance and 24-7 live technical support.

How does it work? See our hands-on review on Webware.com

Talk about viral marketing (or, in this case, antiviral marketing). Someone's gone and made a rap video about the Kaspersky Internet Security suite and posted it to YouTube. And they're not alone. Security vendor Kaspersky is running a contest in the U.S. and Canada asking you to make a video and then upload it to a special YouTube page with appropriate tags. Every entrant will receive a "I had worms" T-shirt from Kaspersky and also be entered into a grand prize drawing for a chance to win a trip to Russia, Las Vegas, or an ocean cruise. Runners-up will win either a 42-inch TV, an Apple iPhone, or a Sony Camcorder.

So far, there are only two professionally produced videos on the Kaspersky YouTube page. One is an older man and a younger man seated on a park bench with a bunch of pigeons.

The best, however, is a rap song, "Packin the K," which includes such memorable lines as:

"On hackers,
We put the hurt-sky
We use Kaspersky
We use the K!"

And this:

"When I'm packing the K
He's attacking like a dog
So you feel safe
When you're writing your blog"

Kaspersky isn't alone. Earlier this year, Symantec announced a funny face emoticon contest for its Norton 360 product. That context ends next Monday. The Kasperksy contest, which includes a starter kit of images for use in the video, runs until December 1, 2007.

Next week, Symantec's vaunted "Hamlet" project will come to fruition when it will officially begin shipping its Symantec Endpoint Protection (SEP) 11.0. Just what's so special about this version of client security? A couple of things. First off, SEP goes way beyond basic antivirus protection; this release is loaded with defenses against zero-day attacks, rootkits, botnets and identity theft. SEP provides device and application controls so large corporations can "lock down" employee PCs to prevent malicious code attacks or data leakage. Finally, SEP also instruments clients for Network Access Control (NAC).

SEP's features come from a combination of the Symantec mothership and its acquisitions, Whole Security and Sygate. With this release, Symantec is aggregating these systems into a single desktop agent. Security and desktop operations managers should be pleased with this development as it lets them manage a bunch of stuff through one console.

Symantec's hope is that SEP 11.0 is a "game changer" in desktop security but it will go to market with an aggressive price point for existing Symantec customers--free. Symantec customers who currently use Symantec AntiVirus Corporate Edition, Symantec Client Security, Confidence Online for Corporate Security (aka Whole Security), or Symantec Sygate Enterprise Protection are eligible for a free upgrade to SEP 11.0.

Why the generosity? It certainly simplifies Symantec's own internal operations to replace four products with one, but Symantec also wants to get SEP 11.0 in the hands of existing customers quickly and easily--sort of the old "seed and harvest" strategy.

Personally, I think Symantec is on the right track. Now that desktop security requirements go beyond antivirus, vendors are lining up to steal market share from one another. Symantec's entitlement giveaway makes this sales tactic moot. What's more, Symantec is setting itself up for the next major phase in desktop security software when threat protection merges with configuration management and operations. Symantec is already working on enhancing SEP with desktop management goodies it got from Altiris.

Complacency is the enemy of market leadership. SEP 11.0 demonstrates that Symantec has not fallen into this trap. If only one Danish prince had been this decisive.

It's September, so it's time for Internet security companies to release their annual reports and surveys about the threats seen in the first six months of the year. The reports from IBM, Arbor Networks (free registration required), and Symantec (in PDF) each looked at different areas of the Internet in specific but generally found that botnets are on the rise, and that the tools used for attack have gone professional with less noise from mere amateurs. Two of the reports went to find the top three vendors most affected by newly disclosed vulnerabilities were Microsoft, Apple and Oracle, that the United States hosts the most spam-related Web sites, and the sites most-often phished were financial sites.

Arbor Network reported that botnets, at 29 percent, has replaced denial-of-service attacks, at 24 percent, as the No. 1 threat among its respondents. The ISPs contacted by Arbor Networks for their survey also report that the number of professional denial-of-service attacks have increased markedly over "amateur" attacks. The attacks seem to be targeting specific industries, a finding echoed by Symantec and IBM.

In the first half of 2007, the IBM survey showed a total of 3,273 software vulnerabilities, a 3.3 percent increase over the same period in 2006. Oddly, Symantec showed only 2,461 vulnerabilities, and reported that figure was 3 percent less than during the same period in 2006. The differences between reports can be accounted for by the methodologies used by IBM and Symantec to categorize vulnerabilities and the specific vendors they include in that count; for example, Symantec didn't track the Oracle operating system in its report.

The IBM report showed January was the busiest month for reporting new vulnerabilities with 600 disclosed. January 15 to 21 was the busiest week, responsible for 149 vulnerabilities. IBM also said the top three vendors reporting the most vulnerabilities were Microsoft, Apple and Oracle; together they accounted for 12.6 percent of the total. Symantec said that Microsoft reduced its time-to-patch from 21 days in December to only 18 at the end of July, while Apple only reduced its time-to-patch from 49 days in December to 43 days at the end of July. Symantec did not track Oracle in its report. IBM also noted that an amazing 21 percent of the Microsoft, Apple and Oracle vulnerabilities remained unpatched at the end of July.

On the subject of spam, IBM reported that the United States, Poland and Russia were responsible for most of the world's spam content. Symantec said the top three spam producers were the U.S., "undetermined" EU countries, and China. IBM said the U.S. alone accounts for one-eighth of all spam traffic, and hosts more than one-third of all spam-related Web sites, results similar to those found by Symantec.

IBM also said the U.S. hosts almost half of all the phishing sites located in the United States; again, Symantec's results were similar. Of the phishing sites, 9 of the 10 listed by IBM were financial, a finding shared by Symantec. IBM also reported that pornographic Web sites constitute 9 percent of all the Web sites. The U.S. remains host to a majority of sites focused on violence, crime, pornography, sex, computer crime and illegal drugs. This is unchanged from 2006.

Patrick Manzo, Monster Worldwide's vice president of compliance and fraud prevention, today said going forward, the company is notifying all users in its active job-seeker database that their information may be compromised.

This announcement comes one day after Monster's CEO Sal Iannuzzi admitted the theft of contact information for job seekers in Monster's database may have been much greater than the 1.3 million individuals reported earlier this month.

Monster said it learned of the proverbial break-in when it was notified by security vendor Symantec. And Monster said it wanted to launch its own investigation to verify the security breach before notifying those job seekers who had been affected, Manzo said. He added it would have been "irresponsible" for Monster to contact its job seekers without first verifying the information Symantec had provided.

In mid-August the Inforstealer.monstres Trojan horse was used in e-mails to Monster.com subscribers; the e-mail pretended to be from a potential employer. According to Symantec, subject lines included "(a person's real name), Monster.com suggests You the new job for you" and "(realname), Monster.com have the new job for you." Offers included $500 as sign-on bonus, the ability to work from home, and the recruiter also promised a very small amount of work hours.

The e-mail contained a link or attached file which, when executed, installed the Prg Trojan on the victim's computer. Thereafter any personal information typed into the compromised computer was then relayed to servers in Asia. As part of the job application, potential employees were asked to provide Social Security numbers and bank account information.

Prg uses a back-door proxy server listening for connections on port 6081. Port 6081 is not currently assigned for legitimate services, so if port 6081 is open on your computer, and there is traffic on that port, you may be infected. SecureWorks notes that some victims who used commercial antivirus protection to remove the Trojan, would later revisit the infected job sites and were therefore at risk of being infected with another variant of the same Trojan.

In mid-August, Don Jackson and Joe Stewart, two security researchers at SecureWorks, identified a server in Asia containing one of the largest caches of stolen data attributed to the Prg Trojan. The data on the server included bank and credit card information, Social Security numbers, online payment account user names and passwords.

Monster's Manzo stressed the information in the Monster Worldwide database is similar to that found on a business card--name, phone numbers, e-mail addresses--but no financial information or Social Security numbers.

Monster is beefing up its ability to monitor traffic on its Web site, tighten access controls and policies, as well as improve its privacy steps for job-seeker information, Manzo said. One such task it has undertaken is asking employers who use its site to rely on more complex passwords.

News.com's Dawn Kawamoto contributed to this blog.

(Credit: Symantec)

Editors' note: This blog initially misstated the last day for submitting photos. It is October 15.

Ever thought (or were ever told) that you resembled one of those emoticons you see in e-mail or IM? Me neither. But for those who have had that experience, Symantec has launched a worldwide emoticon look-alike contest.

Now through October 15, contestants can upload their best resemblances to an emoticon for a chance to win a grand prize of $10,000 cash, or one of five first place prizes of $1,000 each. Anyone who enters will receive a 15 percent discount on the purchase of Norton 360 or Norton Save and Restore.

This is not the first time Symantec has gone off the marketing deep end to promote one of its products. Last summer, the big-yellow security vendor created a rock band in support of its Norton Confidential. What rock music has to do with computer security, let alone identity theft, remains unexplained.