Get Smart about Business Spending
Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.
Take a tour of Norton Internet Security 2010 in this slideshow, and keep in mind that the look is very similar to Norton AntiVirus 2010. The biggest differences between the two include ancillary features, price, and the number of computers supported by one license.
It's no secret that criminals are stealing credit card and bank account data and selling it underground. But most people would find it shocking to learn just how little their sensitive personal information costs.
Symantec on Thursday is launching its Norton Online Risk Calculator, a tool that people can use to see how much their online information is worth on the black market. The tool also offers a risk rating based on demographics, online activity, and estimated value of online information.
I tried the tool when I was initially briefed on it a few months ago and was surveyed about my gender and age range; online assets (including credit card and bank account data, brokerage accounts, e-mail accounts, and social network accounts) and an estimated value of all that information; whether I use security software; how cautious I am when online; and how much I think my information is worth.
I use security software (and do my financial transactions mostly on a Mac at home), am fairly cautious while Web surfing, and didn't put a high dollar figure on the value of my digital information. My security risk turned out to be 37 percent, or medium, and the black market worth of my online assets was calculated to be $11.29. Those figures didn't change when I modified the gender, age, and estimated value of the data.
A recent Microsoft Research report concludes that stolen data offered for sale in underground IRC channels is difficult to monetize because of all the--get this--con artists there.
Regardless of whether the underground revenue figures are overblown, the data is being harvested, sometimes in huge batches, during data breaches at large payment processors, and there is a market for it.
It's discomfiting to think a criminal could pay as little as $11 to get access to my sensitive personal data for identity fraud purposes, while I could end up spending lots of energy and time--years even--reporting the crime, trying to fix my credit rating, and getting my life back to normal.
Symantec isn't trying to scare consumers with the Norton Online Risk Calculator, but to raise awareness of the risks, said Marian Merritt, Internet safety advocate at Symantec.
"We still find consumers who think using just antivirus is sufficient," she said.
Merritt recommends that people use security suites that offer antivirus, firewall, and intrusion detection and prevention software, as well as keep their operating system and browsers updated.
Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.
Debuting Wednesday, both the basic Norton AntiVirus 2010 and the more robust Norton Internet Security 2010 will use Quorum, which Symantec is calling an advanced security network based both on traditional malware signatures and on reputation for both files and software.
This screenshot is from the Norton Internet Security 2010 beta, though it's not expected to change drastically in the final version. This shows the Norton Insight screen.
(Credit: Screenshot by Seth Rosenblatt/CNET)The Quorum system uses the uniqueness of mutating malware against the threat itself, said Dan Nadir, director of product management for Norton AntiVirus and Norton Internet Security. Multiple variations of a single threat have become a potential risk to the efficacy of definition-based antivirus, so a system like Quorum--in which the unfamiliarity of a new threat becomes the tool by which the threat is neutralized--could drastically improve security programs.
Symantec noted that it hasn't abandoned last year's pledge to improve Norton's performance, and it is keeping the quick scan to about one minute. An in-progress scan conducted with the beta version used about 70MB of RAM, while the program used about 15.5 MB when idle. Symantec also exposes how much memory the program is using in the main pane. Symantec says that in the final version, Norton users should expect to see working memory usage at less than 10 MB, and that the "quick scan" should be completed in 64 seconds.
The Quorum technology is designed to expose system and threat-detection data, so users who want more than just "set-it-and-forget-it" information can customize Norton's responses. The Insight Network incorporates Quorum and uses statistical analysis of file attributes to judge the trustworthiness of a file. Norton Threat Insight provides information on detected threats, such as the URL of a threat. Norton System Insight uncovers system information and can be used to detect system slowdowns. Norton Download Insight uses Symantec's cloud data to determine the safety of a downloaded file before it runs.
The more robust Norton Internet Security includes new enterprise-level antispam algorithms, which Symantec says shouldn't require any "training" from users. These have been incorporated from Brightmail, a company that Symantec bought more than five years ago. Norton Internet Security also includes OnlineFamily.Norton, Symantec's new parental control system, and Norton SafeWeb, which is a search results and e-commerce rating component.
Norton Internet Security 2010 costs $69.99 for a three-PC license, and Norton AntiVirus 2010 is $39.99 for one computer.
This is the error message on the Norton support Web site after users reported that the patch failed to install properly.
(Credit: Symantec)Symantec is providing a fix for customers who got error messages after a patch deployment went awry for some Norton users, the company said on Tuesday.
The problem started last Wednesday when Symantec deployed patches for Norton AntiVirus 2009, Norton Internet Security 2009, and Norton 360 v3 via LiveUpdate. Some customers received error messages saying that there was a problem with the Symantec Service Framework.
The patch, which is supposed to communicate with the hardware to ensure that it is correctly installed, did not handle the response from the hardware properly after it was installed, a company spokeswoman said.
The problem affected a small number of users, or fewer than 1 percent, and most of the customers reporting a problem are using PCs that have been specially configured or customized and are not "out-of-the-box" PCs and "only after reboot," the spokeswoman said.
There were more than 630 messages on the Norton user forum about the topic, a number of which expressed frustration with Symantec and accused the company of not doing enough to keep customers informed about the problem.
"This is insane. I'm looking for other antivirus options now and will soon remove Norton from all three of my machines. Next I'm going to post a review on Epinions advising others to stay far away," wrote one user. "This is garbage and I've had more than enough."
Another user wrote: "Well I just used the Norton Removal Tool for likely the last time. When the browser window with the Norton reinstallation instructions popped up, I chuckled as I closed it out and navigated to a competitor site were I promptly downloaded another AV product."
The company first learned of the problem from posts to the forum last Wednesday and posted messages the next day saying it was investigating the problem. It then provided an official response on Friday saying the problem had been identified, according to the spokeswoman. The fix was posted on Symantec's knowledge base and the forum on Saturday, she said.
Symantec customers can visit this Symantec page to download the fix.
Symantec also set up a link on Tuesday through Microsoft WinQual to help users locate a fix and will make the fix available to customers automatically via LiveUpdate this week, according to the spokeswoman.
The problem comes less than six months after Symantec released a diagnostic patch for some of its older Norton products that did not identify its origin and thus triggered alerts on firewalls. The company blamed human error for the release of the unsigned patch, a program dubbed "PFST.exe."
Symantec is out with its "Dirtiest Web Sites of Summer 2009," which it's calling "the worst of the worst" when it comes to malware threats.
The security vendor says that "48 percent of the Dirtiest Web Sites are, well, dirty--sites that feature adult content." That means that more than half the sites cover a wide range of other categories including legal services, catering, figure skating, and electronics shopping, according to the report.
On average, sites on the dirtiest list have 18,000 threats per site, but 40 of the sites have in excess of 20,000 threats. One site that appears to offer restaurant catering services has 23,414 computer threats
"The number of web attacks is off the charts because it's the easiest path into a consumer's machine" said Gerry Egan, Symantec's director of security response.
The Web, said Egan "has become the primary delivery vehicle for malware." One method for infection is "drive by downloads," which can exploit a vulnerability in your browser or operating system by "leveraging little security holes" and injecting code into your machine simply by virtue of your visiting the site. Another route to infections is social engineering where someone tricks a user into installing a malicious application that can masquerade as a plug-in to play media or even a fake security program that claims to help you find and remove malware. Instead it installs malware on your machine.
There are a number of dastardly payloads associated with the type of malware delivered through these sites including turning your machine into a "spambot" that sends junk e-mail to other people. Such programs can also hijack your computer to be part of a "botnet" to carry out attacks on other systems such as the recent denial-of-service attack that brought down Twitter earlier this month.
Symantec has identified these dirty sites as part of the ongoing analysis it does for its Norton Safe Web product. Safe Web includes a free Web site that anyone can use to see if a site is known to have malware. In addition, Symantec's security products now come with a plug-ins that works with a browser to look over your shoulder while you're surfing or searching to warn you before visiting a site known to contain malware.
TrendMicro Internet Security has a feature that warns you if you are about to visit a site that "may put your security at risk" and McAfee offers a service called McAfee Site Advisor that includes a free plug-in for Firefox and Internet Explorer that warns you about potentially dangerous sites that show up in search results.
Podcast: Larry speaks with Symantec's director of security response, Gerry Egan (8:43)
Listen now: Download today's podcast
Norton Internet Security 2010 won't be available for a few more months, but the beta version is available now. In it, Symantec continues to build on the rejiggering it did last year. Built upon the dramatic performance improvements are deeper integration with other security tools like OnlineFamily. Norton, and the new Norton Insight for judging threats by community behavior as well as file definitions.
Editors' note: In the original version of this blog, we used the beta name for this product. The official name is OnlineFamily.Norton.
Back in February, Symantec debuted a new security program that sought to help parents talk to their kids about how they use the Internet. OnlineFamily.Norton has been a free beta since then, but this Monday at midnight, the program will leave beta and remain free at least until the end of 2009. The program was originally called Norton Family Online.
OnlineFamily.Norton makes your child's surfing habits available from any browser.
(Credit: Symantec)This parental control suite provides parents with an interesting and possibly unique approach to online child safety. OnlineFamily.Norton does provide a blacklist, boilerplate for most parental control software. However, the suite offers more than just an On/Off switch, and provides tools that encourage communication between parents and their children.
There's a wide range of control over what sites a child can access. The restrictions can vary from a strict no-access policy that can block specific sites and site categories, to a more lenient notification e-mail sent to the parents when the child visits sites that parents merely want to be warned about. On the child's side, kids are given the option of e-mailing their parents when they're blocked--if the parents allow those e-mails in the first place.
Jody Gibney, product manager for OnlineFamily.Norton, said, "We want to encourage a different philosophical approach, encouraging parents to talk to kids instead of setting up an adversarial relationship." To further that, the program's House Rules can be customized to suit the needs of individual children within each family, a useful feature since a teenager will have different browsing and social-networking interests than an 8-year-old.
The dashboard for OnlineFamily.Norton will change slightly from the beta release, highlighting the options available to parents.
(Credit: Symantec)It's impossible for a kid not to know that OnlineFamily.Norton is running on their computer's background, since it warns them that it's activated. The log-in process requires that the Norton Safety Minder for Windows and Mac be installed first. The program allows kids to view the House Rules independently of their parents. Parents, on the other hand, are able to see what sites their children have been visiting, including search results for terms the child has queried.
However, the program doesn't provide "reams and reams of information," as Gibney put it. "We want to provide [parents] with enough information to start a discussion without overwhelming them." The program will flag social-network profile inconsistencies, such as discrepancies in a child's stated age or name, for example.
The differences between the beta and the free version are apparently limited to interface enhancements designed to streamline the setup process and provide better access to the information that OnlineFamily.Norton collects. The free version will be available at midnight on Monday. A one-year subscription starting January 1, 2010, is expected to cost $60.
Symantec released a diagnostic patch for some of its older Norton products on Monday night that did not identify its origin and thus triggered alerts on user firewalls, the company said Tuesday.
The patch for 2006 and 2007 versions of Norton Internet Security and Norton Antivirus, a program dubbed "PFST.exe," (Product Information Framework Trouble Shooter) was distributed to collect anonymous statistics on matters such as how many computers are using the products and what operating system they are running, Jeff Kyle, group product manager for Symantec consumer products, said Tuesday.
Because it was unsigned--a result of human error--firewalls started prompting users with messages asking them if they trust the patch, Kyle said. Of course, because the patch had no signature indicating it was from Symantec, users didn't know whether to trust it and many of them went to the Norton user forum for answers.
The company pulled the patch after three hours and then unwittingly laid the groundwork for conspiracy theorists after it started deleting forum posts related to the matter. The company was not censoring the posts, but fighting off a spam attack, according to Kyle.
"At the same time we were pulling down the patch a spammer created a new account on our forum and minutes after that there were 200 new users all targeting the same thread," he said. "Within the first hour there were like 600 posts to that thread. Obviously it was a bot creating this."
The posts were written with poor grammar and broken English and some were vulgar and nonsensical. It is possible, though, that Symantec could have inadvertently deleted some legitimate posts while it was purging the spam, Kyle said.
"There is no conspiracy theory. There's nothing we are hiding at all," Kyle added.
Meanwhile, Kyle said he isn't sure whether or when Symantec will redistribute the patch, but if they do, he said, it will be signed.
Symantec has more information on its message board site. The Washington Post reported that hackers were exploiting the situation and had managed to get malicious Web sites into top Google search results for "pifts.exe."
Updated 2:45 p.m. PDT with link to forum site and explanation, Washington Post reporting that hackers created malicious related sites that appear in Google search.
UPDATED: Corrected list of supported messaging protocols.
Known for its security software, Symantec on Tuesday launched a new program aimed at educating parents about their children's online usage. Norton Online Family, now available in beta, is a parental control suite with multiple levels of restriction and an emphasis on usage reporting.
Norton Online Family makes your child's surfing habits available from any browser.
(Credit: Symantec)Citing a Rochester Institute of Technology study that found a huge gap between the percentage of parents versus children who report no online supervision, Symantec says that Online Family is intended to bridge that gap by "fostering communication" between parents and their kids. According to the RIT study, only 7 percent of parents think their children have no online supervision, while 66 percent of kids think they go unsupervised.
To address that, Online Family uses a desktop client called the Norton Safety Minder for Windows and Mac that reports to the parents' Norton Family account with options to e-mail notifications, too. Norton Online Family features parental-controlled customization levels based on the computer's user accounts, so that multi-child families can have different monitoring levels for different kids. It runs in the system tray, too, so that its presence is obvious to all users.
Online Family can log Web sites, block sites using both a topic blocker or a traditional blacklist, and report on social-networking activities. When it tracks visited Web sites, it automatically filters out advertisement URLs that get pinged when visiting media-rich sites. This makes the log easier to parse through.
Online Family includes some innovative features that lend credibility to the claim that this is more than just a souped-up keylogger or blacklist. The blocked sites feature, for example, can be set so that kids can "appeal" to their parents for approval via either e-mail or a Norton-based chat app. It can also be set so that it lets kids through to see the flagged site, regardless of parental approval, but then the parents' log flags the visited site. The responsibility of discussing the content, of course, is left up to parental discretion.
Online Family uses a clean design to make control settings easier to change.
(Credit: Symantec)Importantly, Online Family tracks how children represent themselves on social-networking sites, and alerts parents when a child misrepresents their age. Age misrepresentation, Symantec said, was often an indicator of a child associating with people or groups that the parents weren't aware of. It also keeps track of how long a kid has spent on a social-networking site, what time they log in and out, and how often they visit the site.
The new program monitors client-based instant messaging, too. This includes Google/Jabber, Yahoo, Microsoft Live, AOL, Skype, ICQ, Trillian's native chat protocol, as well as Trillian's multi-protocol features and Digsby's, too. However, site-based messaging can not be tracked. Once a child logs into Facebook, for example, Online Family won't be able to follow what they're doing within the site.
Other monitors include a personal information blocker, where personal information specific to the child can be blocked from being sent out from the computer, a parental notification whenever a kid creates a new account on any site, a time monitor to enforce a "computer curfew," and a notification for when the Norton Safety Minder is turned off.
Online Family requires a Norton account, and the registration is free until the program leaves beta. Final pricing for the Online Family stable release that's expected in the spring has yet to be announced, but the beta trial is free for now. Symantec has said that they want to make Norton Online Family affordable, though, so it's unlikely that the price point will be exorbitant.
With Safe Search, color-coded icons accompany all Web results indicating their safety rating. Moving the cursor over the icon displays more information about that rating.
(Credit: Ask/Symantec)Search engine Ask is partnering with Symantec to offer Web surfers ratings on the safety level of sites in search results, the companies were set to announce on Tuesday.
Sites will be rated with a color-coded icon in one of four colors--green for safe, yellow for risky, red for unsafe, and gray for unknown, said Andrew Moers, president of Ask Partner Network. Moving the cursor over the icon will display more information about the rating.
Unsafe sites are ones that pretend to be something they are not and shopping sites that lack security or where the merchants aren't reputable, according to Moers.
Safe Search offers the ratings directly in the search experience so users can conduct searches from the toolbar of Symantec's Norton Safe Web software, which is part of Norton 360. The Web site rating service was introduced in beta by Symantec last August.
Ask also is working on having a beta site open up to the public this week, but the site will not have all the functions that the Norton Safe Web rating service does, Moers said.
The service is similar to an alert system that Google uses, however Google merely displays several warning messages saying that the site "may be harmful to the computer" but does not assign a safety rating. An error last Saturday led to Google warning temporarily that all sites on the Internet were potentially unsafe.
Ask offers adult filtering and re-launched its Ask Kids white list service for children last year.
