Security

A couple of years ago, I wrote a post running down the best places to store your files online. Of the six that I covered, two have since closed up shop and one has changed its name.

It's a constantly changing space. Since then, we have seen a lot of new entrants into the online file storage and backup game. Norton Online Backup is a fairly new product that is getting a very strong upgrade Wednesday with version 2.0 of its product. The new version includes support for Mac and Windows, 90-day file versioning, and the ability to send file download links via e-mail.

Norton Online Backup's home page allows the user to see the status of every machine on their account.

(Credit: Screenshot by Harrison Hoffman/CNET)

Norton has put together a very solid offering with version 2.0 of Norton Online Backup. It is introducing support for Intel-based Mac for the first time with this release. This is huge, especially when the company is trying to offer a solution for the whole household. Where most other online storage or backup services focus on serving one user, Norton has placed the focus on protecting the whole family or household. When you buy a year of the service, you are allowed to manage and back up up to five computers on your account. Jeff Kyle, a group product manager for the product, said that support for Ubuntu should be coming around March.

File versioning is a welcome addition to Norton Online Backup. This allows you to see previous versions of backed-up files for up to 90 days. This means that if you accidentally make changes that you don't want anymore, then you can just go back to the previous version. This is similar to the functionality that Apple offers with Time Machine.

Additionally, Norton Online Backup 2.0 allows you to send files via e-mails. You can select multiple files to be sent, and they will be presented to the recipient on an easy-to-use landing page. You can even password protect these files or control how long they are available for download.

Norton Online Backup's landing page for files sent via e-mail.

(Credit: Screenshot by Harrison Hoffman/CNET)

My current solution for file storage and backup is Live Mesh, which continually monitors your machine for changes in backed-up files and automatically uploads them. While this feature is great, it can sometimes result in your machine slowing down since the application tends to use a lot of resources. Norton Online Backup's client is fairly lightweight and works on a scheduled backup system, which means that it checks for changes in your backed-up files at a designated time and does everything at once. This results in less overhead for your system.

Other, more minor features included in this release are open file backup, which backs up a file even if it is in use on your computer, file purging, and a simplified set-up/user interface.

Norton Online Backup has a 30-day trial and the full version costs $50 for one year, which gives you 25GB of storage and allows up to five computers on your account.

This is what the recipient see when you send them a file via e-mail.

(Credit: Screenshot by Harrison Hoffman/CNET)

The Lose/Lose game warns players before they launch the application that they are likely to have files deleted.

(Credit: Lose/Lose)

As part of his Master of Fine Arts thesis project, Zach Gage wrote a game to run on Macintosh computers that resembles Space Invaders but with a digital roulette twist--for every alien space ship the player destroys a random file on the computer is deleted.

"Lose/Lose is a video-game with real life consequences. Each alien in the game is created based on a random file on the player's computer. If the player kills the alien, the file it is based on is deleted. If the player's ship is destroyed, the application itself is deleted," the computer technology design major wrote on his Web site.

"At what point does our virtual data become as important to us as physical possessions? If we have reached that point already, what real objects do we value less than our data?" he asks.

On September 14, Gage posted his "Lose/Lose" game on his Web site and at the Experimental Gameplay Project, which links back to his site where he has a big warning in red: "KILLING ALIENS IN LOSE/LOSE WILL DELETE FILES ON YOUR HARDDRIVE PERMANENTLY." The application also displays a warning when it is launched.

This week, Symantec announced that it has flagged the application as malware, a Trojan it has dubbed OSX.Loosemaque. Sophos is calling it a Trojan too, OSX/LoseGame-A and Intego has named it OSX/LoserGame.

"We are concerned that somebody could take this and modify it in some way where users aren't aware of the consequences," Kevin Haley, director of product management at Symantec Security Response, said in an interview on Wednesday. "We want to make people aware of what's on their machine and they can make the decision on whether to run it or not."

Asked to comment on the stir his project was creating, Gage seemed amused.

"I'm kind of OK with it being labeled malware," he said in a phone interview. "I would categorize it as dangerous software, but not malware because it is dangerous if you use it in a certain manner. Whereas malware implies it was designed to be malicious...Calling it a Trojan is really blowing it out of proportion."

Trojan horses are programs, typically masquerading as a benign program or hidden in legitimate software, which provide an attacker unauthorized access to the system. However, Gage's program explicitly says what it does and what the consequences are.

In addition to exploring the nature of risk and reward with regard to war and the notion of how small wins distract from the larger picture, the game provokes discussion about the risks people take with technology every day, Gage said.

"We need to pay attention to how we behave on computers," he said.

Apparently, some people don't mind playing with fire. The list of high scorers on the game site shows more than 40 players, with the highest score having destroyed nearly 5,000 files, or aliens.

"I'm surprised anyone has played it," Gage said. "I'm shocked."

Asked to comment on any possible beneficial merits of the project, Symantec's Haley said: "I don't see the positive aspect of it, but I suppose if it's art we're not supposed to completely understand it."

Symantec created a video that shows how the game works. When an alien ship is destroyed (on the left) a corresponding file is deleted (on the right).

(Credit: Symantec)

If you've ever gotten a pop-up message warning that your PC is infected, it could very well be an advertisement for rogue software that can do a lot of harm and absolutely no good.

Symantec has just issued a report saying that the company has "detected over 250 distinct rogue security software programs." These scams try to convince users that their machine is infected and offer software for purchase that will take care of the problem. But instead of removing security threats, it can create them by installing malicious code that can allow criminals to take over the victim's computer. In addition, a user who provides a credit card number to buy the software is not only out the cost of the software but has just provided credit card information to thieves who can misuse it or sell it to other thieves.

The "security software" often has a legitimate sounding name and may even quotes what appears to be a review from a legitimate source.

In a podcast interview, Symantec Security vice president Vince Weafer warns users not to respond to security messages that they view as pop-ups or on websites, especially if they look like a hard-sell. Instead, rely on legitimate security software. If you have any doubts, Symnatec and other legitimate security companies offer free scanners that can tell you if you have any infections. Also, Microsoft now offers its free Security Essentials that can detect and fix many security threats.

Listen now: Download today's podcast

Tuesday was the biggest Patch Tuesday ever as Microsoft released 13 bulletins for 34 vulnerabilities. But just because Microsoft issues patches, does that mean that users should apply them? Yes, says Ben Greenbaum, senior research manager for Symantec Security.

Greenbaum said that these patches impacted many Microsoft products, including Windows 7 that isn't even out yet.

Phishing attacks have been around for a while and you might think that most people are savvy enough to avoid them. But, as CNET's Elinor Mills discovered, even FBI Director Robert Mueller finds it hard to distinguish a rogue phishing site from a legitimate bank website.

Symantec Internet safety adviser, Marian Merritt

(Credit: Symantec)

This week there have been two major phishing stories. One involved e-mail account names and passwords of Hotmail and Gmail users being compromised through a phishing attack and posted on a website. The other (which Mills also wrote about in the story linked above) involved the indictment of 100 people in the U.S. and Egypt and the arrest of 33 more people in the U.S. as part of the largest cyber crime investigation in the U.S.

After writing my blog post on how to avoid becoming a phishing victim, I got a call from Symantec with an invitation to speak with its Internet safety adviser and blogger, Marian Merritt. Without overly pushing her company's products (which actually can help people avoid phishing scams), she talked about the recent arrests, the problem in general and gave some of her own tips on how to avoid being a victim.

Listen now: Download today's podcast
Subscribe now: iTunes (audio) | RSS (audio)

Norton Internet Security 2010

Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.

Take a tour of Norton Internet Security 2010 in this slideshow, and keep in mind that the look is very similar to Norton AntiVirus 2010. The biggest differences between the two include ancillary features, price, and the number of computers supported by one license.

It's no secret that criminals are stealing credit card and bank account data and selling it underground. But most people would find it shocking to learn just how little their sensitive personal information costs.

Symantec on Thursday is launching its Norton Online Risk Calculator, a tool that people can use to see how much their online information is worth on the black market. The tool also offers a risk rating based on demographics, online activity, and estimated value of online information.

I tried the tool when I was initially briefed on it a few months ago and was surveyed about my gender and age range; online assets (including credit card and bank account data, brokerage accounts, e-mail accounts, and social network accounts) and an estimated value of all that information; whether I use security software; how cautious I am when online; and how much I think my information is worth.

I use security software (and do my financial transactions mostly on a Mac at home), am fairly cautious while Web surfing, and didn't put a high dollar figure on the value of my digital information. My security risk turned out to be 37 percent, or medium, and the black market worth of my online assets was calculated to be $11.29. Those figures didn't change when I modified the gender, age, and estimated value of the data.

A recent Microsoft Research report concludes that stolen data offered for sale in underground IRC channels is difficult to monetize because of all the--get this--con artists there.

Regardless of whether the underground revenue figures are overblown, the data is being harvested, sometimes in huge batches, during data breaches at large payment processors, and there is a market for it.

It's discomfiting to think a criminal could pay as little as $11 to get access to my sensitive personal data for identity fraud purposes, while I could end up spending lots of energy and time--years even--reporting the crime, trying to fix my credit rating, and getting my life back to normal.

Symantec isn't trying to scare consumers with the Norton Online Risk Calculator, but to raise awareness of the risks, said Marian Merritt, Internet safety advocate at Symantec.

"We still find consumers who think using just antivirus is sufficient," she said.

Merritt recommends that people use security suites that offer antivirus, firewall, and intrusion detection and prevention software, as well as keep their operating system and browsers updated.

Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.

Debuting Wednesday, both the basic Norton AntiVirus 2010 and the more robust Norton Internet Security 2010 will use Quorum, which Symantec is calling an advanced security network based both on traditional malware signatures and on reputation for both files and software.

This screenshot is from the Norton Internet Security 2010 beta, though it's not expected to change drastically in the final version. This shows the Norton Insight screen.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The Quorum system uses the uniqueness of mutating malware against the threat itself, said Dan Nadir, director of product management for Norton AntiVirus and Norton Internet Security. Multiple variations of a single threat have become a potential risk to the efficacy of definition-based antivirus, so a system like Quorum--in which the unfamiliarity of a new threat becomes the tool by which the threat is neutralized--could drastically improve security programs.

Symantec noted that it hasn't abandoned last year's pledge to improve Norton's performance, and it is keeping the quick scan to about one minute. An in-progress scan conducted with the beta version used about 70MB of RAM, while the program used about 15.5 MB when idle. Symantec also exposes how much memory the program is using in the main pane. Symantec says that in the final version, Norton users should expect to see working memory usage at less than 10 MB, and that the "quick scan" should be completed in 64 seconds.

Norton Internet Security 2010 beta--photos

The Quorum technology is designed to expose system and threat-detection data, so users who want more than just "set-it-and-forget-it" information can customize Norton's responses. The Insight Network incorporates Quorum and uses statistical analysis of file attributes to judge the trustworthiness of a file. Norton Threat Insight provides information on detected threats, such as the URL of a threat. Norton System Insight uncovers system information and can be used to detect system slowdowns. Norton Download Insight uses Symantec's cloud data to determine the safety of a downloaded file before it runs.

The more robust Norton Internet Security includes new enterprise-level antispam algorithms, which Symantec says shouldn't require any "training" from users. These have been incorporated from Brightmail, a company that Symantec bought more than five years ago. Norton Internet Security also includes OnlineFamily.Norton, Symantec's new parental control system, and Norton SafeWeb, which is a search results and e-commerce rating component.

Norton Internet Security 2010 costs $69.99 for a three-PC license, and Norton AntiVirus 2010 is $39.99 for one computer.

This is the error message on the Norton support Web site after users reported that the patch failed to install properly.

(Credit: Symantec)

Symantec is providing a fix for customers who got error messages after a patch deployment went awry for some Norton users, the company said on Tuesday.

The problem started last Wednesday when Symantec deployed patches for Norton AntiVirus 2009, Norton Internet Security 2009, and Norton 360 v3 via LiveUpdate. Some customers received error messages saying that there was a problem with the Symantec Service Framework.

The patch, which is supposed to communicate with the hardware to ensure that it is correctly installed, did not handle the response from the hardware properly after it was installed, a company spokeswoman said.

The problem affected a small number of users, or fewer than 1 percent, and most of the customers reporting a problem are using PCs that have been specially configured or customized and are not "out-of-the-box" PCs and "only after reboot," the spokeswoman said.

There were more than 630 messages on the Norton user forum about the topic, a number of which expressed frustration with Symantec and accused the company of not doing enough to keep customers informed about the problem.

"This is insane. I'm looking for other antivirus options now and will soon remove Norton from all three of my machines. Next I'm going to post a review on Epinions advising others to stay far away," wrote one user. "This is garbage and I've had more than enough."

Another user wrote: "Well I just used the Norton Removal Tool for likely the last time. When the browser window with the Norton reinstallation instructions popped up, I chuckled as I closed it out and navigated to a competitor site were I promptly downloaded another AV product."

The company first learned of the problem from posts to the forum last Wednesday and posted messages the next day saying it was investigating the problem. It then provided an official response on Friday saying the problem had been identified, according to the spokeswoman. The fix was posted on Symantec's knowledge base and the forum on Saturday, she said.

Symantec customers can visit this Symantec page to download the fix.

Symantec also set up a link on Tuesday through Microsoft WinQual to help users locate a fix and will make the fix available to customers automatically via LiveUpdate this week, according to the spokeswoman.

The problem comes less than six months after Symantec released a diagnostic patch for some of its older Norton products that did not identify its origin and thus triggered alerts on firewalls. The company blamed human error for the release of the unsigned patch, a program dubbed "PFST.exe."