Norton protection explained

Jun 19, 2010 12:33 GMT  ·  By
Stefan Wesche, Technical Expert Norton Products at Symantec, speaks of Norton protection
   Stefan Wesche, Technical Expert Norton Products at Symantec, speaks of Norton protection

There is no secret that Symantec is a leading company in what concerns antivirus sales and product reliability. The diversity of its products fit any user’s needs, from the newbie that needs an easy-to-handle dependable security solution to the expert users who require a wide spectrum of options and granular control, Symantec has a product to fit all needs.

The recent acquisitions of PGP Corporation and VeriSign's Security Business have generated questions as to the next step the giant corporation is going to take in order to maintain its leading position on the antivirus market. The wave of free antivirus solutions and integration of cloud-based protection have in some cases detoured users from the paid products. You can find the answers to these questions in the exclusive interview below, courtesy of Stefan Wesche, Technical Expert Norton Products at Symantec.

Softpedia: Feature-wise, the only difference between the Premier and regular version of Norton 360 is that the former offers 25 GB of secured online storage instead of only 2 GB. The $20 price difference between the two products should definitely be an incentive for users in need of safe storage locations. Is this a growing trend? Do users tend to trust their data with antivirus companies such as Symantec?

Stefan Wesche: Online backup is getting more and more important for users since their mobility is growing. By using online storage the data is accessible anytime and anywhere. Additionally new devices like netbooks with a small data capacity are also getting more and more popular so the online storage fits to the new requirements of the users. Due to the 2009 Online Backup Survey by Symantec today people use their computer like a vault for all kinds of important data of material end emotional value.

Loss of music, photographs and banking information means not only a financial damage but an emotional stress as well: 48 % experienced a data loss already and eight of ten respondents declared, losing photographs would make them feel desperate. Online backup within Norton 360 is an easy, comfortable and safe way of data storage for everyone. The integrated Web Restore function allows access to data from every PC, Mac or smartphone via a secured website.

And yes, which companies should they trust if they can’t trust a security company that their data is safe?

Softpedia: The latest Norton 360 has received remarkable reviews all over the Internet. Ease of use, small impact on system resources or a wide range of protection instruments are the most appreciated points in the application. However, because of the high number of instruments included, plenty of users may feel overwhelmed with setting everything up and end up maintaining the default configuration, which may not be quite what they need. What is the difference between the number of active users of Norton Antivirus, which is simpler to set up and Norton 360?

Stefan Wesche: I don’t think that users need to feel overwhelmed. In general the Norton software doesn’t require any complicated setup – install and running it is fast and easy – even the suites like Norton Internet Security or especially Norton 360 are very easy to use – without much need for configuration at all. The big advantage with Norton 360 is: especially for users who don’t want to deal with complicated specialized programs it’s the best suitable software. They have all leading protection features but also backup and system tuning tools – all on under one UI and Norton 360 is pre-configured for them and running all important tasks automatically.

Softpedia: Because of their increased prevalence, wireless networks are a common target for hackers. Can you explain how Norton 360 tackles this problem? (What does it do to secure the PC when connecting to public wireless networks?)

Stefan Wesche: Norton 360 can rely on many different protection technologies and layers to protect users also when connecting to public wireless networks. Those layers consist of network protection features like a powerful Firewall, Intrusion Prevention, Browser Protection (special protection against drive-by downloads), a powerful signature and behaviour-based detection engine and also web and identity protection features that warn about dangerous manipulated and infected websites (Anti-Phishing and SafeWeb) and last but not least Identity Safe that protects the confidential data and passwords of the user. So the user is protected very well.

On top Norton 360 can also be used in conjunction with the new free NortonDNS service (currently in beta) for another extra layer of security in public wireless networks.

Softpedia: In the latest comparative of the independent antivirus Austrian organization, AV-Comparatives, Norton Anti-Virus ranked by a narrow margin behind PC Tools' SpywareDoctor. Is the 0.1% difference relevant in any way for Norton Anti-Virus? Is SpywareDoctor being developed in a different spirit than Norton products in order to maintain Symantec domination on the antivirus market?

Stefan Wesche: Just to have a brief look at tests like this one that only take signatures or heuristics into account: Nowadays it’s unfortunately very complicated and complex to test security software and get reliable results which reflect the real world in the end. It depends a lot on the sample set that’s being used, but even working with a good sample set doesn’t automatically give you real world test results. Also often only isolated protection functions are tested, not the whole set. So to say: such tests give you only – if at all – an indication.

The best tests are those that use currently active real world threats and introduce them to the test system in a natural way (i.e. via drive-by-download) and then test it against a product with all protection features and layers enabled. You can find one example of such a real world test at www.av-test.org. And as you can see Norton comes out first.

Softpedia: In what way is Norton 360 Netbook Edition different from the regular one? In what way is it optimized for such devices?

Stefan Wesche: Let's start with this: All versions of Norton, including Norton 360 are optimized for notebooks and netbooks by using only very little memory, HDD and CPU from the host system. Additionally all Norton Security products use a Smart Scheduler feature to automatically conduct more performance intensive tasks (like a full system scan) while the system is idle. Also Norton has additional features that detect the power state of the device and therefore automatically conserving power in battery mode. Also other performance intensive tasks like recording TV, playing games, burning DVDs, etc. are automatically detected and less critical security functions are automatically delayed until the other activity has finished.

Regarding the Netbook Edition, this version is only different in a way to make Netbook users aware of the optimized performance as outlined above by using the Netbook edition naming. Alternatively they can use the regular edition.

Softpedia: According to a research paper recently published by an organization called matousec, many antivirus programs, including Norton Internet Security 2010, are vulnerable to attacks that allow evading and disabling low-level layers of protection, such as HIPS (host intrusion prevention system) implementations. The researchers claim these flaws stem from insecure SSDT hooking practices. Do you plan to stop using such methods in your future products or have you already done it with Norton Internet Security 2011?

Stefan Wesche: As mentioned before and this is the same with this test: these are often made in lab and isolated situations and don’t reflect the real world. This is a narrowly focused test that examines potential bypass techniques for any security solution that implements kernel mode hooking. This is precisely why Symantec adds multiple layers of security to our products in order to prevent malware, and in this case even the code that would facilitate the substituting of benign code for malicious code from getting onto users’ computers in the first place.

In particular, Symantec’s Intrusion Prevention (IPS) and Reputation-Based Security play a large role in blocking these types of threats. These additional layers of defenses were not examined as part of the matousec.com investigation.

Softpedia: Companies developing free security products have generally reported a user-base increase in the past two years, suggesting an expansion of the free antivirus market. It's reasonable to suspect that this growth is partially happening at the expense of commercial products, being fuelled by the poor economy and other factors. Have you registered any decline in your customer base, particularly in the home consumer segment?

Stefan Wesche: No, exactly the opposite is the fact. The Symantec Consumer Business is growing. It contributes 30 percent of the total Symantec business. Looking at the free security offers many people realize that this is only a very basic protection – as also freeware vendors offer more advanced protection features when you pay for it. And cybercrime is growing – the trade with stolen user data is a million dollar business – so this is a real threat for people to get a victim of data theft.

Softpedia: Cybercriminals operating with advanced threats such as Zeus or Clampi adopt a hit-and-run approach in their attacks. So far this method has proven successful at keeping antivirus companies one step behind and allowed the crooks to siphon millions of dollars from bank accounts belonging to small companies or public institutions. As a result some people and organizations in the infosec community have begun recommending that sensitive tasks such as online banking be performed from operating systems other than Windows. What do you think is a viable solution to this problem and what can people do except running an antivirus program, which we all know, is no silver bullet?

Stefan Wesche: Just running a classic AntiVirus really isn’t enough anymore. You need more comprehensive protection capabilities like Intrusion Prevention, AntiPhishing, Data Protection etc. Additionally also because signature based detection methods are reactive and get at their limit with the amount of malware released every day Norton has integrated proactive technologies like behaviour based and reputation based technologies as well as features like browser protection etc. Using alternative operating systems is only a temporary solution as with a certain user base cybercriminals will focus at those platforms too. On top some attacks like phishing are OS independent.

So in the end it’s strongly recommended to use a proactive security suite like Norton Internet Security or Norton 360 which have those advanced protection features that are able to better detect hit-and-run attacks and on top use some of the following easy to follow rules when doing internet banking for example like only doing it from your secure home or business network (ideally via a wired connection), also using secure and unique passwords that are also changed on a regular basis. Also pay close attention to the transaction and go back and check your statements regularly.

Softpedia: Symantec is already a giant in the computer security industry, but it is still looking to expand its portfolio. Recently announced plans to acquire PGP Corporation and VeriSign's security arm, which includes its SSL and PKI business suggest that the company wants to imprint a strong foothold on the data-protection and -encryption market. Do you have any new features, based on these technologies, planned for your home products? Can you exemplify?

Stefan Wesche: Both acquisitions have just been announced so it is a bit too early to already talk about concrete implementation plans. Further planning is in progress.

Softpedia: Symantec has already integrated a server-assisted malware detection technology called Insight Network into its products. However, this component is limited to using definitions. Do you plan to extend this cloud-based component with heuristic or behavior scanning capabilities in the future? Do you think that performing the most resource-intensive tasks in the cloud is the future of antivirus software?

Stefan Wesche: The initial version of Insight Network has been the first step included in the 2009 products and was used as a whitelist to speed up the scan process only. Since Versions 2010 (released in autumn 2009) we are already working with a more comprehensive reputation based system. This reputation based system is able to calculate a reputation score for each file in the cloud in real-time based on a lot of different file attributes and also server-side analysis. Those attributes for example include the prevalence of a certain file among others.

The core of this system is a huge database, as well as other components like heuristics , signatures, behaviour based detection capabilities that query this database automatically as well as intrusion prevention which together build a full set of features to protect against previously undetectable threats. So the reputation technology used by Symantec is not just putting signatures only into the cloud. It’s a much more complex system which is able to detect previously unknown malicious files.

Regarding our behaviour based technologies: these are already in the Norton security software since version 2007 released in 2006). So by now the Norton security software is a complex system of proactive technologies as well as the well known reactive ones. Also for the time being we think complementing a strong local protection with a smart cloud reputation technology is the right approach because even when being temporarily without Internet access strong local protection remains in place.