RealTime IT News

Symantec Readies Phishing Protection Software

At the rate we're going, safe surfing of the Internet is starting to require more pieces and components than a real life suit of armor.

Antivirus, anti-spyware, anti-rootkit , anti-malware , firewalls … do we have enough software to keep us safe? Apparently not.

Symantec said it's about to begin public beta testing for Norton Confidential, an online transaction security product that detects phishing  and fraudulent Web sites.

In fairness, Symantec  said the bulk of what can be found in Norton Confidential is already in its Norton Internet Security product and those customers are covered. The only difference is Confidential has a function called InfoVault, a more secure method for storing passwords than the built-in password storage in Web browsers. InfoVault will eventually be rolled into Internet Security in a future release.

The target market for Confidential is customers with non-Norton security products who want the security Confidential offers, according to Bill Rosenkrantz, director of product management for consumer products at Symantec.

"Some folks want one solution with an integrated suite, then there's the folks who have a combination of a solutions and don't want to replace what they have. Confidential would be a complimentary to their systems," he said.

Norton Confidential is aimed at two particular types of security concerns, phishing and what Symantec calls "crimeware". Confidential has a block list, like a virus signature database, that warns users of known phishing sites, plus it comes with heuristic technology to protect consumers from undiscovered phishing attacks.

Crimeware is Symantec's term for programs like keystroke loggers and screen capture Trojan horse applications, which are designed to steal personal information. Confidential blocks known crimeware and has heuristic analysis to detect software behaving suspiciously.

Norton Confidential only works during the transaction portion of electronic commerce. If you're just browsing around Amazon, it remains dormant, said Rosenkrantz. It only becomes active when you open a Secure Socket Layer (SSL) site. Then Confidential verifies the legitimacy of the site.

Rosenkrantz said Symantec has taken a "fingerprint" of highly-trafficked e-commerce sites, like banks, which are frequent phishing targets. That way, when you visit what you believe to be that site, Confidential can verify that you are indeed on the site in question and not a mock-up.

In addition, as users visit Web sites, Confidential will examine the site to validate it as legitimate and not a phishing site. That information is sent back to the Norton servers and a list of valid sites is built, benefiting all users.

Conversely, if a site is found to be suspicious, Confidential checks back with Symantec's servers to find out if it's known to be safe or unsafe. If it can't be verified, Symantec's servers and staff examine the site to find out its intentions.

The jury is still out on whether this idea will work, said Diana Kelley, vice president and service director for security and risk management at The Burton Group.

"What they're going for, the strategy of bringing trust back to the Internet, is a very good one, because we are at a place where it is hard to trust. Will this be the one that does it? I'm not sure," she said.

She points to a study of toolbars to protect against phishing done by MIT professors Min Wu, Robert C. Miller and Simson L. Garfinkel. The professors found the toolbars to be useless.

"If this will provide some real security, then that will be good, but we need to be able to test them before we can assess their effectiveness in real world trials, rather than how we envision them," said Kelley.

A beta version of Norton Confidential is due to be posted by the weekend. The final product is due to ship in September for a suggested price of $49.99, with a $20 rebate for customers of other Norton security products or competing security products. A Macintosh version is also planned for release in October.