Symantec on Tuesday released live betas of Norton Internet Security 2010 and Norton AntiVirus 2010 for users to test and put through their paces ahead of a planned September release.
These updates show some significant changes in how the malware software detects malicious code and is a reflection that the old ways just aren’t feasible any more. Instead of relying on signatures, the old stand-by, Symantec is shifting focus to “reputation,” which is a conglomeration of several elements.
Signatures, notes Lana Knop, principal product manager for Symantec, just can’t keep up with the flood of malware. “The reason reputation-based detection is a main focus is the way the threat landscape is evolving. We’ve had 2.4 billion unique threats identified by our Security Research Center. That means traditional signature protection really is not going to be working out that great,” she told InternetNews.com.
And there are a lot of variants. Of the 2.4 billion, you have several million that are unique. The rest are variations on one another. Instead of a signature for each mutation, a reputation engine notes that they all perform the same functions, just with slight variations on behavior.
Symantec knows to recognize the good guys – in this case, the apps running on your PC that are not malicious – through a technology called SONAR, first introduced in the last release of Norton AntiVirus and Internet Security.
Among other elements, SONAR learns about legitimate apps, whether it’s Microsoft Office, Firefox or Adobe Acrobat Reader, and over time has built a database of known good actors. So it knows to leave the apps used by business and personal users alone.
But if an app that’s unknown, relatively new and acting strangely, like mutating (a common tactic malware does to avoid detection), or trying to mess with the Windows Registry or kernel, SONAR alerts the user.
SONAR 2 adds the capability to do synchronous protection, which means it make an assessment on an application’s behavior while it’s happening, rather than waiting until it’s done.
NAV and NIS also have a new tech morbidly dubbed “Autopsy,” which does a more in-depth examination of malware and attempts to instruct the user where it came from, how they may have been infected and what they should do to protect themselves in the future.
Symantec has also added antispam security from the Brightmail spam blocker to offer professional-grade antispam protection, and a utility called System Insight, which gives a visual representation of events on the system. This is designed to make it easier to track down apps that might be overwhelming the system, which could include malware.
Finally, Symantec continued to optimize the software and make it less intrusive, a common complaint about anti-malware software products. Knop said this release offers faster scan times than prior releases.