Norton 2011 uses file reputation to secure your PC

Norton Internet Security 2011 will be available in stores Sept. 13 for small home offices that are looking to upgrade their security software.

The upgrade contains 100 new components provided from Symantec’s security technology and response team, according to the security vendor. That 500 plus employee team is dedicated to analyzing activity of cybercriminals and the behaviour of new malware hitting the Internet.

The familiar yellow box may be targeted to consumers, but Symantec Corp. recognizes many small businesses that do use the product.

“While we don’t specifically target small businesses, a lot of them find it easier to go into the shop and pick up the three-user pack, then install the product,” says Dan Nadir, director of product management at Symantec. “It’s ideal for a three or four employee office.”

At the heart of Norton 2011 is Symantec’s reputation-based malware detection engine. The reputation technology debuted in the 2010 version, but 2011 integrates it into more facets of the program. Any mechanism that triggers a file download will also activate Norton’s reputation engine, Nadir says.

Related Story: Symantec’s Norton 2010 taps user pool for reputation-based security

“In the past, bad guys figured out that if you made a file unique, it’d be harder to detect,” he says. “So we turned the table on those guys.. we’ve started keeping a reputation score on every file we see.”

If a file is found on 10 million machines, is signed by a vendor, and downloaded form a secure site, then it will receive a high reputation score and pass through Norton’s filters. But if it’s a unique file that was downloaded from an untrusted source, then the user will be flagged. Yet the reputation engine helps reduce the number of warnings a user receives.

“In the past we had to be a bit more conservative,” Nadir says. “Now we can call on the reputation service.”

The security screening method helps, says Dave Senf, security analyst at IDC Canada. But it’s still not perfect.

“It’s a step in the right direction,” he says. “It’s important to have a countermeasure in place to protect people from doing stupid things. But really it comes down to not doing stupid things.”

Symantec released data from third-parties including Dennis Labs that placed Norton 2011 ahead of other products on vectors of effectiveness and performance. The Dennis Labs test showed Norton 2011 provided 100 percent protection when purposely visiting dangerous Web domains known to be loaded with the latest malware.

But no virus engine is perfect, cautions Brian Bourne, president of CMS Consulting and organizer of the annual Sector security conference in Toronto. He points to virustotal.com as an objective site for detection rates.

“Even on a good month, the best engine is only catching 97-98 per cent, that means one in 50 malicious Web sites, attachments, etc. are still going to infect the user,” he writes in an e-mail. “Consumers need to understand that despite marketing, no vendor can offer 100 per cent protection and no consumer can expect it.”

The software suite includes Antivirus, spyware detection, firewall, intrusion prevention, anti-space and ID Safe to securely store logins and passwords, then autofill them on the appropriate Web sites. Also, Safe Web marks up search engine results and identifies potentially dangerous Web sites and is enhanced by a browser-based anti-phishing tool.

Related Slideshow: Inside Symantec’s Security Operations Center

System Insight 2.0 is a system optimization tool that monitors active programs and alerts users if any program is hogging system resources. The Norton Bootable Recovery Tool helps users create a bootable disc or USB key that can help restore a system that’s drastically impacted by an infection.

Users planning to install Norton 2011 – or any other security software – might want to run Norton Power Eraser first. The free download offered by Symantec is designed for users to clean their PC of any malware before they install antivirus. This helps avoid malware tampering at the OS level.

Improved performance was also a priority for Symantec with this year’s product, Nadir says.

Symantec was tired of hearing “Ugh, Norton is that slow, bloated program and I can’t bear to use it,” he says. “You should try the new products. They’re much faster.”

Symantec says that Norton 2011 scans 61 per cent faster than the industry average, and has an overall performance score of 65 per cent better than the industry average. It will install in an average time of 41 seconds.

“There’s a lot of programs like rootkits that are getting into the machine and are hard to detect,” he says. “This tool is designed to get at these nasty products.”

Many consumers shopping for products like Norton 2011 may consider a free antivirus program as offered by Microsoft Security Essentials or Avira Antivirus.

“The free solutions are pretty comparable to the paid thing,” Senf says. “As long as you’re doing the right things as a suer and have some knowledge of best practices.”

Norton Internet Security comes with a three-user licence for $79.99. For the trimmed down Norton Antivirus, a one-user licence costs $49.99 and a three-user licence $69.99.

Brian Jackson is a Senior Writer at ITBusiness.ca. Follow him on Twitter, read his blog, and check out the IT Business Facebook Page.

Share on LinkedIn Share with Google+
More Articles