Symantec updates Norton product line to penalize bad behaviour

As children across the country are headed back to class this week, teachers will be on the lookout for early signs of which students will be trouble over the course of the year – tipped off by their bad behaviour. Well, if it works for classroom management, then it may also work for cyber-security, and that’s the new approach Symantec Corp. is taking with the latest update to its line of Norton security software.

Changes to Norton Antivirus, Internet Security, and Norton 360 made today are pushing the security products further away from trying to identify specific pieces of known malware and blocking them, to looking for bad behaviour in files and Web sites in an attempt to block potential malware even if it’s brand new. The change in approach reflects growing hacker sophistication in recent years as cyber-criminals are growing wise to the ways security software foils their plots and figure out how to bypass them – just like the class bully is always figuring out how to avoid getting caught by the teacher.

Symantec is updating the core engine of its security products to hinge on a technology called SONAR, explains Robert Reynolds, senior product manger at Symantec. He describes them as powerful, under the hood changes.

“It’s not based on status signature that tries to compare the malware to a signature, it tries to look for bad behaviour,” he says. “We feel its a pretty big change in terms of fundamental architecture.”

At a glance: new protection features in Norton products

Screen Shot 2013-09-04 at 9.07.02 AM

Reynolds gives one example of how tricky modern malware can be: a virus may be able to also set up a run key in your Windows registry that mimics a trusted program and operates through a trusted process in the operating system, swapping out that good code for malicious code. Then, the old trick of pressing Control, Alt, Delete, in a three-finger salute to bring up Task Manager wouldn’t be so revealing as the bad process would be disguised.

“It might not always be what you think it is,” he says.

Norton’s new reputation engine will be able to check against a large database stored on Symantec’s servers that has compiled data on both good and bad files. That feature, called Download Insight, is now being applied to other possibly malware entry vectors on a PC – a USB key that carries an infected ZIP archive, or a smartphone that connects via a USB port to sync data.

Similarly, a new Scam Insight feature will test the reputation of new Web sites visited. It can detect if a Web site is going to try and upload malware to your system before it happens. Plus, it can tell if a site that poses as your bank is actually a phishing site looking to scoop your financial details. By learning on the experience of its millions of users, Symantec will warn about the authenticity of fly-by-night Web sites that are quickly set up to ask for credit card numbers or other personal details.

At a glance: new remediation features in Norton products

Screen Shot 2013-09-04 at 9.06.39 AM

The updated products also offer better ways to recover from protection, Reynolds says. An Advanced Repair feature is a response to infections that tangle themselves within Windows or application files. When antivirus exterminated the infection, that critical file went with it and damaged the computer’s system as a result.

Now if a Windows system file is broken, the file and a user’s system information is uploaded to the Symantec cloud. After analysis, a good version of the file is matched and sent back to the user. The feature could be applied to application files in the future, Reynolds says. For now, it helps the user avoid reinstalling Windows after an infection.

“We built a system that is independent of malware breaking files,” he says.

Other improvements to the Norton family of products include better performance. Symantec users are upgrading PCs less often, Reynolds says, and using mobile devices more often. So Norton is offering solutions to secure smartphones, tablets, and PCs alike. For Norton 360, there is automatic online backup of devices and for mobile devices there are new anti-theft safeguards.

The new Norton products are available now for download. Here’s the Canadian pricing:

  • Norton Antivirus is $54.00 for one year, one computer
  • Norton Internet Security is on sale for $49.99 and regular $79.99, one year for three computers
  • Norton 360 is on sale for $49.99 and regular $89.99, one year for three computers
  • Norton 360 multi-device is on sale for $74.99 and regular $99.99, one year for five devices


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Brian Jackson
Brian Jackson
Editorial director of IT World Canada. Covering technology as it applies to business users. Multiple COPA award winner and now judge. Paddles a canoe as much as possible.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.