As children across the country are headed back to class this week, teachers will be on the lookout for early signs of which students will be trouble over the course of the year – tipped off by their bad behaviour. Well, if it works for classroom management, then it may also work for cyber-security, and that’s the new approach Symantec Corp. is taking with the latest update to its line of Norton security software.
Changes to Norton Antivirus, Internet Security, and Norton 360 made today are pushing the security products further away from trying to identify specific pieces of known malware and blocking them, to looking for bad behaviour in files and Web sites in an attempt to block potential malware even if it’s brand new. The change in approach reflects growing hacker sophistication in recent years as cyber-criminals are growing wise to the ways security software foils their plots and figure out how to bypass them – just like the class bully is always figuring out how to avoid getting caught by the teacher.
Symantec is updating the core engine of its security products to hinge on a technology called SONAR, explains Robert Reynolds, senior product manger at Symantec. He describes them as powerful, under the hood changes.
“It’s not based on status signature that tries to compare the malware to a signature, it tries to look for bad behaviour,” he says. “We feel its a pretty big change in terms of fundamental architecture.”
At a glance: new protection features in Norton products
Reynolds gives one example of how tricky modern malware can be: a virus may be able to also set up a run key in your Windows registry that mimics a trusted program and operates through a trusted process in the operating system, swapping out that good code for malicious code. Then, the old trick of pressing Control, Alt, Delete, in a three-finger salute to bring up Task Manager wouldn’t be so revealing as the bad process would be disguised.
“It might not always be what you think it is,” he says.
Norton’s new reputation engine will be able to check against a large database stored on Symantec’s servers that has compiled data on both good and bad files. That feature, called Download Insight, is now being applied to other possibly malware entry vectors on a PC – a USB key that carries an infected ZIP archive, or a smartphone that connects via a USB port to sync data.
Similarly, a new Scam Insight feature will test the reputation of new Web sites visited. It can detect if a Web site is going to try and upload malware to your system before it happens. Plus, it can tell if a site that poses as your bank is actually a phishing site looking to scoop your financial details. By learning on the experience of its millions of users, Symantec will warn about the authenticity of fly-by-night Web sites that are quickly set up to ask for credit card numbers or other personal details.
At a glance: new remediation features in Norton products
The updated products also offer better ways to recover from protection, Reynolds says. An Advanced Repair feature is a response to infections that tangle themselves within Windows or application files. When antivirus exterminated the infection, that critical file went with it and damaged the computer’s system as a result.
Now if a Windows system file is broken, the file and a user’s system information is uploaded to the Symantec cloud. After analysis, a good version of the file is matched and sent back to the user. The feature could be applied to application files in the future, Reynolds says. For now, it helps the user avoid reinstalling Windows after an infection.
“We built a system that is independent of malware breaking files,” he says.
Other improvements to the Norton family of products include better performance. Symantec users are upgrading PCs less often, Reynolds says, and using mobile devices more often. So Norton is offering solutions to secure smartphones, tablets, and PCs alike. For Norton 360, there is automatic online backup of devices and for mobile devices there are new anti-theft safeguards.
The new Norton products are available now for download. Here’s the Canadian pricing:
- Norton Antivirus is $54.00 for one year, one computer
- Norton Internet Security is on sale for $49.99 and regular $79.99, one year for three computers
- Norton 360 is on sale for $49.99 and regular $89.99, one year for three computers
- Norton 360 multi-device is on sale for $74.99 and regular $99.99, one year for five devices