Cupertino (CA) – Now that threats from malicious users have evolved from mere passive viruses to more active, and even interactive, schemes, Symantec is hoping that its customers will be willing to help it a database of the newest and most common online threats. To that end, the company unveiled this morning its TransactSafely Web site, with the intention of signing up volunteers to take its latest rendition of transaction security software into the field, exposing themselves to potential threats that they may be catalogued for future reference.
Transaction security is a principal feature of a handful of Symantec projects in the works, including its comprehensive Norton 360 online service, and its forthcoming Norton Confidential software package. But in advance of 360’s formal launch, TransactSafely will try to get customers interested in the idea of a software package running in the background that monitors online data sharing processes, searching for what it considers to be peculiar behavior using a flexible, amendable set of heuristics. Such a system needs rules to work off of, which means that someone will need to discover the specific peculiarities in behavior that Confidential and other services will watch out for.
Part of Symantec’s plan is to elevate its language. Since phishing for private information is a crime in most countries, Symantec now refers to software that attempts this as “crimeware.” Advanced heuristic analysis, the company says (“heuristics” simply means “rules represented logically”) will enable transaction security to detect fraud and phishing attempts as they happen. One example the company gives is the use of slight permutations of a legitimate company’s Web site name, usually with a hyphen or an underscore. Companies that do this are often hiding something. (Lesson: Don’t sign up for anything from “tg-daily.com” or “tg_daily.net.”) A rule-based system would intercept an attempt to have you fill out a form, by a Web site whose name is similar to, but not matching, the authenticated, trusted Web site name.
But another part of the plan appears to be to keep the excitement level going, at least at a moderate boil – which is akin to an alert level of “yellow.” Viruses are old school, and at least one Symantec executive has been quoted recently as saying his company is moving onward and upward, shedding its skin from the antivirus business and moving into the field of protection. Recently, Symantec cited its own antivirus software as enabling a hypothetical form of a worm attack. In light of bad press, the company may have more reasons to move on from its antivirus foundation than just evolution.
One feature Symantec said today its Norton Confidential beta will provide is a special visual cue to let users know when they are entering a genuine Secure Socket Layer-protected site. Even though similar visual cues already appear in Web browsers, this may end up being a welcome feature after all, if heuristics indeed can verify the validity of the SSL session. In years past, SSL session security has been plagued with problems such as valid encryption keys being constructed from all zeroes, with data ending up having been transmitted in the clear. If this feature goes beyond simply verifying the presence of the “s” in the protocol field of the URL, this could be a quite useful feature.
However, a similar feature set to Symantec’s is being geared up for inclusion in Microsoft’s Windows Vista, including a much touted upgrade to its Web site authentication, and an anti-phishing monitor. Just as it has in decades past, Symantec could find itself competing with the Norton trademark against features and functions that Microsoft has already made present on customers’ desktops.