Symantec Corp. (Nasdaq: SYMC) is on a mission to make users' online experiences more secure. And if you don't believe it, give 'em a few months and they'll show you.
That was the message earlier today when Mark Bregman, CTO of Symantec, and Stephen Trilling, vice president of Symantec Research Labs, gave Dark Reading a peek at its technology directions and some of the products on its drawing board.
The company is working on a range of new software -- some developed on its own, and some resulting from recent acquisitions. "There's an image of Symantec that it isn't very innovative because we do so much of our growth through acquisition," says Bregman. "But 15 percent of our annual revenue [of about $4 billion] goes into research and development. That's a pretty substantial piece of change."
Several of Symantec's new products are designed to improve security at the client level, according to the execs. For example, in the fall the company plans to roll out the "Norton Identity Client," a PC package that enables users to manage their personal information and vet companies or Websites before interacting with them.
The Norton Identity Client will let users store their own identifying information and release only the data that the online business needs to know, Bregman says. "If a site starts asking for Social Security information or other data that's not normally required for that site, we can flag the user."
The software also collects data about a prospective site's security and its overall reputation, warning users of potential problems before they log on, Bregman says. It also can help users set up a site-specific email proxy or a one-time-use credit card number to prevent the seller from re-using (or losing) their personal data.Symantec's new software differs from Microsoft's CardSpace product, which also promises to manage personal information for the user. "Microsoft lets users create credentials for themselves, but it's relying on third parties to validate those credentials," Bregman says. "We want to be one of those third parties that does the validation."
Symantec is also developing new products that respond to shifting trends in attacks, according to Trilling. For example, the company is working on a new application, code named "Canary," that identifies signatures for all types of browser-based exploits -- not just worms and viruses --and stops them as soon as they are known.
"What we know about patches is that they can take a while to come out, and even longer to deploy," says Trilling. "What we need is a way to shut down the attack on day one, without forcing the user to wait for the patch."
Canary will generically block attacks against key browser vulnerabilities as soon as Symantec finds out about them and develops the appropriate signature, Trilling says. "As we see something emerge, we can tell you that a threat is detected and we can block it" until a patch is installed, he says. Canary, which will be given another name, could be available in late summer or early fall.
Symantec also has developed a new tool that will help identify rootkits in users' systems that usually escape its antivirus tools. The new product, called "Raw Disk Virus Scan," goes below the file level to read raw blocks of data, enabling it to "see" rootkits that otherwise would be difficult to spot, Trilling says. It is in beta now.
In the future, Symantec hopes to develop a new "reputation-based" security system that will help rank frequently downloaded files and give users some idea of how vulnerable or dangerous they might be.
"Think of it as sort of a restaurant review," says Bregman. "We'll be able to say that this one appears to be very popular -- a lot of people are using it -- and here's an estimate on how many people got sick eating there." Symantec will eventually be able to develop lists of the most popular, most secure, and most vulnerable files, he says.
Tim Wilson, Site Editor, Dark Reading