Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Symantec Readies New Client Tools

CTO, research VP offer glimpse at company's product drawing board

Symantec Corp. (Nasdaq: SYMC) is on a mission to make users' online experiences more secure. And if you don't believe it, give 'em a few months and they'll show you.

That was the message earlier today when Mark Bregman, CTO of Symantec, and Stephen Trilling, vice president of Symantec Research Labs, gave Dark Reading a peek at its technology directions and some of the products on its drawing board.

The company is working on a range of new software -- some developed on its own, and some resulting from recent acquisitions. "There's an image of Symantec that it isn't very innovative because we do so much of our growth through acquisition," says Bregman. "But 15 percent of our annual revenue [of about $4 billion] goes into research and development. That's a pretty substantial piece of change."

Several of Symantec's new products are designed to improve security at the client level, according to the execs. For example, in the fall the company plans to roll out the "Norton Identity Client," a PC package that enables users to manage their personal information and vet companies or Websites before interacting with them.

The Norton Identity Client will let users store their own identifying information and release only the data that the online business needs to know, Bregman says. "If a site starts asking for Social Security information or other data that's not normally required for that site, we can flag the user."

The software also collects data about a prospective site's security and its overall reputation, warning users of potential problems before they log on, Bregman says. It also can help users set up a site-specific email proxy or a one-time-use credit card number to prevent the seller from re-using (or losing) their personal data.

Symantec's new software differs from Microsoft's CardSpace product, which also promises to manage personal information for the user. "Microsoft lets users create credentials for themselves, but it's relying on third parties to validate those credentials," Bregman says. "We want to be one of those third parties that does the validation."

Symantec is also developing new products that respond to shifting trends in attacks, according to Trilling. For example, the company is working on a new application, code named "Canary," that identifies signatures for all types of browser-based exploits -- not just worms and viruses --and stops them as soon as they are known.

"What we know about patches is that they can take a while to come out, and even longer to deploy," says Trilling. "What we need is a way to shut down the attack on day one, without forcing the user to wait for the patch."

Canary will generically block attacks against key browser vulnerabilities as soon as Symantec finds out about them and develops the appropriate signature, Trilling says. "As we see something emerge, we can tell you that a threat is detected and we can block it" until a patch is installed, he says. Canary, which will be given another name, could be available in late summer or early fall.

Symantec also has developed a new tool that will help identify rootkits in users' systems that usually escape its antivirus tools. The new product, called "Raw Disk Virus Scan," goes below the file level to read raw blocks of data, enabling it to "see" rootkits that otherwise would be difficult to spot, Trilling says. It is in beta now.

In the future, Symantec hopes to develop a new "reputation-based" security system that will help rank frequently downloaded files and give users some idea of how vulnerable or dangerous they might be.

"Think of it as sort of a restaurant review," says Bregman. "We'll be able to say that this one appears to be very popular -- a lot of people are using it -- and here's an estimate on how many people got sick eating there." Symantec will eventually be able to develop lists of the most popular, most secure, and most vulnerable files, he says.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.