A couple of years ago, I wrote a post running down the best places to store your files online. Of the six that I covered, two have since closed up shop and one has changed its name.
It's a constantly changing space. Since then, we have seen a lot of new entrants into the online file storage and backup game. Norton Online Backup is a fairly new product that is getting a very strong upgrade Wednesday with version 2.0 of its product. The new version includes support for Mac and Windows, 90-day file versioning, and the ability to send file download links via e-mail.
Norton Online Backup's home page allows the user to see the status of every machine on their account.
(Credit: Screenshot by Harrison Hoffman/CNET)Norton has put together a very solid offering with version 2.0 of Norton Online Backup. It is introducing support for Intel-based Mac for the first time with this release. This is huge, especially when the company is trying to offer a solution for the whole household. Where most other online storage or backup services focus on serving one user, Norton has placed the focus on protecting the whole family or household. When you buy a year of the service, you are allowed to manage and back up up to five computers on your account. Jeff Kyle, a group product manager for the product, said that support for Ubuntu should be coming around March.
File versioning is a welcome addition to Norton Online Backup. This allows you to see previous versions of backed-up files for up to 90 days. This means that if you accidentally make changes that you don't want anymore, then you can just go back to the previous version. This is similar to the functionality that Apple offers with Time Machine.
Additionally, Norton Online Backup 2.0 allows you to send files via e-mails. You can select multiple files to be sent, and they will be presented to the recipient on an easy-to-use landing page. You can even password protect these files or control how long they are available for download.
Norton Online Backup's landing page for files sent via e-mail.
(Credit: Screenshot by Harrison Hoffman/CNET)My current solution for file storage and backup is Live Mesh, which continually monitors your machine for changes in backed-up files and automatically uploads them. While this feature is great, it can sometimes result in your machine slowing down since the application tends to use a lot of resources. Norton Online Backup's client is fairly lightweight and works on a scheduled backup system, which means that it checks for changes in your backed-up files at a designated time and does everything at once. This results in less overhead for your system.
Other, more minor features included in this release are open file backup, which backs up a file even if it is in use on your computer, file purging, and a simplified set-up/user interface.
Norton Online Backup has a 30-day trial and the full version costs $50 for one year, which gives you 25GB of storage and allows up to five computers on your account.
This is what the recipient see when you send them a file via e-mail.
(Credit: Screenshot by Harrison Hoffman/CNET)If you've ever gotten a pop-up message warning that your PC is infected, it could very well be an advertisement for rogue software that can do a lot of harm and absolutely no good.
Symantec has just issued a report saying that the company has "detected over 250 distinct rogue security software programs." These scams try to convince users that their machine is infected and offer software for purchase that will take care of the problem. But instead of removing security threats, it can create them by installing malicious code that can allow criminals to take over the victim's computer. In addition, a user who provides a credit card number to buy the software is not only out the cost of the software but has just provided credit card information to thieves who can misuse it or sell it to other thieves.
The "security software" often has a legitimate sounding name and may even quotes what appears to be a review from a legitimate source.
In a podcast interview, Symantec Security vice president Vince Weafer warns users not to respond to security messages that they view as pop-ups or on websites, especially if they look like a hard-sell. Instead, rely on legitimate security software. If you have any doubts, Symnatec and other legitimate security companies offer free scanners that can tell you if you have any infections. Also, Microsoft now offers its free Security Essentials that can detect and fix many security threats.
Listen now: Download today's podcast
Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.
Take a tour of Norton Internet Security 2010 in this slideshow, and keep in mind that the look is very similar to Norton AntiVirus 2010. The biggest differences between the two include ancillary features, price, and the number of computers supported by one license.
Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.
Debuting Wednesday, both the basic Norton AntiVirus 2010 and the more robust Norton Internet Security 2010 will use Quorum, which Symantec is calling an advanced security network based both on traditional malware signatures and on reputation for both files and software.
This screenshot is from the Norton Internet Security 2010 beta, though it's not expected to change drastically in the final version. This shows the Norton Insight screen.
(Credit: Screenshot by Seth Rosenblatt/CNET)The Quorum system uses the uniqueness of mutating malware against the threat itself, said Dan Nadir, director of product management for Norton AntiVirus and Norton Internet Security. Multiple variations of a single threat have become a potential risk to the efficacy of definition-based antivirus, so a system like Quorum--in which the unfamiliarity of a new threat becomes the tool by which the threat is neutralized--could drastically improve security programs.
Symantec noted that it hasn't abandoned last year's pledge to improve Norton's performance, and it is keeping the quick scan to about one minute. An in-progress scan conducted with the beta version used about 70MB of RAM, while the program used about 15.5 MB when idle. Symantec also exposes how much memory the program is using in the main pane. Symantec says that in the final version, Norton users should expect to see working memory usage at less than 10 MB, and that the "quick scan" should be completed in 64 seconds.
The Quorum technology is designed to expose system and threat-detection data, so users who want more than just "set-it-and-forget-it" information can customize Norton's responses. The Insight Network incorporates Quorum and uses statistical analysis of file attributes to judge the trustworthiness of a file. Norton Threat Insight provides information on detected threats, such as the URL of a threat. Norton System Insight uncovers system information and can be used to detect system slowdowns. Norton Download Insight uses Symantec's cloud data to determine the safety of a downloaded file before it runs.
The more robust Norton Internet Security includes new enterprise-level antispam algorithms, which Symantec says shouldn't require any "training" from users. These have been incorporated from Brightmail, a company that Symantec bought more than five years ago. Norton Internet Security also includes OnlineFamily.Norton, Symantec's new parental control system, and Norton SafeWeb, which is a search results and e-commerce rating component.
Norton Internet Security 2010 costs $69.99 for a three-PC license, and Norton AntiVirus 2010 is $39.99 for one computer.
This is the error message on the Norton support Web site after users reported that the patch failed to install properly.
(Credit: Symantec)Symantec is providing a fix for customers who got error messages after a patch deployment went awry for some Norton users, the company said on Tuesday.
The problem started last Wednesday when Symantec deployed patches for Norton AntiVirus 2009, Norton Internet Security 2009, and Norton 360 v3 via LiveUpdate. Some customers received error messages saying that there was a problem with the Symantec Service Framework.
The patch, which is supposed to communicate with the hardware to ensure that it is correctly installed, did not handle the response from the hardware properly after it was installed, a company spokeswoman said.
The problem affected a small number of users, or fewer than 1 percent, and most of the customers reporting a problem are using PCs that have been specially configured or customized and are not "out-of-the-box" PCs and "only after reboot," the spokeswoman said.
There were more than 630 messages on the Norton user forum about the topic, a number of which expressed frustration with Symantec and accused the company of not doing enough to keep customers informed about the problem.
"This is insane. I'm looking for other antivirus options now and will soon remove Norton from all three of my machines. Next I'm going to post a review on Epinions advising others to stay far away," wrote one user. "This is garbage and I've had more than enough."
Another user wrote: "Well I just used the Norton Removal Tool for likely the last time. When the browser window with the Norton reinstallation instructions popped up, I chuckled as I closed it out and navigated to a competitor site were I promptly downloaded another AV product."
The company first learned of the problem from posts to the forum last Wednesday and posted messages the next day saying it was investigating the problem. It then provided an official response on Friday saying the problem had been identified, according to the spokeswoman. The fix was posted on Symantec's knowledge base and the forum on Saturday, she said.
Symantec customers can visit this Symantec page to download the fix.
Symantec also set up a link on Tuesday through Microsoft WinQual to help users locate a fix and will make the fix available to customers automatically via LiveUpdate this week, according to the spokeswoman.
The problem comes less than six months after Symantec released a diagnostic patch for some of its older Norton products that did not identify its origin and thus triggered alerts on firewalls. The company blamed human error for the release of the unsigned patch, a program dubbed "PFST.exe."
As a followup to my post from Tuesday about the ability for someone to view porn from within Bing, I just heard from a Symantec spokesperson that the company's Internet monitoring and filtering service, OnlineFamily.Norton (review), can't yet prevent Bing users from searching sexually explicit terms for Web sites or videos. The company plans to add Bing to its protected search engines in the next release. Other major search engines, including Google, are covered by the software's SafeSearch feature.
In the meantime, Symantec recommends that parents use OnlineFamily.Norton to block access to all of Bing--which isn't particularly good for Microsoft.
OnlineFamily is a free Windows and Mac application that can be used to block sites and monitor a child's online behavior. Unlike some Internet-monitoring programs, it doesn't operate in stealth mode so, if parents use that feature, kids know that their Web activities are being watched.
Because Bing plays videos within its own site and doesn't require the user to click through, checking the browser history or using monitoring programs like OnlineFamily would only show that they visited Bing.com, not what videos they watched from within the site.
Editors' note: In the original version of this blog, we used the beta name for this product. The official name is OnlineFamily.Norton.
Back in February, Symantec debuted a new security program that sought to help parents talk to their kids about how they use the Internet. OnlineFamily.Norton has been a free beta since then, but this Monday at midnight, the program will leave beta and remain free at least until the end of 2009. The program was originally called Norton Family Online.
OnlineFamily.Norton makes your child's surfing habits available from any browser.
(Credit: Symantec)This parental control suite provides parents with an interesting and possibly unique approach to online child safety. OnlineFamily.Norton does provide a blacklist, boilerplate for most parental control software. However, the suite offers more than just an On/Off switch, and provides tools that encourage communication between parents and their children.
There's a wide range of control over what sites a child can access. The restrictions can vary from a strict no-access policy that can block specific sites and site categories, to a more lenient notification e-mail sent to the parents when the child visits sites that parents merely want to be warned about. On the child's side, kids are given the option of e-mailing their parents when they're blocked--if the parents allow those e-mails in the first place.
Jody Gibney, product manager for OnlineFamily.Norton, said, "We want to encourage a different philosophical approach, encouraging parents to talk to kids instead of setting up an adversarial relationship." To further that, the program's House Rules can be customized to suit the needs of individual children within each family, a useful feature since a teenager will have different browsing and social-networking interests than an 8-year-old.
The dashboard for OnlineFamily.Norton will change slightly from the beta release, highlighting the options available to parents.
(Credit: Symantec)It's impossible for a kid not to know that OnlineFamily.Norton is running on their computer's background, since it warns them that it's activated. The log-in process requires that the Norton Safety Minder for Windows and Mac be installed first. The program allows kids to view the House Rules independently of their parents. Parents, on the other hand, are able to see what sites their children have been visiting, including search results for terms the child has queried.
However, the program doesn't provide "reams and reams of information," as Gibney put it. "We want to provide [parents] with enough information to start a discussion without overwhelming them." The program will flag social-network profile inconsistencies, such as discrepancies in a child's stated age or name, for example.
The differences between the beta and the free version are apparently limited to interface enhancements designed to streamline the setup process and provide better access to the information that OnlineFamily.Norton collects. The free version will be available at midnight on Monday. A one-year subscription starting January 1, 2010, is expected to cost $60.
UPDATED: Corrected list of supported messaging protocols.
Known for its security software, Symantec on Tuesday launched a new program aimed at educating parents about their children's online usage. Norton Online Family, now available in beta, is a parental control suite with multiple levels of restriction and an emphasis on usage reporting.
Norton Online Family makes your child's surfing habits available from any browser.
(Credit: Symantec)Citing a Rochester Institute of Technology study that found a huge gap between the percentage of parents versus children who report no online supervision, Symantec says that Online Family is intended to bridge that gap by "fostering communication" between parents and their kids. According to the RIT study, only 7 percent of parents think their children have no online supervision, while 66 percent of kids think they go unsupervised.
To address that, Online Family uses a desktop client called the Norton Safety Minder for Windows and Mac that reports to the parents' Norton Family account with options to e-mail notifications, too. Norton Online Family features parental-controlled customization levels based on the computer's user accounts, so that multi-child families can have different monitoring levels for different kids. It runs in the system tray, too, so that its presence is obvious to all users.
Online Family can log Web sites, block sites using both a topic blocker or a traditional blacklist, and report on social-networking activities. When it tracks visited Web sites, it automatically filters out advertisement URLs that get pinged when visiting media-rich sites. This makes the log easier to parse through.
Online Family includes some innovative features that lend credibility to the claim that this is more than just a souped-up keylogger or blacklist. The blocked sites feature, for example, can be set so that kids can "appeal" to their parents for approval via either e-mail or a Norton-based chat app. It can also be set so that it lets kids through to see the flagged site, regardless of parental approval, but then the parents' log flags the visited site. The responsibility of discussing the content, of course, is left up to parental discretion.
Online Family uses a clean design to make control settings easier to change.
(Credit: Symantec)Importantly, Online Family tracks how children represent themselves on social-networking sites, and alerts parents when a child misrepresents their age. Age misrepresentation, Symantec said, was often an indicator of a child associating with people or groups that the parents weren't aware of. It also keeps track of how long a kid has spent on a social-networking site, what time they log in and out, and how often they visit the site.
The new program monitors client-based instant messaging, too. This includes Google/Jabber, Yahoo, Microsoft Live, AOL, Skype, ICQ, Trillian's native chat protocol, as well as Trillian's multi-protocol features and Digsby's, too. However, site-based messaging can not be tracked. Once a child logs into Facebook, for example, Online Family won't be able to follow what they're doing within the site.
Other monitors include a personal information blocker, where personal information specific to the child can be blocked from being sent out from the computer, a parental notification whenever a kid creates a new account on any site, a time monitor to enforce a "computer curfew," and a notification for when the Norton Safety Minder is turned off.
Online Family requires a Norton account, and the registration is free until the program leaves beta. Final pricing for the Online Family stable release that's expected in the spring has yet to be announced, but the beta trial is free for now. Symantec has said that they want to make Norton Online Family affordable, though, so it's unlikely that the price point will be exorbitant.
Compromised computers that send spam as part of their regular botnet activity increased dramatically in September, according to a Symantec study (PDF) released Monday.
The Symantec report follows a study from MessageLabs also illustrating the increased use of automated spam relays.
After seeing a 37 percent drop in botnet-related spam for August, Symantec reported a 101 percent increase in September. The growth appears to be focused in Europe, the Middle East, and Asia, with South Korea experiencing the largest increase at 4,236 percent. It was followed by Kazakhstan (761 percent), Romania (607 percent), Saudi Arabia (555 percent), and Vietnam (540 percent).
Compromised PCs sending spam had been part of the background noise until recently, when their usage surged in September.
(Credit: Symantec)In looking for a reason behind the one-month increase, Symantec speculated it had something to do with the increase in e-mail with sensationalistic news headlines that included links to downloadable malware. These include malicious spam campaigns emulating e-mail from CNN and MSNBC.
Turkey topped the list of countries hosting spam-sending compromised PCs, responsible for 12 percent of such traffic, according to Symantec. It was followed by Brazil (9 percent), Russia (8 percent), the U.S. (6 percent), India (6 percent), China (6 percent), Germany (5 percent), Argentina (4 percent), Poland (4 percent), and Thailand (3 percent).
For the last few months, I've been hearing some well-regarded security people tell me they are considering ditching their antivirus protection all together. They haven't done it, but these individuals feel the days of having a special application scan to remove malware on your desktop are numbered. Malware has changed, but the applications to ferret them out have not.
Antivirus programs, as we know them today, are based on 20-year-old technology of pattern matching. Pattern matching may have worked in the days of the Micheangelo virus and even as recently as Netsky, but methodically matching each and every file on a computer against a list of known malware is getting tedious, if not archaic. In 2007, Symantec detected more than 1 million viruses, with two-thirds created within the calendar year. Loading 1 million signatures, or even a percentage of that if generic signatures are used, is a pretty serious undertaking.
That's why vendors are talking to me about newer strategies for 2009 (and beyond). Among these is the exact opposite of signature file databases--something called whitelisting. If pattern matching is just another way of saying certain bad files have been blacklisted, whitelisting goes to the other extreme: it only allows certain trusted files to run on your machine.
That's more or less what Symantec CEO John Thompson called for at this year's RSA: "If the growth of malicious software continues to outpace the growth of legitimate software, techniques like whitelisting--where we identify and allow only the good stuff to come in--will become critical." He actually didn't say much more about whitelisting, yet everyone talks about this speech as though Thompson had provided clear guidance the year of whitelisting.
So how viable is whitelisting? Turns out we've been using it to defend against spam for years.
To see how whitelisting works on an enterprise level, I spoke with Tom Murphy, chief strategy officer for Bit9, a Massachusetts-based company that has been quietly leading the way in whitelist technology.
For several years Bit9 has been building what it calls a Global Software Registry or GSR (formerly called Bit9 Knowledgebase), cataloging "known good" and "known bad" applications and files. Murphy said Bit9 uses three methods--MD5, SHA1 and OMAC--to create a unique hash of the file and ensure that the file is what it says it is. For the moment, the catalog is used for Bit9's enterprise products. But they've entered into an agreement with Kaspersky, who will be using the registry for its 2009 desktop security products.
Bit9 is not alone. SecureWave's Sanctuary, Savant Protection, and DriveSentry have also been creating whitelisting technology for the enterprise. What's interesting is that the big guys Google (Green Border Technologies), Microsoft (Winternals Software's Protection Manager, and now Symantec have started paying attention to whitelisting.
Which gets us back to antivirus software.
If hosting a million antivirus signature files is daunting, how many "clean" files might there be? Think about all the versions of software that exist, not to mention the files those products create.
The downside of whitelisting, indeed the main argument, is that all those clean files outnumber the bad guys by a considerable margin. Right now, maintaining a whitelist file is impractical for the desktop.
Trend Micro (if it wants to get into the whitelist space) thinks it has the answer. For the last few years, Trend Micro has been building servers around the world to provide continuous service to its Software-as-a-service enterprise systems. Last month, Trend Micro CEO Eva Chen told me it's time to bring that SaaS service down to the desktop. Instead of having all the signature files on the desktop, the desktop app would instead ping "the cloud" and get results from the much larger database of known malware stored there.
Make no mistake, Trend Micro is still using antivirus signature databases. Chen said even after 20 years, there are still advantages to pattern-matching antivirus signature files. For one thing, she says it's faster than firing up a heuristic sandbox and testing each individual piece of malware. True, although we're talking about shaving nanoseconds between the two processes. Still, with several thousand files, those saved nanoseconds do add up. So instead of running the operation on the PC, the PC sends all its unknowns to a server in the cloud and gets the results back lickety-split. An added benefit, says Chen, is that new samples are submitted in real time and evaluated quickly. In her estimate, Trend Micro can have a new signature file for an unknown threat ready within 15 minutes.
Fifteen minutes is also the new mantra over at Symantec. For its 2009 Norton products, Tom Powledge, vice president of consumer product management at Symantec, told me the new products are lighter and faster in part because they've jettisoned the multiple copies of the signature database found in previous versions. They're also not scanning each and every file. Instead, the 2009 products will be building a trust index--that is, the app will declaring certain files (say photos or MP3s) clean and then not scan them again unless the files change. He showed me a graphic where roughly 70 percent of a given machine is trusted, and only that last 30 percent is actively scanned.
Like Trend, Norton is experimenting with faster new malware turnaround. Powledge says Norton should be updating not every 15 minutes, but every couple of minutes. This is a vast improvement from hourly or even daily updates by some antivirus vendors.
Given the improvements to the traditional antivirus programs proposed by Trend Micro and Symantec, are the days of antivirus applications numbered?
Yes.
I asked Murphy if white lists worked well enough to replace traditional antivirus protection at some companies. He answered, very diplomatically, "if (a customer) feel(s) that they have a control over the environment, some customers have removed antivirus off their machines."
I'm still not convinced that white listing is the way to go, but I do know that security solutions in the enterprise space have a way of trickling down to the desktop.
