Real life, for every person has so many security risks every day. If that is not enough, so does everyone’s virtual world. Con Mallon, European product developer from Norton, spoke at London Girl Geek Dinner, 30 September 2009 about their new cloud-based anitvirus. Even though the big world out there seems dangerous, according to his statistics, 1 out of 5 people gets effected every day by the ‘scary’ virtual world; the internet.

Con Mallon started off with the complexity of their business, keeping up with all the internet baddies constantly creating new applications with new attributes. Reality bites in a few ways:

AV signatures will never be good enough. Signatures presume you have a sample of the malware itself or are generic enough that you can make some assumptions about the “family” it belongs to in order to detect it properly, even if it changes a little. Since most malware today is unique and thousands of new ones everyday, it has become a daunting task keeping track of every day’s latest malware and getting it blacklisted. Signatures should rather be the last line of defense and rely on newer technologies to deflect or capture unknown threats.

Scanning is getting old. There must be a constant search on the computer for threats. The most popular threat today is the Trojan horse. If there is a scan after this infection takes place, some or most of the malware will be found. It is not comforting to know about the possibility of undetected malware. And what about the fairly typical rootkits that now burrow deep in an infected system? Normal scanning can not detect ALL the malware, because some of them might still be unknown. It is not completely useless, but also more a last-line of defense.

Intrusion prevention or exploit blocking. It works on the principle that a lot of attempted infections know which computers are unpatched. Thus some sort of “virtual patch” can prevent an attack. Malware detection techniques that monitor application behavior do the same kind of work, as they detect unknown threats.

Watching network communications on a system. This is similar to what a firewall does. It is looking for signs of an unknown threat or unwanted application.

Basically, none of the new-style protection techniques mentioned are foolproof, but are required to defend a computer properly. Plans had to made…

Scanning SAPS Performance.

Norton Insight was developed, which is based on the idea of scanning less. It determine what is trusted and consequently, do not need to be scanned. Norton AntiVirus which is full-featured AntiVirus & AntiSpyware (e.g., full real-time protection, behavior-based protection, intrusion prevention, Norton Insight, etc.) use roughly 2.17MB of RAM. If there is any trouble with performance impact, then the solution is to turn off logging. Scanning only takes place when files are executed. This model allows malware to be copied merrily from place to place without detection in an effort to lighten the load on the system.

Norton AntiVirus 2010.

Cloud computing from what I can make in simple terms; a whole lot of data/information tucked in a cloud and anyone from anywhere can access it. Norton security protection use to work on the principle of creating endless blacklists and white lists and a community-driven database of trusted applications that don’t need to be scanned. The need for a cloud-based approach became necessary to improve scan speed and focus attention where it’s needed most: unknown applications. Now, the latest malware can been seen, by using techniques like behavior & network traffic analysis.

Cloud-based antivirus (AV) can be seen as a subset of cloud security. When installing the new AntiVirus, there is an option to agree that your computer can be scanned in the background for unknown files (AV definitions). This create a super database of AV definitions in the sky.

Cloud-based malware detection is a technique that provides an additional layer of protection beyond the traditional signatures that typically detect a single, known threat. It adds more sophisticated techniques (as mentioned above), such as behavior-based malware detection, network traffic analysis, and strong intrusion prevention (exploit blocking). All of these work even on unknown malware. And even these protection features, much like cloud-based AV, work a lot better when they function together inside an integrated suite with layered protection.

Features: Anti-Malicious Software (virus, rootkit, spyware, worms and Trojan boot protection included), Pulse Update and Application Optimization.

New Features: Norton Insight Network and SONAR 2 (cloud computing based protection).

Strong Points: Fast install and loading times with very low system impact and fast scanning. Automatically delays products updates and other tasks in the middle of important activities like watching movies, playing games or burning CDs/DVDs. Power Saver setting is great for a laptop/notebook.

Thanks again to the people at SYMANTEC for an informative evening with wine & snacks and last but not least, for donating the lovely sweatshirts!