Twenty years after the first one appeared, PC viruses are more diabolical than ever. How do you keep them off your system?
The rating for stand-alone anti-virus software is based on separately calculated scores in each of four categories: Performance, Specifications, Design, and Price.
The Performance score, heavily weighted in the rating, measures not only system speed tests but also the critically important malware detection and disinfection tests. The detection tests are heavily weighted within the performance score.
Detection and disinfection tests are done in conjunction with AV-Test.org, a security research company in Germany. AV-Test.org puts programs through a rigorous analysis; its overall malware detection test pits each app against an almost 900,000-sample "zoo" of viruses, Trojan horses, back doors, and other malware types. Some of these samples are commonly used in Internet attacks; others are far less well known and may have been used in small, targeted attacks. For these on-demand zoo detection tests, the antivirus programs are set at their best detection settings.
Outbreak response time tests rate how quickly each antivirus company delivers the malware signatures used in these detection tests, as measured by AV-Test.org. The reported time ranges are based on when the first company begins releasing signatures, since determining when a given piece of new malware first surfaces in an attack can be difficult or nearly impossible.
To perform proactive tests that simulate how well the programs can detect unknown malware, AV-Test.org scans a set of new malware with each app using one- and two-month-old signature files. The detection tests also examine how well each program handles different document types, such as whether it can find malware hidden within various types of archived files.
The disinfection tests measure how well an antivirus app can detect and then clean an existing infection that has installed itself on a PC. AV-Test.org checks whether the antivirus software has removed malware files, changes to the Hosts file, and Registry changes. Cleanup of Registry entries is the least important of the three areas, and is weighted less heavily.
To round out the Performance score, the impact of the antivirus software on a PC's speed is tested. This is done with PC World's WorldBench 6 Beta 2 benchmarking application. These tests measure how long a computer takes to run a set of automated tasks with a variety of programs, including Firefox, Microsoft Office, WinZip, and other apps. WorldBench 6 Beta 2 is run on a test PC multiple times with the antivirus software installed and then without. By comparing the results with and without the software installed, the system drag or slowdown for each antivirus program can be calculated.
The Specifications score gauges each program's basic feature set. While it's important, it's not nearly as heavily weighted as the Performance score. Things such as whether the program scans e-mail and Web traffic to catch attacks before they hit the hard drive and whether the program can manually delete a file via a right-click menu option in Windows Explorer are checked. Also the type of support (phone and e-mail) a program offers and any costs associated with it is researched.
The Design score evaluates each program's interface and ease of use. If a program makes it easy to find and understand program settings, looks good, and installs with default options appropriate for the average user, it scores well here.
Finally, the price is rated. For the sake of consistency, the download price rather than the price of a retail box (where there was a difference) is used. The purchase price of a license for one computer for one year (except for products whose lowest price covers multiple computers), as well as the second-year renewal cost is used. Most companies offer different rates for multiple computers and/or multiple years, so check the options for the best deal for your situation.
Saturday, July 21, 2007
Virus Stoppers: How anti-virus software is tested
Sunday, July 8, 2007
Norton Internet Security 2008 Beta
Norton Internet Security 2008 includes:
-Norton AntiVirus™
-Norton™ Personal Firewall
-Norton™ Antispyware
-Norton Identity Safe™
-Norton™ Antiphishing
Highlighted Features & Benefits
New Features
-Norton Identity Safe keeps your personal information and your identity safe when you buy, bank and browse online.
-SONAR (Symantec™ Online Network for Advanced Response) technology delivers behavior-based protection that can detect emerging spyware and viruses even before traditional signature-based definitions are available.
-Stores and encrypts your passwords and other confidential data, automatically filling it at your request to save time and protect it from being stolen by eavesdropping keystroke loggers.
-Network security monitoring checks the status of your wireless network security, maps connected devices, and provides expert advice on managing your network security settings.
Public beta for new Norton 2008 products
If you happen to be a Symantec fan or enjoy tinkering with new software, Symantec has recently made available two beta versions of some of their most popular software suites. Norton Antivirus 2008 and Norton Internet Security 2008 have both been added to their Public Beta Center for download, for testing purposes only.
They aren't providing any form of official support for these products, and of course warn you against installing it on a production machine. They are looking for feedback on it, and encourage bug reports or other feedback, and do have support forums acting as a mechanism for this.
Increasingly, we see many software vendors release beta versions of their software to their customers, not providing support but soliciting feedback, as Symantec is doing now. While some see this through a red tint, accusing software developers of using customers as guinea pigs, early beta test releases can often help a development team find a slew of bugs they didn't even know exist. And, after all, tinkering with new software is just so much fun.
Friday, June 15, 2007
The Hamlet beta is here from Symantec
Symantec is publicly pulling the wraps off of its Symantec Endpoint Protection 11.0 beta release, aka Hamlet. This is the long awaited consolidation of the Sygate and Whole Security acquisitions with Symantec AntiVirus into a comprehensive package. Integrating products from diverse organizations is never easy. Still, the best parts of the Hamlet story are those that improve security for customers:
+ Protection against zero-day threats. Whether you call it intrusion prevention, anomaly detection or a behavioral approach, the important thing is that Hamlet detects attacks without requiring signatures. John Thompson in his keynote address mentioned that this technology has detected 35,000 new attacks.
+ Vulnerability-based signatures. SEP implements technology that keys on announced vulnerability signatures. The old style would require a unique signature for each mutation of an attack. This is a concept that TippingPoint introduced years ago and Symantec is bringing it to the desktop. It means that a single vulnerability-based rule can provide automatic protection against variants of an attack.
+ Control device usage. Endpoint Protection can make sure that IT can control access to devices, such as those pesky things you plug into your USB port. This can be a big deal since a company's entire source code library can easily walk out the door on a personal device such as an iPod.
+ A new management console purports to make it much easier to manage enterprise deployments of SEP. Anything to make it easier to administer endpoint security is a good thing and may give Symantec greater stickiness in the account.
To be sure there are things that the beta version of Symantec's Endpoint Protection does not do. The importance of these features will vary by organization:
- Transparent content encryption did not make it into the release. While this is not a big deal for desktops, customers with sensitive data on laptops will have to deploy an additional product.
- The client has the NAC code included in the kit, but it needs a separate paid license to activate this via the management console. It seems to make more sense in solving the customer problem to give NAC policy capabilities to Symantec endpoint software, and let the enterprise pay to extend the capabilities to non-Symantec applications.
Hamlet is just entering Beta so the jury is still out on the new features and performance. I like what I see thus far and will be downloading the beta when I get home tomorrow.
Symantec releases beta of new enterprise product
Symantec Corp. Wednesday released a beta of its new enterprise security product, formerly code-named Hamlet, that melds technology from several of the company's acquisitions over the last few years.
The product, Symantec Endpoint Protection 11.0, replaces the previous enterprise version, Symantec AntiVirus. It's a public beta, and the final version will be released around September.
Symantec has decided not to charge more for the new product. "We believe the level of protection you should get for your money should be higher," said Mathew Lodge, director of product marketing for Europe, the Middle East and Africa.
The EndPoint Protection suite is the culmination of a Symantec buying spree that included acquisitions of Sygate, Whole Security and Veritas.
"We've spent a lot of money buying other companies," Lodge said. "We've integrated that technology into the new release."
Endpoint Protection includes technology that looks at how applications behave, a way to detect if a program is doing something suspicious. For example, some malicious software programs try to download other programs from the Internet, which often is a bad sign.
The suite includes other security features such as antivirus and antispyware capabilities, a firewall and host and network-based intrusion prevention technology. Another new feature is application control, which allows administrators to control what programs users can run on their machines.
Also new is Symantec Network Access Control 11.0, an optional module that can be incorporated into Endpoint Protection. The feature determines whether or not to allow a mobile device to connect to the network depending on if it is a security risk, such as if the device doesn’t have up-to-date patches.
The module accommodates both Cisco's and Microsoft's protocols for network access control, Lodge said. It can also simply authenticate and check devices when they connect to a network and make a DHCP (Dynamic Host Configuration Protocol) request, Lodge said.
Symantec also announced a new program called Storage United, which is designed to help companies better organize their data storage even if they are using different OSes and storage hardware platforms.
The program revolves around three themes: next-generation data protection, storage management and information management, said Kevin Bailey, senior product marketing manager. Prominent in the strategy will be use of NetBackup, a storage platform that came from Symantec's acquisition of Veritas, Bailey said.
Wednesday, April 18, 2007
Symantec Announces New Software as a Service Platform, Launches Beta Program
Symantec Corp. (Nasdaq: SYMC) today announced Symantec Protection Network, a software as a service (SaaS) platform designed to deliver easy-to-use security and availability offerings to small and mid-sized businesses at a price they can afford. The first SaaS offering from Symantec, Symantec Protection Network – Online Backup Service will enable cost-effective, reliable backup and restoration of business-critical data from the convenience of a web browser. Today marks the beta launch of Symantec Protection Network – Online Backup Service, scheduled to become available later this year.
Companies of all sizes are increasingly reliant on information and technology considered critical in running their business. Organizations that do not protect their IT infrastructure put their business at risk by being unable to retrieve data in the event of system downtime or major catastrophic incident, failing to comply with industry and government regulations, and jeopardizing productivity. Symantec Protection Network will deliver proven technologies based upon Symantec’s market-leading offerings that will allow customers to address their total IT infrastructure needs. Designed specifically for small and mid-sized businesses, these services will be cost-effective and easy-to-use and manage—from signup to use-based pricing, setup and configuration.
“Small and mid-sized businesses require the same high levels of service reliability and data security as their enterprise counterparts,” said Arthur Wong, senior vice president, Symantec Security Response and Managed Security Services. “Until now, however, many small and mid-sized businesses have not had the ability to get the reliable and secure service they need due to cost and lack of resources. Building on our reputation as a trusted IT solution provider, Symantec is dedicated to removing these barriers and delivering the secure, proven technology these organizations demand in a highly economical online business model.”
Symantec is committed to working with its channel partner network to add greater value in delivering a portfolio of offerings online. Symantec’s large ecosystem of channel partners will also enable businesses to work with the Symantec partner of their choice and take advantage of customized service offerings to meet business requirements as they evolve. Businesses also have the option of subscribing to the service directly with Symantec through the web and can manage and monitor their service from any Internet connection.
“The Symantec Protection Network offers us, as a Symantec reseller, the capability to provide our customers with custom-managed solutions,” said Geoff Sinn, vice president, Managed Services, Strategic Technologies, “By leveraging Symantec’s offerings together with our own expertise and services, we have a unique opportunity to expand our business model and deliver a new level of IT infrastructure management to our customer base.”
Symantec’s initial SaaS offering, Symantec Protection Network – Online Backup Service, addresses one of the most immediate and pressing problems for small and mid-sized businesses today: disaster recovery. By subscribing to this service, organizations can significantly expand their disaster recovery capabilities and stay current with advancements in backup and recovery technology but without the costly migration or upgrade processes required with traditional solutions. In addition, Symantec Protection Network - Online Backup Service provides a low-cost way for small and mid-sized businesses to get their critical data stored offsite in Symantec’s state-of-the-art data centers.
“Ingram Micro values Symantec’s relationship and its ability to provide innovative solutions to customers and resellers from a name they know they can trust,” said Jodi Honore, vice president, Vendor Management, Software, Ingram Micro Inc. “Symantec’s brand recognition in security and availability technology makes it even more compelling for our team to conduct business with them.” As more services are added, customers who invest in the Symantec Protection Network for comprehensive IT protection will benefit from a common portal, platform and support model that will be able to leverage a variety of bundles created for their needs as well as an open platform that can integrate with other services.
"Small and mid-sized businesses, like their enterprise counterparts, are facing new and significant challenges pertaining to data protection," said Doug Chandler, program director at IDC. "Symantec Protection Network - Online Backup Service leverages the software-as-a-service model to offer sub-enterprise firms a more affordable way to get access to proven data protection technology."
About Symantec
Symantec is a global leader in infrastructure software, enabling businesses and consumers to have confidence in a connected world. The company helps customers protect their infrastructure, information, and interactions by delivering software and services that address risks to security, availability, compliance, and performance. Headquartered in Cupertino, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com.
Read More......