Symantec passed along this coupon code for IdentityTheftSecrets
Click here to save 10% on anything through the Symantec Home & Home Office Store
They also gave another coupon for saving 10% on Norton AntiBot
Click here to save 10% on Norton AntiBot
I recently conducted an interview with Ed Kim, from Symantec, and we had a great conversation about the history of Symantec, why Norton and Symantec joined forces, and what the companies are doing together to create anti virus, internet security, and utilities solutions for home and business uses.
Download the Norton Interview (MP3) Here
See interview notes:
Identity Theft Secrets: Welcome to IdentityTheftSecrets.com. My name is Jonathan Kraft and in this interview, I interview Ed Kim, the Director of Product Management for one of the largest, anti virus software companies in the world, Symantec. I hope you find the interview as interesting as I did.
Identity Theft Secrets: I know that Norton and Symantec were originally about fixing hard drives and corrupted files. I don’t know what changed that direction, but how, and I guess why really, did the two companies get involved in the anti-virus, anti-spyware space?
Norton / Symantec: A lot of the technology and expertise used to fix corrupted files could also be leveraged in the anti-virus space. It was a great opportunity for Norton, and Symantec eventuall,y to leverage this expertise into the anti-virus space. Background: previously the Norton company was a stand-alone company in the 80’s and Symantec purchased Norton in 1990.
So when I’m speaking about this, the Norton company had identified an opportunity in the anti-virus space and pursued that; leveraging basically the skill sets that it had in the utility space. In addition, utilizing various different acquisitions in the anti-virus space.
Identity Theft Secrets: Well, what kinds of changes have happened for anti-virus software, just as kind of an industry over the past few years?
Norton / Symantec: Well, I would say that most recently there’s been a shift from viruses and other forms of malware, aiming to render your computer unusable. And really no longer looking to attack the hardware and applications per se on your PC, but really looking for financial gain. So targeting user’s confidential information/personal information. The stakes are actually higher there and the financial gain, so it’s no longer just notoriety from a hacker’s standpoint.
So personal information and using it for profit are a shift that Symantec has seen in the marketplace. For example, we’ve seen just most recently, if we look at attacks that really target confidential information, we’ve seen 66% of the top 50 threats, that we’ve seen in our Symantec labs, in the last 6 months of 2006, were targeting confidential information. And that’s roughly a 48% increase over the first half of 2006.
This is very significant and with this there just is a lot of anxiety in the marketplace as well we’re seeing with the awareness increasing with consumers and we’re also noticing that their behavior is changing online. They’re very concerned with transacting online from an e-commerce standpoint or from an online banking standpoint.
So this is a big issue in the marketplace and there really is a need for comprehensive solutions that provide not only virus/spyware protection but also really have a comprehensive set of protection technologies, and root kits, intrusion prevention, having a firewall, phishing and identity protection technologies as well and not just solely relying on a traditional virus protection.
Identity Theft Secrets: Yeah, and kind of on that point, there’s been a lot of talk just in the media about layering your computer with protection and I think that’s kind of what you’re getting into there. But would you talk just a little bit about what that means? We hear this term all the time, you’ve got to have “layered protection” for your computer. What does that mean really and what kinds of layers should people have set up on their computers to make sure they are protected from all of these different threats?
Norton / Symantec: Layered protection really means, it relates to having multiple, different technology solutions that are integrated into a suite solution and having multiple layers of protection come to bear, to really address the very complex threat landscape.
Layered protection, for example, really relates to having multi-faceted security protection. For example, you really need to have a solution that will have the ability to scan for known threats using traditional, anti-virus methods, utilizing virus signatures. That has been kind of the mainstay of the industry for some time, and that is kind of the first layer of protection and foundation.
In addition, with the evolving threat landscape and threats constantly evolving and new threats emerging, and the so-called “zero-day” threats, you really need to be able to have a behavioral, heuristic solution to protect against unknown threats immediately, in the first day, the zero-day, for the first user that is impacted by those threats. In those cases, before security vendors have had the opportunity to actually obtain a sample of that threat, profile it and write a traditional virus signature for it. Having behavioral heuristic technologies is very critical in today’s marketplace with the evolving nature of threats. Having behavioral technologies, the way that you protect, is different in that you really don’t look at what is the threat, but what is the threat doing. So you look at the behavior of the threat on the machine and based on the behaviors, then you can make a determination, based on advanced heuristics, if the threat is, if the application and the processes are malicious, deem it to be a threat and then remove it from the system.
So, in addition, you need to have protection technologies that will protect against threats internally at different points within the system. When the threat is trying to install, when the threat is trying to enter the system through the network, or save itself onto the hard disk, when it’s trying to send data on the internet, or if the threat is trying to exploit a known operating system or, for example, a browser vulnerability. You need to have a really comprehensive solution that protects against all of these entry points.
In addition, there are various different threat vectors, infection vectors. So you have anti-virus, anti-spyware, root kits, there’s other techniques that are used to really obfuscate themselves in system traffic, so having intrusion-prevention technology, the firewall; we’ve touched on phishing as well, and that is an emerging threat category that has become very pervasive. So users will unknowingly go to a website, which appears to be a legitimate website, a bank, a well-known bank, and it is a “cousin” site, a site that is masquerading as a legitimate site. And so security products, comprehensive products, really need to have phishing protection as well so that where the user goes they are given affirmation of the particular website, that the particular website is legitimate before they log in, expose their username/password and other confidential information.
Given the breadth of technologies that are necessary in the marketplace today, to really protect (against) the complex threat landscape, the user really needs a solution that is well-integrated, seamless and transparent; so that it’s not very intrusive to the user, it makes security decisions for the user, it does not prompt the user to make security decisions, which in many cases, they are not in the position to make nor do they want to be in the position to make. And also when you have separate point products in the market, for example if you have an anti-virus and a separate anti-spyware solution, it is not optimal for the user. If the user needs to run two separate products, two separate scans, they may get confused at times and forget to run one of the scans, leaving themselves unprotected. In addition, you have issues from a performance standpoint running two separate scans.
I was just going to touch on, when you have a truly integrated solution, some other synergies that really come into play, you know, if there’s a firewall attached in the anti-virus engine can come into play and make a determination if that application is a threat and remediate that threat. We also have another example, in our Norton products, Norton Internet Security and Norton 360, phishing protection combined with identity source. So you have a confidential store for your username/passwords and confidential/financial information and there’s an intelligence there so that if you are surfing and you’re on a site that appears to be suspicious or known to be a fraudulent site, it will have a fail-safe and block the dissemination of your confidential information and your username/password and warn the user that this looks to be a suspicious site.
So there are a lot of synergies when you have all of these technologies that are truly integrated into an all-in-one-solution.
Identity Theft Secrets: Basically then, your Norton all-in-one-solution would help people without them having to be a techie. I mean I know a lot of people who aren’t real technical, I know a lot of people I mean on the full spectrum of it, but I know a lot of people who aren’t very technical, I know a lot of people who are very technical. For the non-technical people, I think one of their biggest concerns is, “I’m online, I’m surfing around, how do I even know if what I’m looking at online is safe and can be trusted?”
Norton / Symantec: You know, we’ve looked to simplify it as; we believe that as far as when you’re going to various different websites and so forth, users really do not want the responsibility or the task of identifying if a website is suspicious or not, or making sure that they have multiple different technologies come to bear. Ultimately, they like to have a product that they, a security solution that they install, set it and forget it and then there are clear indicators when they are safe and protected and then when they are not safe.
One important aspect of when you’re looking online and you’re visiting a particular website, is it safe or not? Having a security solution that has advanced phishing protection; so, for example, within the toolbar or the browser, it gives a clear, visual indicator, say a green if the site is a legitimate site, or a red, or another visual indicator that this is a known phishing site or appears to be a suspicious site that potentially could be a phishing site. Security suite products, such as Norton Internet Security and Norton 360 provide this level of phishing protection.
Some other things that users can do; they can check basically when they are, you know the URL’s when they are going to websites and they don’t have phishing protection technology, some of the traditional ways of determining if the website is valid or not, or looks suspicious, is really look misspelled or malformed URL’s. So, for example, if you have www.yourbank.com, and that’s what you expect to see, but there’s some kind of extension .com.example.com and you know that it’s been misspelled or malformed, that there is potentially some fraudulent activity taking place there.
You also, when you’re actually transacting, transacting meaning if you’re sharing personal/confidential information: you’re visiting your online bank, you’re being asked to input your username/password, etc… you can look at the URL and you see that it begins with a httpS. What that designates is that that transaction that you’re doing right there will be encrypted via SSL session and so whatever information, the username/password that you’re transmitting would not be in the clear but would be in an encrypted session. That is a little bit, as far as the average computer user depending on their competency that may or may not be that straightforward, but that is a technique that can be used.
But really, if you’re looking at a user that is surfing the web that doesn’t really have a lot of technology background per se, then getting a comprehensive suite product that really provides all of the solutions that we’ve touched on previously, including advanced phishing protection so that when you go to a website you get a visual indicator whether the website is legitimate or fraudulent. In addition, you have the multiple layers of security technologies, intrusion prevention, firewall, anti virus, anti-spyware really to protect the user so that if they happen to go a site that is known to be malicious from the standpoint possibly of being drive-by downloads, you could get infected by spyware, key loggers, screen capture; you’re protected.
Identity Theft Secrets: And on the other side of that then, I mean I know some really highly technical people that they really think that Norton was responsible, or a Symantec product, was responsible for crashing their computer. I know a couple of people who were big fans of Symantec/Norton and then they had a hard time with it because they believed it crashed their computer.
Number one question I guess is it possible for your software to do this and then what steps do you take to ensure that your software that’s supposed to be protecting people’s computers isn’t causing problems for them, you know, on their computers that they’re using?
Norton / Symantec: Well Jonathan, it’s tough to say what the issues are in the case that you are citing, but we have very high quality standards when testing our patches of our products, before we send them out en masse. We have these high-quality standards because, especially because, given the size of our installed base. Norton is the market leader so any quality issues have a large impact from the number of people that receive these patches and as well as, quite frankly, from the customer support that we receive. So we make a very concerted effort in our quality assurance process, during our development process, when we have new releases, we go through extensive QA cycles, quality assurance cycles, to make sure that the product we release really does not have issues from a bugs and defects standpoint. Then if we identify any, we rapidly introduce patches that update. We also do extensive quality assurance on the patches and updates that go out.
Identity Theft Secrets: I know that with people who, let’s say, before they get Symantec products, or before they get some other kind of product they have a program that they really like and so they use that one and then they get another program and they install it on their computer. And so they have kind of two different programs running at the same time, trying to do the same thing. Is that possible to do on your computer and do you recommend, or would you not recommend that?
Norton / Symantec: I think that if you actually speak to IT experts in the industry, you’ll find that many will tell you that two isn’t better than one when it comes to security software applications. And the reason for that is, you know, I touched on that previously, is that having a truly integrated approach to protecting the user and having all the various, different technologies that come to bear, having them truly integrated so that it makes it easier from the user’s standpoint, really having one product to interface with, in addition from a performance, PC performance standpoint, there isn’t competing technologies looking to utilize system resources. And often this leads to conflicts from a PC performance standpoint that two products are trying to scan the same file at the same time. The user experience, getting dual reports and alerts which can be very confusing.
So really a truly integrated suite solution really is the solution. Particularly today, because all of the additional protection technologies that are necessary are included in the suites. If a user were looking to protect themselves in today’s market, with point products, they could find themselves having multiple different point products that are on their systems and quite frankly, just would not be optimal both from the user experience and then from your system performance standpoint.
Identity Theft Secrets: Obviously having these programs is a really good thing to have, you know; some level of protection on your computer is a really good idea. And I think everyone knows that. But what other kinds of things can a computer user, an average computer user, be doing to be sure they are protecting themselves against identify theft, or phishing, or viruses, or spyware, or root kits, scumware, you know all the different terms for everything online. What kinds of things can they be doing to make sure they’re protecting themselves against these things?
Norton / Symantec: As you just mentioned, there are a long list of threats in the marketplace and quite frankly, for the average consumer, it’s very challenging for them to keep track of all the various different threats and keep abreast of what they need to do to protect themselves.
So make sure your security suite offers advanced technologies for layered protection. I mean, first and foremost, have a security suite offering that really provides a comprehensive set of protection technologies, the layered protection technologies, against the vast array of threats in the market today. One particular area to look for is advanced phishing protection. Phishing protection that does not just rely on traditional blacklists per se, so already identified phishing websites, but also having advanced heuristics technologies. And this is particularly relevant in the phishing area. These phishing websites have a very short half life. Websites go up and are pulled down sometimes within hours. And due to that, if you rely on traditional blacklists, by the time the website has been identified and then added to a blacklist, the website has been long taken down. So you need heuristic technologies so that even the first user who encounters that fraudulent website, the technologies are able to heuristic determine and assess that the website is fraudulent.
As I mentioned previously, when users are going to various different websites and if they are transmitting personal/confidential information, username/passwords, they can look to see if they’re protected from an SSL-encryption standpoint and some straightforward ways are to look for the security lock box on the lower-right or left corner of your browser window, depending on the browser you’re using. Or looking at the URL and seeing that it starts with https.
Some other kind of tips would be to change your passwords frequently. Use common sense, and don’t input confidential information into a website that looks suspicious to you. Also, if you want that additional layer of safety and peace of mind, consider signing up for a credit-monitoring service. Or at least a free credit report that, by federal law in the United States, consumers are entitled to one free credit report per year from each of the credit bureaus. So that would just be another way to just monitor your credit activity to see if any new credit cards were actually enrolled without your knowledge and then obviously that would be an indication that identity theft has taken place.
Identity Theft Secrets: With this heuristic technology that you’re talking about, you’re not trying to all the time, I mean you’re, as Norton / Symantec, not focusing on these new viruses that are created everyday and then writing a program to fix it and then sending out that program. You obviously do that, but the program actually itself is figuring out what’s going on with this website or this virus, right?
Norton / Symantec: Yes, absolutely. And with the rapidly changing, dynamic nature of threats today, you really need to have advanced, behavioral heuristic technologies. So you don’t have to rely on actually receiving the actual threat, obtaining a sample of the threat or seeing the website itself, you’re able to just real-time, for the first person who is impacted by the threat, or visiting that particular phishing website, you’re able to heuristically determine that it is malicious. And you can do so by looking at the behaviors of the application, the processes, and then make a determination that these seem to be malicious, improper behaviors and remediate that threat.
Identity Theft Secrets: You’re a big believer in the products that Symantec has created. How is what you’re doing different, because there are a lot of different companies, I know that you’re the market leader, but there are a lot of companies that are operating in this space. How is what you’re doing different from what they’re doing? Because there’s a lot of anti-spyware, anti-virus products, it seems like there are a lot of similarities; but would just be interested in finding out what makes Symantec different.
Norton / Symantec: I think the difference comes into play, in not just stating protection in various, different threat areas; for example, virus protection, spyware protection, phishing protection. It’s really looking at how effective various different products in the market are, protecting against various different viruses, spyware, and phishing attacks and so forth. So really looking at the efficacy, is the term we use in the security industry to say, hey, how effective are these products truly at protecting the user? Obviously many vendors can market and tout that their products are effective, but you know you can actually refer to independent 3rd parties, major publications, and to look at basically the evaluations they do independently of what products are the most effective against these various different threats?
You know Symantec’s products; we win Editor Choice Award’s year-after-year from the top technology publications, such as PC Magazine, CNET, for a number of reasons. You know, having a rock-solid technology that really has the best, you know the most effective virus protection, spyware protection, really bringing all of these technologies together. And in a truly integrated solution that not only is effective in these areas, but also is highly usable. It needs to be usable from an “average user” standpoint. You can have at times what is perceived to be a very effective product, but then the user has to interact with all of these security decisions and at times they are asked to make that decision, “do you want to allow or block?” And at a certain point, the users become frustrated and turn the technology off because it is too intrusive.
So then to respond to your question, it really comes into what products are truly effective against the latest threats in the marketplace? And you can refer to independent 3rd parties that test various different products in the market independently and see which products are faring the best.
And we’re very proud to say that when you actually look at the various different awards that have been given, you’ll find that Symantec is the leader in terms of the number of awards that are won year after year.
Identity Theft Secrets: An “average” computer user should be able to go to their computer and check one or two things and go, “ok, I know I have this so I know I’m at least somewhat safe.” What are one or two things that the average computer user can check as soon as they’re done listening to this interview to make sure their computers are secure?
Norton / Symantec: So I think first off, check that your operating system has the latest updates. Make sure that Windows update has been run recently. You can actually set it for “automatic updates” to make sure that you have installed the latest security patches from Microsoft, if you are using a Microsoft upgrading system. Check that you have security software; a comprehensive suite product installed on your machine and it is up-to-date from a subscription standpoint. Many times you’ll find users that have security software with a trial product and it’s expired that they may have obtained from their PC OEM. So make sure that you have up-to-date security software and it’s up-to-date from a subscription standpoint and the various different protection updates.
Then, lastly, really using common sense when surfing the net, or receiving emails from unknown people; if you receive emails that request immediate response with personally, identifiable information, confidential information, be very cautious there.
Identity Theft Secrets: Well, I really appreciate you taking a few minutes with us today. Do you have any kind of closing thoughts here?
Norton / Symantec: You know, there are a number of standard things that I mentioned; just using caution when transmitting personal/confidential information and then really getting a security product that is very comprehensive from a protection standpoint and that will really simplify the protection technologies coming to bear when you’re computing online.
Identity Theft Secrets: Awesome. Well, really appreciate you taking a few minutes. Obviously, you have given a wealth of information for people and if they are interested in finding out more information, they can go to Symantec.com. Is there anything in particular you recommend they look for there?
Norton / Symantec: I think going to Symantec.com and there will be just a wealth of information there. And if they are consumers, they can go into the Home/Home Office section to learn more about the various different consumer products.
Identity Theft Secrets: Well thank you so much for taking a few minutes with us today and we’ll look forward to potentially talking with you again in the future as things evolve and as this changes. I know that you will be keeping up with it. So thank you very much for taking a few minutes with us today.
Norton / Symantec: Hey, thanks Jonathan.
Symantec gave a coupon code for IdentityTheftSecrets readers.
Click here to save 10% on anything through the Symantec Home & Home Office Store