Symantec: security products need to get smarter

 

Gallery

Posted on 10 Jan 2008 at 01:32

Symantec believes that security products need to get smarter and, where needed, give users more intelligent information. Newer threats that target people rather than flaws in software, will mean that users will need to deal with their security products more often, and so will need rich and detailed information to base decisions on.

Blanket methods that ask users to approve every task, such as Microsoft's User Access Control in Windows Vista, aren't targeted enough and can be confusing to use, the company believes.

"In general, the concept of forcing a user to make a decision isn't the best one," said Dave Cole, senior director of the product management consumer division at Symantec.

The problem with blanket techniques is that there's often no useful information about what allowing or denying the action will do. In these cases users often hit to allow an action whether the results are harmful or not. If people are expected to specifically allow or deny an action, they need more information.

"If you can gather rich information, which is what we do, then you've got something," said Cole.

The company believes that many different techniques should be used, including checking to make sure that files presented as a certain type, such as video codec, act like. Other information, such as feedback from other users' computers and the source of a threat can all help categorise and generate more information. The point that the user interacts should then be backed up by helpful advice.

Single products can't handle security threats any more and it's the interplay between a suite of tools that offers the best protection. It's not just Symantec that feels this way, as McAfee now only sells security suites rather than standalone products.

Heuristics are set to play a big part in the future of security products. These techniques involve intelligently guessing if a file or action is a real threat. These techniques have been around for a long time, but they've often been known to wrongly characterise threats, known as false positives. It's something that Symantec is aware of and keen to make sure doesn't happen.

"We look at it in the terms of our large install base," said Cole. "It's inexcusable for us to introduce any quality issues."

The threats for the coming year look set to remain similar to last year. The main reason for this is that malware is now driven by financial gain, where as viruses used to be written for the sake of technology. The big threats are that attacks are becoming more targeted. For phishing attacks to work, for example, they need to look realistic, so criminals are localising attacks in an attempt to increase their financial gain.

Click here for our full coverage from CES 2008

Author: David Ludlow in Las Vegas