Symantec goes live with Norton 2010 betas

Last year's update to Norton Antivirus focused on creating the lightest and fastest desktop antivirus offering, although it stuck to tried and true detection and prevention methods. With the threat landscape rapidly changing, and new malware techniques being widely used (server-side polymorphism, sandbox/VM detection, etc) the old signature-based antivirus methods have been rendered inadequate. In all of 2008, for example, there were 1.8 million new threat definitions established. Not even halfway through 2009, there were already 1.25 million, with more being added every day.

It doesn't mean signatures absolutely do not work, but viruses are changing so rapidly that recognition software is struggling to keep its head above water. This is why Symantec is taking a new three-pronged approach to virus protection with Norton 2010. The three additional methods are: application reputation, behavioral malware detection, and increased user education.

An application's reputation is determined by millions of Norton community users who contribute their application data, statistically determining whether a piece of software is trustworthy or not. Sort of like a reverse signature, the most commonly installed applications have credibility and are therefore not classified as threats.

Behavioral malware detection is performed by SONAR 2, Norton 2010's heuristic engine that watches the behavior of the PC and rates every file and every process according to its activity. This develops a sort of running checklist of the reliability of everything on a system at any given time.

Since the user is often the weakest link in a system's defenses, social engineering threats continue to be a major problem. If a system has been infected, Norton 2010's updated gauges describe "in plain English" what happened so novices can quickly understand what went wrong, with enough granularity for more tech savvy users to find out the origin of their infection and what activities it performed.

"This time, we said we wouldn't mess around with the main UI." Dave Cole, Symantec's Senior Director of Product Management told Betanews. "But we introduced a new side, which is not just about apps being good or bad, it's for helping users manage their resources in a visual environment. If someone's just downloaded an app, we'll make all the data we have available to them that is visible. That means reputation data or performance data is exposed for people to self-diagnose."

Norton Internet Security 2010 has finally been endowed with the Brightmail corporate anti-spam engine, which is not based simply on training a system which senders are trustworthy, but is heuristics-based. Additionally, NIS 2010's traditional parental control system can be replaced with a free subscription to onlinefamily.norton.com, the Web-based access control system which Symantec debuted earlier this year.

"Is the parental control software market so small because people don't care, or because the existing software is just no good?" Cole posited, "When we debuted Online Family, we didn't want to use the model based on spyware or restrictions or keyloggers, we wanted a product based on trust. Parents want house rules and transparency, where they are the decision-makers, not the software."

In its availability announcement today, Symantec boasted about one key feature: "Performance: We are determined never to take our eye off that particular ball again." Let's see if it means what it says. Symantec's betas are now available for Windows XP SP2, Vista, and Windows 7 RC.