Gillian Shaw
Sun
Symantec Corp. is launching the first security software that addresses the growing problem of social engineering, cyber attacks that lure computer users into revealing personal and financial secrets that are used to empty their bank accounts and credit cards.
Norton Confidential, due to be released in October takes traditional anti-virus and firewall software a step further, aiming to put itself between computer users and fraud artists that pose as legitimate businesses.
It also tries to save people from themselves by blocking the inadvertent downloading of crimeware on computers, downloads that can carried out without the user’s knowledge and are triggered by such seemingly harmless activities as clicking through Web sites.
“We as a company saw the need to fill that gap and go beyond what the existing products deliver,” said Oliver Schmelzle, group product manager for Symantec. “We believe this is a different approach. It is an ideal complement to the existing security software.
“Our goal is the social engineering aspect because that goes a bit beyond the attacks we have seen before.”
Schmelzle said the new software was prompted by customer concern over online transactions and by the shift from large-scale cyber attacks launched for notoriety to more targeted attacks for financial gain.
“It is a fear of doing business online,” said Schmelzle. “There is also a general fear of a broad spectrum of identity theft.”
Attackers also capture vital data such as passwords and codes by surreptitiously placing malicious software on computers, software that can track online activities through such means as logging key strokes and picking up other information without alerting the computer user to the breach.
While anti-virus software can automatically detect and discard viruses that attempt to download onto computers, cyber criminals have been able to circumvent that by manipulating computer users into either giving away information or inadvertently opening their computers to malicious downloads.
In the case of phishing scams, bogus emails are sent out purporting to be from a legitimate business like a bank or eBay and warning customers that they must log onto the business’s web site and update their sign in information. The link in the email takes the user to a fraudulent Web site where the log in information or other personal data, such as credit card numbers or codes goes straight to the fraud artists who either cash in themselves or sell the stolen numbers online.
“Norton Confidential is a product for consumers who are concerned about conducting business transactions online,” said Schmelzle. “It is for those users who have an uncomfortable feeling when they go to a Web site and put in a user name and password or credit card information.”
The new software utilizes a number of methods to protect computers and their users, including fraud site identification to alert users if they click on a phishing Web site. That way, even if a user responds to a phishing email and clicks through on to a bogus Web site, he or she will be alerted to the danger before revealing any passwords or account numbers.
Schmelzle said the fraud site list is updated, just as with virus definitions, but the software also can identify new phishing Web sites that it has never encountered before.
“This tells the user if he is at the site he wants to be at,” said Schmelzle. “In the real world, if you walk into a bank you can be fairly sure it is your bank.
“That reassurance is missing on the Internet.”
Schmelzle said the software also has a ‘behaviour blocker,’ component, an additional layer of protection that goes beyond anti-virus software. It is designed to stop users from triggering crimeware that Schmelzle said may not yet have been seen by the security company.
The software, which will be offered as a stand-alone product, will work with Symantec’s anti-virus software as well as anti-virus software put out by Symantec’s competition.
© The Vancouver Sun 2006