Symantec Aims to Secure Web Transactions

The software maker introduces a new set of consumer applications that attempts to quell consumer fears over supplying personal information to online businesses.

Anti-virus market leader Symantec introduced a new product line on June 26 that promises to address growing fears among consumers over the safety of their personal data when conducting business online.

Labelled as Norton Confidential, the package specifically promises to ensure that users information is most aggressively safeguarded during online activities where their data may be put at risk, such as electronic banking or retail shopping.

Symantec claims that the new product helps home users avoid online phishing schemes, through which criminals carefully mimic the look and feel of legitimate Web sites, and other URLs that are being used to secretly deliver malware.

According to Symantecs latest Internet Security Threat Report, 83 percent of the top 50 malicious software threats launched in the second half of 2005 sought to expose confidential data. Only 37 percent of the top 50 threats had the same intentions over the same period in 2004.

A November 2005 study conducted by Harris Interactive for Symantec found that 71 percent of consumers are at least somewhat uncomfortable about providing personal information online, with more than 50 percent concerned about online identity theft.

In addition to becoming available as a stand-alone product, Symantec said that Confidential will also be bundled into its integrated suite of Norton consumer security applications.

Executives said the applications are meant to serve as a compliment to the firms existing anti-virus products, and claim it will work more effectively alongside those tools.

At the heart of the application is a system of visual warnings that promise to alert a user when they are trying to visit a fraudulent site. Users of the software must take an additional step by clicking on the warning to continue on to the site in question.

"People are scared when they hit the submit button because they know that they may be putting their information at risk, so there needs to be a new approach to help solve this problem and allow consumers to be more confident online," said Bill Rosencrantz, director of product management at Symantec.

"There are a lot of one-way authentication systems online that help businesses feel secure, but there have never been sufficient tools to help consumers feel safe."

While Web sites have long relied on systems of online certificates to prove their legitimacy, the ability of malware writers to mimic the look and feel of the digital verifications has made them obsolete, the executive said.

So-called high assurance certificates, which look to replace the earlier authentication seals, are not yet ready for widespread use, Symantec said.

/zimages/3/28571.gifUnpatched versions of iTunes, Skype and Firefox invite malware. Click here to read more.

The software maker is also developing plans to offer the package via the types of companies whose customers are most afraid of being stalked by cyber-criminals.

A Symantec spokesperson said the firm is already in talks with a wide range of companies that may offer the software directly to their customers, sometimes at a reduced price, in order to increase trust in their own online services.

"This is the first time in history where enterprises really have a vested interest in the safety of consumers," said Rosencrantz.

"Weve previously allowed companies to offer our software, but they didnt fundamentally need to be concerned with endpoint security; they cant say they dont care anymore if they want to do business online."

Norton Confidential will specifically include protection against fraudulent Web sites using a system that exercises both black lists of banned URLs and heuristics software that promises to sniff out new and undocumented attacks.

The company maintains that the tools should help protect against so-called zero day threats which take advantage of software vulnerabilities.

The package will also offer the capability to detect and block malware such as keystroke loggers and Trojan attacks, along with password encryption tools.

Pricing information for Confidential has not yet been released.

While some observers will likely point out that Symantecs existing consumer security package already promises to protect users against many of the same types of threats, analysts said that the vendor is being savvy by specifically targeting fears over personal data security.

With the growing variety of attacks and delivery methods spawning from the malware community, users are probably well served by the added protection, observed Jonathan Singer, analyst with Boston-based Yankee Group.

"The truth is that no matter what people do they will never be 100 percent protected, and if you talk to consumers, theyre most concerned over the points of transaction," Singer said.

"Giving them the extra level of security right at the point of transaction should increase peoples trust in the Web."

Singer said that Symantecs strategy to offer the new security package via businesses themselves could prove to be another smart move.

"Its a very viable option, and could be good for banks and other e-commerce sites in terms of encouraging more people to do business," said Singer.

"Its also good for Symantec in that it gets their name out to more people, potentially alongside another trusted business."

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.