Highlights: Protection Performance New features Agenda
Norton 2010 Products
3 Every 3 minutes A crime is committed on the streets of Madrid Every 3 seconds A crime is committed in the UK Every 2 minutes A crime is committed on the streets of Berlin Every 3 seconds A crime is committed on the net
Source: Consumer Reports Will become a victim of cybercrime
5 So how do you decide which vendor to trust when many of them score in the high 90s in terms of effectiveness?
6 All known threats The danger today isn’t in the inactive 99% 99% Actual threat 99% Actual threat 1% All known threats 1%
7 A new approach is required Millions of files around the world. Most are good. Some are really bad.
8 Blacklisting works well here. Prevalence BAD GOOD Whitelisting works well here. The bad guys are successful when they make malware unique Unfortunately neither technique works well for the tens of millions of files with low prevalence.
9 Only Norton Provides a Complete Spectrum of Cloud-based Protection Technologies 9 Signatures in the cloud to mitigate signature growth; also offered by McAfee Trend Micro Panda Microsoft White list in the cloud to mitigate false positives; also offered by Gdata Kaspersky WHITELIST Norton Trusted WHITELIST Norton Trusted REPUTATION Norton 2010 with Quorum REPUTATION Norton 2010 with Quorum BLACKLIST Norton Insight BLACKLIST Norton Insight Detects unknown threats; ONLY available from Norton
10 Need a graphic here that shows how the most difficult threats to detect make up that 1-5% difference in effectiveness up to 100% Reputation analysis turns the tables Reputation Heuristics Signatures Threats that can be detected by what they do or by their attributes Brand new “unique” threats (Most difficult to detect) Older, well known threats
QUORUM Norton Protection System 11 *Codename Quorum* (Reputation) Not a replacement technology. Adds vital information that allows all our other techniques to be more effective without sacrificing accuracy. Leverages Norton community of almost 30 million users Introducing Quorum
QUORUM Norton Protection System 12 Introducing Quorum IPS Blocks at the network layer before the malware ever has the chance to land on the disk. Checks Quorum for URL reputation. Signatures Pulse updates deliver them every 5-10 minutes. Signatures are retrieved from the cloud. Malheur Static file heuristics. Attributes of the file vs. behavior of the file. Checks Quorum for corroboration. SONAR Advanced behavioral technology detects malicious intent. Checks Quorum for corroboration. Download Insight Prevents users from unknowingly infecting themselves. Checks Quorum for file reputation.
13 Quorum in action 1 File hash Good/bad Confidence Prevalence Date first seen 2 3 Collect Data Calculate Reputation Score (no scanning!) Submission Servers (automatic) Reputation Servers (real –time)
14 Quorum in action
” 15 We have tested the dynamic (behaviour- based) detection with a few recently released malware samples which are not yet detected by heuristics, signatures or the "in the cloud" features and found that about 80% of them are properly identified and removed … an excellent result. 3 rd party validation for Norton 2010 “
16 3 rd party validation for Norton Malware Blocking The beta version of NIS 2010 is very impressive…And it turned in record-breaking scores in my anti-malware tests. “ ”
Overall performance 2010 performance scorecard Test System: Vista Core Duo, IBM/Leveno A55 ThinkCentre Desktop, Intel Core 2 2GB RAM, WD 250GB Hard drive, running Windows VISTA Ultimate 32bit SP2 OS Source: Passmark Ltd., 08/25/09 Total Passmark Points
Critical functions 2010 performance scorecard Test System: Vista Core Duo, IBM/Leveno A55 ThinkCentre Desktop, Intel Core 2 2GB RAM, WD 250GB Hard drive, running Windows VISTA Ultimate 32bit SP2 OS Source: Passmark Ltd., 08/25/09 Total Passmark Points Critical desktop functions: Booting up the system Copying files (pictures, videos, docs, etc.) Installing applications and programs Downloading files over the Internet Compressing / decompressing files Browsing the Internet
Scan speed 2010 performance scorecard Seconds Test System: Vista Core Duo, IBM/Leveno A55 ThinkCentre Desktop, Intel Core 2 2GB RAM, WD 250GB Hard drive, running Windows VISTA Ultimate 32bit SP2 OS Source: Passmark Ltd., 08/25/09
Memory utilization 2010 performance scorecard MB Test System: Vista Core Duo, IBM/Leveno A55 ThinkCentre Desktop, Intel Core 2 2GB RAM, WD 250GB Hard drive, running Windows VISTA Ultimate 32bit SP2 OS Source: Passmark Ltd., 08/25/09
21 Helps you see the effect of new programs on your PC Easier to assess problem areas Can correlate poor performance with activity on the PC including downloads and installs New technology and features – System Insight
22 Heuristics developed over years of experience No training required Ready to use out of the box Can operate off of spam signatures in the cloud New technology and features – Anti-Spam
23 New technology and features – Identity Safe Take your profile with you for use on multiple computers Automatically stores & protects login information across sites Secure login with a single click Shares logins across Firefox & Internet Explorer
24 New technology and features – Safe Web Trusted visual indicator for more than 4M sites. 2.8B ratings/day Protects users from bad sites. 100K malicious sites submitted each day. Helps users see which sites are safe to do business with. 4.8M site reports reviewed/month Protects consumers from sites that might misuse their personal information.
25 Not all “web safety” is created equal Norton 360 Blacklist Firefox 2.3 Chrome Blacklist IE6 / IE7 Blacklist McAfee Site Advisor Blacklist NetCraft Blacklist Time (hours) Detection (%)
26 Not all “web safety” is created equal Norton 360 Blacklist Firefox 2.3 Chrome Blacklist IE6 / IE7 Blacklist McAfee Site Advisor Blacklist NetCraft Blacklist “An Empirical Analysis of Phishing Blacklists” Carnegie Mellon University University of Alabama In hour 0, [the Symantec] blacklist caught as much phish as the others, but in hour 1 it caught 73% of the phish, 2 to 3 times more than the rest of the toolbars. This difference is also statistically significant until 12 hours from the initial test. ” “
27 Norton 2010: Pricing and availability Pricing: Norton AntiVirus £39.99 Norton Internet Security £49.99 Available on line now and in the shops at the end of the month
28 Summary Still extremely effective and accurate The bad guys are trying to hide in the long tail, but Quorum turns uniqueness against them Still fastest and lightest 3 rd party tests have validated this Differentiated features Download Insight, Safe Web, and Identity Safe make the value of Norton visible every day, actively advising users and helping to keep them safe Norton 2010 summary
29 Summary Norton 2010 summary
30 Summary Quorum The bad guys are trying to hide in the long tail, but Quorum turns uniqueness against them System Insight Updated Anti-Spam New Identity Safe features Online Family.Norton Norton 2010 summary – what’s new
31 *Codename Signatures Pulse updates deliver them every 5-10 minutes. Signatures are retrieved from the cloud. Malheur Static file heuristics. Attributes of the file vs. behavior of the file. Checks Quorum for corroboration. Download Insight Prevents users from unknowingly infecting themselves. Checks Quorum for file reputation. Not a replacement technology. Adds vital information that allows all our other techniques to be more effective without sacrificing accuracy. Leverages community of almost 30 million users. Signatures Heuristic Detection IPS Blocks at the network layer before the malware ever has the chance to land on the disk. Checks Quorum for URL reputation. SONAR Advanced behavioral technology detects malicious intent. Checks Quorum for corroboration. Quorum* Download Protection Intrusion Prevention Behavior Blocking