1 2010 Highlights: Protection Performance New features Agenda.
-
Upload
osborne-brown -
Category
Documents
-
view
214 -
download
0
Transcript of 1 2010 Highlights: Protection Performance New features Agenda.
1
2010 Highlights:
ProtectionPerformanceNew features
Agenda
Norton 2010 Products
3
Every 3 minutesA crime is committed on the streets of Madrid
Every 3 secondsA crime is committed in the UK
Every 2 minutesA crime is committed on the streets of Berlin
Every 3 secondsA crime is committed on the net
Source: Consumer Reports
Will become a victim of cybercrime
5
So how do you decide which vendor to trust when many of them score in the high 90s in terms of
effectiveness?
100
0
50
6
All known threats
The danger today isn’t in the inactive 99%
99% Actual threat99%
Actual threat1%
All known threats 1%
7
A new approach is required
Millions of files around the world.
Most are good. Some are really bad.
8
Blacklisting works well here.
Pre
vale
nce
BAD GOOD
Whitelisting works well here.
The bad guys are successful when they make malware unique
Unfortunately neither technique works well for
the tens of millions of files with low prevalence.
9
Only Norton Provides a Complete Spectrum of Cloud-based Only Norton Provides a Complete Spectrum of Cloud-based Protection TechnologiesProtection Technologies
9
Signatures in the cloud to mitigate signature growth; also offered by •McAfee•Trend Micro•Panda•Microsoft
White list in the cloud to mitigate false positives; also offered by•Gdata•Kaspersky
WHITELISTNorton Trusted
WHITELISTNorton Trusted
REPUTATIONNorton 2010 with Quorum
REPUTATIONNorton 2010 with Quorum
BLACKLISTNorton InsightBLACKLISTNorton Insight
Detects unknown threats;ONLY available from Norton
10
Need a graphic here that shows how the most difficult threats to detect make up that 1-5% difference in effectiveness up to 100%
Reputation analysis turns the tables
Reputation
Heuristics
Signatures
Threats that can be detected by what they
do or by their attributes
Brand new “unique” threats
(Most difficult to detect)
Older, well known threats
QUORUM
Norton Protection System
11*Codename
Quorum* (Reputation)Not a replacement technology. Adds vital information that allows all our other techniques to be more effective without sacrificing accuracy.Leverages Norton community of almost 30 million users
Introducing Quorum
QUORUMNorton Protection System
12
Introducing Quorum
IPSBlocks at the network layer before the malware ever has the chance to land onthe disk. Checks Quorum for URL reputation.
SignaturesPulse updates deliver them every 5-10 minutes. Signatures are retrieved from the cloud.
MalheurStatic file heuristics. Attributes of the file vs. behavior of the file. Checks Quorum for corroboration.
SONARAdvanced behavioral technology detects malicious intent. Checks Quorum for corroboration.
Download InsightPrevents usersfrom unknowingly infecting themselves. Checks Quorum for file reputation.
13
Quorum in action
1
File hash
Good/bad
Confidence
Prevalence
Date first seen
2
3
Collect Data
Calculate Reputation Score(no scanning!)
Submission Servers(automatic)
ReputationServers (real –time)
14
Quorum in action
”15
We have tested the dynamic (behaviour-based) detection with a few recently released malware samples which are not yet detected by heuristics, signatures or the "in the cloud" features and found that about 80% of them are properly identified and removed … an excellent result.
3rd party validation for Norton 2010
“
16
3rd party validation for Norton 2010
http://www.pcmag.com/image_popup/0,1871,iid=241255,00.asphttp://www.pcmag.com/article2/0,2817,2350316,00.asp
Malware Blocking
The beta version of NIS 2010 is very impressive…And it turned in record-breaking scores in my anti-malware tests.“
”
Overall performance
2010 performance scorecard
Test System: Vista Core Duo, IBM/Leveno A55 ThinkCentre Desktop, Intel Core 2 6300 @1.86GHz, 2GB RAM, WD 250GB Hard drive, running Windows VISTA Ultimate 32bit SP2 OSSource: Passmark Ltd., 08/25/09
TotalPassmark
Points
Critical functions
2010 performance scorecard
Test System: Vista Core Duo, IBM/Leveno A55 ThinkCentre Desktop, Intel Core 2 6300 @1.86GHz, 2GB RAM, WD 250GB Hard drive, running Windows VISTA Ultimate 32bit SP2 OSSource: Passmark Ltd., 08/25/09
TotalPassmark
Points
Critical desktop functions:•Booting up the system•Copying files (pictures, videos, docs, etc.) •Installing applications and programs •Downloading files over the Internet •Compressing / decompressing files•Browsing the Internet
Scan speed
2010 performance scorecard
Seconds
Test System: Vista Core Duo, IBM/Leveno A55 ThinkCentre Desktop, Intel Core 2 6300 @1.86GHz, 2GB RAM, WD 250GB Hard drive, running Windows VISTA Ultimate 32bit SP2 OSSource: Passmark Ltd., 08/25/09
Memory utilization
2010 performance scorecard
MB
Test System: Vista Core Duo, IBM/Leveno A55 ThinkCentre Desktop, Intel Core 2 6300 @1.86GHz, 2GB RAM, WD 250GB Hard drive, running Windows VISTA Ultimate 32bit SP2 OSSource: Passmark Ltd., 08/25/09
21
• Helps you see the effect of new programs on your PC
• Easier to assess problem areas
• Can correlate poor performance with activity on the PC including downloads and installs
New technology and features – System Insight
22
• Heuristics developed over years of experience
• No training required
• Ready to use out of the box
• Can operate off of spam signatures in the cloud
New technology and features – Anti-Spam
23
New technology and features – Identity Safe
Take your profile with you for use on multiple computers
Automatically stores & protects login information across sites
Secure login with a single click
Shares logins acrossFirefox & Internet Explorer
24
New technology and features – Safe Web
Trusted visual indicator for more than 4M sites. 2.8B ratings/day
Protects users from bad sites. 100K malicious sites submitted each day.
Helps users see which sites are safe to do business with. 4.8M site reports reviewed/month
Protects consumers from sites that might misuse their personal information.
25
Not all “web safety” is created equalNot all “web safety” is created equal
Norton 360 Blacklist
Firefox 2.3 Chrome Blacklist
IE6 / IE7 Blacklist
McAfee Site Advisor Blacklist
NetCraft Blacklist
http://www.ceas.cc/papers-2009/ceas2009-paper-32.pdf
Time (hours)
Det
ectio
n (%
)
26
Not all “web safety” is created equalNot all “web safety” is created equal
Norton 360 Blacklist
Firefox 2.3 Chrome Blacklist
IE6 / IE7 Blacklist
McAfee Site Advisor Blacklist
NetCraft Blacklist
“An Empirical Analysis of Phishing Blacklists”Carnegie Mellon UniversityUniversity of Alabama
In hour 0, [the Symantec] blacklist caught as much phish as the others, but in hour 1 it caught 73% of the phish, 2 to 3 times more than the rest of the toolbars. This difference is also statistically significant until 12 hours from the initial test.
”
“
http://www.ceas.cc/papers-2009/ceas2009-paper-32.pdf
27
Norton 2010: Pricing and availability
• Pricing:
•Norton AntiVirus £39.99
•Norton Internet Security £49.99
• Available on line now and in the shops at the end of the month
28
SummarySummary
Still extremely effective and accurateThe bad guys are trying to hide in the long tail, butQuorum turns uniqueness against them
Still fastest and lightest3rd party tests have validated this
Differentiated featuresDownload Insight, Safe Web, and Identity Safemake the value of Norton visible every day, activelyadvising users and helping to keep them safe
Norton 2010 summary
1
3
2
www.norton.com/2010tech
29
SummarySummary
Norton 2010 summary
30
SummarySummary
QuorumThe bad guys are trying to hide in the long tail, butQuorum turns uniqueness against them
System Insight
Updated Anti-Spam
New Identity Safe features
Online Family.Norton
Norton 2010 summary – what’s new
31*Codename
Signatures Pulse updates deliver them every 5-10 minutes. Signatures are retrieved from the cloud.
MalheurStatic file heuristics. Attributes of the file vs. behavior of the file. Checks Quorum for corroboration.
DownloadInsightPrevents usersfrom unknowingly infecting themselves. Checks Quorum for file reputation.
Not a replacement technology. Adds vital information that allows all our other techniques to be more effective without sacrificing accuracy.
Leverages community of almost 30 million users.
SignaturesHeuristicDetection
IPSBlocks at the network layer before the malware ever has the chance to land onthe disk. Checks Quorum for URL reputation.
SONARAdvanced behavioral technology detects malicious intent. Checks Quorum for corroboration.
Quorum*
Download Protection
IntrusionPrevention
BehaviorBlocking