Gallery

Delving into the Norton 2010 line-up

Posted on 18 Mar 2010 at 14:07

Jon Honeyball is impressed with Symantec's new security measures and Norton Ghost

After the recent Microsoft Professional Developers Conference I had a spare day, so I took the opportunity to punt my rental car across Los Angeles and visit Symantec’s R&D center for antivirus and security products.

There I met up with the team responsible for the new Norton 2010 product, which I’d been playing with a few weeks earlier, and I have to say that I’m impressed by the new technology in this release. What Norton has done is build a huge database of all the files you’ll normally find on any Windows computer, leaving out all the usual data files but including all the DLLs, application and support files that litter a typical machine configuration.

On each machine, the new Norton 2010 software takes a fingerprint of each of these files and then compares it with a list of known good versions of that file. For each file it isn’t only its existence that’s known about, but how many users have it, when it was first seen, and so on. Therefore, it’s easy to take a view about the authenticity of any particular file, and to do so very quickly.

For example, if a new DLL appears on the computer that only ten other Norton 2010 users worldwide have, and if it first appeared three days ago, then it’s likely either to be a small chunk of code from some new application that no-one uses, or something that a malicious botnet has targeted onto just a small number of machines. If, on the other hand, the file is old and has millions of users then it’s likely to be alright.

By taking this statistical approach Norton can detect custom generation of malware by botnets that target only a handful of computers before changing the signature – such tactics can be combated far better than by trying to keep up with an ever-changing landscape of signatures.

In addition, the actual deep scanning of files can be done far faster as you’re starting from the knowledge that a whole bunch of files on your computer are definitely alright, because they’re common to such a vast number of machines and no-one has ever reported a problem with them. From a probability point of view this is fascinating stuff, and it’s certainly a new and powerful weapon against the malware writers. As always, the proof of the pudding will be in the eating, but I’m impressed with what Norton/Symantec is trying to do here.

Norton Ghost

That leads me on to my other interesting bit of software, because Norton has just released a new version of Ghost. I’m a fan of whole-disk imaging, and can’t imagine why anyone would want to do a file-by-file backup when you could just snapshot the whole thing in one go.

Do it right and you can then mount that snapshot as a drive letter for individual file recovery, if that’s what you need to do. Although I don’t wish to be seen as having yet another dig at Microsoft, it does annoy me that the Home versions of both Vista and Windows 7 are lacking the imaging capabilities of the backup program that’s supplied in the higher range of operating system versions.

I’m not too sure why corporate Windows 7 laptop customers need imaging technology more than home users, given that secure backup will be provided for them via central management tools, but I’m absolutely certain that the home user needs imaging and that Microsoft has deliberately left it out of these versions.

Download a year of Jon Honeyball's Advanced Windows columns by heading to our Free Downloads site