September 10, 2009, 4:56 PM — Take a quick glance at the just-released Norton Internet Security 2010, and you won't notice much of a difference from previous incarnations -- the interface and feature set are so similar that it appears that only very minimal changes have been made to the suite. But under the hood is a new reputation-based security technology that the company claims is better positioned to protect against quickly evolving threats than traditional signature-based and behavior-based detection.
As with previous versions, Symantec's suite offers protection against viruses, Trojans, rootkits, spyware and malware of all kinds. Also, like previous versions, it has a firewall, intrusion protection, e-mail protection and Web protection. It integrates with your browser and search engine to warn you away from visiting sites that might be malicious.
The suite, despite its hefty feature set, does not take up a good deal of RAM or system resources. It's unlikely that you'll even notice it's running, a welcome change compared to several versions ago when it bogged down your system.
New reputation-based Quorum
Traditionally, security software detects threats by searching for signatures -- distinct code patterns that identify malware -- or by examining the behavior of a piece of software. Symantec claims that these solutions can't keep up with the massive amounts of new malware released every year.
The company has named its new reputation-based technology Quorum. It was designed for a world in which malware threats evolve exceedingly quickly and may be built to last only for a day, because malware writers know that signatures can be released to detect the threat in only 24 hours. Symantec claims that it is these kinds of threats -- those intended to do their damage quickly, before they are caught -- that are the primary dangers today.
Quorum creates a "reputation" for every piece of software it encounters, basing that reputation on a number of factors, including download source, age, prevalence and digital signature. So, for example, a new file downloaded from a not-well-known Web site that very few people have ever used will be regarded as suspect by Quorum, even if it is not known as a piece of malware and exhibits no suspicious behavior. As a result, one of malware writers' greatest weapons -- their ability to quickly turn out new pieces of malware -- makes it more likely that the new malware will be deemed suspicious by Quorum.
According to Symantec, Quorum relies on data that Symantec has been capturing for years through millions of people who use Norton products and opt in to the Norton Community, sending information anonymously about the applications running on their systems. Quorum uses this information to help calculate its "reputation score" for applications.
Symantec stresses that it hasn't abandoned other means of catching malware; the reputation score is used in concert with signature-based and behavior-based protection.
Will the addition of Quorum actually help protect you more than traditional forms of protection? We'll only know when labs weigh in with their results.
Welcome to the familiar interface
As I mentioned before, Norton Internet Security 2010 looks very much like the 2009 version, so there will be very little learning curve for those who have already used the product.
The main screen is now divided into three sections entitled Computer, Network and Web (rather than the previous Computer, Web and Identity). It tells you at a glance the state of your security, notes whether any actions need to be taken, and lets you turn features on and off. As with the previous version, there are monitors on the left-hand side of the screen that show your CPU's current usage and how much of that Norton is taking up.
If you want a quick glimpse of the state of your security, you'll just use the main screen. But if you're the kind of person who likes to dig deep, you'll find plenty of links here that will lead you to additional data. For example, click the Performance link on the left-hand side, and you'll see a new feature: a page that offers in-depth detail about CPU and RAM use over the last ten minutes, the last half hour, hour-and-a-half, day, week, and month.
Better yet, another new link on the main page gives you access to detailed information from the suite's System Insight feature. This display shows, over time, any events related to your PC's security, such as virus scans and their results, and new software that you've installed. Using this info, you may be able to track down PC problems yourself -- for example, if you notice unusual behavior, you can check this screen to see if that behavior started after you installed a particular piece of software.
